The EU Digital Services Act (DSA) introduces new rules for online platforms and services aimed at creating a safer, more transparent digital space across the European Union (EU). But if your business is based outside the EU, you may be underestimating your legal exposure. In this article, we unpack the most common myths, and what you actually need to know.
#1: We don’t have a physical presence in the EU, so the DSA doesn’t apply
Reality: the DSA applies extraterritorially. If your platform, service, or marketplace targets users in the EU, and falls within the DSA’s scope, the rules apply to you, no matter where your business is based. That means even if your entire operation is outside the EU, you’re still on the hook. This includes, but it is not limited to:
- Accepting EU users
- Allowing access in the EU
- Displaying content in EU languages
- Enabling EU-based payments or shipping
Under Article 13 of the DSA, non-EU businesses must appoint a legal representative in the EU if they reach a significant number of EU users.
#2: Only very large platforms are affected
Reality: while Very Large Online Platforms and Search Engines face extra obligations, the core DSA rules apply to a wide range of services, including:
- Hosting services
- Online marketplaces
- Cloud platforms
- App stores
- SaaS providers
Even a moderately-sized SaaS platform or marketplace with a few thousand EU users may fall under DSA obligations like notice & takedown, complaint handling, and transparency reporting, if they offer services in the EU.
#3: We’ll just block EU traffic to avoid compliance
Reality: this might seem like a simple workaround, but in most cases, it doesn’t hold up, legally or practically. Geo-blocking EU users can severely limit your market reach and may still not protect you from regulatory oversight. You could still fall under the DSA if:
- EU users access your platform via VPNs or proxies, complete purchases, or engage with your services despite geo-blocking
- Your marketing or partnerships target EU audiences
- You collect or process data of EU users indirectly
Instead of a fragile workaround, it’s smarter to build minimal compliance with expert help without disrupting your core operations.
#4: We’re too small to be noticed by regulators
Reality: the EU is increasingly enforcing digital laws against non-EU companies of all sizes.
Recent years have shown:
- Startups, app developers, and small e-commerce players being fined or investigated under GDPR and other frameworks
- Increased focus on protecting minors, algorithmic transparency, and content moderation and especially on user-facing platforms
Being small is not immunity. If you operate in the EU digital space, you’re expected to comply.
#5: DSA compliance means expensive overhauls and legal teams
Reality: you don’t need to restructure your business or build an in-house legal department.
With the right partner, you can:
- Appoint an EU legal representative at a fixed fee
- Receive tailored guidance based on your risk profile
- Build lean compliance procedures (e.g. notices, transparency logs) that scale with your business
We help businesses meet their DSA obligations without added complexity or disruption. Book a free consultation with our team to get started.
Image by macrovector_official on Freepik
