Systemic risk management as an emerging regulatory approach in EU digital legislation: salient features and outstanding challenges
DOI:
https://doi.org/10.71265/p7d4nv98Keywords:
Digital Services Act, AI Act, risk-based regulation, risk management, systemic riskAbstract
This paper describes and systematises systemic risk management obligations as a distinctive regulatory approach in EU digital legislation, particularly under the Digital Services Act (DSA) and the Artificial Intelligence Act (AIA). It analyses the notion of systemic risk and aims to distil the main distinctive features that characterise the related obligations under both the DSA and the AIA. Based on this analysis, this contribution outlines the uncertainties surrounding the implementation of systemic risk management obligations, as well as potential issues arising from the blending of public and private governance in novel ways. The ultimate objective is to chart the path for future research that looks at the open questions and challenges of these new and consequential regimes.
Downloads
References
Adam Crawford, ‘Networked Governance and the Post-Regulatory State? Steering, Rowing and Anchoring the Provision of Policing and Security’ (2006) 10 Theoretical Criminology 449
Alberto Alemanno, ‘Regulating the European Risk Society’ in Alberto Alemanno et al. (eds), Better Business Regulation in a Risk Society (Springer, 2013)
Amartya Sen, The Idea of Justice (Harvard University Press, 2009)
Andrea Palumbo, ‘A Medley of Public and Private Power in DSA Content Moderation for Harmful but Legal Content: An Account of Transparency, Accountability and Redress Challenges’ (2024) 15 JIPITEC 246
Andrea Palumbo, Charlotte Ducuing, 'The Blurring of the Public-Private Dichotomy in Risk-based EU Digital Regulation: Challenges for the Rule of Law' (2025) available on SSRN: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5397112
Anthony Aguirre, ‘Close the Gates to an Inhuman Future: How and why we should choose to not develop superhuman general-purpose artificial intelligence’ (2023) arXiv 2311.09452
Bart van der Sloot, ‘Ten Questions about Balancing’ (2017) European Data Protection Law Review 187
Brent Mittelstadt, ‘From Individual to Group Privacy in Big Data Analytics’ (2017) 30 Philosophy & Technology 475
Brett M. Frischmann, Infrastructure: The Social Value of Shared Resources (Oxford University Press, 2012), 11
Brian J. Chen , Jacob Metcalf, ‘Explainer: A Sociotechnical Approach to AI Policy’ (2024) Data & Society, https://datasociety.net/library/a-sociotechnical-approach-to-ai-policy/
Carsten Orwat et al, ‘Normative Challenges of Risk Regulation of Artificial Intelligence’ (2024) 18 Nanoethics 18
Claudia Quelle, ‘Enhancing Compliance under the General Data Protection Regulation: The Risky Upshot of the Accountability and Risk-based Approach’ (2018) European Journal of Risk Regulation 502
Colin Scott, ‘Regulation in the Age of Governance: The Rise of the Post-Regulatory State’ in Jacint Jordana, David Levi-Faur (eds), The Politics of Regulation: Institutions and Regulatory Reforms for the Age of Governance (Edward Elgar Publishing, 2004)
Danah Boyd, ‘Social Network Sites as Networked Publics: Affordances, Dynamics, and Implications’ in Zizi Papacharissi (ed) A Networked Self: Identity, Community, and Culture on Social Network Sites (Routledge, 2010)
Daphne Keller, ‘Amplification and its discontents: why regulating the reach of online content is hard’ (Knight First Amendment Institute at Columbia University, section on essays and scholarship, 2021) https://knightcolumbia.org/content/amplification-and-its-discontents
Daphne Keller, ‘Who Do You Sue? State and Platform Hybrid Power over Online Speech’ (2019) Hoover Working Group on National Security, Technology, and Law, Aegis Series Paper No. 1902 https://www.lawfareblog.com/who-do-you-sue-state-andplatform-hybrid-power-over-online-speech
Derek E. Bambauer, ‘Against Jawboning’ (2015) 100 Minnesota Law Review 51
Dirk Helbing, ‘Globally networked risks and how to respond’ (2013) 497 Nature 51
Edoardo Celeste, ‘Digital Constitutionalism: A New Systematic Theorisation’ (2019) 33(1) International Review of Law, Computers & Technology 76
George Kaufman, Kenneth E. Scott, ‘What is systemic risk, and do bank regulators retard or contribute to it?’ (2003) 7(3) The Independent Review 371
Giovanni de Gregorio, Digital Constitutionalism in Europe: reframing rights & powers in the algorithmic society (Cambridge University Press, 2022)
Giovanni De Gregorio, Pietro Dunn, 'The European risk-based approaches: Connecting constitutional dots in the digital age' (2022) Common Market Law Review 473
