Written by Caterina Ecclesia, Kiki Schaafsma, Nicolas Meija
Edited by Sofia Niiles, Eda Duldar
For the PDF version, click here.
Abstract
The digital sphere has become an integral part of our everyday lives, leading to a significant increase in the time spent online. This has created a growing need to regulate online content and interactions, especially when it comes to minors. Therefore, in October 2022, the European Union (EU) adopted Regulation 2022/2065, also known as the Digital Services Act (DSA), to ensure a safer and more transparent digital environment. This article examines the DSA’s framework, with particular attention to Article 28, 34 and 35. The first concerns the protection of minors online and Articles 34 and 35 the systemic risk assessments, which are a key element in ensuring minors’ safety online. Then, the article turns to the main tensions in achieving adequate protection for minors online, namely the conflict with fundamental rights, the fragmented nature of the regime, and the absence of a specific legislative framework dedicated to the protection of young users online. By exploring these challenges, the article evaluates the effectiveness of the DSA in protecting minors in the digital sphere.
Keywords: Digital Services Act, protection of minors, online platforms, systemic risk assessment, EU digital regulation, child online safety
Introduction
The Digital Services Act (DSA) entered into force in 2022 as one of the European Union’s most significant attempts to regulate digital platforms. By regulating online services, including social media platforms, marketplaces, app stores, and online travel and accommodation services, it aims to protect the fundamental rights of Union citizens and to ensure a safer digital space. Since its adoption, the European Commission has launched multiple investigations, for example into X (formerly “Twitter”), Shein and Tiktok,[1] showing the high-stakes results of this regime. However, one demographic remains vulnerable: minors.[2] Despite being hailed as the ‘first comprehensive rulebook for online platforms’,[3] the DSA’s ability to protect minors against systemic threats, such as addictive design and illegal content, is still up for debate.
This blog examines the extent of the protection of minors by the DSA. It sets out the legal framework of the DSA and critically assesses its effectiveness. Furthermore, it explores the inherent tensions within the regime, taking into account potential fundamental rights conflicts, fragmentation within the European Union (EU), and the limits of its protection of minors.
A safe digital environment
As the digital revolution continues to influence European citizens, new societal risks emerge. In response, Member States started introducing legislation battling these challenges, creating legal fragmentation across the Union.[4] Therefore, the European Parliament and the Council of the European Union (EU) adopted the DSA in October 2022, intending to guarantee a safe, predictable, and trusted online environment where fundamental rights are protected.[5] The Regulation, which is composed of five Chapters and one hundred and seven Recitals, is grounded in Article 114 of the Treaty on the Functioning of the EU, which provides for the establishment of measures to ensure the functioning of the internal market.[6]
The DSA is part of the digital market strategy: “the Digital Services Act Package”. Together with the Digital Markets Act (DMA), the DSA lays down harmonised rules on the provision of intermediary services in the internal market, ensuring the proper functioning of the internal market, in relation to the provision of cross-border digital services.[7] At its core, the Regulation empowers citizens by granting them greater control and transparency while navigating online platforms and search engines. It mandates that service providers minimise exposure to illegal and harmful content, with heightened protections specifically designed for children and young people. All online services operating within the EU are required to comply with “the Digital Services Act Package”.[8]
In line with the principle of proportionality, the core of the DSA’s framework is based on a system of asymmetric, tiered due diligence operations that adjust according to type, size, nature, and societal impact of the intermediary service.[9]Under this framework, Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) are required to identify and analyse widespread risks, ranging from the spreading of illegal content to risks involving gender-based violence, public health, and mental well-being. These larger platforms are bound to implement measures in order to reduce such risks and must adhere to stringent transparency and accountability standards. The DSA establishes an enforcement mechanism: Digital Services Coordinators supervise compliance of the platforms within their Member States. However, the European Commission remains the primary responsible party for monitoring and enforcing the obligations applicable to the largest players.[10]
Minors' protection under the DSA
Within the DSA framework, the primary provision specifically addressing the protection of minors is Article 28, which establishes targeted obligations for online platforms that are accessible to children. The provision requires providers to adopt appropriate and proportionate measures to ensure a high level of privacy, safety and security for minors using their services. In particular, once a platform is aware, with reasonable certainty, that a user is a minor, it is prohibited from presenting targeted advertising based on profiling and from processing additional personal data for commercial purposes.[11] Article 28 thus reflects a preventive and design-oriented approach, requiring platforms to integrate child protection considerations into the functioning of their services. However, the provision remains relatively broad, leaving significant discretion to providers regarding the specific measures to be adopted. Moreover, Article 28, aimed at enhancing the protection of minors’ data, obliges VLOPs and VLOPEs to refrain from gathering additional personal data to assess age, if it has already been established that the service user is a minor[12].
