Divergent paths to digital governance: DSA Implementation Through the Empowerment of a National Digital Services Coordinator in Bulgaria and Romania

The implementation of the Digital Services Act DSA in Bulgaria and Romania reveals how institutional and administrative capacity shape the EU’s ability to enforce uniform digital standards. The effectiveness of the Digital Services Act depends not only on transposition speed but on the depth of institutional empowerment. These regulatory divergences risk undermining the DSA’s effectiveness in creating a harmonized digital environment across the European Union (EU). This threatens regulatory cohesion in the EU as well as the equal level of protection of citizens’ rights, ultimately destabilizing the trust in EU digital governance. While the EU positions itself as one of the pioneers in digital regulation, the question remains whether these standards are actually applied efficiently, especially in South-East European countries. 

The appointment of Digital Services Coordinators (DSC) is a fundamental step towards a stable foundation for implementing the DSA. DSCs are key actors for monitoring and enforcing the Regulation’s obligations. As the European legislators explicitly state: “the Digital Services Coordinators and the Commission shall cooperate closely and provide each other with mutual assistance in order to apply this Regulation in a consistent and efficient manner” ¹. The concept of “empowerment” in this context encompasses both formal legal authority and practical institutional capacity, both essential for DSCs to fulfil their regulatory mandate. Within the Southeast EU context, Bulgaria and Romania’s largely similar implementation experiences differ from Croatia’s delayed but less criticized compliance process, revealing how heterogeneous, yet similar, the institutional adaptation capabilities within comparable regional conditions can be. In their attempts to meet the DSA requirements, Bulgaria and Romania demonstrate how the paths of delayed and unsatisfactory regulatory compliance look like in practice. These differences matter fundamentally for the implementation of the EU’s digital governance objectives because they create a fragmented regulatory landscape where citizens receive unequal protection based on their Member States’s institutional capacity rather than uniform EU standards.

Requirements for designating and empowering Digital Services Coordinators (DSC) under the DSA

The appointment of a Digital Services Coordinator (DSC) is a mandatory element of DSA implementation. The DSA requires each Member State to designate one or more competent authorities to supervise and enforce its provisions and, in particular, to designate and empower a DSC from among them ².

The DSC has overall responsibility for applying and enforcing the DSA (except where the state assigns specific tasks to another authority) ³. It helps the Commission to monitor and enforce obligations under the DSA, supervises providers established in its territory, ensures coordination on national level ⁴, and acts as the single contact point regarding all matters related to the application of the DSA in the respective Member State ⁵.

Specific operational duties and powers granted to DSCs include requesting access to data, conducting inspections, and imposing fines for infringements ⁶. DSCs also certify trusted flaggers ⁷ and out-of-court dispute settlement bodies ⁸. The ability to refer complaints to the DSC in the event of possible infringements of the DSA is an essential part of its functioning: it provides EU citizens with a tool to seek protection of the right under the DSA ⁹.

To be designated, an authority must act impartially, transparently, and in a timely manner ¹⁰; be free from direct or indirect external influence and not take instructions; and have the resources and budget autonomy needed to supervise providers, proportionate to their size, complexity, and social impact ¹¹. The Commission may initiate infringement proceedings against Member States that fail to designate and/or fully empower their DSCs.

The Bulgarian path: between non-compliance and urge for improvement

Bulgaria’s DSA implementation stands at a consolidating phase and can be completed and improved with sufficient commitment. Although the country has not yet empowered a Digital Services Coordinator or adopted penalty rules, the European Commission had chosen not to immediately refer Bulgaria to the Court of Justice of the EU, similarly to the cases of the Czech Republic, Spain, Cyprus, Portugal, and Poland ¹². The “Draft Bill Amending and Supplementing the Electronic Communications Act”, approved by Decision No. 829 of the Council of Ministers, was submitted to Parliament at the end of 2024, following a one-month government consultation period that ended on January 15, 2024. The European Commission sent a letter of formal notice to Bulgaria (INFR(2024)2241) ¹³ on December 16, 2024, for failing to empower a national Digital Services Coordinator, followed by a reasoned opinion on May 7, 2025. 

