Five Lessons From Three Years of Risk Assessments Under the Digital Services Act

Summary

The European Center for Not‑for‑profit Law (ECNL) examined three years of Digital Services Act (DSA) risk assessments submitted by Facebook, Instagram, TikTok, YouTube and X, finding that despite longer reports, they still suffer from vague risk statements, weak focus on fundamental‑rights impacts, irrelevant or missing data, limited stakeholder engagement, and a failure to reflect EU geographic and linguistic diversity. The analysis highlights that the first‑round civil‑society review already flagged insufficient scrutiny of platform design features and mitigation measures, and that the latest assessments show only modest progress. ECNL urges the European Commission to issue clear guidance on required data and reporting standards, and calls on platforms to provide evidence‑based insights and broader consultation to turn risk assessments from tick‑box exercises into effective transparency tools.