Unpacking “Systemic Risk” Under the EU’s Digital Service Act

David Sullivan is Executive Director of the Digital Trust & Safety Partnership, and Jason Pielemeier is the Executive Director of the Global Network Initiative (GNI). EU flags flying in Brussels. Shutterstock At present, many of the world’s largest online platforms are conducting a first-ever, mandatory assessment of “systemic risks” arising from the design and functioning of their services, as part of the EU’s sweeping content regulation, the Digital Services Act (DSA).  Although information and communications technology companies have been using a variety of risk assessment methods and approaches for years to inform their work on human rights and trust and safety, the framework set out in the DSA, which for now applies only to platforms and search engines with more than 45 million EU users, presents the first regulatory requirements for risk assessments around online content and conduct. But they will not be the only such requirements, as other nations move to enact similar regulations. From Singapore’s Online Safety Act, which passed last year but will be implemented in the future, to the long-expected UK Online Safety Bill, risk assessment is a common element across many content regulation regimes. And from Brazil to Taiwan, legislative proposals have adopted the concept of “systemic risk” presented by the DSA.  But when does online content or conduct risk become systemic? In other fields, such as finance, the concept of systemic risk is relatively well-developed. Not so for digital services.  In May 2023, the organizations we lead, the Global Network Initiative and the Digital Trust…Unpacking “Systemic Risk” Under the EU’s Digital Service Act