Hideyuki Matsumi, Daniel J. Solove, ‘The Prediction Society: AI and the Problems of Forecasting the Future’ (2025) Illinois Law Review 1
Iason Gabriel, ‘Toward a Theory of Justice for Artificial Intelligence’ (2022) 151 Daedalus 218
Jack M. Balkin, ‘Free Speech is a Triangle’ (2018) 118 Columbia Law Review 2011
Janna Sillmann et al, ‘Systemic Risk’ (briefing note of ISC-UNDRR-RISK KAN, 2022), https://council.science/wp-content/uploads/2020/06/Systemic-risk-briefing-note_WEB.pdf
Jean-Christophe Plantin et al, ‘Infrastructure Studies Meet Platform Studies in the Age of Google and Facebook’ (2018) 20 New Media & Society 293
Jean-Christophe Plantin, Aswin Punathambekar, ‘Digital media infrastructures: pipes, platforms, and politics’ (2018) 41(2) Media, Culture & Society 163
Jedediah S. Purdy et al, ‘Building a Law-and-Political-Economy Framework: Beyond the Twentieth-Century Synthesis’ (2020) 129 Yale Law Journal 1784
Julia Black, ‘Decentring Regulation: Understanding the Role of Regulation and Self-Regulation in a ‘Post-Regulatory’ World’ (2001) 54(1) Current Legal Problems 103
Julia Black, ‘The Role of Risk in Regulatory Processes’ in Robert Baldwin, Martin Cave and Martin Lodge (eds), The Oxford Handbook of Regulation (online edn, Oxford Academic 2010)
Julie E. Cohen, Ari E. Waldman, ‘Introduction: Framing Regulatory Managerialism as an Object of Study and Strategic Displacement’ (2023) 86(3) Law and Contemporary Problems
Karen Yeung, ‘A study of the implications of advanced digital technologies (including AI systems) for the concept of responsibility within a human rights framework’, (Council of Europe Report DGI(2019)05, 2019)
Katharina Kaesling, Annegret Wolf, ‘Sustainability and Risk Management under the Digital Services Act: A Touchstone for the Interpretation of ‘Systemic Risks’ (2025) 74(2) GRUR International 119
Linnet Taylor et al (eds), Group Privacy: New Challenges of Data Technologies (Springer Cham, 2016)
Linnet Taylor, ‘Can AI governance be progressive? Group interests, group privacy and abnormal justice’ in Andrej Zwitter, Oskar Gstrein (eds) Handbook on the politics and governance of big data and artificial intelligence (Edward Elgar Publishing, 2023)
Marc Bungenberg, Angshuman Hazarika ‘Rule of Law in the EU Legal Order’ (2019) 22 Zeitschrift für europarechtliche Studien, 383
Marc Loth, ‘Corrective and distributive justice in tort law: On the restoration of autonomy and a minimal level of protection of the victim’ (2015) 22 Maastricht Journal of European and Comparative Law 788
Marco Almada, ‘Regulation by Design and the Governance of Technological Futures’ (2023) 14 European Journal of Risk Regulation 697
Mariano-Florentino Cuéllar, Aziz Z. Huq, ‘Toward the Democratic Regulation of AI Systems: A Prolegomenon’ Public Law and Legal Theory Working Papers No. 753(2020), http://dx.doi.org/10.2139/ssrn.3671011
Martin Husovec, ‘The Digital Services Act’s red line: what the Commission can and cannot do about disinformation’ (2024) 16(1) Journal of Media Law, 47–56
Martin Husovec, Principles of the Digital Services Act (online edn Oxford Academic, 2024)
Martin Senftleben et al, ‘How the EU Outsources the Task of Human Rights Protection to Platforms and Users: The Case of UGC Monetization’ (2023) 38 Berkeley Technology Law Journal 933
Merel Noorman, Tsjalling Swierstra, ‘Democratizing AI from a Sociotechnical Perspective’ (2023) 33 Minds & Machines 563
Michael D. Birnhack, Niva Elkin-Koren, ‘The Invisible Handshake: The Reemergence of the State in the Digital Environment’ (2003) 8(6) Virginia Journal of Law and Technology
Michael Veale et al, ‘Demystifying the Draft EU Artificial Intelligence Act’ (2021) 22 Computer Law Review International 97
Michele Loi et al, ‘Regulating the Undefined: Addressing Systemic Risks in the Digital Services Act (with an Appendix on the AI Act)’ (2025) 38(2) Philosophy and Technology 1
Milda Macenaite, ‘The “Riskification” of European Data Protection Law through a Two-fold Shift’ (2017) European Journal of Risk Regulation 506
Natali Helberger et al, ‘Regulation of news recommenders in the Digital Services Act: empowering David against the Very Large Online Goliath’ Internet Policy Review, https://policyreview.info/articles/news/regulation-newsrecommenders-digital-services-act empowering-davidagainst-very-large
Nathalie Alisa Smuha, ‘Beyond the Individual: Governing AI’s Societal Harm’ (2021) 10(3) Internet Policy Review
Nicolas Suzor, ‘Digital Constitutionalism: Using the Rule of Law to Evaluate the Legitimacy of Governance by Platforms’ (2018) 4(3) Social Media and Society 1