The fact that the European Commission has not yet taken legal action against Bulgaria after the expiry of the two-month deadline for response following the sent reasoned opinion can be interpreted as a sign from the Commission that, with the draft law ready and the Communications Regulation Commission (CRC) functioning, it is prepared to wait, if the Bulgarian Parliament approves the legislative changes quickly. The Council of Ministers of the Republic of Bulgaria has already designated the CRC as the DSC by Decision 405 ¹⁴, a designation that clarifies its supervisory role, although formal empowerment has not yet been completed ¹⁵. For Bulgaria, this is fundamentally a question of political will.

Still, at the time of writing, the new joint draft bill rather indicates the persisting lack of this political commitment ¹⁶. Introduced on June 25, 2025, it reflects the decisions taken following the public consultations ¹⁷, also contained in the Report on the proposals received during the public discussion of the draft law ¹⁸ – apart from not yet being approved by Parliament, the new bill shows little commitment to efficiently implement the legislation. Most of the proposals have been accepted and included, but there is a noticeable tendency not to accept proposals related to strengthening the transparency and independence of the institutional framework, since “additional declarative provisions will not contribute to increasing independence” – Another step towards continuing the cycle of weak administrative capacity.

The low administrative capacity is also demonstrated by the number of infringement cases against Bulgaria in general – the country ranks third in terms of the highest number of cases (85) as of November 13, 2025. However, a closer look at the different policy areas reveals another systemic problem – selective enforcement. Together with Poland, Bulgaria ranks first in terms of the number of infringement procedures in the area of Communications Networks, Content and Technology (5). The trend is for areas that receive large amounts of funding, such as Agriculture and Regional Policy, to fulfill the obligations at the expense of others that require greater institutional reforms (such as Justice) without immediate economic benefits. Such obligations are often seen as a secondary concern despite their critical importance for citizen protection, to which we can also include the appointment and empowerment of the DSC. The fact that the Bulgarian Parliament has not yet adopted the necessary amendments, highlights further the institutional bottlenecks that prevent proper coordinator empowerment.

Regulators have acknowledged this implementation blockage at a joint meeting: While the CRC and CEM (Council for Electronic Media) ¹⁹  expressed their readiness to fulfil their obligations under the DSA, both bodies pointed out that the delayed and missing adoption of the amendments in the Electronic Communications Act  (ECA) prevents them from doing so. 

External observers – through the Media Freedom Rapid Response mission conducted in September 2024 – framed the immediate priorities as empowering the DSC and establishing sanctioning rules, while also highlighting the broader context of regulatory independence concerns affecting Bulgarian media oversight institutions. If coupled with the formal empowerment of the CRC as DSC, the adoption of sanctioning provisions, and upgrades to funding, appointments, and integrity rules, Bulgaria can move from partial compliance to a complete enforcement framework. However, even if the legislative changes are formally adopted, it remains a matter of political commitment whether the provisions will be efficiently implemented.

The Romanian solution: almost on time, but with room for improvement

The designated DSC in Romania is the National Authority for Management and Regulation in Communications (ANCOM). Although Romania’s efforts were timelier than those of Bulgaria, with Romania having a law in force since March 19, 2024 ²⁰, implementation efforts face obstacles. On paper, the framework is strong: ANCOM’s independence is recognized in primary law ²¹, and it is financed from its own revenues, not the state budget. Romania’s case, however, demonstrates that legislation adoption alone can still be insufficient – the implementation challenge is less about legal basis and more about operational performance – functional independence and accountability remain underpowered.