The absence of detailed standards or uniform age-verification requirements may result in uneven implementation across platforms and raises concerns about the practical effectiveness of the protection afforded. Consequently, while Article 28 represents an important step toward recognising minors as a particularly vulnerable group, its open-ended nature limits its capacity to ensure consistent and effective safeguards in the digital environment.
Systemic risk assessments and the effectiveness of the DSA
Alongside Article 28, specifically protecting minors’ online, another important element of the regulatory framework to ensure their safeguard in digital environments is created through Articles 34 and 35 of the DSA. These articles mandate systemic risk assessments (SRA) for the providers of very large online platforms (VLOPs) and very large online search engines (VLOSEs). SRA aim to mitigate large-scale societal harms caused by digital platforms, rather than focusing on traditional individual rights-based protection[13].
The DSA identifies four main risk categories: the dissemination of illegal content, negative effects on fundamental rights (such as privacy, data protection, freedom of expression, and rights of the child), harms to civic discourse and electoral processes, and risks to public health and safety. Platforms must assess how their content moderation systems, algorithms, and terms of service contribute to these risks, ensuring continuous oversight[14].
SRA must be carried out annually and reviewed by independent auditors, the European Commission and the Board for Digital Services. When significant risks are identified, VLOPs and VLOSEs are required to implement proportionate mitigation measures, such as adjusting algorithms, improving moderation, or increasing transparency[15].
Fundamental rights conflict
Mandatory SRA are essential for the effective protection of minors granted by the Regulation. Based on the DSA Guidelines for the protection of minors online, issued by Eurochild, one of the key principles guiding art. 34 is the use of a risk-based approach, drawing from the risk assessment and mitigation obligations[16]. Additionally, the protection of minors is explicitly treated as a systemic risk area[17]. Therefore, child protection is guided by the annual assessments. However, certain aspects of art.34-35 remain controversial, due to their interaction with fundamental rights, especially freedom of expression[18].
Platforms are expected to actively ensure their systems do not undermine minors’ rights[19], leading to a horizontal application of human rights[20]. However, safety requirements like strong mitigation measures[21], which can include content moderation and demotion, leading to over removal[22] and limits to targeted advertisement[23], may lead to aggressive content moderation, threatening freedom of speech and information. Platforms might struggle to distinguish harmful material from satire, journalism, or artistic expression, since content moderation is automated. This can lead to content misclassification as illegal, potentially violating minors’ privacy and dignity[24].
To manage these tensions, scholars propose the implementation of structured safeguards based on human review and strengthening independent oversight mechanisms to balance safety with fundamental rights[25].
Fragmentation
Another key aspect concerns navigating differing national standards on illegal content across the EU, which leads to imperfect protection of individuals. This, in the case of minors, is aggravated, considering their vulnerable position online. In fact, although the DSA creates a horizontal regulatory framework, its definition of what constitutes illegal content refers to both EU and national law. It follows that platforms must take into account the different standards of speech present in EU member states, generating legal uncertainty and uneven levels of protection for minors across the Union. Therefore, leaving minors’ exposure to harmful material dependent on how a specific national legal system defines illegality[26].
A key risk arising from this fragmentation is that platforms might apply the most restrictive national standard across the EU to limit their liability. This could lead to preventive censorship and aggressive content removal, impairing, again, fundamental freedom of speech[27]. Additionally, the absence of clear EU-wide definitions leaves platforms acting as arbiters of legality, raising concerns about transparency and the effective protection of minors’ fundamental rights[28].
Limits of the absence of a tailored regime for minors' protection
Finally, moving away from the SRAs, when considering minors’ protection online, granted by DSA, another challenging aspect is the absence of a specific regime for their protection. In fact, the EU does not have a single, dedicated legal instrument exclusively focused on the online protection of minors. Instead, safeguards are dispersed across multiple acts, including the DSA. While together, the EU legal framework ensures the protection of minors online, this fragmented regime creates structural challenges[29].
First, the regime’s fragmentation leads to a lack of coherence. Secondly, the lack of harmonised EU-wide rules on content moderation specifically designed for minors results in platforms interpreting and implementing safety obligations unevenly, leading to inconsistent protection levels across services[30]. Finally, the DSA relies heavily on the GDPR for data protection issues, offering only limited child-specific provisions. Critics argue that more targeted instruments would strengthen the EU’s ability to protect younger generations online[31].
