On Tuesday, June 3, 2025, the Global Network Initiative (GNI) and the Digital Trust & Safety Partnership (DTSP) convened a multistakeholder event in Brussels on “Centring the Protection of Human Rights in Online Risk Regulation.” The event brought together regulators, civil society organizations, academics, and technology companies to explore how the protection of human rights, particularly freedom of expression and privacy, can be effectively achieved in the context of emerging risk-based regulatory frameworks.
This year’s event built on GNI and DTSP’s ongoing efforts to foster dialogue across stakeholder groups around the practice of digital risk management. It was followed by the third edition of the European Rights & Risks Stakeholder Engagement Forum, a two-day series of dynamic workshops focused on systemic risk assessments and mitigation under the EU Digital Services Act (DSA).
The day opened with a keynote from Silvia Fukuoka, Principal for Governance and Risk Management Policy at Ofcom, who shared insights into the UK regulator’s human rights-based approach to implementation of the Online Safety Act (OSA). Silvia noted that her team has been reviewing 70 risk assessments from a range of services covered under the OSA to determine if they are “suitable and sufficient” to meet the expectations set out in the OSA and its guidance and risk profiles that Ofcom has produced. She pointed out that these are not “compliance” reviews and emphasized the importance of embedding due process, transparency, and proportionality into risk management frameworks, a theme that echoed throughout the day’s discussions.
From these initial reviews, Ofcom has noted that companies have found their risk assessment guidance and risk profiles when carrying out their OSA risk assessments, and that many providers have identified the particular risks to children. These reports also evince a diversity of formats, as well as approaches to internal responsibility and methodologies for conducting risk management. Silvia also noted a surprisingly sparse amount of information in the reports about instances of complaints and incidents.
The panel that followed, held under the Chatham House Rule, was moderated by GNI staff and featured speakers from the European Commission’s Directorate-General for Communications Networks, Content and Technology (DG CONNECT), Coimisiún na Meán (CnM, Ireland’s Digital Services Coordinator), Center for Democracy & Technology (CDT) Europe, Centre for Communication Governance, National Law University Delhi (CCG), and Ofcom, UK.
Discussions revolved around the implementation of risk assessments under the OSA and DSA, global regulatory coherence, civil society participation, and challenges in translating legal mandates into lived rights.
From the European Commission’s perspective, the first round of risk assessments submitted by Very Large Online Platforms and Search Engines marked a critical step forward. A Commission representative acknowledged civil society concerns that the initial round of published risk assessments focused disproportionally on user-generated content over system design. They reiterated that risk assessments and their associated audits are part of a broader ecosystem of transparency mechanisms set out in the DSA, including mandatory company transparency reports, data access for vetted researchers, and public databases, which are designed to evolve over time. The Commission sees the risk assessment process not as a checkbox exercise, but as a living mechanism that will benefit from continued stakeholder input and revision.
CnM described the significant institutional growth needed to meet DSA obligations, including scaling from 40 to over 200 staff in under a year, with further expansion planned. They emphasized setting up robust complaint-handling systems, third-party dispute mechanisms, and internal processes for trusted flagger engagement.
A risk-based approach to internal planning has allowed CnM to prioritize engagement with high-risk services and establish channels for cross-border complaint handling. Ireland’s experience underscored the importance of collaboration among DSCs, particularly around shared tools, training, and communications infrastructure.
Ofcom underscored its commitment to learning from other jurisdictions and sharing insights to support regulatory coherence. Given the global reach of major platforms and the overlap in company compliance teams across countries, learning among regulators is essential. They were clear that as regulators, their roles are defined and guided by domestic legislation, and so while engagement across jurisdictions is critical, they do not seek to enforce their laws extraterritorially.
The UK regulator acknowledged the limitations of enforcement in isolation and emphasized the importance of global networks, such as the Global Online Safety Regulators Network (GOSRN), to facilitate knowledge exchange and track emerging trends. Ofcom’s team also highlighted the value of civil society’s research and advocacy, noting its impact on policy design and risk mitigation strategies. Crucially, Ofcom noted that law alone cannot change the online experience. Real-world impact requires implementation, stakeholder dialogue, and long-term cultural shifts.
Civil Society Perspectives: Centering Civil Society Expertise in Regulatory Processes to Contextualize Rights & Risks
Civil society voices emphasized the critical role of non-governmental actors in shaping effective and rights-respecting regulation, as civil society serves as a check on both companies and the government. Drawing on years of experience advising on human rights impact assessments (HRIA), they urged regulators and companies to treat civil society as equal partners, not afterthoughts, in regulatory processes.
CDT also raised concerns about the opacity of some platform risk assessments, including missing or broken documentation links, lack of complementary qualitative analysis, and limited clarity on how civil society feedback was used. Speakers called for greater structural support for civil society participation and more systematic consultation mechanisms under the DSA.
CCG’s perspective from outside of Europe brought an important lens to the conversation. While European regulatory models such as the DSA have global influence, their possible transposition into non-European contexts has challenges. CCG’s researchers from the Indian context has noted that without adaptation to local legal, political, and social contexts, such frameworks could prove counterproductive. Among the key concerns identified were: vague risk metrics, politicized researcher vetting, and limited government transparency in many Global South jurisdictions. There is a need for local ownership of regulatory models, grounded in rights and realities that reflect domestic contexts. Simply replicating legislation without adapting its intention to protect rights and related regulatory infrastructure can risk undermining rights rather than protecting them.
Both civil society panelists emphasized that human rights risk assessments are not new. What’s needed now is regulatory consistency, deeper engagement with experts who understand risks to marginalized communities and human rights frameworks, and stronger transparency obligations to ensure accountability.
Throughout the discussions, several cross-cutting themes emerged:
The event was followed by the European Rights & Risks Stakeholder Engagement Forum, where companies, civil society, and researchers continued the discussion in the absence of regulators to explore how to strengthen systemic risk assessments and ensure that digital governance frameworks uphold fundamental rights. From technical workshops to candid conversations, the Forum reflected the growing maturity of multistakeholder efforts under the DSA.
GNI and DTSP are deeply grateful to all those who contributed to this event. As the world faces growing risks to freedom of expression, privacy, and civic space online, we remain committed in our belief that rights-respecting, evidence-based, and inclusive regulation is not only possible, but essential. We look forward to continuing this work in close collaboration with our members, partners, and stakeholders around the world.