Since 29 October 2025, ‘vetted researchers’ can request unprecedented access to data from Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) under the Digital Services Act to research systemic risks in the online world.
On average, we spend about 6 hours and 30 minutes online every day. It’s clear, therefore, that the virtual world is a fundamental informational, entertainment, and socialisation space. As such, just like in the offline world, it is crucial to limit the spread of illegal content, to protect children and to ensure that fundamental rights of all users are respected and protected online. This presents a political and legal challenge that the European Commission has been addressing for years.
The Digital Services Act (DSA) applies to online intermediaries and platforms, establishing different levels of obligations based on their size, role and impact. For Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) – those with more than 45 million monthly active users in the EU – the Act establishes the strictest obligations.
Previously, researchers studying the online ecosystem largely depended on the information that platforms voluntarily chose to share. So far, non-public data has largely remained hidden despite being a critical piece of the picture, contributing to the opacity of these platforms and their systems to the public and to regulators.
This is where the European Commission’s Delegated Act on Data Access, under the Digital Services Act, brings better clarity by granting researchers access for the first time, to internal non-public data from VLOPs and VLOSEs.
“Creating a safer online environment starts with studying the risks. With the Digital Services Act rules, independent researchers will now be able to study new data from online platforms. Understanding the potential risks that online platforms can have on their users is another step in ensuring platforms’ accountability.”
Henna Virkkunen, Executive Vice President for Technological Sovereignty, Security and Democracy
The Delegated Act, which entered into force on 29 October 2025, clarifies the procedures leading to the sharing of data by VLOPs and VLOSEs with researchers following their accreditation by Digital Services Coordinators (DSCs), the national authorities implementing the DSA together with the European Commission.
To obtain the ‘vetted’ status, researchers must notably demonstrate their independence from commercial interests, disclose their research funding, and comply with applicable data security and confidentiality requirements. To be eligible, research projects must study systemic risks in the Union and their mitigation. Systemic risks include the spread of illegal content, intentional manipulation of the services and negative effects on physical and mental health.
Researchers can now submit their data access applications via a dedicated portal, where they can also find information about the access process.