Amazon, systemic risk, and the Digital Services Act: What the General Court did and did not decide

 

 

Catalin Gabriel Stanescu, Associate Professor of Private Law at the University of Southern Denmark. His research focuses on consumer law, digital regulation, financial vulnerability, and the political economy of private law.

 

Photo credit: David Dixon, via Wikimedia Commons

 

The DSA Observatory recently published a thoughtful post on the General Court’s judgment in Amazon v Commission, which rejected Amazon’s argument that it should not have been listed as a ‘very large online platform’ (VLOP) under the Digital Services Act (DSA), and, in doing so, critiqued a working paper of mine on ‘systemic risk’ under the Digital Services Act. For me, it was a valuable engagement. The judgment does influence how arguments about systemic risk under the DSA can be framed. However, it does not support the broader claim that a financial-law analogy about the definition of ‘systemic risk’ has been displaced. When read carefully, Amazon takes a narrower approach: it rejects one specific application of the financial analogy, while preserving a more structural comparison between financial supervision and the DSA’s systemic-risk regime.

My paper’s central claim was not that the DSA should be read as banking law in another guise. Nor was it that systemic risk under the DSA must be defined by interbank contagion or by the existence of a closed system of interconnected undertakings. What I proposed was that the DSA relocates into digital governance a supervisory rationality already familiar from EU financial law: a mode of regulation built around ex ante risk assessment, differentiated obligations for systemically significant actors, and a recalibrated proportionality analysis where institutions are acting under conditions of complexity, uncertainty, and potentially large-scale harm. That remains, in my view, the right level at which to compare the two regimes.    

The General Court’s judgment, however, establishes an important limitation. Amazon contended that marketplaces could not generate “systemic” risks because, unlike financial institutions, they do not form part of an interconnected system. In paragraph 69, the Court summarized Amazon’s submission that marketplaces are not interdependent, do not constitute a system, and therefore cannot give rise to systemic risks in the manner of financial institutions. The Court rejected this argument in paragraph 70. It held that the DSA is not concerned with systemic risks posed by marketplaces due to their participation in a “system” in that sense. Instead, the DSA aims to mitigate systemic risks to society as a whole, insofar as those risks may affect a significant portion of the European Union’s population. Consequently, the Court found that the independence of marketplaces from one another does not prevent them from generating some of the risks identified in Article 34(1) DSA (ie the risks which VLOPs are obliged to assess).

This is a significant point. Under the DSA, interconnectedness in the financial-law sense is not a necessary criterion for defining systemic risk. Instead, the Court places decisive emphasis on reach, scale, and disproportionate societal impact. This approach is evident not only from paragraph 70, but also from the Court’s reliance on recitals 75 and 76 DSA, which highlight the reach of very large online platforms, their role in facilitating public debate and economic transactions, and the potential for disproportionate impact once they reach a significant share of the Union’s population. The same reasoning appears later when the Court notes that marketplaces above the Article 33 DSA threshold for designating VLOPs may pose risks to society that differ in scale and impact from those posed by smaller platforms. On this point, the Observatory’s interpretation is correct: Amazon shifts the analysis away from a narrow contagion model.

What does not follow, however, is the stronger conclusion that the judgment rejects the relevance of financial systemic-risk thinking altogether. The Observatory interprets Amazon as attributing a more autonomous meaning to systemic risks under the DSA and as introducing a break with the reliance on financial systemic-risk regulation as a reference point. I believe this interpretation overstates the case. The Court rejected Amazon’s specific application of the analogy, but did not assert that the DSA lacks structural affinity with systemic-risk governance as developed in other areas of EU law.

This distinction is important because the DSA’s regime retains a recognizably systemic-risk structure.

