{"id":9731,"date":"2026-06-30T08:00:00","date_gmt":"2026-06-30T06:00:00","guid":{"rendered":"https:\/\/eulawenforcement.com\/?p=9731"},"modified":"2026-06-23T22:43:36","modified_gmt":"2026-06-23T20:43:36","slug":"designing-enforcement-for-the-digital-fairness-act-lessons-from-the-eus-digital-rulebook","status":"publish","type":"post","link":"https:\/\/eulawenforcement.com\/?p=9731","title":{"rendered":"Designing Enforcement for the Digital Fairness Act: Lessons from the EU’s Digital Rulebook"},"content":{"rendered":"\n

This blog post is based on the article “Enforcement Design in EU Digital Regulation: Lessons for the Digital Fairness Act”, published in the <\/em>European Journal of Risk Regulation<\/em><\/a> (2026).<\/em><\/p>\n

The European Union already possesses an extensive body of rules governing digital markets. Consumer protection law, data protection law, platform regulation, competition-inspired digital regulation, and emerging AI governance frameworks all seek to address unfair practices in the digital economy. Yet the persistence of dark patterns, manipulative interfaces, opaque personalisation systems, and exploitative design techniques raises an important question: if the rules already exist, why do enforcement gaps remain?<\/p>\n

 <\/p>\n\n\n\n\n\n\n\n

As the European Commission prepares its proposal for the Digital Fairness Act<\/a> (DFA), much attention has focused on the substantive obligations it may introduce. This is understandable. Debates around dark patterns, addictive design, personalised pricing, and behavioural manipulation are likely to shape the political discussion surrounding the proposal.<\/p>\n

However, experience from the EU’s digital rulebook suggests that the effectiveness of the DFA will depend as much on its enforcement architecture as on the content of its substantive provisions.<\/p>\n

The challenge facing the DFA is therefore not simply regulatory. It is institutional. The central question is not only what fairness requires in digital markets, but also who should enforce those requirements, how enforcement should be organised, and what knowledge and tools regulators need in order to act effectively.<\/p>\n

This question is particularly important because the EU is entering a new phase of digital regulation. Over the past decade, policymakers have concentrated on defining obligations for digital actors. The next challenge is ensuring that those obligations can be enforced consistently, efficiently, and at a scale matching the realities of digital markets.<\/p>\n

Why Enforcement Design Matters<\/h2>\n

Enforcement architecture is often treated as a technical or administrative issue. In reality, it increasingly shapes substantive regulatory outcomes.<\/p>\n

A prohibition on manipulative design is only meaningful if authorities can detect violations, obtain relevant evidence, and intervene before harmful practices change or disappear. Rules governing algorithmic systems are only effective if regulators possess the expertise necessary to understand how those systems operate. Similarly, rights granted to consumers have limited practical value if enforcement procedures take years to produce results.<\/p>\n

The experience of the EU’s digital acquis demonstrates that enforcement design is becoming a regulatory choice in its own right. Decisions about institutional structures, procedural mechanisms, and access to information increasingly influence the effectiveness of substantive law due to, among others, the growing complexity of institutional and procedural matters relating to the enforcement of various legal acts.<\/p>\n

The Commission’s Fitness Check of EU Consumer Law on Digital Fairness<\/a> provides a useful starting point for understanding these challenges.<\/p>\n

The Triple Fragmentation of Digital Enforcement<\/h2>\n

The Fitness Check identified a range of weaknesses in the enforcement of consumer protection rules in digital markets. These weaknesses can be understood as reflecting three broader forms of fragmentation: procedural, institutional, and epistemic. As mentioned above, challenges concerning procedural and institutional fragmentation result from the high level of complexity of the relevant regulatory framework. Epistemic challenges are particularly important in digital markets due to the asymmetry of information between private companies and public institutions.<\/p>\n

Procedural Fragmentation<\/h3>\n

Digital markets evolve faster than enforcement procedures.<\/p>\n

Cross-border investigations often require extensive coordination among national authorities, creating delays that can undermine effective intervention. By the time proceedings conclude, platforms may already have modified their interfaces, algorithms, or business models.<\/p>\n

Traditional enforcement tools\u2014consumer complaints, manual investigations, and periodic market sweeps\u2014struggle to keep pace with practices operating continuously and at scale.<\/p>\n

