The EU Digital Services Act (DSA) has introduced a new set of legal obligations for online service providers, including many companies based outside the EU. Whether you run a SaaS platform, e-commerce site, hosting service, or marketplace, if you have EU users, you’re likely subject to DSA rules.
Yet many non-EU businesses are still unclear on their obligations or assume they can delay compliance.
At Kanto, we help international businesses stay compliant under the DSA without overcomplicating their operations. Below are the top 5 mistakes we see, and how to avoid them.
Ignoring the need for a legal representative
Under Article 13 of the DSA, non-EU companies that offer services to EU users must appoint a legal representative within the EU. This representative acts as your official contact point for authorities and users.
Why this matters: without a legal representative, your business:
- Is not compliant with the DSA
- May face penalties of up to 6% of annual global turnover
- Cannot respond properly to content or user-related investigations
Appoint a qualified DSA legal representative to act on your behalf across all EU member states.
Assuming the DSA doesn’t apply without an EU office
Many non-EU companies mistakenly believe that no physical presence in the EU means no legal exposure.
However, if your service is accessible to EU users, or if you target the EU market through language, currency, advertising, or shipping, you’re likely within the DSA’s scope.
Treating the DSA like GDPR
The GDPR focuses on personal data. The DSA, on the other hand, sets rules for how digital services operate — including content moderation, transparency of algorithms, and user safety. These are two very different laws and confusing them can lead to serious compliance gaps.
Some businesses assume that being GDPR-compliant means they’re also covered under the DSA — but that’s not true. Importantly, having a GDPR representative does not meet the DSA’s requirements. If your company is based outside the EU but offers services to EU users, the DSA requires you to appoint a separate legal representative specifically for DSA compliance.
Waiting until a regulator contacts you
Some businesses wait until they receive a complaint or formal notice from an EU authority before acting. This reactive approach is risky:
- By then, you may already be in violation
- You may miss your opportunity to resolve issues voluntarily
- Authorities take non-response or lack of representation very seriously
Proactively appoint a legal representative, establish content policies, and monitor EU user interactions.
Stay ahead of DSA obligations
Avoiding these common mistakes is the first step. Ensuring compliance with the DSA can protect your business from enforcement, preserve EU market access, and build trust with users. Book a free consultation with our team now.
Image by macrovector_official on Freepik
