Croatia faces additional European Commission action over Digital Services Act enforcement

The European Commission has stepped up its enforcement action against Croatia by issuing an additional letter of formal notice over shortcomings in the national implementation of the Digital Services Act. The move reflects continued concern about whether Croatia’s enforcement structure is fully equipped to apply the regulation in practice.

Although Croatia adopted implementing legislation in 2025, the Commission considers that important obligations remain unmet. In particular, the national authority designated to oversee the regulation has not been given sufficient powers to enforce the Digital Services Act effectively.

Further concerns relate to the penalty regime. According to the Commission, Croatian law does not yet fully meet EU requirements on maximum penalties, proportionality, and deterrence. It also lacks certain provisions needed to sanction individuals for non-cooperation or for providing inaccurate information.

Croatia has been given two months to respond and address the issues raised. If the response is not satisfactory, the Commission may move to the next stage of the infringement process by issuing a reasoned opinion.

Why does it matter?

The case matters because the Digital Services Act depends not only on EU-level rules, but on whether member states give their national authorities the powers needed to enforce them. Croatia’s case shows that even after implementing legislation is adopted, gaps in enforcement design, penalties, and institutional authority can still weaken how the DSA works in practice across the EU.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!