⚡ Key Takeaways

The Digital Services Act designates platforms with more than 45 million EU monthly users as Very Large Online Platforms (VLOPs), subject to systemic risk assessments, audits, and fines up to 6% of global turnover. In January 2026 the EU added WhatsApp to its VLOP list, signalling that the second enforcement wave now reaches messaging services and other platforms beyond the original 2023 designations.

Bottom Line: Online platform leaders should track EU monthly active user counts as a compliance metric, instrument DSA-grade transparency and content controls early, and prepare a VLOP readiness plan if growth could push them across the 45M threshold.

Read Full Analysis ↓

Advertisement

🧭 Decision Radar

Relevance for Algeria
Medium
Algerian users interact with DSA-designated platforms daily; Algerian product teams building cross-border online services should understand the regime, even if they are not yet close to the 45M threshold.
Infrastructure Ready?
Partial
Algeria’s platform ecosystem is still in early scaling; full DSA-scale obligations are not an immediate threat, but smaller obligations can apply to any online service addressing EU users.
Skills Available?
Limited
DSA-specialised legal and policy talent is rare in Algeria; most work in this space is done by external counsel or regional specialists.
Action Timeline
12-24 months
The direct DSA exposure for Algerian services is modest today; the regime’s influence on global platform norms is more immediate.
Key Stakeholders
Platform founders, Heads of Trust & Safety, General Counsels, content moderation leads
Decision Type
Educational
For most Algerian readers this is a signal about where global platform regulation is heading rather than an immediate statutory trigger.

Quick Take: Algerian platform builders should instrument EU user counts from day one and borrow DSA-grade features — transparency reports, algorithmic explanations, illegal content flows — even at small scale, because doing so is cheaper than retrofitting them later and positions their product for a cross-border strategy.

How the DSA Actually Scales Up

The Digital Services Act defines a two-tier regime. Smaller online services face basic transparency and content-moderation rules. But once a platform exceeds 45 million monthly users in the EU — roughly 10% of the bloc’s population — it is designated as a Very Large Online Platform (VLOP) or Very Large Online Search Engine (VLOSE), subject to a significantly heavier obligation set: systemic risk assessments, independent audits, researcher data access, a transparent advertising repository, and fines of up to 6% of global annual turnover for serious breaches.

The European Commission designates VLOPs and VLOSEs based on user numbers that providers must report every six months. The first wave of designations in April 2023 brought 17 platforms and two search engines into scope. The second wave, stretching into 2025–2026, is adding more.

January 2026: WhatsApp Joins the VLOP List

The most consequential recent addition is WhatsApp. In January 2026, the EU formally added WhatsApp — owned and operated by Meta — to its list of VLOPs. The designation brings WhatsApp inside the tighter DSA regime: systemic risk assessments covering illegal content, fundamental rights, civic discourse, electoral processes, public health and minors’ protection; annual independent audits; a commitment to publish mitigation measures; and the Commission’s direct supervisory authority.

The WhatsApp designation also carries wider signalling value. DSA obligations landing on a messaging service — historically treated as a more private space than a social feed — suggests that the boundary between “platform” and “service” matters less than user scale. Any messaging or communications product crossing 45M EU monthly users can expect similar treatment.

The Commission’s Enforcement Posture Has Hardened

Alongside the new designations, the Commission’s enforcement tone has shifted. Prabhat Agarwal, the official heading the European Commission’s DSA enforcement team, described his unit’s work as “more adversarial” than in the DSA’s earlier phase. On 15 April 2026, the European Board for Digital Services convened in Brussels for its 18th meeting, reaffirming its commitment to the protection of minors online and exchanging on the latest enforcement activities.

Concretely, this second wave is characterised by:

  • Active investigations into VLOPs’ risk assessments and mitigation measures
  • Information requests with tight deadlines
  • Closer engagement between the Commission and national Digital Services Coordinators
  • A specific focus on protection of minors, election integrity, and systemic risks

Advertisement

What Enterprise Platform Operators Should Watch

Organisations that run large online platforms — even those not household names — should treat the 45M-user threshold as a material compliance trigger, not a hypothetical. Practical steps:

  1. Measure EU monthly active users. The DSA obligation to publish user numbers every six months applies broadly; tracking this number is step zero.
  2. Map services against DSA categories. Messaging, marketplaces, social platforms, app stores, and even certain AI-powered interfaces may qualify, depending on the product’s features.
  3. Pre-position a VLOP readiness plan. If your trajectory brings you within range of the threshold over 12-24 months, starting risk assessment, governance, and audit work early is far cheaper than scrambling post-designation.
  4. Review advertising and recommender systems. VLOP obligations include transparency on advertising and algorithmic recommendation; these design areas need documentation even before designation.

Impact on the Global Platform Landscape

The DSA is now one of the most consequential regulatory regimes in the world for online services. The current VLOP list is heavily US-centric — by one count, nearly 70% of all VLOP and VLOSE designations apply to US firms — but that reflects platform market structure, not regulatory targeting. The obligations are applied uniformly once a platform crosses the threshold.

For Algerian and other non-EU tech leaders, the DSA is shaping global norms. Even services that do not meet the 45M threshold often inherit DSA-grade features — illegal content reporting, transparency reporting, algorithmic explanations — because global platforms tend to run a single product globally rather than splinter compliance by region.

What Comes Next

The next year of DSA enforcement will likely feature additional VLOP designations as user numbers are reported, continued investigations of existing VLOPs on risk assessments and content moderation, and the first serious-fine decisions. The 6% of global turnover ceiling means fines at VLOP scale will be measured in billions of euros where breaches are found serious.

Whether the DSA’s second wave succeeds in materially shaping platform behaviour — rather than producing a paperwork layer — will depend on how the Commission balances enforcement firmness, proportionality, and the practical ability of platforms to implement the regime at scale.

Follow AlgeriaTech on LinkedIn for professional tech analysis Follow on LinkedIn
Follow @AlgeriaTechNews on X for daily tech insights Follow on X

Advertisement

Frequently Asked Questions

What is a VLOP under the Digital Services Act?

A Very Large Online Platform (VLOP) is a platform with more than 45 million monthly active users in the European Union — roughly 10% of the bloc’s population. The same threshold applies to Very Large Online Search Engines (VLOSEs). Once designated by the European Commission, VLOPs face a heavier obligation set including systemic risk assessments, independent audits, advertising repositories, and fines of up to 6% of global annual turnover.

Why was WhatsApp added to the VLOP list in January 2026?

WhatsApp, owned and operated by Meta, crossed the 45 million EU monthly user threshold and was formally added to the VLOP list in January 2026. Platforms must report their EU user numbers every six months under the DSA, and the European Commission updates the designation list as platforms cross — or drop below — the threshold. The WhatsApp addition illustrates that messaging services, historically treated as more private, can fall within DSA’s systemic-platform regime once scale is reached.

How much can the EU fine a VLOP under the DSA?

The DSA allows the European Commission to impose fines of up to 6% of a platform’s global annual turnover for serious breaches of its obligations. For large global platforms, that threshold translates into potential fines in the billions of euros. The Commission can also impose periodic penalty payments to compel compliance, and in extreme cases request a court-imposed access restriction in the EU.

Sources & Further Reading