Germany's first full year of Digital Services Act enforcement produced a number that deserves to be read carefully before it is read loudly. On April 30, 2026, the Digital Services Coordinator (DSC) at the Bundesnetzagentur published its 2025 activity report, disclosing that it received more than 2,000 complaints of suspected DSA infringements, opened 26 national administrative proceedings, certified one out-of-court dispute settlement body and three trusted flaggers, and issued zero fines. Trade publication PPC Land, working from the same report, put the precise complaint figure at 2,033 — meaning roughly 1.3 percent of complaints became a formal proceeding.
The instinct in some quarters will be to read that 1.3 percent as failure: a regulator buried in grievances and acting on almost none. We think the more accurate reading is that the German DSC is behaving as a proportionate enforcement body should in year one — and that the structural design of the DSA, not the diligence of the Bundesnetzagentur, is what limits how much any single national coordinator can do.
Steelmanning the complaint
Start with the strongest case for alarm. Users are not inventing their frustration. The German report says the largest single category of complaints concerned inadequate statements of reasons for restricting accounts or content, and the usability of notice-and-action systems — precisely the transparency duties the DSA was written to fix. That maps almost exactly onto what Meta's own Oversight Board found this month when it scrutinised the company's account-disabling practices, noting "innumerable complaints" since 2020 from users who could not understand why they were banned, could not appeal effectively, and could not retrieve their content. When two independent bodies on two continents surface the same grievance, the grievance is real. A regulator that received 2,000 such complaints and did nothing would deserve criticism.
But the German DSC did not do nothing — and the reason it could not do more on most of those complaints is jurisdictional, not attitudinal.
The Irish funnel
The DSA runs on a country-of-origin principle. As the European Commission's own guidance explains, each national coordinator is competent to supervise providers "established in their territory". Because Meta, TikTok, X, and most very large online platforms are headquartered in Dublin, complaints about them — wherever the user lives — are the legal responsibility of Ireland's coordinator, not Germany's. The 2025 report bears this out: of the complaints Germany referred onward to other coordinators, 237 of 255 went to Ireland.
This is the structural fact that the headline 1.3 percent figure obscures. The Bundesnetzagentur cannot fine Instagram for a bad statement of reasons, because Instagram is not established in Germany. What it can do is police intermediaries within its own competence, and there it was active: its 26 proceedings concentrated on Article 16 (notice-and-action), Article 17 (statements of reasons), Article 20 (internal complaint handling), and, for online marketplaces, Article 30 (trader traceability). PPC Land reports that 10 of those cases were resolved by year-end through the platform fixing the deficiency after contact — no order, no fine.
Voluntary fixes are a feature, not a loophole
This is where the proportionality case becomes concrete. A regulatory regime that escalates straight to penalties on first contact is not a tougher regime; it is a more brittle and more expensive one. If a platform corrects a defective notice-and-action flow within weeks of being contacted, the public-interest goal — working transparency machinery — has been achieved at near-zero cost to either the agency or the firm. Reserving fines for genuine non-cooperation keeps enforcement credible and keeps compliance cooperative rather than adversarial. Zero fines in year one is not the absence of enforcement; it is enforcement that did not yet need its heaviest tool.
The alternative reading — that the agency is simply under-resourced — also has support, and it cuts in the same direction. PPC Land notes the DSC had filled 30 of 34 allotted positions against an original legislative estimate of roughly 91 needed, leaving it near 37 percent of projected staffing. An under-staffed regulator that nonetheless triaged 2,000 complaints, routed them correctly, and opened two dozen proceedings has prioritised well. Throwing fines it cannot defend at platforms it does not regulate would have been the wrong use of scarce capacity.
What this means for the DSA's next phase
The Platform Law Blog's review of the first wave of DSC annual reports warned of exactly this dynamic: a "funnel" effect concentrating the most consequential cases in Ireland, uneven legal empowerment across member states, and dispute-resolution and researcher-access mechanisms that remain largely dormant. Germany's 2025 numbers confirm the diagnosis. The pressure point for DSA credibility is not whether Berlin issues fines — it is whether Dublin can carry the cases the entire single market sends it, and whether the certified dispute-resolution and trusted-flagger infrastructure actually scales.
The policy lesson is one we have argued before: transparency mandates are most defensible when they are enforced proportionately and when the institution doing the enforcing is matched to the job. Germany's report is a quietly encouraging data point — a regulator that knows the limits of its own jurisdiction, prefers cooperative cure to performative punishment, and does not pretend a complaint count is an enforcement record. The risk to watch is not German restraint. It is whether the DSA's origin-country architecture leaves any one coordinator able to hold the platforms that matter most.