EU Commission requests information from major tech platforms on tackling financial scams

The question

How is the European Commission (the Commission) using the EU Digital Services Act (the DSA) to ensure that major tech platforms are recognising and addressing the risks to consumers posed by financial scams online?

The key takeaway

Given the broad scope of the Commission’s request, online tech platforms should be mindful of potential fraudulent activities that may take place on their platforms and ensure that sufficient protections are in place to mitigate risks and protect their users.

The background

On 23 September 2025, the Commission announced that it had issued a formal request for information (the Request) under the DSA from Google Play, Apple App Store, Booking.com, Google Search and Bing in relation to how they manage the risk of financial scams online.

Through the Request, the Commission is seeking insight into how Google Play and Apple App Store identify fraudulent content on their platforms and how the platforms mitigate these risks. Google Search and Bing have been asked to share information in relation to how they detect weblinks and ads that direct their users to fraudulent webpages which attempt to scam users. The Commission is also seeking information around how Booking.com deals with fake accommodation listings on their platform where users are tricked into paying for non-existent accommodation.

The development

The Request was made under the DSA which imposes additional requirements on a subsection of companies who operate very large online platforms (VLOPs) or very large online search engines (VLOSEs). A company will be classified as a VLOP or VLOSE if it has more than 45 million users per month in the EU. These companies must assess and mitigate systemic risks to consumers, such as online fraud, to comply with their obligations under the DSA.

See our Winter 2024 Snapshots edition for our previous discussion of the obligations that VLOPs and VLOSEs have to comply with under the DSA.

Under the Request, platforms have also been asked to provide information around their advertising repositories, which store the data relating to ads. This will allow researchers and regulators to spot patterns of fraudulent activity and investigate areas of concern.

The Request indicates that the Commission is turning its focus to how digital platforms are being used for fraudulent/illegal activities such as financial scams which target vulnerable consumers. The Executive Vice-president of Technology Sovereignty, Security and Democracy of the European Commission has also noted that this will be a priority of the Commission in coming months.

Why is this important?

There is a possibility that the Commission could launch formal investigations off the back of the Request. Companies that fail to comply with their obligations under the DSA can face significant fines of up to 6% of their annual global turnover.

The Commission continues to place responsibility on platforms with the greatest reach and potential impact on users to recognise and mitigate systemic risks, such as financial scams. It is clear that this is a key area that companies should have on their radar and ensure they take steps to mitigate risks.

Any practical tips?

VLOPs and VLOSEs should:

• ensure they are compliant with Articles 34 and 35 of the DSA by putting in place reasonable, proportionate and effective mitigation measures to address the risks outlined above
• consider turning their attention towards the development and/or the implementation of advanced AI-driven detection technologies which can be used to identify high-risk or fraudulent content
• seek to maintain comprehensive records of all risk assessment and mitigations that they implement.

Autumn 2025