The result is a growing mismatch between the speed of digital markets and the speed of enforcement.<\/p>\n

Institutional Fragmentation<\/h3>\n

Enforcement capacity differs significantly across Member States.<\/p>\n

Some authorities have invested heavily in technical expertise, behavioural analysis, and data-science capabilities. Others continue to rely primarily on legal expertise and limited resources. These asymmetries create uneven enforcement outcomes and may encourage regulatory arbitrage.<\/p>\n

The problem is not merely one of resources. It reflects a broader tension within the EU’s multi-level governance system. While substantive rules are increasingly harmonised, enforcement capacities remain unevenly distributed.<\/p>\n

Epistemic Fragmentation<\/h3>\n

Perhaps the most difficult challenge concerns knowledge.<\/p>\n

Digital enforcement increasingly involves systems that regulators cannot easily observe, understand, or evaluate. Algorithmic personalisation, recommender systems, dynamic choice architectures, and behavioural design practices often operate as black boxes.<\/p>\n

A regulator may be able to observe an interface, but not necessarily understand why a particular consumer sees a specific version of it, how recommendations are generated, or how personal data influence decision-making processes.<\/p>\n

Authorities therefore face significant difficulties in identifying harmful practices, establishing causation, and gathering sufficient evidence.<\/p>\n

In this sense, digital enforcement has become a problem of knowledge production. The challenge is no longer only to regulate technology, but also to understand it.<\/p>\n

What Can the EU’s Digital Rulebook Teach Us?<\/h2>\n

The EU does not need to design the DFA’s enforcement architecture from scratch. Valuable lessons can be drawn from recent instruments including the General Data Protection Regulation<\/a> (GDPR), the Digital Markets Act<\/a> (DMA), the Digital Services Act<\/a> (DSA), the AI Act<\/a>, and the Data Act<\/a>.<\/p>\n

These instruments have adopted different approaches to recurring enforcement challenges.<\/p>\n

The GDPR: Decentralised Enforcement and Its Limits<\/h3>\n

The GDPR relies primarily on national Data Protection Authorities coordinated through cooperation and consistency mechanisms.<\/p>\n

This model preserves proximity to individuals and national administrations. At the same time, experience has revealed significant difficulties in cross-border cases. Lengthy procedures, coordination challenges, and uneven enforcement capacities have generated persistent concerns regarding effectiveness and consistency. Indeed, these difficulties have become sufficiently significant to prompt proposals for procedural reform at EU level.<\/p>\n

The lesson is not that decentralisation is inherently flawed. Rather, decentralisation requires robust coordination mechanisms and procedural safeguards if it is to deliver consistent outcomes across the Union.<\/p>\n

The DMA: Selective Centralisation<\/h3>\n

The DMA adopts a different approach.<\/p>\n

Recognising the systemic role of a relatively small number of gatekeepers, it centralises enforcement within the European Commission. Concentrating expertise and decision-making authority aims to ensure consistency while reducing coordination costs. Such a strategy could be viewed as a regulatory response to address potential difficulties similar to the ones encountered when enforcing the GDPR against the largest tech companies.<\/p>\n

The DMA demonstrates that centralisation may be justified where market actors operate across the entire Union and generate risks that transcend national boundaries.<\/p>\n

The DSA combines elements of both approaches.<\/p>\n

National authorities supervise most intermediary services, while the Commission exercises direct oversight over Very Large Online Platforms and Very Large Online Search Engines.<\/p>\n

This hybrid model reflects an important insight: enforcement responsibilities do not necessarily need to be allocated exclusively at either the national or EU level. They can instead be differentiated according to the scale, reach, and systemic significance of regulated actors.<\/p>\n

Five Lessons for the Digital Fairness Act<\/h2>\n

What can the DFA learn from these experiences?<\/p>\n

1. Use Selective Centralisation for Systemic Actors<\/h3>\n

Not all digital-market actors create the same enforcement challenges.<\/p>\n

Where platforms operate across multiple Member States and affect millions of consumers, centralised enforcement may provide greater consistency, efficiency, and expertise. Less complex cases can remain at national level.<\/p>\n

The objective should not be complete centralisation, but an allocation of responsibilities that reflects the scale of the risks involved.<\/p>\n

