By segment · Marketplaces

Marketplaces built for the DSA era.

A working notice-and-action endpoint. Statement-of-Reasons filings on every moderation call. Trader verification (KYB) for every seller. Annual transparency reports Brussels actually accepts. Plus the GPSR responsible-person line on every physical-goods listing. We run the Trust & Safety backbone while you run the marketplace.

Book a demo See the obligations
What the DSA asks of you

Six obligations, one platform.

The DSA creates distinct duties for hosting services, online platforms, and marketplaces. Here's the marketplace-specific set — every one of which we operate as a service.

DSA Art. 13 Always · Day 0

Named EU legal representative

Every non-EU platform providing services to EU users must designate a single point of contact for authorities, in writing, with a public address. First item any DSC will ask about.

Fix with DSA Representative
DSA Art. 16 Always · Day 0

Notice-and-action endpoint

A public, working URL where anyone can notify illegal content. Every notice must be acknowledged, reviewed, and responded to — timely, in writing, with reasoning.

Fix with Hosted notice endpoint
DSA Art. 17 Every moderation call

Statement of Reasons · per decision

Every time you take down a listing, demote, suspend a seller, or restrict a user — you owe them a written Statement of Reasons. It also gets filed in the public EU SoR database.

Fix with DSA Representative + SoR filings
DSA Art. 30–32 Marketplaces only

Trader verification (KYB)

Collect and verify identity, business, and contact information for every trader before they list. Maintain a public trader transparency page. Notify buyers if a trader is found non-compliant.

Fix with Trader verification service
DSA Art. 15 / 24 Annual · biannual for VLOPs

Transparency report

Published report covering volumes of notices, orders received, moderation actions, automated tools, average response times, trusted flagger activity. We draft, you review, it publishes.

Fix with Transparency reporting service
GPSR Art. 16 If physical goods

Responsible-person line on every listing

Physical-goods marketplaces (Amazon-shape, eBay-shape) need an EU responsible person named on the listing — per regulation, with working contact details. Triggers delisting if missing.

Fix with GPSR Representative
The notice lifecycle

Notice in. SoR out.

Every Art. 16 notice follows the same lifecycle. We operate it. Your moderation team makes the calls; we handle the legal artefacts and public filings on either side.

T + 0
Notice received

Submitted via your hosted Art. 16 endpoint. Timestamped, categorised, acknowledgement sent to the notifier within 24 hours.

Endpoint
T + 1d
Triage & routing

Spam / obvious-abuse filtered. Valid notices routed to your moderation queue with supporting context, precedent, and deadline attached.

Triage
T + 2–7d
Moderation decision

Your team makes the call (leave, remove, demote, restrict, age-gate, geo-block). We draft the rationale in Art. 17 SoR format with your input.

Your T&S team
T + 2h
SoR filed with the Commission

Statement of Reasons published to the EU transparency database within 2 hours of decision. Parties informed in writing with clear internal-appeal and ODR instructions.

SoR DB
Quarterly
Metrics rolled into transparency

Every notice / decision feeds your Art. 15 transparency report, pre-aggregated and ready to publish at the half-year mark.

Transparency

The endpoint is the public interface. We host it as /dsa/notice on your domain so it looks native. The form accepts the information Art. 16 requires — identifying the notifier, the content, the legal basis. Nothing more, nothing less.

You make the moderation call. We don't decide whether a listing stays up or comes down — that's your judgement, your platform, your policy. What we operate is the legal packaging: the triage queue that surfaces the right notices, the Art. 17 format for the written rationale, the 2-hour filing window to the SoR database.

The transparency report writes itself. Every notice, every decision, every response time feeds a live transparency dashboard. When the Art. 15 deadline lands, we export the report — 30+ metrics, year-on-year comparison, Commission-format ready — and you publish it on your trust centre the same day.

The marketplace stack

Everything your marketplace needs.

DSA is the core. GDPR applies to every platform. GPSR is required if you host physical-goods listings. One bundle, one invoice — no hourly law firm on Trust & Safety retainer.

Core · Required

DSA Representative

Article 13 rep · hosted notice endpoint · Statement-of-Reasons filings · annual transparency report.

From$499 / mo
 Core · Required

GDPR Representative

Article 27 rep. Traders, buyers, sellers, reviewers, sub-processors — your DSR traffic is higher than a SaaS.

Flat$127 / mo
 Required at launch

Privacy Center

Hosted trust hub · DSR inbox · sub-processor list · versioned policies. Usually co-located with your notice endpoint.

Starts atFree
 Soon Physical goods

GPSR Representative

Article 16 responsible person on every physical-goods listing. Triggers marketplace-level delisting if missing.

From$299 / mo
 Often required

Data Protection Officer

Marketplaces at scale almost always cross the "large-scale systematic monitoring" threshold that makes a DPO mandatory.

CustomEngaged
 If classified

NIS 2 Representative

Online marketplaces are listed in Annex II, so NIS 2 may apply depending on headcount and turnover. We'll check on the call.

From$599 / mo
Common questions

What marketplace founders ask us first.

We're not a VLOP — does the DSA still apply?

Yes. The DSA applies to any hosting service providing services to EU users, from day one. VLOP / VLOSE thresholds (45M MAUs) trigger additional obligations — risk assessments, crisis protocols, external audits. But the Art. 13 representative, notice-and-action endpoint, and Statement-of-Reasons obligations apply to everyone regardless of size.

Do we need to expose a public notice endpoint if we have a support form?

Yes — Art. 16 specifically requires a mechanism for anyone, including non-users, to notify illegal content. A logged-in support form doesn't satisfy it. We host a dedicated endpoint on your domain that accepts the Art. 16 elements in a legally-compliant structure.

How does trader verification work in practice?

Before a new trader lists, they submit identity, VAT / business registration, and contact details. We verify against the official business registers (per country) and run sanctions screening. High-risk traders get a manual review step. Every verified trader appears on your Art. 31 public trader transparency page.

What about the Statement of Reasons — is that public?

Yes, it is. Every SoR is published to the EU's central DSA Transparency Database (within 2 hours of the decision for most cases). Parties also get a private, detailed SoR. The public DB version is redacted — decision, reason, legal basis — but the direct version is the one the user or trader sees.

Our moderation policies are proprietary. Do we have to publish them?

The policies themselves — yes, in plain language, in your T&Cs. The specific enforcement thresholds, automated classifier weights, internal playbook — no. Art. 14 asks for "clear, unambiguous, intelligible" T&Cs plus information about moderation practices. Our drafts walk the line carefully.

What's the cost difference between Intermediary and Platform tier?

Intermediary ($499/mo) covers classic hosting: Art. 13 rep + basic notice endpoint + annual transparency. Platform ($1,499/mo) adds trader KYB, SoR filings at scale, higher-volume notice SLA, and H1 + H2 transparency. Most marketplaces want Platform tier — Intermediary fits simpler hosting services.

Trust & Safety, operated.

30-minute discovery call. We'll map your marketplace shape, classify your DSA tier, and scope the Trust & Safety stack in writing.

Book a discovery call DSA Representative →