Mapping the Digital Services Act (DSA) Compliance Industry:
Private Actors, Public Stakes
By Ioan Paul Sipos
Company Overview
| Company Name | Country | Services Overview |
|---|---|---|
| ActiveFence | USA, Israel | ActiveFence provides automated operational tools and tailored data and threat analysis services to assist with DSA compliance. These include transparency reporting, flagging, appeals and notice processes, risk assessment and mitigation, crisis response cooperation, and protection of minors. |
| Besedo | Sweden | Besedo provides specific DSA compliance services to online platforms of all sizes, including support in adapting to regulatory developments, streamlining moderation processes, and implementing scalable moderation tools. Its website contains multiple resources on the Act, such as an executive summary, a compliance checklist, and a visual explainer. |
| Checkstep | UK | Checkstep offers AI content moderation and human services for edge cases. Their DSA Plugin provides automated transparency reporting, statement of reasons generation, and flagging tools tailored to compliance with DSA requirements. These requirements concern user rights, platform obligations, and obligations to report to or cooperate with mandatory interactions with third parties (such as law enforcement agencies, certified dispute resolution bodies, and the EU transparency database). Other resources include a DSA Compliance blog section and webinar series, DSA Readiness risk assessments, and mental health protection for moderators (through prior AI content screening and automatic blurring and greyscale of content). |
| Cinder | USA | Cinder provides a centralised trust and safety platform that aids in data management, moderation, and compliance operations. While they do not explicitly reference the DSA on their website, they have partnered with the Dublin-based Appeals Centre Europe, an out-of-court dispute settlement body. It is set to use Cinder as its case management system when reviewing cases, initially from Meta, TikTok, and YouTube. Cinder would thereby support these companies with their DSA Article 21 obligations. |
| Concentrix | USA | Concentrix provides various trust & safety services, including content moderation, platform integrity operations, AI support services, and live safety support. Most relevant are their legal and regulatory operations services, which, although not DSA-specific, help platforms verify content and operational compliance with evolving laws and regulations. In a past blog post on trust and safety predictions, they have referenced the DSA. While it's unclear if Concentrix will specifically adapt its services to EU digital regulations like the DSA, its inclusion in the database may still be of value for reference. |
| Cove | USA | Cove provides a DSA Compliance Toolkit that automates transparency reporting, tracks enforcement metrics, processes appeals, and generates automated statements of reasons to meet DSA obligations. Other services include a Moderator Console and automated rule enforcement through LLM-based AI Models. |
| GGWP | USA | GGWP provides DSA compliance services to online gaming platforms that contain social networking elements. It summarises DSA compliance as “adherence to content standards, transparency in approach, and stricter advertisement and user engagement rules”. Its services include detecting inappropriate user conduct across multiple channels, offering incident and player management tools, handling player reports and appeals, and generating detailed transparency reports. |
| Hive | USA | Hive offers a Policy Management tool, which allows platforms to define, manage, and apply moderation policies within their Moderation Dashboard. This tool comes with built-in DSA compliance features that follow the DSA Transparency database structure. Platforms can thus track and report actions directly to the DSA Transparency Database. |
| Kinzen | Ireland | Kinzen’s services for online platforms include detecting harmful content across multiple languages and formats, risk assessment, transparency reporting, and real-time monitoring, particularly during sensitive events such as elections. While not explicitly marketed as a DSA compliance tool, Kinzen helps platforms detect policy violations in audio, video, and text. In 2022, Kinzen was acquired by Spotify. Given the new parent company’s EU location and Kinzen’s contributions to analyses of the EU regulatory space, I included it in this list. |
| KPMG | UK | KPMG provides comprehensive DSA compliance services, including readiness assessments, systemic risk evaluations, and independent audits. They help platforms build DSA control frameworks, complaint-handling systems, crisis response mechanisms, and develop policies. They also provide tools like a DSA Audit criteria framework, a DSA Compliance Assessment tool for VLOPs and VLOSEs, and algorithm assurance methodologies. |
| Nisos | USA | Nisos provides trust and safety services to help online platforms comply with DSA requirements by proactively identifying illegal content, safeguarding elections through disinformation monitoring, limiting the abuse of targeted advertising, verifying third-party sellers to combat fraud, and assessing risks of platform misuse. |
