Denmark's implementation of the EU Digital Services Act (DSA) framework has entered a critical enforcement phase. Danish authorities have activated domestic compliance mechanisms that apply directly to technology companies operating within or targeting Danish users. Companies that treat Denmark as a secondary market – rather than a primary compliance destination – now face material regulatory exposure. The window for orderly preparation is narrowing.
Denmark's digital services regulation imposes layered obligations on technology companies under EU digital services legislation and domestic enforcement rules administered by Konkurrence- og Forbrugerstyrelsen (the Danish Competition and Consumer Authority). Affected businesses must complete internal compliance reviews and implement required operational changes. The primary deadline for full compliance with ongoing transparency and algorithmic accountability obligations applies to all in-scope providers operating in the Danish market.
This alert sets out which business categories are affected, the threshold criteria that determine scope, the compliance deadline, and five immediate actions required for international companies.
What changed and when it takes effect
The regulatory shift in Denmark operates on two levels. At the EU level, digital services legislation has been directly applicable since early 2024 for very large online platforms. For all other in-scope providers, full application across EU member states – including Denmark – followed shortly after.
At the domestic level, Denmark has designated Konkurrence- og Forbrugerstyrelsen (the Danish Competition and Consumer Authority, hereafter the DCCA) as the national Digital Services Coordinator. The DCCA now holds active enforcement powers. It can investigate, impose interim measures, and levy fines. This is not a transitional or grace-period regime. Enforcement is live.
The regulatory change consolidates obligations across three areas. First, algorithmic accountability: recommendation systems must be documented, and users must be offered at least one option not based on profiling. Second, transparency reporting: providers must publish periodic transparency reports covering content moderation decisions and advertising data. Third, software liability and terms of service: terms must meet plain-language and accessibility requirements under Danish consumer protection legislation and EU digital services legislation.
For AI-driven services, the interaction with EU AI Act compliance requirements creates an additional layer. Systems that qualify as high-risk AI under EU AI regulation face concurrent obligations. Denmark has confirmed that the DCCA and the national AI supervisory body will coordinate enforcement. Technology companies deploying AI-powered recommendation, moderation, or personalisation tools must therefore assess obligations under both regimes simultaneously.
Technology licensing arrangements are also affected. Where a Danish business licenses software from a foreign provider, the foreign provider may itself fall within scope if the software constitutes an intermediary service used in Denmark. Technology licensing contracts entered before 2024 should be reviewed for compatibility with the new regime.
Who is affected and what the threshold criteria require
The scope of Denmark's digital services regulatory regime covers intermediary services with a presence in or directed at the Danish market. Four categories of provider are directly in scope.
- Online platforms that enable users to share or access content, goods, or services – including marketplaces, app stores, social networks, and content-sharing platforms
- Online search engines accessible to Danish users
- Hosting service providers storing and transmitting user-generated content
- Mere conduit and caching service providers operating in Danish network infrastructure
The threshold that determines the intensity of obligations is user volume. Providers with very large user bases – meeting the EU-level threshold – carry the heaviest burden, including mandatory risk assessments, independent audits, and data access obligations for vetted researchers. Providers below this threshold still face baseline obligations: terms of service compliance, notice-and-action mechanisms for illegal content, transparency reports, and single-point-of-contact requirements.
International companies are not exempt because they are incorporated outside Denmark. The test is whether the service is directed at Danish users. A platform available in Danish, priced in Danish krone, or specifically marketed to Danish consumers will be treated as operating in Denmark. This extraterritorial reach is consistent with Denmark's implementation of EU digital services legislation and mirrors the approach taken in comparable Nordic jurisdictions.
For AI-powered services, the combined effect of digital services legislation and EU AI Act compliance rules means that any recommendation engine, automated content moderation tool. Alternatively. Personalisation system requires both algorithmic accountability documentation and. where the system qualifies as high-risk – a full conformity assessment.
To receive an expert assessment of your company's exposure under Denmark's digital services regulatory regime, contact us at info@ferrazwhitmore.com.
Immediate actions for international companies
Five actions should be prioritised now. Delay increases both the cost of remediation and the risk of DCCA investigation.
1. Conduct a scope determination. Establish whether your service qualifies as an intermediary service under digital services legislation. This requires mapping every product that enables users to store, share, or access content. Services that appear purely internal – such as B2B software platforms – may still fall within scope if they enable third-party content. Engage technology licensing counsel to assess contracts where scope is ambiguous.
2. Appoint a legal representative in the EU. Providers established outside the EU that offer digital services to Danish users must designate an EU legal representative. This representative is the formal contact point for the DCCA and can receive official communications. Failure to appoint one is itself an infringement.
3. Audit recommendation and moderation systems. Document every algorithmic system used to rank, recommend, or moderate content for Danish users. Prepare the technical and operational documentation required under the algorithmic accountability rules. If the system also qualifies as high-risk AI, initiate the EU AI Act compliance assessment in parallel. For guidance on AI-specific obligations in Denmark, see our AI and technology law services in Denmark.
4. Review terms of service and notice-and-action procedures. Terms of service must be written in plain language. Must identify the DCCA as the competent authority. Additionally, must describe the notice-and-action mechanism available to users reporting illegal content. Terms that predate the current regulatory regime almost certainly require revision. Intellectual property clauses in platform terms also interact with Denmark's digital services rules – businesses with IP-heavy content should review these alongside their intellectual property position in Denmark.
5. Prepare the first transparency report. All in-scope providers must publish periodic transparency reports. The report must cover content moderation decisions, the use of automated tools in moderation, and advertising data. For providers publishing their first report, the DCCA has indicated it will prioritise completeness and good-faith effort. Beginning the data collection process now – rather than at the reporting deadline – is the practical approach.
Companies that have already completed DSA compliance work in other EU jurisdictions should not assume that Danish implementation is identical. Denmark has adopted specific procedural rules and enforcement priorities. A gap analysis against the Danish domestic regime is a distinct step, not a duplication of prior work. For context on how a comparable EU jurisdiction has approached implementation, the alert on digital services regulation in Portugal provides a useful reference point.
About Ferraz & Whitmore
Ferraz & Whitmore is an international law firm based in Lisbon, advising technology companies, digital platforms, and institutional investors across 46 jurisdictions. Our AI and technology law practice combines deep knowledge of EU digital services legislation and EU AI Act compliance requirements with direct experience of national implementation in Denmark, Portugal, Germany, and other EU member states. We advise on algorithmic accountability documentation, technology licensing reviews, software liability exposure, and regulatory mapping for cross-border digital businesses. As a law firm working with technology clients in Denmark and across Europe, our team includes practitioners with experience before both domestic regulators and EU supervisory bodies. To discuss your company's position under Denmark's digital services regulatory regime, contact us at info@ferrazwhitmore.com.
Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.