The European Union is tightening expectations for the largest online platforms as elections become a central test of the Digital Services Act. Draft election security guidance published Tuesday sets out how major social media services, search engines and other covered platforms should reduce systemic risks to democratic processes while still protecting freedom of expression and privacy.
The guidance is aimed at around two dozen platforms with more than 45 million+ regional monthly active users. In-scope services include Facebook, Google Search, Instagram, LinkedIn, TikTok, YouTube and X.
Why the guidance matters now
The Commission has made elections one of its priority enforcement areas under the DSA for very large online platforms and very large online search engines. These companies are already required to identify and mitigate systemic risks, including information manipulation that targets democratic processes in the region.
The immediate pressure comes from the European Parliament elections in June. The Commission has been moving quickly, having launched a consultation on a draft version just last month. Officials have also said they will stress-test platforms' preparedness next month.
The guidelines remain in draft form, but formal adoption is expected in April once all language versions are available. Even before final adoption, the message to platforms is clear: election integrity is becoming a practical enforcement test for the DSA.
The guidance itself is not mandatory in the same way as the DSA. But if a platform chooses a different approach from the one recommended, it must be able to show that its alternative still meets the bloc's standard. If it cannot, it risks being found in breach of the DSA, which allows penalties of up to 6% of global annual turnover for confirmed violations.
Recommender systems are in the spotlight
A major focus is the role of algorithmic and AI-powered recommender systems. The EU wants users to have meaningful choices and controls over their feeds, because these systems can shape what information people see during an election period.
The guidance says platforms should design and adjust recommender systems with attention to media diversity and pluralism. It also calls for clear and transparent methods to downrank election disinformation, including deceptive content that has been fact-checked as false and posts from accounts repeatedly found to spread disinformation.
Political deepfakes and generative AI-based disinformation receive specific attention. Platforms are expected to assess recommender engines for risks tied to electoral processes, update systems to reduce those risks, and use techniques such as adversarial testing and red-teaming to improve detection and response.
The EU also urges watermarking of synthetic media, while noting limits around technical feasibility. That caveat matters because the guidance is not simply asking platforms to label AI-generated content in the abstract; it is asking them to build election-risk processes that can work in practice.
Moderation needs local expertise
The Commission is also pushing platforms to improve the way they staff election work. It expects adequate content moderation resources across the multiple official languages spoken in the bloc, with enough people available to respond to information risks and act on reports from third-party fact-checkers.
This is not only about headcount. The guidance stresses local context-specific risks, member state specific and regional information gathering, and staff with knowledge of local language and national or regional context.
Platforms are advised to set up a dedicated, clearly identifiable internal team ahead of an electoral period. The EU says that team should cover expertise including content moderation, fact-checking, threat disruption, hybrid threats, cybersecurity, disinformation and FIMI, fundamental rights and public participation.
The guidance also recommends cooperation with relevant external experts, including European Digital Media Observatory hubs and independent factchecking organisations. Platforms may increase resources around particular election events and demobilize teams once a vote is over.
The Commission recommends that mitigations be deployed at least one to six months before an electoral period and continue at least one month after the elections. It expects the greatest intensity before the date of elections, when risks such as disinformation about voting procedures can be especially important.
Hate speech, official information and political ads
The guidance encourages platforms to draw on existing frameworks such as the Code of Practice on Disinformation and the Code of Conduct on Countering Hate Speech. It also says users should be given access to official information on electoral processes through measures such as banners, links and pop-ups that direct them to authoritative sources.
The Commission highlights illegal content such as public incitement to violence and hatred, especially where it may inhibit or silence voices in democratic debate. It points to forms of racism, gendered disinformation and gender-based violence online, including in the context of violent extremist or terrorist ideology or FIMI targeting the LGBTIQ+ community.
Platforms are also encouraged to provide more context around information. The guidance mentions fact-checking labels, prompts and nudges, clear indications of official accounts, and clear, non-deceptive labeling of accounts run by member states, third countries and entities controlled or financed by third countries.
Political advertising is another area of scrutiny. The guidance points platforms toward incoming transparency rules and advises them to begin aligning now. Examples include clearly labeling political ads, providing information on the sponsor, maintaining a public repository of political ads, and verifying the identity of political advertisers.
Accountability after the vote
The EU guidance does not stop at pre-election preparation. It urges platforms to maintain stable and reliable data access for third parties studying election risks, and says that data access should be provided for free.
Platforms are also encouraged to cooperate with oversight bodies, civil society experts and each other. The guidance calls for communication channels that allow election security risks to be reported and shared during election periods.
For high-risk incidents, platforms are advised to establish an internal incident response mechanism involving senior leadership and relevant stakeholders inside the organization. The goal is to make responsibility clear when election-related threats emerge.
After elections, the EU suggests that platforms conduct and publish a review of their performance, including third-party assessments. That turns election security into an ongoing compliance cycle rather than a one-time moderation push.
The practical impact is that the largest platforms now face a detailed checklist of election security expectations under the DSA. They can choose their own path, but they will need to show that it is reasonable, proportionate and effective.