Skip to content
World Watch/Croatia/Internet & Online Safety

Internet & Online Safety Β· Croatia

Online safety in Croatia: the EU Digital Services Act (2026)

Comprehensive lawEU Digital Services Act (Regulation (EU) 2022/2065), directly applicable; Croatia's national Law on the Implementation of the DSA (in force 17 April 2025); Digital Services Coordinator: HAKOM (Hrvatska regulatorna agencija za mreΕΎne djelatnosti)Country index 96 Β· A+

Croatia shaded by its internet & online safety status

Online safety rules in Croatia: comprehensive law, under EU Digital Services Act (Regulation (EU) 2022/2065), directly applicable; Croatia's national Law on the Implementation of the DSA (in force 17 April 2025); Digital Services Coordinator: HAKOM (Hrvatska regulatorna agencija za mreΕΎne djelatnosti).

Croatia is governed by the EU's Digital Services Act as the primary comprehensive online-safety and content-moderation regime, supplemented by a national DSA Implementation Law that entered into force on 17 April 2025 and designates HAKOM as the Digital Services Coordinator. However, the European Commission has issued two letters of formal notice (2024 and April 2026) citing Croatia's failure to fully empower HAKOM with the sanctioning powers required under the DSA. Children's online safety is addressed through DSA obligations, the Safer Internet Centre Croatia, and a draft National Programme for Children in the Digital Environment 2024-2026.

The Digital Services Act in Croatia

In Croatia, online platforms and intermediaries are governed by the EU Digital Services Act (DSA), a directly-applicable regulation covering illegal content, transparency and user protection.

Framework
the EU Digital Services Act (Regulation (EU) 2022/2065)
Approach
notice-and-action on illegal content, transparency reporting, clear terms, and protection of minors
Applies to
online intermediaries, hosting services and platforms offering services to users in Croatia, wherever established
Very large platforms
platforms and search engines with 45M+ EU users face extra systemic-risk audits, overseen by the European Commission
Maximum fine
up to 6% of global annual turnover
Oversight
the national Digital Services Coordinator, plus the European Commission for very large platforms

The DSA is an EU regulation applied directly in Croatia; the national Digital Services Coordinator handles day-to-day supervision.

The Digital Services Act in Croatia: FAQ

Does the Digital Services Act apply in Croatia?

Yes. As an EU member, Croatia is covered by the EU Digital Services Act (Regulation (EU) 2022/2065), which applies directly.

What does the DSA require of platforms in Croatia?

Notice-and-action mechanisms for illegal content, transparency reporting, clear terms of service, and measures to protect minors.

Who enforces the DSA in Croatia?

The national Digital Services Coordinator, with the European Commission supervising very large online platforms and search engines.

What are the penalties under the DSA in Croatia?

Up to 6% of a provider's global annual turnover for serious breaches.

Key points

DSA as primary law

The EU Digital Services Act (Regulation (EU) 2022/2065) is directly applicable in Croatia and constitutes the principal comprehensive online-safety and content-moderation framework, covering intermediaries, online platforms, and very large online platforms (VLOPs) with 45 million+ EU users.

National DSA Implementation Law (April 2025)

Croatia enacted its national DSA Implementation Law, which entered into force on 17 April 2025. It designates HAKOM as the Digital Services Coordinator, establishes complaint mechanisms for users against intermediary service providers, and sets national fines of €6,630, €66,360 or up to 6% of global annual turnover.

HAKOM as Digital Services Coordinator

HAKOM (Croatian Regulatory Authority for Network Industries) has been the designated DSC since February 2024. It holds investigative powers, coordinates among national competent authorities, manages the trusted-reporter framework, and publishes annual DSC activity reports as required by Article 55 of the DSA.

EU Commission enforcement proceedings

The European Commission sent Croatia a first letter of formal notice in 2024 and a second in April 2026, finding that the national DSA Implementation Law does not fully empower HAKOM to impose the maximum penalties, meet proportionality requirements, or sanction individuals for non-cooperation, constituting an ongoing infringement of the DSA.

Age verification, EU-led approach

Croatia has no standalone national age-verification law; it relies on the EU's harmonised approach. The European Commission published an age-verification blueprint (July 2025), with a feature-ready solution available from April 2026, designed to be interoperable with EU Digital Identity Wallets. Croatian awareness campaigns aligned with DSA obligations are being conducted by the Safer Internet Centre.

