On 2 July 2025, the Commission published a delegated act outlining rules granting access to data for qualified researchers under the Digital Services Act (DSA). This delegated act enables access to the internal data of very large online platforms (VLOPs) and search engines (VLOSEs) to research the systemic risks and on the mitigation measures in the European Union.
The delegated act on data access clarifies the procedures for VLOPs and VLOSEs to share data with vetted researchers, including data formats and requirements for data documentation. Moreover, the delegated act sets out which information Digital Services Coordinators (DSCs), VLOPs and VLOSEs must make public to facilitate vetted researchers' applications to access relevant datasets.
With the adoption of the delegated act, the Commission will launch the DSA data access portal where researchers interested in accessing data under the new mechanism can find information and exchange with VLOPs, VLOSEs and DSCs on their data access applications.
Before accessing internal data, researchers must be vetted by a DSC.
For this vetting process, researchers must submit a data access application demonstrating their affiliation to a research organisation, their independence from commercial interests, and their ability to manage the requested data in line with security, confidentiality and privacy rules. In addition, researchers need to disclose the funding of the research project for which the data is requested and commit to publishing the results of their research. Only data that is necessary to perform research on systemic risks in the EU can be requested.
To complement the rules in the delegated act, on 27 June 2025 the Board of Digital Services endorsed a proposal for further cooperation among DSCs in the vetting process of researchers.
By introducing common tools to guide DSCs in the management of data access requests and operational deadlines to ensure each step of the process is carried out in appropriate timeframes, this framework will ensure consistent and predictable standards for researchers across the EU.
The rules outlined in the delegated act have been tested in the framework of a pilot project with several DSCs and researchers funded by European Research Council. The pilot project will continue in the next months with the testing of the DSA Portal, before the first researchers are vetted under the new regime as of October.
Today’s delegated act complements DSA rules that oblige VLOPs and VLOSEs to grant access to researchers to publicly available data on their platforms.
To perform research on systemic risks, non-vetted researchers, including from non-for-profit bodies and organisations, can already access public data available on the interfaces of VLOPs and VLOSEs without the need of the intermediation by a DSC. Together, these two provisions provide researchers with an unprecedented scrutiny power allowing them to effectively contribute to the monitoring of the online environment.
With its adoption, the delegated act enters the scrutiny period for the Parliament and Council, which will last for the next three months. The rules will enter into force at the end of this period, with the publication in the Official Journal. This is when the first researchers can be vetted.
Related content
Press release | 02 July 2025
Through an initiative under the Digital Services Act (DSA), the European Commission helps qualified researchers access internal data of very large online platforms (VLOPs) and search engines (VLOSEs) in the European Union.
Policy and legislation | 02 July 2025
The Commission has adopted a delegated act outlining rules granting access to data for qualified researchers under the Digital Services Act (DSA).