| Risky Business Solutions | USA | Risky Business Solutions provides trust and safety services to support “digital customer safety, fraud prevention, regulatory compliance, information security, product policy, and digital rights.” Its policy development service includes content moderation and alignment with “industry best practices and global regulatory requirements”, which may include (albeit not explicitly) the DSA. |
| Spectrum Labs | USA | Spectrum Labs assists platforms of any size with multi-language DSA compliance services, including the detection of illegal content, automated workflow tools, localised enforcement for each EU country, and auditable trust and safety system management. In 2023, Spectrum Labs was acquired by ActiveFence. |
| TaskUs | USA | TaskUs provides a mix of DSA compliance tools that combine both human and AI inputs. They help businesses understand regulatory obligations, conduct risk assessments, and evaluate content moderation processes. TaskUs’s services include identifying compliance gaps, planning mitigation strategies, providing a flexible workforce worldwide, and testing pilot projects. |
| Tremau | France | Tremau provides various DSA-focused compliance tools, including impact and risk assessments, mitigation strategies, and regulatory support. They offer a “low code, compliant by design” automated moderation platform (Nima Light), which provides transparency reporting, automated EU statements of reasons, illegal content reporting through connection to illicit content flagging governmental platforms (Pharos in France, Perci at EU level), connection to out-of-court dispute bodies, and an analytics dashboard. Tremau also offers a DSA Database, which compiles and summarises evolving DSA-related data. |
| Trust Lab | USA | Trust Lab offers content moderation through its ModerateAI system, which combines automation with human judgment. While it does not provide dedicated DSA services, it offers quality and audit reporting that aims to identify policy violations and support compliance efforts. Trust Lab also shares DSA-related insights in the Digital Services Act category of its blog and is an Official Partner for EU & US disinformation practices, content regulation, and trend analysis. |
| Unveil | British Indian Ocean Territory / USA | Unveil helps businesses achieve compliance with the DSA through automated transparency reporting. It provides explicit guidelines for reporting requirements, uploads the relevant data, and organises the data points into a full transparency report. Besides the DSA, it also assists compliance with the UK Online Safety Bill and California AB 587. Their headquarters are not disclosed—while the website domain is in the British Indian Ocean Territory, both founders are based in the USA. |
| Videntifier | Iceland | Videntifier assists platforms in complying with new regulations, including the DSA. Its visual fingerprinting tool, Videntifier Nano, helps platforms identify harmful content, assess risks, and report on the vulnerability of their website to hosting harmful content. Videntifier also supports compliance with the UK Online Safety Bill and Article 17 of the EU Copyright Directive. |
| Yoti | UK | Yoti provides platforms with age checks, identity verification, digital ID, and facial age estimation services. While these are not specifically tailored to the DSA, in light of the act’s age-appropriate design and child protection requirements, Yoti markets itself as an age assurance provider for DSA compliance, inter alia. Nonetheless, their website contains more information on the UK Online Safety Bill, suggesting that it remains their main focus. |
Methodology
The companies in this database were selected according to the following criteria: (1) they are trust and safety or risk assessment services providers; (2) their main target businesses are large and very large online platforms; and (3) they market their services as tailored to DSA compliance.
To build this database, I created an initial sample of relevant companies based on information from industry experts. In the next step, I extracted more detailed data on potential companies from the following sources: a blog post by Tim Bernard on the trust and safety industry, the 2024 attendee lists for TrustCon 2024 and the Trust and Safety Festival 2024, and the Paladin Report. This market research yielded a list of 19 companies that provide DSA-tailored services to online platforms. Afterwards, I collected information about the specific services they offer from the website and other publications of each company.
Indeed, the degree to which these companies’ services are customised for DSA compliance varies—some focus primarily on the DSA, others include it among other regulatory frameworks with which they provide compliance services, whereas others only imply DSA Ccompliance services through general references to evolving trust and safety laws and regulations. Still, this list provides a useful starting point, notably for researchers, to better understand the market and develop further analyses. With that in mind, I highlight some noteworthy insights below.
Age Assurance
Both of the two experts contacted as part of this market research—one independent, one working with one of the companies on the list—recommended exploring age verification as a future avenue for the trust and safety industry.
