Skip to content
Magist
AnalyzeRegulationsVendorsCounselUpdatesCompareAbout
← All Controls

Random spot-checks of trader compliance

random-trader-checksDomain: marketplace-platformType: process

Description

Random spot-checks of trader compliance are the EU Digital Services Act and Product Safety Regulation answer to a structural question: how does a marketplace keep its trader inventory honest without inspecting every listing. The full-inspection answer is impractical at any realistic platform scale, the no-inspection answer leaves the marketplace as an effective laundry channel for non-compliant goods, and the regulators converged on a middle path that obligates the platform to commit to a sampling discipline that runs against the full inventory rather than against a pre-filtered subset. The substantive obligations sit in two places. DSA Article 31(3) requires online platforms that allow consumers to conclude distance contracts with traders to make reasonable efforts to randomly check, against publicly available databases or interfaces, whether products or services offered have been identified as illegal. GPSR Article 22(6) parallels the obligation for product-safety information specifically, requiring marketplaces to make reasonable efforts to randomly check, in a representative manner, whether traders provide the trader and product information required by Article 22(7); the methodology has to be documented and producible on regulator request. The two obligations overlap in scope and produce a single operational program in practice rather than parallel programs. The randomness is doing real work in the regulatory design. The Commission's interest, and the national-competent-authority interest under DSA national implementations, is in catching listings that the platform's risk-based screening would not catch. A sample drawn from the platform's already-flagged subset does not satisfy the obligation, because the listings the platform is already worried about are the ones the platform is already going to act on; the regulators want to know about the false-negative rate of the platform's existing screening, which requires sampling outside the flagged subset. The sample frame matters and the regulators have begun asking about it explicitly during examinations. The operational decomposition is five pieces. The sampling methodology defensibly covers the full trader inventory, with the sample size statistically defensible against the listing volume rather than fixed at an arbitrary number (most platforms have landed on confidence-interval-based sampling against the full population, with the sample size calculated to produce a stated confidence in the population-level non-compliance rate). The sample-execution step runs the selected listings against the publicly available authority databases at the committed cadence: recall lists (EU Safety Gate and member-state equivalents), banned-product lists, sanctions lists (OFAC, EU Consolidated, UK OFSI), restricted-substance registers (REACH, RoHS, equivalent registers in other regions). The per-listing record captures the outcome (hit or miss) and the disposition where it was a hit, with enough detail that a future audit can reconstruct the decision. The remediation track for hits applies the appropriate action (delist, restrict, trader notice, suspension) within the timeline the underlying regime requires. And the annual rollup summarizes the sample size, the hit rate, the remediation outcomes, and any methodology changes; the rollup is what the platform produces on regulator request, and the production has to happen on a short timeline. The piece that consistently goes wrong is the sample-frame question. A program that treats the sampling as a check on already-flagged listings rather than on the broader trader population produces a hit rate that looks high (because the flagged listings are flagged for a reason) but that does not satisfy the obligation. Regulators reading the methodology document have started asking explicitly whether the sample frame is the full trader inventory or a pre-filtered subset, and the answer is consequential for whether the program meets the regulation. The cheapest defensible posture is to document the sample frame as the full trader inventory, to draw the sample uniformly at random rather than through any pre-filter, and to accept the lower observed hit rate as the expected outcome of a sample drawn from a population that is mostly compliant rather than mostly suspect.

Applicability

Applies when: business model role is intermediary or mixed.

How predicates are evaluated

Required by (2 regulations)

  • DSA

    Article 31(3) — random checks against publicly available databases.

    Regulation (EU) 2022/2065 of the European Parliament and of the Council (Digital Services Act)

  • EU GPSR

    Article 22(6) — reasonable efforts to randomly check, in a representative manner, whether traders provide the trader and product information required by Article 22(7); methodology documented.

    Regulation (EU) 2023/988

    Source →

Fulfilled by (1)

  • In-house build · medium effort

Magist does not accept payment from vendors. Methodology.

Evidence formats

  • spot-check sampling plan
  • audit log
  • takedown record

Magist provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions.

Magist

Pre-launch regulatory analysis for product teams. Built by a lawyer, designed for PMs.

Tools

  • Analyze
  • Guided walkthrough
  • Vendors
  • Find counsel
  • Saved analyses

Reference

  • Scope by business model
  • Scope by jurisdiction
  • App ratings
  • Regulations
  • Compare regulations
  • Enforcement
  • Browse Controls
  • Vendor coverage
  • Radar
  • Pulse
  • Changelog
  • Guides
  • Regulatory updates
  • Open data
  • Corpus license
  • Ontology
  • State of Compliance

Solutions

  • For legal teams
  • For engineering
  • For executives
  • For law firms
  • For investors
  • For teams →

About

  • About Magist
  • Methodology
  • Editorial standards
  • Reviewers
  • Coverage status
  • Corrections
  • Trust
  • Coverage scope
  • How we handle data
  • Sub-processors
  • FAQ

Built by Neel Patel, a practicing in-house games attorney. Games touch more compliance domains at once than anything else in tech — Magist was designed around that.

Magist provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions. Operated by a Washington-licensed attorney. Not licensed in California or other US states. Magist provides legal information; consult a licensed attorney in your jurisdiction.

Magist is an instrument, not a consultancy. It does not sell compliance services or take payment from vendors for placement; the analysis is the same for everyone. No vendor, sponsorship, or referral fees, ever.

MethodologyLimitationsDisclosures

© 2026 Magist
TermsLicensePrivacySecurityLinkedIn