The central challenge is the interinstitutional coordination ²². Institutions that should work alongside ANCOM lack effective communication channels, which weakens day-to-day enforcement and leaves gaps in handling digital risks. According to Expert Forum’s 2024 analysis, key institutions including the National Authority for the Supervision of Personal Data Processing (ANSPDCP), the National Cyber Security Directorate (NCDS), the National Audiovisual Council (CNA), and the Authority for the Digitalization of Romania (ADR) “simply do not cooperate, leaving a regulatory vacuum in addressing digital challenges” ²³. A second constraint is overregulation: experts argue that Law No. 50/2024 adds burdens on intermediaries beyond the DSA, creating compliance friction without clear enforcement benefits ²⁴. The extra requirements for intermediary service providers include mandatory notification of providers’ details to ANCOM within 45 days of service start, a possible annual supervisory fee to be set by ANCOM, mandatory reporting within 10 days of judicial orders, and enhanced sanctions (fines up to 6% of worldwide turnover) for non-compliance ²⁵. These national obligations can overlap with or diverge from EU-wide DSA rules, increasing the risk of conflicting requirements, duplicative processes, and enforcement uncertainty for platforms operating across multiple EU jurisdictions. Both issues are fixable through interagency protocols and aligning secondary rules closer with the DSA’s baseline.

In practice, despite the above-mentioned concerns, ANCOM has been working towards an advanced implementation: it has certified two trusted flaggers under Decision No. 336/2024 – Save the Children Romania (granted status on October 7, 2024, for content concerning minors) and the Elie Wiesel Institute for Holocaust Remembrance (for antisemitic content) ²⁶, accredited out-of-court dispute resolution bodies under Decision No. 337/2024, and opened consultations to CSOs and experts. Experts from NGOs are also demonstrating an active stance in their desire to offer specific criticism and recommendations regarding the measures for implementing the DSA ²⁷. With targeted coordination mechanisms and a measured revision of Law No. 50/2024, Romania can convert its solid legal foundations and ANCOM’s financial independence into a more effective and accountable enforcement regime.

The Bulgarian and Romanian cases reveal that successful DSA implementation depends on structural factors beyond formal legal transposition. While Romania’s timelier adoption of Law No. 50/2024 demonstrates stronger political commitment compared to Bulgaria’s prolonged legislative delays, both countries face similar challenges in translating legal frameworks into effective enforcement. The key divergence lies in institutional readiness: Romania benefits from ANCOM’s financial independence and established regulatory capacity, whereas Bulgaria’s CRC operates within a broader pattern of weak administrative capacity evidenced by the country’s high number of EU infringement cases. However, both cases highlight a common challenge of interinstitutional coordination – Romania’s fragmented authority landscape mirrors Bulgaria’s regulatory bottlenecks, suggesting that formal DSC empowerment alone cannot guarantee effective digital governance without broader institutional reform.

This comparison reveals that the EU’s capacity for harmonized digital governance faces significant implementation gaps at the national level. While the DSA provides a unified legal framework, its effectiveness depends critically on pre-existing institutional capacity and political will within member states. These findings suggest that successful EU digital governance requires not just harmonized rules but sustained investment in institutional capacity-building and coordination mechanisms across member states.

Call to action – from above and below

The differences in coordinator empowerment fundamentally hinder the EU’s digital governance objectives by creating regulatory fragmentation that compromises the DSA’s goal for establishing a harmonized digital space. When coordinators lack proper empowerment, citizens receive unequal protection of their digital rights. 

Based on the evaluation of their initial paths to implementing the DSA, Bulgaria and Romania share several significant structural and regulatory weaknesses that hinder the independence and effectiveness of their designated DSCs. Yet, despite the unsatisfactory actions on the part of both states, there are enough impulses to suggest an improvement of the situation – alongside the pressure from the European Commission, in both countries stakeholders and NGOs are urging the state to act. Besides, to address these empowerment deficits, the European Commission should consider providing enhanced technical support and establishing better evaluation mechanisms for weaker coordinators. Such measures could be essential to prevent the continued undermining of DSA implementation effectiveness.

However, these impulses also come directly from citizens – unlike in other Member States with full regulatory compliance, in both Bulgaria and Romania, there is a common trend: complaints have been made to the national CRC for breaches of the DSA. With the CRC – against Temu, and with ANCOM – against Facebook ²⁸. These strong signals demonstrate that civil society in Bulgaria and Romania has already embraced the DSA and is seeking to protect the rights arising from it. The two Member States need to catch up, not just to comply with formal requirements coming “from above”, but to ensure the seeked proper functioning and implementation of the DSA.