Conclusion
This blog has examined the extent to which the Digital Services Act (DSA) contributes to the protection of minors in the digital environment, with particular focus on Article 28 and the systemic risk framework established in Articles 34 and 35. Overall, the DSA represents an important step forward by recognising the particular vulnerability of minors and by requiring platforms, especially the largest ones, to integrate their protection into the design and functioning of their services.[32] By adopting a preventive and risk-based approach, the Regulation seeks to address not only isolated problems, but also the structural effects that may affect the well-being of young users.[33]
At the same time, its ability to provide effective protection faces certain limitations. Under Article 28 platforms are left with broad discretion, which may result in uneven measures and different levels of protection across services.[34]Moreover, risk mitigation obligations may create tensions with fundamental rights, such as freedom of expression and access to information, particularly where platforms adopt more restrictive moderation practices or rely heavily on automated systems.[35]
To add a layer of complexity, platforms also have to deal with the fragmented nature of the regulatory landscape. The reference to national definitions of illegal content may create legal uncertainty and lead to differences in protection across the Union,[36] while the absence of a specific and coherent instrument dedicated exclusively to minors limits the clarity and consistency of the overall framework.
Ultimately, the main challenge lies not in the absence of regulation but in its practical and consistent implementation. While the DSA establishes a solid foundation for improving the safety of minors online, its effectiveness will depend on the development of clearer guidance, effective supervision, and greater regulatory coherence.[37] The need for a higher level of harmonisation and the lack of more child-specific safeguards suggest that the DSA is merely a promising first step, rather than being effectively capable of protecting the most vulnerable category, minors.
Bibliography
Primary Sources
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L 119/1
Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on Contestable and Fair Markets in the Digital Sector and Amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) [2022] OJ L 265/1
Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and Amending Directive 2000/31/EC (Digital Services Act) [2022] OJ L 277/1
European Commission, 'Proposal for a Regulation of the European Parliament and of the Council on a Single Market for Digital Services (Digital Services Act) and Amending Directive 2000/31/EC' COM(2020) 825 final
Secondary Sources
Chiarella ML, 'Digital Markets Act (DMA) and Digital Services Act (DSA): New Rules for the EU Digital Environment' (2023) 9 Athens JL 33
Eder N, 'Making Systemic Risk Assessments Work: How the DSA Creates a Virtuous Loop to Address the Societal Harms of Content Moderation' (2024) 25 German Law Journal 1197
Eurochild, 'DSA Guidelines on the Protection of Minors Online' <https://eurochild.org/uploads/2025/11/The-DSA-Guidelines-for-the-protection-of-minors-online.pdf> accessed 12 February 2026
European Commission, 'The Digital Services Act' (19 February 2026) <https://digital-strategy.ec.europa.eu/en/policies/digital-services-act> accessed 26 February 2026
European Commission, 'Two Years of the Digital Services Act: Ensuring Safer Online Spaces' (17 February 2026) <https://commission.europa.eu/news-and-media/news/two-years-digital-services-act-ensuring-safer-online-spaces-2026-02-17_en> accessed 23 February 2026
Fortuna J, 'Minors’ Digital Vulnerability in the EU and the US: A Comparison between the Digital Services Act and the Kids Online Safety and Privacy Act' (2025) 16 Comparative Law Review 116
Frosio G and Geiger C, 'Taking Fundamental Rights Seriously in the Digital Services Act’s Platform Liability Regime' (2023) 29 European Law Journal 31
G'sell F, 'The Digital Services Act (DSA): A General Assessment' (Social Science Research Network, 15 April 2023) <https://papers.ssrn.com/abstract=4403433> accessed 21 February 2026
Montero Regules J and Golunova V, 'The Digital Services Act and Freedom of Expression: Triumph or Failure?' <https://documentserver.uhasselt.be//handle/1942/33631> accessed 12 February 2026
Rojszczak M, 'The Digital Services Act and the Problem of Preventive Blocking of (Clearly) Illegal Content' (2023) 3 Institutiones Administrationis 44
Senftleben M, 'Human Rights Outsourcing and Reliance on User Activism in the DSA' [2024] Verfassungsblog <https://verfassungsblog.de/human-rights-outsourcing-and-reliance-on-user-activism-in-the-dsa/> accessed 22 February 2026
[1] European Commission, 'Two years of the Digital Services Act: ensuring safer online spaces' (17 February 2026) https://commission.europa.eu/news-and-media/news/two-years-digital-services-act-ensuring-safer-online-spaces-2026-02-17_en accessed 23 February 2026.
