DSA and Advertising: What Does It Mean for Your Business ?

With the entry into force of the Digital Services Act (DSA) on 17 February 2024, online advertising in the European Union has entered a new regulatory era. Often presented as a content-moderation framework aimed at Big Tech, the DSA in fact profoundly reshapes the rules governing online advertising and adtech, with consequences extending far beyond the largest platforms.

Advertising is no longer treated as “just marketing”. Under the DSA, paid ads are considered regulated information disseminated to the public. This shift has concrete implications: advertising practices are now subject to transparency, accountability, and risk-management obligations, alongside existing consumer protection and data protection rules.

For businesses relying on online ads to reach customers, this represents a fundamental change in how campaigns are designed, displayed, and monitored.

Transparency is No Longer Optional

One of the most visible impacts of DSA advertising lies in its transparency requirements. Users must be able to clearly understand that content is advertising, who is behind the ad (the sponsor) and why they are seeing it (the main targeting criteria used).

In practice, this means that ads displayed on platforms such as Facebook, Instagram, Google, Amazon or TikTok must clearly indicate “Sponsored by […]” and explain key targeting parameters such as age, location, or interests. Opaque targeting and hidden sponsorships are no longer acceptable.

While the most extensive obligations apply to Very Large Online Platforms, transparency has become a regulatory standard for the entire advertising ecosystem. Any business displaying third-party ads, selling advertising space or participating in the ad dissemination chain must reassess where responsibility lies under DSA advertising rules.

Targeted Advertising: New Legal Red Lines

The DSA introduces clear prohibitions that apply independently from the GDPR. Indeed, targeted advertising based on sensitive personal data (political opinions, religion, sexual orientation, health data, etc.) is prohibited and profiling-based targeted advertising directed at minors is banned.

Crucially, GDPR compliance alone does not guarantee DSA compliance. Even where valid consent mechanisms are in place, advertising practices may still violate the DSA, particularly when standardised adtech tools or third-party targeting solutions are used.

Your Obligations as an Advertiser and the Real Risks

Many businesses still assume that the DSA only targets Big Tech, that advertising compliance is the platform’s responsibility, or that GDPR compliance is sufficient. These assumptions are increasingly risky.

Non-compliance with DSA advertising rules may lead to ads being blocked or removed without warning, advertising accounts being suspended, wasted advertising budgets, reputational damage, regulatory scrutiny, or even claims from competitors or consumer organisations.

In practice, DSA exposure depends on how advertising models are designed, how targeting operates, who controls dissemination, and how transparency is implemented. Seemingly minor technical or contractual choices can be enough to bring an activity within scope.

Adtech and Intermediaries: A Narrowing Grey Zone

Another often underestimated aspect of DSA advertising rules is that they may extend beyond traditional platforms and apply to certain actors within the adtech ecosystem. Certain ad networks, monetisation tools or intermediaries may qualify as “online platforms” if they host and disseminate ads to the public.

This raises complex questions for many actors: are they merely technical service providers, or do they exercise control over ad dissemination? The answer can determine whether DSA obligations apply. In practice, the line between being “out of scope” and fully subject to the DSA is becoming increasingly thin.