Тенденции в обеспечении соблюдения законодательства ЕС в отношении онлайн-платформ: штрафы, аудиты и снижение рисков

Once upon a time, online platforms enjoyed a largely hands-off regulatory environment in Europe. They were viewed as innovative disruptors, marketplaces of ideas (and products), and champions of digital growth. But as their power grew, so did the scrutiny. Today, the European Union has shifted from light-touch regulation to proactive enforcement, armed with an arsenal of legal tools aimed squarely at Big Tech and other digital intermediaries.

The age of “please behave” has officially ended. The new mantra is: comply or pay.

This article explores the evolving trends in EU enforcement against online platforms, focusing on fines, audits, investigations, and what platforms can do to reduce their legal exposure in a landscape that is equal parts regulatory and reputational minefield.

A Changing Enforcement Climate

The enforcement landscape in the EU has changed dramatically over the past five years. What began as sporadic action against misleading ads or privacy breaches has become a coordinated and systemic crackdown on non-compliant digital behavior.

With new instruments like the Digital Services Act (DSA), Digital Markets Act (DMA), General Product Safety Regulation (GPSR), and updated consumer protection and competition rules, the EU now has:

• More power to investigate and fine
• Greater cooperation between member states
• Clearer benchmarks for platform accountability

Platforms are being treated not just as marketplaces, but as governors of digital ecosystems, expected to set and enforce standards — or face the consequences.

Enforcement in Numbers: How Much Is Too Much?

The numbers speak volumes. Since 2020, enforcement actions have soared:

• In 2023 alone, the EU issued over €2.5 billion in fines across competition, data protection, and consumer law violations.
• Meta, Google, Amazon, Apple, and TikTok have all been targets of headline-grabbing probes and penalties.
• Under the GDPR, single fines have reached up to €1.2 billion (Meta, for cross-border data transfers).

Now, with DSA and DMA entering the enforcement stage in 2024–2025, even larger and more recurring penalties are expected.

What’s Triggering Enforcement?

Several patterns have emerged:

• Algorithmic opacity: Platforms that cannot explain how content or products are ranked face increasing scrutiny.
• Dark patterns: Design tricks that mislead users into purchases, subscriptions, or data sharing are a high-priority target.
• Illegal or unsafe content: Failure to remove or moderate violations, especially in relation to consumer scams, hate speech, or counterfeit goods.
• Lack of traceability: Platforms that fail to verify the identity and legality of third-party sellers or advertisers are in trouble.
• Self-preferencing and market dominance: Platforms promoting their own products over competitors’ are attracting DMA enforcement.

In short: EU regulators aren’t just chasing the big fish — they’re investigating systemic weaknesses.

DSA and DMA: Compliance With Teeth

The DSA and DMA are now the flagship weapons in the EU’s arsenal.

Digital Services Act (DSA):

• Scope: Applies to all online intermediaries, but especially to “Very Large Online Platforms” (VLOPs) with over 45 million users in the EU.
• Enforcement: The European Commission leads enforcement against VLOPs. National Digital Services Coordinators handle smaller players.
• Penalties: Up to 6% of global turnover for violations.

Key triggers for action under the DSA include:

• Inadequate content moderation
• Failure to disclose advertising parameters
• Poor risk mitigation around disinformation, gender-based violence, or child safety

Digital Markets Act (DMA):

• Scope: Applies to designated “gatekeepers” — large platforms with entrenched market positions.
• Enforcement: The European Commission has central authority.
• Penalties: Up to 10% of global turnover, and up to 20% for repeat violations.

Triggers include:

• Self-preferencing
• Restricting access to core platform data or services
• Preventing business users from steering consumers elsewhere

The DMA is not about punishing success. It’s about preventing abuse of dominance. And it’s enforced with no shortage of ambition.

Audits, Risk Assessments, and Investigations

The EU no longer relies solely on user complaints or third-party tips. Under the DSA and DMA, platforms are subject to:

• Mandatory compliance reports
• Independent audits
• Systemic risk assessments (VLOPs must assess risks like manipulation, discrimination, or disinformation)

Platforms must also publish transparency reports and allow access to researchers and regulators. The message is clear: accountability is no longer optional.

Naming, Shaming, and Strategic Enforcement

Beyond fines, the EU uses enforcement as a public deterrent. Regulators now:

• Publish enforcement actions and decisions
• Name and shame violators in public reports
• Coordinate multi-country actions (especially for cross-border platforms)

This reputational pressure can hit harder than a financial penalty. For platforms built on user trust and brand loyalty, being branded as non-compliant is toxic.

What Platforms Should Be Doing Now

There’s no more grace period. Here’s what platforms should be implementing today:

Compliance-by-design: Integrate DSA/DMA obligations into product and engineering workflows.
Audit trails: Keep records of decision-making, moderation actions, seller verifications, and takedowns.
Algorithmic transparency: Document and disclose ranking criteria and recommendation logic.
Empowered legal teams: Involve legal early and often in product development.
User interface ethics: Avoid dark patterns and design with consent and clarity.
Engage with regulators: Proactive cooperation is better than reactive defense.

Platforms that approach compliance as a competitive differentiator — not a checkbox — will be ahead of the curve.

Risk Mitigation: From Legal Exposure to Strategic Advantage

The smartest platforms are turning regulation into resilience. How?

• By картирование регуляторных рисков во всех юрисдикциях и внедрении соответствия в бизнес-планирование.
• By обучение межфункциональных команд (product, marketing, design, and ops) in platform law basics.
• Создавая внутренние системы выявления тревожных сигналов для выявления нарушений до того, как это сделает регулирующий орган.

Регулирование больше не отдел в конце коридора — это часть соответствия продукта рынку.

Дорога впереди: больше правил, больше принуждения к их соблюдению

ЕС только начинает. Ожидайте:

• Правила для конкретных секторов (например, для платформ здравоохранения, финансов, транспорта)
• Расширение использования инструментов аудита на основе ИИ регуляторами
• Более скоординированные действия на глобальном уровне (особенно в связи с инициативами G7/G20 в области цифровой политики)

Направление движения ясно: от пассивного руководства к активному управлению. Платформы должны адаптироваться, иначе рискуют быть обойденными регуляторами.

Заключительные мысли: ответственность - это новая инновация

В глазах ЕС онлайн-платформы — это не просто технологические компании, а цифровая инфраструктура, с реальными последствиями в реальном мире. Поэтому к ним должны предъявляться повышенные требования прозрачности, справедливости и усердия.

Да, меры по обеспечению соблюдения усиливаются. Но вместе с тем растут и возможности для платформ, которые справляются с этой задачей. В новой цифровой экономике соответствие требованиям больше не является формальностью. Это стратегический столп.

Послание из Брюсселя громкое и ясное: внедряйте инновации, масштабируйте, развивайтесь, но делайте это с заложенной ответственностью.