DSA Compliance
How Crowdee supports Digital Services Act obligations under Articles 17, 34, and 35.
The Digital Services Act (EU 2022/2065) imposes transparency, risk management, and accountability obligations on digital service providers operating within the European Union. Crowdee's verification platform provides the tooling infrastructure to help platform operators meet key DSA obligations — particularly for Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs), which face the most stringent requirements under Chapter III of the Regulation.
Crowdee is a tooling provider and data processor. Platform operators are the data controllers and remain solely responsible for their own DSA compliance obligations. This documentation describes how Crowdee's features map to DSA requirements and is provided for informational purposes only. It does not constitute legal advice. Consult qualified legal counsel before relying on Crowdee functionality to meet specific DSA obligations.
Article 17 — Transparency of Content Moderation
Article 17 of the DSA requires online platforms to provide clear, specific, and reasoned statements of reasons whenever they restrict content, accounts, or services — and to maintain records that allow those decisions to be audited and appealed.
Crowdee's audit trail provides the documentary backbone for Article 17 compliance. For every verification run, the system records:
- The decision timestamp and the identity of the pipeline that produced the decision
- The AI findings from each stage, including the specific observations that drove the stage verdict
- The assessments made by individual crowd workers, recorded with timestamps and structured against the task questionnaire
- The final verdict, confidence score, and the synthesised explanation that summarises the basis for the decision
These records can be surfaced directly to content creators via Article 17 statement-of-reasons notifications, or used internally to support appeals handling. The structured JSON format of the audit record is designed to be machine-readable, making it straightforward to feed Crowdee verdicts into automated notification workflows.
The verification run detail endpoint provides full access to this record:
GET https://api.crowdee.ai/v2/projects/{projectId}/verification-runs/{runId}
X-API-Key: crw_YOUR_API_KEYArticle 34 — Systemic Risk Assessment
Article 34 requires VLOPs to identify and analyse systemic risks arising from their services at least annually. These assessments must be documented and made available to the Digital Services Coordinator and the European Commission on request.
Crowdee pipeline results can serve as documented evidence of systematic content verification practices. When you run verification pipelines at scale across your content inventory, the aggregated results — broken down by pipeline, verdict, confidence band, and content category — constitute a structured record of your platform's content risk profile. This data can be used to substantiate the risk assessment and demonstrate that systematic controls are in place.
Compliance reports generated via the Platform under Reports → Compliance export risk assessment data grouped by content category and pipeline, in both PDF and JSON formats. These exports are timestamped and include aggregate statistics suitable for use as annexes to a formal Article 34 risk assessment document.
Article 35 — Mitigation Measures
Article 35 requires VLOPs to put in place reasonable, proportionate mitigation measures in response to the systemic risks identified under Article 34. Those measures must be documented, and the documentation must demonstrate that the measures are proportionate to the nature and severity of the identified risk.
Crowdee's human-in-the-loop crowd review provides defensible evidence that human oversight was applied before content decisions were made. For high-risk content categories, the expert-tier crowd stages — staffed by workers holding the fact_checker or identity_verification tag — produce records specifically designed to support proportionality arguments. An expert crowd stage requires two specialist workers to independently review and agree before a verdict is issued, producing a record of individual expert assessments alongside the synthesised conclusion.
The combination of AI analysis and human expert review, each with independent audit records and confidence scores, creates a documented mitigation chain that is well-suited to Article 35 documentation requirements.
Generating a DSA Compliance Export
DSA compliance exports are available from the Platform interface. Navigate to Reports → Compliance → Export DSA Report. Select the date range and project scope, then choose the output format (PDF, JSON, or both).
Exports are timestamped at generation time and include a content hash that allows the integrity of the export to be verified. Keep archives of your compliance exports for the minimum retention period required by your DSA obligations. Article 17 records must typically be retained for at least six months from the date of the restriction decision. Article 34 risk assessments should be retained for the duration of the annual cycle plus one year. Consult your legal counsel for the specific retention requirements applicable to your platform.
The JSON export format follows a structured schema that is designed to be ingested by compliance management platforms and document management systems. Contact hello@crowdee.ai if you need a schema specification document for integration purposes.
How is this guide?
Compliance Overview
Regulatory frameworks that Crowdee is designed to support.
EU AI Act
AI system documentation, human oversight mechanisms, and transparency obligations.