2. Strengthen EU-Level Coordination<\/h3>\n

The DFA should avoid creating new institutional structures where existing ones can perform coordination functions effectively.<\/p>\n

Existing bodies and networks already operating within the EU’s digital governance ecosystem can facilitate information sharing, joint investigations, and consistent interpretation across Member States. Strengthening institutional coherence, understood as the alignment of the competences of institutions responsible for the enforcement of various legal acts concerning digital markets and supporting their cooperation and coordination of their actions, may prove more effective than creating additional layers of governance.<\/p>\n

3. Embed Fairness by Design<\/h3>\n

Digital fairness should not depend exclusively on ex post enforcement.<\/p>\n

Drawing inspiration from accountability mechanisms found in the GDPR, AI Act, and DSA, the DFA should require businesses to demonstrate how their interfaces, recommendation systems, and personalisation practices comply with fairness requirements.<\/p>\n

Such obligations would help reduce informational asymmetries while shifting part of the evidentiary burden from regulators to firms. More importantly, they would encourage compliance to be incorporated into product design rather than addressed only after harm occurs.<\/p>\n

4. Introduce Procedural Deadlines<\/h3>\n

One of the clearest lessons from recent enforcement experience is that procedural uncertainty undermines effectiveness.<\/p>\n

The DFA should establish indicative deadlines for investigations, coordination procedures, and decision-making stages. Predictable timelines would improve both legal certainty and enforcement efficiency while reducing the risk of procedural drift in complex cross-border cases.<\/p>\n

5. Invest in Shared Enforcement Technology<\/h3>\n

Effective digital enforcement increasingly depends on technological capacity.<\/p>\n

Authorities need access to automated monitoring systems, web-crawling tools, algorithmic inspection methods, behavioural-analysis capabilities, and shared analytical infrastructures capable of detecting harmful practices at scale.<\/p>\n

Without investment in enforcement technology, substantive legal obligations may remain difficult to operationalise in practice.<\/p>\n

Beyond Consumer Protection<\/h2>\n

The significance of the DFA extends beyond consumer law.<\/p>\n

Digital fairness sits at the intersection of data protection, platform governance, competition regulation, and fundamental rights. Its enforcement framework will therefore influence how these different regimes interact in practice.<\/p>\n

The DFA offers an opportunity not only to address specific unfair practices but also to strengthen the coherence of the EU’s wider digital governance architecture. Effective coordination and cooperation between regulatory regimes \u2013 both with regard to the competences of the relevant enforcement bodies and institutions and the relevant procedures \u2013will become increasingly important as digital markets continue to blur traditional legal boundaries.<\/p>\n

Looking Ahead<\/h2>\n

The Digital Fairness Act will provide an important test of whether the European Union has learned from the first generation of digital regulation.<\/p>\n

The EU has demonstrated an extraordinary capacity to legislate for the digital economy. The next challenge is institutional: building enforcement systems capable of supervising increasingly complex digital environments and translating legal rules into practical outcomes.<\/p>\n

The experience of the GDPR, DMA, DSA, AI Act, and Data Act suggests that effective digital governance depends on more than substantive obligations. It requires institutional and \u00a0, as well as epistemic adequacy.<\/p>\n

Digital fairness is therefore not simply a question of better rules.<\/p>\n

It is a question of designing institutions capable of making those rules work.<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"

This blog post is based on the article “Enforcement Design in EU Digital Regulation: Lessons for the Digital Fairness Act”, published in the European Journal of Risk Regulation (2026). The European Union already possesses an extensive body of rules governing digital markets. Consumer protection law, data protection law, platform regulation, competition-inspired digital regulation, and emerging … Continue reading “Designing Enforcement for the Digital Fairness Act: Lessons from the EU’s Digital Rulebook”<\/span><\/a><\/p>\n","protected":false},"author":318,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9731","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=\/wp\/v2\/posts\/9731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=\/wp\/v2\/users\/318"}],"replies":[{"embeddable":true,"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9731"}],"version-history":[{"count":3,"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=\/wp\/v2\/posts\/9731\/revisions"}],"predecessor-version":[{"id":9738,"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=\/wp\/v2\/posts\/9731\/revisions\/9738"}],"wp:attachment":[{"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eulawenforcement.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}