The Netherlands Authority for Consumers and Markets (ACM) published its 2025 DSA Annual Report on June 23, 2026 — the first full-year accounting of its work as Digital Services Coordinator under the EU's Digital Services Act. The report documents three enforcement priorities: protecting minors online, tackling illegal content practices, and maintaining platform integrity around the October 2025 Dutch parliamentary elections. But the document's most consequential signal is what it does not show: a single independent ACM-initiated probe against a Big Tech gatekeeper under the Digital Markets Act.
That absence is not an oversight. It is a strategy.
The Snapchat Case as Template
ACM's first notable DSA enforcement action illustrates how the collaborative model works in practice. In late August 2025, the Youth Smoking Prevention Foundation — a Dutch non-profit — filed a formal complaint alleging that Snapchat was facilitating the illegal online sale of vaping products to minors. The problem was concrete: under the Netherlands' Tobacco and Smoking Products Act, vaping products cannot be legally sold online at all, and Snapchat's marketplace features were allegedly providing the channel.
ACM opened a formal investigation in September 2025. Within months, the case outgrew the national frame. Snapchat is designated a Very Large Online Platform under the DSA, meaning systemic risks on the platform fall under the European Commission's primary jurisdiction. The Commission, finding that ACM's identified concerns were systemic rather than locally bounded, formally launched its own investigation in March 2026. The two bodies signed a Memorandum of Understanding: ACM staff were embedded in the Commission-led investigation team.
The case followed the DSA's intended architecture almost precisely. A national Digital Services Coordinator surfaced a domestically filed complaint, investigated long enough to establish the systemic nature of the risk, then escalated to Brussels. Critics can argue that ACM surrendered authority over a complaint filed by Dutch citizens with a Dutch regulator. The stronger reading is that ACM deployed its resources at the appropriate jurisdictional layer, avoiding the duplication that would arise from parallel national and EU proceedings against the same VLOP.
What remains outstanding is resolution. The investigation's completion date is still unknown. If it delivers binding orders on a reasonable timeline, the collaborative model earns its vindication. If the Snapchat case drags through 2027 without remedy, the case for retaining more national enforcement discretion will be substantially stronger.
Election Integrity: The Limits of Soft Oversight
Before the October 29, 2025 Dutch parliamentary elections, ACM adopted a lighter but still consequential posture. In July 2025, the regulator sent letters to 12 major online platforms — including Facebook, Snap, TikTok, and X — reminding them of DSA obligations around illegal hate speech, foreign interference, and election-related disinformation. Platforms were required to complete questionnaires documenting their specific election-integrity measures, and ACM convened a roundtable on September 15 with the 12 platforms, European Commission officials, academics, and civil society organisations.
The fairest critique of this approach is that compliance letters and roundtables are not enforcement. Research by the Dutch Hybrid Election Integrity Observatory found substantial digital interference during the October elections regardless: AI-generated political content achieved approximately 23 times higher median engagement on Facebook than non-AI posts, foreign accounts from West Africa and Vietnam engaged at scale, and platforms were slow to enforce their own policies without external pressure.
The election remained "fundamentally free and fair" — HEIO's own assessment — but it "took place under unprecedented digital pressure." Whether ACM's pre-election engagement contributed to that outcome, or whether Dutch democracy was resilient despite rather than because of platform oversight, is difficult to attribute causally. The structural answer is that systemic risk monitoring for VLOPs — which the DSA assigns to the Commission, not to national DSCs — is the correct mechanism for sustained election-integrity pressure. ACM was operating within its actual mandate; the limits of that mandate are a question for the DSA's architecture, not only for ACM.
The DMA Question: Integration as a Choice
The most strategically significant element of ACM's first-year posture is its deliberate decision not to launch any independent investigations under the Digital Markets Act. ACM gained formal DMA investigation powers in March 2025. It has not exercised them unilaterally.
Instead, ACM has embedded staff in the Commission's DMA Joint Investigative Teams. The specific engagement includes a joint market investigation into cloud services compliance, examining whether major platforms are meeting DMA obligations on switching barriers, interoperability, and business user data access — areas directly relevant to the cloud market positions of Microsoft and Amazon.
ACM has stated publicly that participation in JITs represents the best use of its limited enforcement capacity, given that the Commission holds exclusive DMA enforcement authority over designated gatekeepers. The logic is internally coherent: a solo ACM investigation against a dominant gatekeeper would be jurisdictionally subordinate to whatever the Commission eventually decides, would duplicate evidentiary effort, and would consume staff who generate more enforcement leverage working inside the primary proceeding than running parallel to it.
The accountability concern is nevertheless real. National DMA enforcement is not purely redundant. National authorities bring local market knowledge, receive complaints from domestic businesses, and create democratic accountability to a national parliament. Dutch companies that face gatekeeper power — in cloud procurement, app distribution, or digital advertising — have a legitimate interest in a domestic escalation path that is legible to a Dutch parliament and responsive to a Dutch regulatory calendar, not only to a Brussels enforcement schedule. An ACM that routes all Big Tech competition concerns through JITs is an ACM that is harder to hold accountable nationally.
Proportionate, But Transparency Required
The Netherlands has made a coherent institutional bet: in a regulatory architecture where VLOPs and DMA gatekeepers are EU-level constructs enforced by EU-level bodies, national proceedings that duplicate rather than complement the Commission's work dilute rather than amplify regulatory impact. ACM's collaboration-first model reflects a mature reading of where a mid-sized national regulator adds most enforcement value.
Where the model should improve is transparency. ACM's embedded contributions to joint investigation teams are largely opaque to Dutch businesses and the parliament that funds the regulator. Annual reporting that documents not just what ACM investigated but what it contributed to joint proceedings — which lines of inquiry it pursued, which findings it surfaced, what positions it advanced — would strengthen democratic accountability without compromising Commission-led cases.
The Snapchat investigation is the test case the whole model now rests on. A timely, binding outcome vindicates collaborative enforcement. A multi-year stall will, correctly, strengthen the case for national enforcement assertiveness.