10 July 2026

From the outset, it was clear that the EU Code of Conduct on Disinformation (previously known as the Code of Practice on Disinformation) risked wasting political capital and civil society resources that were, and are, desperately needed for the effective enforcement of the Digital Services Act (DSA). Although the relevance of the areas discussed in the Code (demonetisation, political advertising transparency, platform integrity, user empowerment, fact-checking, and researcher access) are all very relevant, we have consistently questioned whether a voluntary instrument can credibly address problems rooted in platforms’ business models.

Council of Europe Guidance Note

Months before the adoption of the DSA, albeit in a different forum, all EU Member States approved a Guidance Note on best practices for self-and co-regulatory approaches to content moderation. In the DSA negotiations, Member States and the Commission chose to ignore it.

Let’s look at two provisions. 

1. Accountability:

Paragraph 37 of the Guidance Note identifies key characteristics of successful approaches. These include mandatory public reporting and independent appraisal and audits of adherence to codes and on progress towards goals being achieved, and the imposition of appropriate sanctions where non-compliance is identified;

This reference to accountability was broadly ignored and represents a major flaw of the Code. In principle, it allows companies to participate in the Code, claim to be respectful of its provisions, but at the same time fail to mitigate disinformation risks. 

Another related problem of the Code is the lack of enforcement power. The Code lacks a proper mechanism to hold platforms accountable when they fail to will fulfill their commitments. When platforms refuse to provide research teams with sufficient information, apply demonetisation policies inconsistently, fail to disclose political advertising policies, or report selectively, there is little the Code can do. 

2. What is success?

Again, paragraph 37 of the Council of Europe Guidance Note sets out clear key characteristics of successful approaches, including how success and failure should be measured. It identifies having clear, independently verified, objective benchmarks and targets as crucial.

It is a serious flaw of the Code that neither success nor failure is properly defined. Without clear criteria for either, it is impossible to determine if the Code is achieving its objectives or not. Simply reporting how many labels were assigned, how many posts were deleted, how many accounts were banned and how many reports were made public does not set a meaningful benchmark. These metrics measure activity rather than impact. Impact should instead be assessed by looking at whether measures against disinformation actors indeed reduce their reach, revenue, and influence. Stopping ten harmful incidents from happening is great, if only ten bad things were going to happen. If a hundred were expected, the outcome is less rosy. Benchmarks matter.

From a civil society perspective, this approach is highly problematic. Disinformation is not a problem of content, but involves structural issues such as the design of the platform, its advertising, recommendation systems, political targeting, and data asymmetry. Voluntary cooperation, without a pre-agreed threshold for success or failure, is simply and obviously insufficient.

Self-regulation can work, but making it work is hard work. This is where the Council of Europe’s approach to the regulation of content moderation is valuable. It defines the requirements for the legitimacy of such self- and co-regulation: targets, transparency, independent oversight, proportionality, and effective redress mechanisms. Voluntary codes lacking the required enforcement mechanisms and measurable goals fail these tests.

Why didn’t the Guidance Note of the Council of Europe have more impact? Maybe because it wasn’t law. Maybe it was too easy for Member States to sign up, making it look like they were doing something good. The lesson is that soft law is effective only when institutions such as the Parliament and the Council of the European Union translate its principles into concrete outcomes and enforcement mechanisms. Without this work, the Code of Conduct risks going nowhere. It may already be on that path: there was no mention of it at the most recent Digital Services Board meeting.