First, the regime is actor-specific. In the present context, Articles 34 to 43 DSA apply only to platforms designated as VLOPs, while more broadly it also includes very large online search engines (VLOSEs). The Court accepts this differentiation as resting on the legislative judgement that platforms of such scale may generate risks with a disproportionate impact in the Union. In paragraphs 52 and 53, the Court summarizes the obligations imposed on VLOPs: risk assessment, potential adaptation of service design, independent audit, profiling-free recommender options, advertising repositories, data access for researchers, internal compliance functions, transparency reports, and supervisory fees. In paragraphs 63 to 65 and 77, the Court accepts the legislative premise that VLOPs may cause societal risks that differ in scope and impact from those caused by smaller platforms, and that marketplaces above the threshold may give rise to the risks listed in Article 34(1). This is not merely a semantic distinction regarding the meaning of what qualifies as “systemic.” It is a sorting mechanism that imposes heightened obligations on actors deemed systemically significant due to their scale. This feature is central to the financial-law genealogy discussed in my paper.

Second, the regime is preventive. The obligations upheld in Amazon are not limited to sanctioning completed infringements, but are intended to identify, assess, and mitigate risks before harm occurs. The Court’s summary of Articles 34 to 43 confirms this preventive orientation. This is why the financial-law comparison remains relevant at the level of supervisory logic. In both contexts, the law acts proactively rather than waiting for collapse or completed harm before intervening. My paper identified this preventive approach as a central element of systemic-risk governance in EU law, both in finance and under the DSA. Nothing in Amazon contradicts this analysis.

Third, and most importantly, Amazon strongly supports the argument that systemic-risk governance is accompanied by a relatively flexible form of proportionality review. The Court explicitly recognizes that Article 33(1), by subjecting VLOPs to Articles 34 to 43, interferes with the freedom to conduct a business under Article 16 of the Charter, as these obligations may entail significant costs, substantial organizational effects, and complex technical solutions. Nevertheless, the Court upholds this interference because the legislature possesses broad discretion when making political, economic, and social choices and undertaking complex assessments. In this context, only measures that are “manifestly inappropriate” can be deemed unlawful. The Court further emphasizes that the freedom to conduct a business is not absolute and must be balanced with the objective of ensuring a high level of consumer protection under Article 38 of the Charter. It concludes that the legislature did not commit a manifest error in treating marketplaces above the threshold as capable of generating the risks identified in Article 34(1), and that Article 33(1) DSA was not shown to be manifestly inappropriate for achieving the Regulation’s objectives.

This aspect of the judgment is at least as significant as paragraph 70. Even if one accepts that DSA systemic risk is not linked to interconnectedness in the financial sense, the Court’s reasoning still supports a model of anticipatory, differentiated, and intrusive supervision, constitutionally sustained through broad institutional discretion and limited judicial review. This is precisely the dimension of systemic-risk governance that my paper sought to highlight. EU financial-law jurisprudence exhibits the same pattern: preventive intervention, differentiated obligations for systemically significant actors, and a proportionality review tailored to technical complexity and predictive judgment. At this level, the comparison is not only valid but also illuminating.

The core disagreement with the Observatory is not whether Amazon alters the analytical landscape –it does – but rather concerns the appropriate level of abstraction for comparison. If the argument were that DSA systemic risk merely replicates bank-contagion logic, the judgment would be difficult to defend. However, that was not my position. My argument is that the DSA adopts a macroprudential style of governance: it identifies a subset of actors whose scale enables them to cause significant harm, subjects them to enhanced due diligence and supervision, and justifies these obligations through a preventive public-interest rationale. Amazon does not undermine this claim, it only refines it.

One further point should be noted. The judgment did not resolve all interpretive questions regarding Article 34 DSA. Specifically, it did not explicitly determine whether the list of risks to be assessed, set out in Article 34(1), is exhaustive. While the Observatory may reasonably infer from certain passages that this is the case, such an inference does not constitute a definitive holding. The repeated references to the risks “referred to in Article 34(1)(a) to (d)” are consistent with the narrower view that these were the risks relevant to the case at hand. On this issue, a cautious approach remains advisable.

In my view, the most accurate reading of Amazon is as follows. The judgment narrows the conceptual overlap between financial and digital systemic risk by rejecting interconnectedness as a necessary definitional criterion under the DSA. However, it reinforces the structural overlap at the level of governance. Under the DSA, systemic risk continues to justify a regime that is differentiated, preventive, supervisory, and constitutionally sustained through a broad margin of institutional discretion. Therefore, the financial analogy I proposed remains useful, provided it is applied at the appropriate level of abstraction. The DSA is not banking law for platforms, but it is law crafted in a distinctly macroprudential register.