HomeAnalyticsAlertsDigital Services Regulation in Greece: New Requirements for Technology Companies

Digital Services Regulation in Greece: New Requirements for Technology Companies

Greece has moved to fully operationalise the EU Digital Services Act regime through dedicated national implementing legislation. The Εθνική Επιτροπή Τηλεπικοινωνιών και Ταχυδρομείων (Greek Telecommunications and Post Commission, known as EETT) has been formally designated as the national Digital Services Coordinator. Technology companies operating in or targeting Greek users now face a defined set of obligations under digital services legislation – with enforcement authority and financial penalties active from early 2026.

Digital services regulation in Greece imposes compliance obligations on online platforms, intermediary service providers, and technology companies directing services at Greek users. The primary legislation is Greece's national transposition of the EU Digital Services Act framework, with EETT serving as the designated national coordinator. Companies must complete initial compliance mapping and appoint a legal representative in Greece no later than the compliance deadline set for the first quarter of 2026.

This alert outlines what has changed, which business categories are affected, and the immediate actions international companies should take.

What changed and when it took effect

Greece enacted national legislation to implement and supplement the EU Digital Services Act at the close of 2025. The law designates EETT as the competent Digital Services Coordinator. It grants EETT investigative powers, the authority to order interim measures, and the ability to impose administrative fines. Enforcement became operational on 1 February 2026.

The legislation applies the EU-level obligations in full. It adds Greek-specific procedural requirements on top. These include mandatory registration of out-of-country providers with EETT, local-language transparency reporting, and defined channels for receiving Greek users' complaints. Algorithmic accountability obligations now require documented risk assessments for recommender systems targeting Greek audiences. Software liability rules under the broader EU product liability regime also intersect with these requirements for companies distributing software services in Greece.

Companies already compliant at EU level should not assume full compliance in Greece. The national layer introduces additional procedural steps. Missing them creates direct enforcement exposure before EETT – even where EU-level obligations are otherwise met.

Who is affected: threshold criteria and business categories

The obligations apply in tiers. The tier a company falls into determines the depth and urgency of required compliance action.

All intermediary service providers – including hosting services, cloud infrastructure providers, app stores, and online marketplaces – that offer services to users located in Greece are subject to the baseline requirements. There is no Greek-establishment threshold. Offering services to Greek users is sufficient to trigger obligations.

Online platforms beyond a defined monthly active user threshold face enhanced obligations. These include publication of annual transparency reports in Greek, deployment of accessible complaints-handling mechanisms, and cooperation with EETT audits. Platforms using algorithmic ranking or content moderation systems must maintain documented assessments of systemic risks to Greek users. This covers AI Act compliance considerations for systems that influence information access or purchasing decisions.

Very large online platforms and very large online search engines – those exceeding the EU-level threshold of 45 million monthly active users in the EU – remain subject to direct European Commission supervision. However, EETT retains authority to investigate their compliance with Greek procedural requirements and to receive complaints from Greek users.

Technology licensing and software distribution businesses operating in Greece face additional exposure. Where a licensed digital service involves an algorithmic decision-making component, Greek digital services legislation now expects documented human-oversight mechanisms. This intersects with the EU AI Act's risk-classification regime for AI-enabled software products.

The compliance deadline for completing initial registration, appointing a legal representative, and submitting baseline documentation to EETT is 31 March 2026.

For a tailored assessment of how these obligations apply to your business in Greece, contact us at info@ferrazwhitmore.com.

Immediate actions for international companies

International technology companies serving Greek users should take the following steps before the March 2026 deadline.

  • Classify your service tier. Determine whether your business falls under the baseline intermediary category, the enhanced online platform tier, or the very-large-platform regime. This classification drives the scope of your Greek compliance obligations.
  • Appoint a Greek legal representative. Non-EU companies without an establishment in Greece must designate a legal representative authorised to deal with EETT. This representative receives formal notices and is the point of contact for enforcement proceedings.
  • Register with EETT. Submit the required provider registration to EETT. Registration requires identification of your service category, contact details of your legal representative, and a summary of your content moderation or complaint-handling process.
  • Audit algorithmic accountability documentation. If your platform uses recommender systems, ranking algorithms, or AI-driven content moderation, prepare a documented risk assessment. EETT may request this on short notice as part of an audit or investigation.
  • Review technology licensing arrangements. Where your business operates through technology licensing structures in Greece, review whether the licensed software or platform involves algorithmic decision-making. If so, human-oversight documentation is now expected under digital services and AI Act compliance obligations.

Companies that operate across multiple EU jurisdictions should also review our analysis of digital services developments in Portugal, where comparable national implementation measures have been adopted. The Greek and Portuguese regimes share structural features but diverge on enforcement timelines and procedural requirements.

For intellectual property considerations arising from your technology operations in Greece – including software protection and licensing structures – see our overview of intellectual property law in Greece.

About Ferraz & Whitmore

Ferraz & Whitmore is an international law firm based in Lisbon, advising technology businesses, digital platforms, and institutional investors across 46 jurisdictions. Our AI and technology law practice supports clients on digital services regulation, AI Act compliance, algorithmic accountability frameworks, software liability, and technology licensing across both EU civil law and English common law systems. Engaging a lawyer in Greece with cross-border digital regulatory experience is essential where EU-level compliance and national procedural requirements diverge. As an international law firm in Greece and across Europe, we help technology companies build defensible compliance structures from registration through audit response. To discuss how Greece's digital services regime applies to your business, contact us at info@ferrazwhitmore.com.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.