Who Qualifies as a “Very Large Online Platform” (VLOP) Under the DSA?

If you run an online platform and your user numbers are looking healthy—say, tens of millions of active monthly users in the EU—you might want to pause your victory dance. Under the European Union's Digital Services Act (DSA), those impressive numbers may come with a shiny new label: Very Large Online Platform, or VLOP. And with that label comes a new set of regulatory obligations that are as serious as they are sweeping.

/wp:paragraph wp:paragraph

In this article, we’ll unpack what it really means to be a VLOP, how the EU calculates those numbers, and why it’s a legal designation that could redefine your operational priorities. Whether you're a seasoned compliance officer or a startup founder waking up to a growth milestone, this is what you need to know before the regulators knock.

/wp:paragraph wp:heading

What Is a VLOP?

/wp:heading wp:paragraph

Under Article 33 of the DSA, a Very Large Online Platform is an online platform that reaches more than 45 million average monthly active recipients of the service in the EU. This threshold represents 10% of the total EU population.

/wp:paragraph wp:paragraph

Once you cross that line, the European Commission designates your platform as a VLOP, and a cascade of obligations follows.

/wp:paragraph wp:heading

What Counts as an "Online Platform"?

/wp:heading wp:paragraph

An online platform, as defined by the DSA, is a type of hosting service that stores and disseminates information to the public on behalf of users. This includes:

/wp:paragraph wp:list

• Social media platforms
• Online marketplaces
• App stores
• Review sites
• Video-sharing services

/wp:list wp:paragraph

However, it excludes some services like:

/wp:paragraph wp:list

• Private messaging services
• Cloud storage used for personal use
• Online communication where content isn’t made publicly accessible

/wp:list wp:paragraph

So, TikTok? Platform. Etsy? Platform. Dropbox private folder? Not a platform.

/wp:paragraph wp:heading

How Are Users Counted?

/wp:heading wp:paragraph

The DSA uses average monthly active recipients in the EU as the primary metric. This means:

/wp:paragraph wp:list

• Unique users who actually engage with the platform
• Within the European Union only
• Averaged over a six-month period

/wp:list wp:paragraph

Importantly, this is not just about registered accounts. It includes logged-in users, guest users, and app users, as long as they interact with the service.

/wp:paragraph wp:paragraph

And no, platforms can’t play games with this number. You must calculate it transparently and submit it annually to the European Commission.

/wp:paragraph wp:paragraph

If you suspect you might cross the 45 million mark, your legal and compliance teams should start preparing before the official designation lands.

/wp:paragraph wp:heading

What Happens When You're Designated a VLOP?

/wp:heading wp:paragraph

Once the Commission formally designates you as a VLOP, you must:

/wp:paragraph wp:heading {"level":3}

1. Conduct Systemic Risk Assessments

/wp:heading wp:paragraph

Annually assess risks your platform poses to:

/wp:paragraph wp:list

• Democratic discourse
• Public health and safety
• Fundamental rights

/wp:list wp:heading {"level":3}

2. Mitigate Those Risks

/wp:heading wp:paragraph

Implement measures like:

/wp:paragraph wp:list

• Adjusting recommender systems
• Moderating content more effectively
• Limiting virality for harmful material

/wp:list wp:heading {"level":3}

3. Audit Yourself

/wp:heading wp:paragraph

Submit to independent audits of your risk assessments and mitigation efforts.

/wp:paragraph wp:heading {"level":3}

4. Data Access for Researchers

/wp:heading wp:paragraph

Qualified researchers can request access to certain datasets for public interest research. Transparency, meet science.

/wp:paragraph wp:heading {"level":3}

5. Algorithmic Transparency

/wp:heading wp:paragraph

Platforms must explain how recommender systems work and give users meaningful control over them. “Because the algorithm says so” is no longer a valid excuse.

/wp:paragraph wp:heading {"level":3}

6. Crisis Response Mechanism

/wp:heading wp:paragraph

In times of crisis (e.g., war, public health emergency), the Commission can require you to take specific measures to mitigate risks.

/wp:paragraph wp:heading {"level":3}

7. Internal Compliance Officer

/wp:heading wp:paragraph

Appoint a DSA compliance officer and implement internal processes to ensure governance across departments.

/wp:paragraph wp:heading

Fines and Enforcement

/wp:heading wp:paragraph

The DSA has teeth. VLOPs that fail to comply can face penalties of up to 6% of global annual turnover. Daily non-compliance fines and public naming-and-shaming are also on the table.

/wp:paragraph wp:paragraph

In addition to monetary risk, the reputational damage of being labeled non-compliant in a public registry maintained by the EU is not great PR.

/wp:paragraph wp:heading

Can a Platform Lose VLOP Status?

/wp:heading wp:paragraph

Yes, but it’s not easy. The platform must fall below the 45 million user threshold and show that this trend is consistent and not temporary. You also have to notify the Commission if your user numbers fall significantly.

/wp:paragraph wp:paragraph

But beware: regulators may still impose certain obligations based on systemic impact, even if you technically fall under the threshold.

/wp:paragraph wp:heading

What's the Difference Between a VLOP and a VLOSE?

/wp:heading wp:paragraph

Glad you asked.

/wp:paragraph wp:list

• VLOP: Very Large Online Platform (e.g., Facebook, YouTube, TikTok)
• VLOSE: Very Large Online Search Engine (e.g., Google Search, Bing)

/wp:list wp:paragraph

While the obligations are similar, VLOSEs focus more on indexing and ranking obligations rather than content hosting and moderation.

/wp:paragraph wp:heading

How to Prepare for VLOP Status

/wp:heading wp:paragraph

If you’re on the cusp of VLOP territory:

/wp:paragraph wp:list {"ordered":true}

1. Monitor your user metrics: Regularly track and document EU user activity.
2. Start internal audits early: Don’t wait for designation to build risk frameworks.
3. Invest in legal and policy teams: You’ll need internal governance muscles.
4. Train staff: Ensure cross-departmental understanding of DSA obligations.
5. Document everything: Transparency is a survival skill now.

/wp:list wp:heading

Final Thoughts

/wp:heading wp:paragraph

Becoming a Very Large Online Platform may sound like a compliment, and in some ways, it is. But under the DSA, it’s also a signal that your platform has outgrown the freedoms of digital adolescence. Now, you’re a civic actor with real-world consequences.

/wp:paragraph wp:paragraph

The EU isn’t just regulating tech for the sake of it. It’s recognizing that platforms of this scale affect elections, shape discourse, influence purchasing decisions, and moderate global attention spans.

/wp:paragraph wp:paragraph

So if your platform is inching toward VLOP status, it’s time to start acting like one—before the Commission officially tells you to. Because in the DSA era, big reach comes with big responsibility.

/wp:paragraph