In order to create a more complete picture of the region, it would be very important to conduct a future study on the implementation of the DSA-derived standards and norms by the DSCs (or bodies performing similar functions) in the EU candidate countries in the region, such as North Macedonia, Albania, etc. Such research could include not only the fulfillment of their obligations after their eventual accession to the EU, but also an analysis of the current pre-accession situation – are there any legislative initiatives or practices that put these countries ahead in creating an online space in the spirit of the DSA, even if they do not formally meet the requirements of the Regulation itself?

1. Digital Services Act, art. 57
2. Digital Services Act, art. 49 (1), (2)
3. Digital Services Act, art. 56 (1)
4. Digital Services Act, art. 49 (2)
5. Digital Services Act, Recital (116) states that the DSC “should act as the single contact point with regard to all matters related to the application of this Regulation for the Commission, the Board, the Digital Services Coordinators of other Member States, as well as for other competent authorities of the Member State in question”
6. Digital Services Act, art. 51 (1), art. 51 (2)
7. Special entities under the DSA, that possess particular expertise and competence for the purposes of detecting, identifying, and notifying illegal content, Digital Services Act, art. 22, (2)(a)
8. Digital Services Act, art. 21(3)
9. Digital Services Act, art. 53
10. Digital Services Act, art. 50
11. Digital Services Act, art. 50 (1)
12. All five countries have now been referred to the CJEU. For more information see the 2025 May infringements package: key decisions
13. See (INFR(2024)2241)
14. See Decision 405 of 13 June 2024 by the Council of Ministers of Republic of Bulgaria
15. See Decision 405 of 13 June 2024 by the Council of Ministers of Republic of Bulgaria
16. National Assembly of Republic of Bulgaria. (2024). Draft bill №51-553-19-14 https://www.parliament.bg/bg/bills/ID/166496
17. See Закон за изменение и допълнение на Закона за електронните съобщения в Министерски съвет. Портал за обществени консултации https://www.strategy.bg/PublicConsultations/View.aspx?lang=bg-BG&Id=8035
18. See Справка за постъпилите предложения при общественото обсъждане на проект на Закон за изменение и допълнение на Закона за електронните съобщения  проведено в периода 15.12.2023 г. – 15.01.2024 г. по реда на чл. 26, ал. 3 от Закона за нормативните актове
19. Press release from 12 December 2024: https://www.cem.bg/displaynewsbg/1012
20. Law No.50 din 18 martie 2024
21. GEO 22/2009 art.1 and Law No. 50/2024
22. Between institutions such as the National Authority for the Supervision of Personal Data Processing (ANSPDCP), the National Cyber Security Directorate (NCDS), the National Audiovisual Council (CNA), and the Authority for the Digitalization of Romania (ADR)
23. 2024: Romania’s Struggle with Systemic Risks in Digital Services Act Implementation. (2024, December 15). Expert Forum. https://expertforum.ro/en/2024-romanias-struggle-with-systemic-risks-in-digital-services-act-implementation/
24. Centre for Media Pluralism and Media Freedom. (2025, June 27). Romania – Centre for Media Pluralism and Media Freedom. https://cmpf.eui.eu/country/romania/
25. Nastescu, R. (2024, April 23). Law 50/2024 on the implementation of the Digital Services Act has entered into force. Leroy Law. https://www.leroylaw.ro/en/news/law-50-2024-on-the-implementation-of-the-digital-services-act-has-entered-into-force
26. ANCOM. (2024). Decision No. 336/2024 on the procedure for granting trusted flagger status https://www.ancom.ro/formdata-1130-48-2296
27. 2024: Romania’s Struggle with Systemic Risks in Digital Services Act Implementation. (2024, December 15). Expert Forum. https://expertforum.ro/en/2024-romanias-struggle-with-systemic-risks-in-digital-services-act-implementation/
28. See The Digital Services Coordinators Database