CDT Europe has released a joint statement alongside a coalition of civil society organizations urging Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) to disclose comprehensive information about their risk assessment and auditing processes as required under the Digital Services Act (DSA).

The statement highlights the importance of transparency in enabling external stakeholders, such as civil society groups, researchers, journalists, and affected individuals, to scrutinize these assessments. The coalition argues that transparency ensures these processes are more than just formalities. It also explains how risk assessments may have influenced the design and development of services by VLOPs and VLOSEs.

According to Article 42(4) of the DSA, VLOPs and VLOSEs must provide extensive documentation on their risk assessment and auditing process. This includes a report on risk assessment results, specific mitigation measures implemented, and audit documentation. Although the DSA does not explicitly require full publication of the entire risk assessment, Recital 100 emphasizes detailed reporting due to heightened risks associated with these platforms.

The joint statement calls for VLOPs and VLOSEs to release all relevant information so stakeholders can evaluate identified risks and corresponding mitigation measures accurately. This transparency would allow for identifying potential gaps or unaddressed risks while ensuring that mitigation measures uphold fundamental rights.

The coalition outlines specific expectations for minimum information disclosure by VLOPs and VLOSEs regarding risk assessments. This includes detailed methodologies, mapping descriptions of assessed services, identified risks with explanations for prioritization decisions, actions taken following assessments, internal departments involved in assessments, consultations with external stakeholders, and plans for future changes in assessment processes.

For audit reports, the coalition expects publication of complete or partial audit reports related to evaluated risks and mitigation measures along with recommendations. The statement stresses that auditors should ensure third parties can understand findings without prior knowledge of the audit through complete descriptions as specified in Recitals 19-36 of the delegated act on audits.

Signatories to this statement include Access Now; Algorithm Watch; ARTICLE 19; Centre for Democracy & Technology Europe; Civil Liberties Union for Europe; Das NETTZ; Eticas Foundation; European Centre for Not-for-Profit Law; European Partnership for Democracy; Future of Free Speech; Global Disinformation Index; Global Witness; Institute for Strategic Dialogue (ISD); International Media Support; Mnemonic; Panoptykon Foundation; People vs Big Tech.