European Union: European Commission adopted Delegated Regulation on data access under Digital Services Act

On 1 July 2025, the European Commission adopted the Delegated Regulation on data access under the Digital Services Act, which outlines technical requirements and procedures for data sharing by Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) under the Digital Services Act (DSA). The regulation establishes the DSA data access portal to enable vetted researchers and Digital Services Coordinators to securely access platform data, supporting investigations into systemic risks associated with digital services. Platform providers must create publicly accessible data catalogues describing available datasets, their structure, and suggested access methods. These catalogues should prioritise data related to systemic risks identified in annual risk assessments and risk mitigation measures. Digital Services Coordinators have 80 working days to review researcher applications and formulate reasoned requests to platforms, considering factors like research necessity, proportionality, data security, and personal data protection requirements. The regulation also specifies the responsibilities of the Commission as the processor for data processing activities within the DSA data access portal.