France France ARCOM DSA national enforcement

ARCOM's DSA Enforcement Push Outstrips Its Budget, Risking Duplication of Brussels' Role

France's regulator wants a bigger national DSA enforcement role and 30 more staff, but the plan blurs lines with Commission authority over large platforms.

ARCOM's DSA Push, By the Numbers People of Internet Research · France ~30 Additional staff requested ARCOM's ask for 2026-2028 to cover… 83% Minors facing online risk Share of minors who've encountered… 44% Under-13s on social media Share of 11-17 year-olds who acces… €120M DSA's first-ever fine Commission's Dec. 5, 2025 penalty … peopleofinternet.com
ARCOM's DSA Push, By the Numbers People of Internet Research · France ~30 Additional staff requested 83% Minors facing online risk 44% Under-13s on social media €120M DSA's first-ever fine peopleofinternet.com

Key Takeaways

ARCOM, France's audiovisual and digital regulator, published its 2026-2028 strategic plan on May 19, 2026, and the headline is ambition without matching resources. The plan commits ARCOM to "faster, more directive and more effective" enforcement of the EU's Digital Services Act inside France, expanded platform obligations, tighter age-verification design requirements, and new anti-disinformation duties — while ARCOM president Martin Ajdari asked for roughly 30 additional staff over the plan period to cover it all (Arcom, May 19, 2026).

The case for going harder

ARCOM's own data makes a real case for urgency. Its strategic plan cites 83% of minors having encountered at least one online risk, and 44% of 11-to-17-year-olds accessing social media before age 13 — nine years before France's legal "digital majority" threshold (Arcom strategic plan; Leto Legal analysis, May 19, 2026). That age-15 threshold isn't new — Law No. 2023-566 of July 7, 2023 already required social platforms to refuse registration to under-15s absent parental consent, with ARCOM tasked with certifying the technical verification framework in consultation with France's data regulator, CNIL, and fines of up to 1% of global revenue for noncompliance (Légifrance, Law 2023-566). Three years on, that law has barely been enforced, largely because no certified verification tool existed. ARCOM's new plan is partly an admission that the 2023 framework was aspirational, and an attempt to actually operationalize it — tied to a separate parliamentary push for a hard social-media age floor targeted for September 2026.

On the DSA side, ARCOM isn't inventing enforcement power from nothing. As France's designated Digital Services Coordinator, it already sits inside the EU's supervisory architecture, and Brussels has shown the framework has teeth: the European Commission fined X €120 million on December 5, 2025 — the DSA's first-ever financial sanction — for deceptive verified-badge design, an opaque ad repository, and blocked researcher data access. ARCOM publicly welcomed the fine as sending "a determined signal to X, as to all platforms" (Arcom press release, Dec. 5, 2025). Given that precedent, a national regulator wanting to lean into a functioning enforcement regime, rather than wait passively for Brussels to act, is a defensible instinct.

Where the plan overreaches

But "more assertive national enforcement" sits awkwardly with how the DSA is actually built. The regulation gives the Commission — not national coordinators — exclusive authority over the systemic-risk and transparency obligations that apply to the very large platforms most likely to draw ARCOM's attention (the same provisions underlying the X fine). National DSCs like ARCOM are the primary enforcers for smaller platforms and national-law violations, not for VLOP-level systemic obligations. A French regulator publicly signaling it intends to move faster and more directively against platforms already under Commission jurisdiction risks exactly the jurisdictional friction and forum-shopping the DSA's centralized-enforcement design was meant to prevent. If Germany's, Ireland's, or Italy's coordinators adopt the same posture, platforms face inconsistent national interpretations of a regulation whose entire premise was a single EU-wide rulebook.

The resourcing gap makes the ambition harder to take at face value. ARCOM has received only about 20 additional positions since 2022 to cover its new DSA mission — a number Ajdari himself calls "far fewer than our main European counterparts" — against a request for roughly 30 more through 2028, out of a current headcount ceiling of 378 full-time staff (Arcom, May 19, 2026). An understaffed regulator promising expanded, more directive enforcement is likely to produce selective, high-visibility actions against a handful of large platforms rather than systematic oversight — good for headlines, thinner on due process.

The age-verification design mandate deserves the same scrutiny as the enforcement posture. Requiring platforms to build age-verification into product design by default is the more defensible half of the plan — narrower, targeted at a genuine and measurable harm (44% of young teens on platforms below the legal age), and grounded in a specific statute rather than open-ended "platform accountability." But design mandates for age verification carry real privacy costs if implemented via document uploads or biometric estimation rather than privacy-preserving age tokens, and ARCOM's plan doesn't yet specify which. The anti-disinformation duties are vaguer still, and vague disinformation mandates are where good intentions most often curdle into discretionary speech policing.

ARCOM should get the staff it needs to do the age-verification and non-VLOP enforcement work squarely inside its mandate. What it shouldn't get is an implicit green light to duplicate Brussels' systemic-risk enforcement against the same large platforms the Commission is already pursuing — that path fragments the DSA's single-rulebook promise rather than strengthening it.

Sources & Citations

  1. Arcom — Projet stratégique 2026-2028
  2. Arcom — Sanction de la plateforme X (€120M fine)
  3. Sénat — Law establishing digital majority (Law No. 2023-566)
  4. Leto Legal — Arcom 2026-2028 analysis for DPOs