While age assurance is not a significant goal of the DSA (it is only mentioned in Art. 35(1)(j) of the Act), regulatory pressure in this regard has come from interesting directions. Recently, Ireland has adopted its new Online Safety Code, which complements the DSA’s child safety and risk management requirements. It also serves to give effect to the Irish legislation transposing the EU’s Audiovisual Media Services Directive, which requires video-sharing platforms to implement measures to protect underage users from potentially harmful content. This code makes age assurance methods a primary regulatory requirement, defined as “a process used to restrict access to a service or to particular features or content of a service that involves estimating or verifying a user’s age.” It generally requires platforms which permit users to upload pornographic or violent content “to use an effective method of age assurance” to prevent children from being exposed to such content. While not an EU-wide regulation, this development is noteworthy since many tech giants have their European Union headquarters in Ireland, earning it the nickname “the EU tech bastion”. Such a law is likely to shape investment, platform policy, and technologies in the years to come.
The recent UK Technology and Trust and Safety backs up several of these points. The report highlighted two methods of age verification: “the use of physical or digital government identity documents” and “age estimation technologies”. It predicted that the importance of age assurance and verification “will increase in the future depending on how regulation is enforced”. As a result, it foresees that companies will increasingly invest in outsourced capabilities to meet these standards, with an expected “spike in investment for machine learning and AI solutions to combat generative AI”. While few companies in this database currently list age assurance as a primary offering, the growing regulatory emphasis suggests that this area may become a key focus for future DSA-related empirical research.
Market Concentration and Impartiality
Although the Paladin Report has identified 537 private companies providing Safety Tech services, and the Harmonic reports identified 222 trust and safety providers in the market, none of these lists have been disclosed. One of the independent experts consulted during research on this database also confirmed that these lists are not public. The reasons behind this remain unclear. At the same time, it is worth noting that in the audit industry, there is a significant degree of concentration of services around four companies that dominate the market—‘the Big 4’. As the compliance vendor industry is, in some regards, a product of the former and part of a broader “cottage industry” of compliance, similar trends may occur there. We are therefore wondering whether the limited disclosure of complete trust and safety provider market registries could create barriers for smaller T&S companies seeking to gain visibility, potentially leading to market concentration similar to the auditing industry.
On the topic of market concentration, another aspect to consider is the recent acquisitions. For instance, Spotify’s acquisition of Kinzen raises questions about platforms internalising compliance functions. Besides the potential for reduced accountability by big platforms engaging in this practice, this could also signal a trend where big platforms start offering compliance services to smaller companies through subsidiaries, leading to the latter’s dependence on the compliance systems of the largest companies. While this trend remains speculative, it could come with specific anticompetitive effects, such as market concentration, increased barriers to entry for small platforms, and a reduced capacity for small platforms to independently choose and govern their compliance systems. More importantly, this phenomenon could shape the nature of these services away from their initial regulatory goals.
A similar concern arises with the Appeals Centre Europe, with whom Cinder has recently partnered—“an out-of-court dispute settlement body set up under the EU's Digital Services Act and backed by Meta”. We wonder whether the nature of its financial backing may impact conflicts of interest in private arbitral outcomes. In a similar vein, Tremau’s recent funding to expand its Nima platform, sourced from private investment funds, highlights an important consideration. While all private companies rely on investment, for compliance providers that often play quasi-regulatory roles, maintaining clear neutrality is essential. If investment sources are tied to platform interests, questions may arise regarding potential conflicts of interest, particularly with respect to perceptions of impartiality in decision-making.
Geographical Distribution
Finally, we can’t help but notice the geographical distribution of these companies. In the Paladin Report, out of a sample of 193 Trust and Safety providers, 52% were found to be headquartered in the US, 25% in the EU, and 13% in the UK. The distribution of DSA compliance providers in our sample is not too dissimilar: out of a total of 19, 11 are based in the US (including one headquartered in both the US and Israel), 4 in the EU/EEA (one each in France, Iceland, Ireland, and Sweden), 3 in the UK, and one has an unclear location. The geographic concentration of this sample is thus in line with trends in the broader industry.
This also raises questions about the implications of a majority of DSA-specific compliance providers being based outside the EU. It remains to be seen—and could make the subject of further research—whether interpretations of DSA requirements by non-EU companies align consistently with European legal, social, or cultural contexts, as they might otherwise lead to certain epistemic imbalances in the law. Given the DSA’s relative ambiguity, there is a risk that third-country-based actors may interpret regulatory obligations in ways that skew in favour of industry priorities rather than the fundamental rights of EU users.
Conclusion
This database sought to chart the current private DSA compliance market and its relevant actors in light of the available data. The insights derived from it and its underlying research then aimed to provide a starting point for future research. New potential areas worthy of inquiry include age assurance technologies, market concentration trends, and the geographical distribution of actors—all of which might influence how DSA obligations for online platforms may be both interpreted and implemented moving forward.