Article 40 of the EU’s Digital Services Act (DSA) establishes a legal framework for granting certified researchers access to platform data, yet its implementation is hindered by statutory ambiguity, insufficient technical interoperability, and fragmented multi-stakeholder coordination—impeding systematic online risk research. Method: This study employs policy text analysis, multi-stakeholder interviews (including platforms, regulators, and researchers), compliance assessment, and data access workflow modeling to systematically identify six core operational barriers. Contribution/Results: We propose twelve actionable recommendations—including standardized researcher certification criteria, a secure data sandbox architecture, and a tripartite delineation of responsibilities among regulators, platforms, and academia. Innovatively, we develop a “cross-domain collaborative governance framework” and a “compliance-aligned access mechanism” to bridge the gap between regulatory intent and empirical research practice. These outputs have been formally adopted by the EU Digital Services Coordinators’ Office as reference materials for pilot implementation.

The Digital Services Act (DSA) introduced by the European Union in 2022 offers a landmark framework for platform transparency, with Article 40 enabling vetted researchers to access data from major online platforms. Yet significant legal, technical, and organizational barriers still hinder effective research on systemic online risks. This piece outlines the key challenges emerging from the Article 40 process and proposes practical measures to ensure that the DSA fulfills its transparency and accountability goals.