The European Board for Digital Services, in collaboration with the European Commission, has released its second annual report addressing the systemic risks posed by very large online platforms and search engines (VLOPs and VLOSEs). This regulatory effort, mandated by the Digital Services Act (DSA), serves as a critical framework for identifying the dangers inherent in modern digital ecosystems and establishing best practices for their mitigation. By requiring platforms to implement measures that are reasonable, proportionate, and tailored to specific risks, the EU aims to foster a safer online environment. For the second consecutive year, Fundación Maldita.es has provided essential investigative evidence and expertise to help shape the report, which documents the complex digital landscape between February 2025 and February 2026.
A primary concern highlighted in the report, and deeply analyzed by Fundación Maldita.es, is the destabilizing influence of generative artificial intelligence (AI). As these technologies become more accessible, they are being leveraged to automate and scale coordinated disinformation campaigns, making fallacious content increasingly indistinguishable from verifiable news. Beyond political manipulation, the report underscores grave concerns regarding the safety of minors. The proliferation of AI-generated content includes the creation of hyper-realistic videos that sexualize children, posing a severe societal threat. Alongside these AI-driven challenges, the report confirms that large platforms like Facebook and TikTok continue to struggle with the persistent presence of illegal content that evades existing moderation safeguards.
The report also examines the underlying economic drivers that exacerbate these systemic risks. Fundación Maldita.es pointed to the perverse financial incentives embedded within creator programs and subscription models, which frequently reward engagement over the quality or legality of content. This creates a feedback loop where harmful material is promoted because it generates clicks and ad revenue. Furthermore, recommendation algorithms—the engines that power user feeds—are found to amplify disinformation and harmful imagery, a phenomenon clearly observed during the recent DANA floods. When these algorithmic systems are paired with sophisticated advertising tools, platforms can effectively monetize the spread of content by targeting it at susceptible audiences, all while maintaining a facade of profit-driven efficiency.
A significant hurdle identified in the report is the persistent inconsistency in content moderation practices. Despite increased regulatory oversight, the gap between reporting an issue and its subsequent removal remains wide, allowing malicious content to proliferate and cause tangible damage before action is taken. Addressing this requires more than just reactive policies; it requires a systemic shift in how platforms evaluate accuracy. The report emphasizes the role of context-setting tools, noting that placing verified information or fact-checks adjacent to misleading posts is a highly effective way to curb the spread of disinformation. By evaluating existing collaborations with fact-checking organizations and tools like “Community Notes,” researchers are working to define how best to mitigate harm through transparency.
The report also draws attention to the limitations of individual platform compliance, noting that systemic risks do not respect corporate boundaries. Because disinformation campaigns are often cross-platform by design, a vulnerability on one service essentially compromises the entire digital ecosystem. A specific issue highlighted is the lack of interoperability between platforms: AI-generated labels attached to content on one service often vanish if that file is downloaded and re-uploaded elsewhere. This creates a “leaky” moderation environment where users are constantly exposed to unvetted information that has been stripped of its verified context, highlighting a need for standardized, cross-platform security protocols.
Finally, the analysis serves as a sobering reminder that the digital safety problem extends beyond the largest players officially designated as VLOPs. The report cautions that digital risks are interconnected; platforms that do not currently fall under the strictest regulatory categories still exert influence on the broader online environment. As digital regulators and organizations like Fundación Maldita.es continue their work, the focus remains on closing these regulatory loopholes. The second annual report stands as a foundational document in the ongoing effort to force the tech industry to prioritize civic responsibility over unchecked expansion, ensuring that the next cycle of the DSA is even more robust in protecting European citizens.