Children's online safety measures

Croatia's BIK 2025 country profile notes children's online protection as an emerging priority, partially addressed in national law and implemented through the Safer Internet Centre Croatia and the UNICEF/Agency for Electronic Media 'Media Literacy Days' project. A National Programme for Children in the Digital Environment 2024-2026 exists but had not been formally adopted as of the 2025 profile. All three major telecoms signed a Code for the Protection and Promotion of Children's Rights in the Digital Environment.

Timeline - major decisions & events

Jan 1, 2026enforcementofficial
European Commission sends additional infringement letter to Croatia on DSA non-compliance

After Croatia adopted a DSA implementation law in April 2025, the Commission issued a second formal notice under INFR(2024)2166, finding Croatia still fails to give HAKOM genuine sanctioning power, does not honour the 6% / 5% DSA penalty caps, and cannot fine individuals for obstruction of inspections β€” Croatia was given two months to respond before a reasoned opinion.

European Commission – Shaping Europe's Digital Future β†—
May 9, 2025guidanceofficial
National Cyber Crisis Management Programme adopted

The Croatian Government adopted the National Cyber Crisis Management Programme, establishing procedures for national-level cyber incident response and crisis coordination under the NIS2 framework, complementing the 2024 Cybersecurity Act and its implementing Regulation.

NCSC-HR (National Cyber Security Centre Croatia) β†—
Apr 18, 2025lawofficial
DSA Implementation Law enters into force; HAKOM designated Digital Services Coordinator

Croatia's Law on the Implementation of Regulation (EU) 2022/2065 (the Digital Services Act) entered into force, appointing HAKOM as the national Digital Services Coordinator responsible for coordinating complaints, overseeing intermediary platforms, and cooperating with the European Board for Digital Services.

HAKOM – Croatian Regulatory Authority for Network Industries β†—
Jan 1, 2025enforcement
AZOP imposes record €6.7 million in GDPR fines across 2025

Croatia's data protection authority (AZOP) significantly increased enforcement in 2025, with aggregate fines reaching €6.7 million; the largest single fine (€4.5 million) targeted a telecoms operator for unlawful international data transfers and lack of transparency, marking a sharp shift to active GDPR enforcement.

CMS Law Now β†—
Nov 21, 2024lawofficial
Government adopts Regulation on Cybersecurity (Official Gazette No. 135/24)

The secondary regulation implementing the Cybersecurity Act detailed entity-classification criteria, risk-management measures, mandatory self-assessment cycles, criteria for significant cyber incident identification, and incident notification procedures β€” entering into effect 30 November 2024.

NCSC-HR / Government of the Republic of Croatia β†—
Feb 15, 2024lawofficial
Cybersecurity Act (NIS2 transposition) enters into force

Croatia's Zakon o kibernetičkoj sigurnosti, passed by Parliament on 26 January 2024, entered into force on 15 February 2024 β€” transposing EU NIS2 Directive (2022/2555), expanding regulated entities from ~1,000 to an estimated 8,000–10,000, establishing the NCSC-HR as central coordinator, and introducing mandatory biennial self-assessments and severe fines (up to €10 million or 2% of global turnover).

NCSC-HR / Croatian Parliament β†—
May 25, 2018lawofficial
GDPR Implementation Act enters into force; AZOP acquires GDPR supervisory mandate

Croatia's Act on the Implementation of the GDPR, enacted 27 April 2018, came into force on 25 May 2018, replacing the 2003 Personal Data Protection Act; it set the national age of digital consent at 16, granted AZOP its independent supervisory mandate under Article 51 GDPR, and added national rules for genetic, biometric and children's data.

AZOP – Croatian Personal Data Protection Agency β†—
Jan 1, 2003law
Electronic Commerce Act enacted (Official Gazette No. 173/03)

Croatia's foundational e-commerce law transposed the EU Electronic Commerce Directive (2000/31/EC), establishing the country-of-origin principle for information society services, liability safe harbours for caching, hosting and mere-conduit intermediaries, and pre-contractual transparency obligations β€” a framework amended multiple times and partly superseded by the 2025 DSA implementation law.

CMS Expert Guide – Croatia β†—
Jan 1, 2002lawofficial
Croatia ratifies the Budapest Convention on Cybercrime

Croatia enacted a Law on Ratification of the Council of Europe's Convention on Cybercrime (Budapest Convention, ETS No. 185), criminalising illegal system access, data and system interference, computer-related fraud and child pornography online β€” embedding the first international cybercrime definitions into Croatian law and criminal procedure.

Council of Europe – Octopus Cybercrime Community β†—

Croatia - other topics

Internet & Online Safety in other countries

Last verified 5/24/2026 Β· Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite Β· Explore the full world map β†’