This study addresses practical barriers to researcher access to data from Very Large Online Platforms (VLOPs) under Article 40 of the Digital Services Act (DSA), using the 2024 Romanian presidential election interference incident as a case study to expose critical data gaps impeding systemic risk research—particularly regarding algorithmic amplification and covert advertising. Method: Integrating legal interpretation, computer science, and platform governance perspectives, the study develops a novel, interdisciplinary framework specifying data requirements for systemic risk research. It introduces a three-dimensional taxonomy—based on platform documentation, data donations, and Research APIs—to assess TikTok’s data availability. Empirical API analysis and cross-disciplinary scrutiny delineate actual accessibility boundaries for content distribution, ad labeling, and user interaction data. Contribution: The work delivers the first empirically grounded benchmark for DSA’s data access mechanism and proposes concrete, actionable pathways to operationalize Article 40 for rigorous, independent systemic risk research.

To facilitate accountability and transparency, the Digital Services Act (DSA) sets up a process through which Very Large Online Platforms (VLOPs) need to grant vetted researchers access to their internal data (Article 40(4)). Operationalising such access is challenging for at least two reasons. First, data access is only available for research on systemic risks affecting European citizens, a concept with high levels of legal uncertainty. Second, data access suffers from an inherent standoff problem. Researchers need to request specific data but are not in a position to know all internal data processed by VLOPs, who, in turn, expect data specificity for potential access. In light of these limitations, data access under the DSA remains a mystery. To contribute to the discussion of how Article 40 can be interpreted and applied, we provide a concrete illustration of what data access can look like in a real-world systemic risk case study. We focus on the 2024 Romanian presidential election interference incident, the first event of its kind to trigger systemic risk investigations by the European Commission. During the elections, one candidate is said to have benefited from TikTok algorithmic amplification through a complex dis- and misinformation campaign. By analysing this incident, we can comprehend election-related systemic risk to explore practical research tasks and compare necessary data with available TikTok data. In particular, we make two contributions: (i) we combine insights from law, computer science and platform governance to shed light on the complexities of studying systemic risks in the context of election interference, focusing on two relevant factors: platform manipulation and hidden advertising; and (ii) we provide practical insights into various categories of available data for the study of TikTok, based on platform documentation, data donations and the Research API.