Internet & Online Safety Β· Croatia
Online safety in Croatia: the EU Digital Services Act (2026)
Croatia shaded by its internet & online safety status
Online safety rules in Croatia: comprehensive law, under EU Digital Services Act (Regulation (EU) 2022/2065), directly applicable; Croatia's national Law on the Implementation of the DSA (in force 17 April 2025); Digital Services Coordinator: HAKOM (Hrvatska regulatorna agencija za mreΕΎne djelatnosti).
Croatia is governed by the EU's Digital Services Act as the primary comprehensive online-safety and content-moderation regime, supplemented by a national DSA Implementation Law that entered into force on 17 April 2025 and designates HAKOM as the Digital Services Coordinator. However, the European Commission has issued two letters of formal notice (2024 and April 2026) citing Croatia's failure to fully empower HAKOM with the sanctioning powers required under the DSA. Children's online safety is addressed through DSA obligations, the Safer Internet Centre Croatia, and a draft National Programme for Children in the Digital Environment 2024-2026.
The Digital Services Act in Croatia
In Croatia, online platforms and intermediaries are governed by the EU Digital Services Act (DSA), a directly-applicable regulation covering illegal content, transparency and user protection.
- Framework
- the EU Digital Services Act (Regulation (EU) 2022/2065)
- Approach
- notice-and-action on illegal content, transparency reporting, clear terms, and protection of minors
- Applies to
- online intermediaries, hosting services and platforms offering services to users in Croatia, wherever established
- Very large platforms
- platforms and search engines with 45M+ EU users face extra systemic-risk audits, overseen by the European Commission
- Maximum fine
- up to 6% of global annual turnover
- Oversight
- the national Digital Services Coordinator, plus the European Commission for very large platforms
The DSA is an EU regulation applied directly in Croatia; the national Digital Services Coordinator handles day-to-day supervision.
The Digital Services Act in Croatia: FAQ
Yes. As an EU member, Croatia is covered by the EU Digital Services Act (Regulation (EU) 2022/2065), which applies directly.
Notice-and-action mechanisms for illegal content, transparency reporting, clear terms of service, and measures to protect minors.
The national Digital Services Coordinator, with the European Commission supervising very large online platforms and search engines.
Up to 6% of a provider's global annual turnover for serious breaches.
Key points
The EU Digital Services Act (Regulation (EU) 2022/2065) is directly applicable in Croatia and constitutes the principal comprehensive online-safety and content-moderation framework, covering intermediaries, online platforms, and very large online platforms (VLOPs) with 45 million+ EU users.
Croatia enacted its national DSA Implementation Law, which entered into force on 17 April 2025. It designates HAKOM as the Digital Services Coordinator, establishes complaint mechanisms for users against intermediary service providers, and sets national fines of β¬6,630, β¬66,360 or up to 6% of global annual turnover.
HAKOM (Croatian Regulatory Authority for Network Industries) has been the designated DSC since February 2024. It holds investigative powers, coordinates among national competent authorities, manages the trusted-reporter framework, and publishes annual DSC activity reports as required by Article 55 of the DSA.
The European Commission sent Croatia a first letter of formal notice in 2024 and a second in April 2026, finding that the national DSA Implementation Law does not fully empower HAKOM to impose the maximum penalties, meet proportionality requirements, or sanction individuals for non-cooperation, constituting an ongoing infringement of the DSA.
Croatia has no standalone national age-verification law; it relies on the EU's harmonised approach. The European Commission published an age-verification blueprint (July 2025), with a feature-ready solution available from April 2026, designed to be interoperable with EU Digital Identity Wallets. Croatian awareness campaigns aligned with DSA obligations are being conducted by the Safer Internet Centre.
Croatia's BIK 2025 country profile notes children's online protection as an emerging priority, partially addressed in national law and implemented through the Safer Internet Centre Croatia and the UNICEF/Agency for Electronic Media 'Media Literacy Days' project. A National Programme for Children in the Digital Environment 2024-2026 exists but had not been formally adopted as of the 2025 profile. All three major telecoms signed a Code for the Protection and Promotion of Children's Rights in the Digital Environment.
Timeline - major decisions & events
After Croatia adopted a DSA implementation law in April 2025, the Commission issued a second formal notice under INFR(2024)2166, finding Croatia still fails to give HAKOM genuine sanctioning power, does not honour the 6% / 5% DSA penalty caps, and cannot fine individuals for obstruction of inspections β Croatia was given two months to respond before a reasoned opinion.
European Commission β Shaping Europe's Digital Future βThe Croatian Government adopted the National Cyber Crisis Management Programme, establishing procedures for national-level cyber incident response and crisis coordination under the NIS2 framework, complementing the 2024 Cybersecurity Act and its implementing Regulation.
NCSC-HR (National Cyber Security Centre Croatia) βCroatia's Law on the Implementation of Regulation (EU) 2022/2065 (the Digital Services Act) entered into force, appointing HAKOM as the national Digital Services Coordinator responsible for coordinating complaints, overseeing intermediary platforms, and cooperating with the European Board for Digital Services.
HAKOM β Croatian Regulatory Authority for Network Industries βCroatia's data protection authority (AZOP) significantly increased enforcement in 2025, with aggregate fines reaching β¬6.7 million; the largest single fine (β¬4.5 million) targeted a telecoms operator for unlawful international data transfers and lack of transparency, marking a sharp shift to active GDPR enforcement.
CMS Law Now βThe secondary regulation implementing the Cybersecurity Act detailed entity-classification criteria, risk-management measures, mandatory self-assessment cycles, criteria for significant cyber incident identification, and incident notification procedures β entering into effect 30 November 2024.
NCSC-HR / Government of the Republic of Croatia βCroatia's Zakon o kibernetiΔkoj sigurnosti, passed by Parliament on 26 January 2024, entered into force on 15 February 2024 β transposing EU NIS2 Directive (2022/2555), expanding regulated entities from ~1,000 to an estimated 8,000β10,000, establishing the NCSC-HR as central coordinator, and introducing mandatory biennial self-assessments and severe fines (up to β¬10 million or 2% of global turnover).
NCSC-HR / Croatian Parliament βCroatia's Act on the Implementation of the GDPR, enacted 27 April 2018, came into force on 25 May 2018, replacing the 2003 Personal Data Protection Act; it set the national age of digital consent at 16, granted AZOP its independent supervisory mandate under Article 51 GDPR, and added national rules for genetic, biometric and children's data.
AZOP β Croatian Personal Data Protection Agency βCroatia's foundational e-commerce law transposed the EU Electronic Commerce Directive (2000/31/EC), establishing the country-of-origin principle for information society services, liability safe harbours for caching, hosting and mere-conduit intermediaries, and pre-contractual transparency obligations β a framework amended multiple times and partly superseded by the 2025 DSA implementation law.
CMS Expert Guide β Croatia βCroatia enacted a Law on Ratification of the Council of Europe's Convention on Cybercrime (Budapest Convention, ETS No. 185), criminalising illegal system access, data and system interference, computer-related fraud and child pornography online β embedding the first international cybercrime definitions into Croatian law and criminal procedure.
Council of Europe β Octopus Cybercrime Community βCroatia - other topics
Internet & Online Safety in other countries
Last verified 5/24/2026 Β· Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite Β· Explore the full world map β