Shortcomings of the first DSA Audits — and how to do better
By Daniel Holznagel
At the end of 2024, the first audit reports under the Digital Services Act were published. Most were produced by Big Four accounting firms — and were, in many ways, not very ambitious. This post collects impressions from digesting most (not all) of these reports, focusing on five structural shortcomings that severely limit their usefulness: from illegitimate audit gaps to auditors’ apparent reluctance to interpret the law or meaningfully assess systemic risks (especially around recommender systems). The post also highlights a few useful disclosures — including platform-defined compliance benchmarks — and outlines where auditors, regulators, and civil society should push for improvements in future rounds.