TLDR
Email impersonates the European Commission DG CNECT or 'Digital Services Act Enforcement Unit', threatening a EUR 6 million fine for non compliance with DSA Article 27 unless the SME signs up to 'DSA Verified' compliance certification (EUR...
How it works
Email impersonates the European Commission DG CNECT or 'Digital Services Act Enforcement Unit', threatening a EUR 6 million fine for non compliance with DSA Article 27 unless the SME signs up to 'DSA Verified' compliance certification (EUR...
Red flags
- Urgent pressure to click, pay, or share codes immediately.
- A link or sender that does not match the official organization.
- Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What to do
- 1Email impersonates the European Commission DG CNECT or 'Digital Services Act Enforcement Unit', threatening a EUR 6 million fine for non compliance with DSA Article 27 unless the SME signs up to 'DSA Verified' compliance certification (EUR 1,200 7,500 fee).
- 2Indicators: 1) Commission never charges SMEs for DSA self certification; 2) sender domain ends in dsa compliance.eu / ec europa.org (not europa.eu); 3) wire transfer requested to Maltese/Cypriot account; 4) urgent deadline (5 10 days).
- 3WHAT TO DO: verify via your national Digital Services Coordinator (list on digital strategy.ec.europa.eu).
Source
European-Commission-DG-CNECT
Source reviewed by Mythos Forensic Team
https://digital-strategy.ec.europa.eu/en/policies/digital-services-actFAQ
Is Fake DSA compliance notice — emails impersonating European Commission a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What should I do first?
Email impersonates the European Commission DG CNECT or 'Digital Services Act Enforcement Unit', threatening a EUR 6 million fine for non compliance with DSA Article 27 unless the SME signs up to 'DSA Verified' compliance certification (EUR 1,200 7,500 fee).; Indicators: 1) Commission never charges SMEs for DSA self certification; 2) sender domain ends in dsa compliance.eu / ec europa.org (not europa.eu); 3) wire transfer requested to Maltese/Cypriot account; 4) urgent deadline (5 10 days).; WHAT TO DO: verify via your national Digital Services Coordinator (list on digital strategy.ec.europa.eu).
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.