error
Subscriptions are not available for this site while you are logged into your current account.
close
Skip to main content

      As platforms approach Very Large Online Platform (VLOP) thresholds, the window to prepare is narrowing rapidly. Once designated, organisations have just four months to comply with significantly expanded and complex regulatory requirements

      The challenge is not just compliance; it is demonstrating compliance under real-time regulatory scrutiny.

      Download Emerging VLOPs

      Emerging VLOPs: Minimum viable readiness for DSA compliance

      (PDF, 1.7MB)
      Download Emerging VLOPs

      Why this matters now

      Regulatory expectations have shifted from policy-based compliance to evidence-based execution.

      • The European Commission has already issued 64 Requests for Information across major platforms
      • Formal proceedings have been opened against 11 platforms
      • Non-compliance can result in fines of up to 6% of global annual turnover
      • Organisations are now expected to demonstrate that their controls, governance and risk frameworks are operating effectively, not just designed.

      What “minimum viable readiness” looks like

      Build a minimum viable regulatory framework early, then refine and scale.

      In practice, this means:

      • A defensible operating model that can withstand regulatory scrutiny
      • Clear accountability across compliance, risk and leadership
      • Evidence of effective controls, not just policies
      • Data-driven risk assessment methodologies
      • Governance structures that enable regulatory oversight

      Key areas to prioritise

      Emerging VLOPs should focus on getting the following right:

      • Systemic Risk Assessments (SRAs) – robust, evidence-based and repeatable
      • Independent Compliance Function – with clear reporting to the Board
      • Crisis Response & Readiness – tested and operational
      • Transparency & Reporting – consistent, accurate and audit-ready
      • Assurance & Remediation – continuous improvement and oversight
      • Regulatory Engagement – readiness for direct European Commission supervision

      How KPMG can help

      Our team has deep technical expertise across all DSA related areas, including:

      • Readiness & Assurance
      • Control Design & Documentation
      • Implementation of key processes
      • Regulatory Engagement & Reporting

      In addition, our DSA services are powered by accelerators to ensure an efficient process.

      These include

      • A DSA Compliance Assessment tool, developed and used for DSA compliance projects at other VLOPs / VLOSEs;
      • A global better practice DSA Audit criteria framework;
      • Compliance function framework and operating model
      • SRA report templates and Assessment Methodology

      We also leverage proprietary tools and frameworks to accelerate delivery and ensure a structured, efficient approach.

      Navigating EU and Irish digital safety, governance and compliance
      Explore our services

      Start building your readiness today

      Early preparation is critical. Organisations that act now will be better positioned to manage risk, meet regulatory expectations, and scale with confidence.

      Shane Garahy
      Shane Garahy

      Partner, Risk Consulting

      KPMG in Ireland

      Patrick Farrell
      Patrick Farrell

      Partner, Head of Advisory Markets

      KPMG in Ireland

      Hermes Peraza
      Hermes Peraza

      Director

      KPMG in Ireland

      Tom Hyland
      Tom Hyland

      Director

      KPMG in Ireland

      Discover more in Technology

      Something went wrong

      Oops!! Something went wrong, please try again

      Technology, Media & Telcos

      Solving challenges from scaling AI and modernising digital platforms to securing your infrastructure and unlocking new revenue models

      Explore our services
      City at night with network map overlaid