Nicolo Zingales, ‘The DSA as a paradigm shift for online intermediaries’ due diligence: hail to meta-regulation’, in Joris van Hoboken et al (eds), ‘’Putting the Digital Services Act Into Practice: Enforcement, Access to Justice, and Global Implications’’ (2023) Amsterdam Law School Research Paper No. 13, Institute for Information Law Research Paper No. 03, 2023
Niels van Dijk et al, ‘A risk to a right? Beyond data protection risk assessments’ (2016) Computer Law & Security Review 286
Niva Elkin-Koren, ‘Government–Platform Synergy and its Perils’ in Edoardo Celeste et al (eds) Constitutionalising Social Media (Hart Publishing, 2022)
Oliver Marsh, ‘Researching Systemic Risks under the Digital Services Act’ (2024) https://algorithmwatch.org/en/researching-systemic-risks-under-the-digital-services-act/
Oreste Pollicino, ‘The quadrangular shape of the geometry of digital power(s) and the move towards a procedural digital constitutionalism’ (2023) 29 European Law Journal 12472
Ortwin Renn et al, ‘Things are different today: The challenge of global systemic risks’ (2019) 22(4) Journal of Risk Research 401
Paddy Leerssen, ‘Embedded GenAI on Social Media: Platform Law Meets AI law’ (2024) DSA Observatory https://dsa-observatory.eu/2024/10/16/1864/
Rachel Griffin, ‘Governing Platforms through Corporate Risk Management: The Politics of Systemic Risk in the Digital Services Act’ (2025) European Law Open
Rachel Griffin, ‘Rethinking Rights in Social Media Governance: Human Rights, Ideology and Inequality’ (2023) 2 European Law Open 30
Rachel Griffin, ‘The Politics of Algorithmic Censorship: Automated Moderation and its Regulation’, in James Garratt (ed), Music and the Politics of Censorship: From the Fascist Era to the Digital Age (Brepols, 2025)
Raphael Gellert, ‘We Have Always Managed Risks in Data Protection Law: Understanding the Similarities and Differences between the Rights-Based and the Risk-Based Approaches to Data Protection’ (2016) European Data Protection Law Review 481
Raphaël Gellert, The Risk-Based Approach to Data Protection (Oxford University Press, 2020)
Risto Uuk et al, ‘A Taxonomy of Systemic Risks from General-Purpose AI’ (2024) arXiv 2412.07780
Rocco Bellanova, Marieke de Goede, ‘Co-Producing Security: Platform Content Moderation and European Security Integration’ (2022) 60 Journal of Common Market Studies 1316
Sabeel Rahman ‘Infrastructural regulation and the new utilities’ (2018) 35 Yale Journal on Regulation 911
Sabeel Rahman ‘The new utilities: Private power, social infrastructure, and the revival of the public utility concept’ (2018) 39 Cardozo Law Review 1621
Sabeel Rahman, ‘Regulating informational infrastructure: Internet platforms as the new public utilities’ (2018) 2 Georgetown Law Technology Review 234
Sally Broughton Micova, ‘What’s the Harm in Size? Very Large Online Platforms in the Digital Services Act’ Centre on Regulation in Europe (CERRE) 2023 https://cerre.eu/wpcontent/uploads/2021/10/211019_CERRE_IP_What-is-the-harm-in-size_FINAL.pdf.
Sally Broughton Micova, Andrea Calef, ‘Elements for effective systemic risk assessment under the DSA’ Centre on Regulation in Europe (CERRE) (2023) 13 https://cerre.eu/wp-content/uploads/2023/07/CERRE-DSA-Systemic-Risk-Report.pdf
Sue Anne Teo, ‘How Artificial Intelligence Systems Challenge the Conceptual Foundations of the Human Rights Legal Framework’ (2022) 40(1) Nordic Journal of Human Rights
Sue Anne Teo, ‘The Unbearable Likeness of Being: How Artificial Intelligence Challenges the Social Ontology of International Human Rights Law’ (2025) 2 The Journal of Cross-Disciplinary Research in Computational Law
Theodore Konstadinides, ‘The rule of law as the constitutional foundation of the general principles of EU law’, in Katja S. Ziegler et al, (eds) Research Handbook on General Principles of EU Law: Constructing Legal Orders in Europe (Edward Elgar Publishing, 2022)
Thomas Ilin, Liz Varga, ‘The uncertainty of systemic risk’ (2015) 17 Risk management, 240
Viral V. Acharya et al, ‘Measuring systemic risk’ (2017) 30(1) The Review of Financial Studies 2
Vladislava Stoyanova, ‘Common law tort of negligence as a tool for deconstructing positive obligations under the European convention on human rights’ (2020) 24 The International Journal of Human Rights 642
Wolfgang Schulz, Christian Ollig, ‘Hybrid Speech Governance New Approaches to Govern Social Media Platforms under the European Digital Services Act?’ (2023) 14 JIPITEC
Downloads
Published
Versions
- 14-01-2026 (2)
- 14-01-2026 (1)
License
Copyright (c) 2026 Andrea Palumbo
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
How to Cite