[2] Jacopo Fortuna, ‘Minors’ Digital Vulnerability in the EU and the US: A Comparison between the Digital Services Act and the Kids Online Safety and Privacy Act’ (2025) 16 Comparative Law Review 116, 116–117.
[3] Chiarella (n 1) 34.
[4] Maria Luisa Chiarella, ‘Digital Markets Act (DMA) and Digital Services Act (DSA): New Rules for the EU Digital Environment’ (2023) 9 Athens JL 33, 43.
[5] Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act) [2022] OJ L 277/1, recital 9.
[6] Commission, ‘Proposal for a Regulation of the European Parliament and of the Council on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC’ COM(2020) 825 final, Explanatory Memorandum, 5.
[7] ibid 43.
[8] ibid 35.
[9] DSA, recital 41.
[10] European Commission, ‘The Digital Services Act’ (19 February 2026) https://digital-strategy.ec.europa.eu/en/policies/digital-services-act accessed 26 February 2026.
[11] Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services (Digital Services Act) [2022] OJ L 277/1, art 28; recital 71
[12] Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act) (Text with EEA relevance) art 28.3.
Jacopo Fortuna, ‘Minors’ Digital Vulnerability in the EU and the US: A Comparison between the Digital Services Act and the Kids Online Safety and Privacy Act’ (2025) 16 Comparative Law Review 116, 119.
[13] Niklas Eder, ‘Making Systemic Risk Assessments Work: How the DSA Creates a Virtuous Loop to Address the Societal Harms of Content Moderation’ (2024) 25 German Law Journal 1197, 1198–1199.
[14] Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act) (Text with EEA relevance) 2022 (OJ L) art 34.
[15] Florence G’sell, ‘The Digital Services Act (DSA): A General Assessment’ (Social Science Research Network, 15 April 2023) 30–31 <https://papers.ssrn.com/abstract=4403433> accessed 21 February 2026.
[16] ‘DSA Guidelines on the Protection of Minors Online’ <https://eurochild.org/uploads/2025/11/The-DSA-Guidelines-for-the-protection-of-minors-online.pdf> accessed 12 February 2026.
[17] Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act) (Text with EEA relevance) art 34.1(d).
[18] Eder (n 1) 1206–1208.
[19] Giancarlo Frosio and Christophe Geiger, ‘Taking Fundamental Rights Seriously in the Digital Services Act’s Platform Liability Regime’ (2023) 29 European Law Journal 31, 43.
[20] Eder (n 1) 1206–1208.
[21] Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act) (Text with EEA relevance) art 35.
[22] Juncal Montero Regules and Valentina Golunova, ‘The Digital Services Act and Freedom of Expression: Triumph or Failure?’ <https://documentserver.uhasselt.be//handle/1942/33631> accessed 12 February 2026.
[23] Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act) (Text with EEA relevance) art 28.2.
[24] Frosio and Geiger (n 7) 63–67.
[25] ibid 76.
[26] Marcin Rojszczak, ‘The Digital Services Act and the Problem of Preventive Blocking of (Clearly) Illegal Content’ (2023) 3 Institutiones Administrationis 44, 49.
[27] Martin Senftleben, ‘Human Rights Outsourcing and Reliance on User Activism in the DSA’ [2024] Verfassungsblog <https://verfassungsblog.de/human-rights-outsourcing-and-reliance-on-user-activism-in-the-dsa/> accessed 22 February 2026.
[28] Rojszczak (n 14) 56–57.
[29] Jacopo Fortuna, ‘Minors’ Digital Vulnerability in the EU and the US: A Comparison between the Digital Services Act and the Kids Online Safety and Privacy Act’ (2025) 16 Comparative Law Review 116, 116–117.
[30] ibid 134–136,.
[31] ibid 127.
[32] Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services (Digital Services Act) [2022] OJ L 277/1, recitals 2, 81 and 83.
[33] ibid arts 34–35; recitals 79–88.
[34] Regulation (EU) 2022/2065 (Digital Services Act), Arts. 34–35.
[35] Regulation (EU) 2022/2065 (Digital Services Act), Art. 14 and Recital 3
[36] Regulation (EU) 2022/2065 (Digital Services Act), Art. 3(h) (definition of “illegal content”)
[37] Regulation (EU) 2016/679 (General Data Protection Regulation), Arts. 6, 8.