Vous souhaitez déposer une plainte contre une institution ou un organe de l’Union européenne ?
- EN English
The European Commission's refusal to give public access to the risk assessment report of a large social media company on its compliance with the provisions of the Digital Services Act
Affaire 1746/2024/MIG - Ouvert le Vendredi | 27 septembre 2024 - Recommandation le Lundi | 11 mai 2026 - Décision le Jeudi | 07 mai 2026 - Institution concernée Commission européenne ( Mauvaise administration constatée ) - Pays Autriche
Plainte introduite
19/09/2024Analyse de la plainte
20/09/2024Enquête en cours
27/09/2024Conclusions préliminaires
03/11/2025Résultat de l’enquête
19/02/2026
The complainant asked the European Commission for public access to the risk assessment report of a large social media company on its compliance with the provisions of the Digital Services Act (DSA) - annual reporting is part of the obligations of 'very large online platforms' under the Act. The Commission refused access to the document, arguing that it could be generally presumed that disclosure could undermine the commercial interests of the company in question as well as an ongoing investigation into the company's compliance with the DSA. The Commission did not individually assess the report for possible disclosure.
Following an inspection of the report, the Ombudsman issued preliminary findings that it was unreasonable for the Commission to apply a general presumption of non-disclosure to a risk assessment report drawn up under the DSA. She noted that the circumstances in which the EU courts have recognised the possibility to use a general presumption are very different from the rules that apply to risk assessment reports.
The Commission maintained its view however, adding that the use of a general presumption had also been justified by the need to protect an independent audit on the platform’s compliance with its obligations under the DSA.
The Ombudsman was not convinced that this was enough to justify the application of a general presumption of non-disclosure. She noted that while the timeline for the platform's proactive publication of the risk assessment report is linked to the completion of the independent audit, this does not mean that requests for public access must be rejected before that date.
The Ombudsman concluded that the Commission’s application of a general presumption of non-disclosure to the risk assessment report constituted maladministration. She recommended that the Commission conduct an individual assessment of the document with a view to granting the widest access possible.
The Commission did not accept the Ombudsman’s recommendation. In addition to its previous arguments, it further asserted that it could not possibly assess whether the report contains commercially sensitive information and that the complainant was pursuing a private rather than a public interest in seeking access.
The Ombudsman regretted the Commission’s reply. She highlighted that being able to scrutinise the compliance of a very large online platform with its obligations under the DSA does constitute a public interest. She also noted that assessing commercially sensitive information is part of the EU institutions’ obligations under the EU legislation on public access to documents. As a result, she closed the case confirming her finding of maladministration.