DSA transparency report — Article 15
On this page
Why this page exists #
fremforge is a hosting service within the meaning of Regulation (EU) 2022/2065 (Digital Services Act, “DSA”). Article 15 of the DSA obliges every intermediary service to publish — at least once a year, in machine-readable form — a clear, easily comprehensible report on its content moderation activity. This page is that report.
This is distinct from the government and law-enforcement transparency report, which covers binding legal demands for Customer Personal Data under the DPA. That report addresses GDPR / law-enforcement access; this one addresses DSA Art. 15 content moderation reporting. Both are published annually.
Reporting cadence #
The report is reissued annually. fremforge launches during 2026, so the year-1 entry is a partial-period statement covering the period from the launch date to 31 December 2026. Subsequent reports cover full calendar years and publish in Q1 of the following year.
DSA Art. 15 explicitly accommodates a “we launched and have nothing to report” first-year statement. Silence is the violation — publishing zero with the framing that explains it is the compliant disposition.
Reporting period: 2026 (partial — pre-launch operations) #
As of the date below, fremforge has not yet entered general availability for paying customers. There has been no Customer Content in scope for content moderation. All counts in this section are necessarily zero.
Art. 15(1)(a) — Orders received from EU member-state authorities #
Orders to act against illegal content (DSA Art. 9) and orders to provide information (DSA Art. 10), broken down by issuing member state and category of illegal content. Median time to inform the issuing authority and to give effect to the order.
| Metric | Count |
|---|---|
| Total Art. 9 (act-against-content) orders received | 0 |
| Total Art. 10 (provide-information) orders received | 0 |
| Median time to acknowledge issuing authority | n/a |
| Median time to give effect to order | n/a |
Issuing member states #
None — no orders received.
Categories of illegal content #
Not applicable — no orders received.
Art. 15(1)(b) — Notices submitted under Art. 16 (notice-and-action) #
Notices submitted via abuse@frem.sh and the structured form at https://frem.sh/_app/legal/abuse-report, broken down by category of allegedly illegal content, action taken, and median time to action. The notice-and-action mechanism is documented in AUP §5.
| Metric | Count |
|---|---|
| Total Art. 16 notices received | 0 |
| Notices submitted by Trusted Flaggers (Art. 22) | 0 |
| Notices acted on (content removed, restricted, or account action taken) | 0 |
| Notices rejected (manifestly unfounded or out-of-scope) | 0 |
| Median time to decision | n/a |
| Use of automated means in decision-making | None |
Categories of allegedly illegal content #
None — no notices received.
Art. 15(1)(c) — Own-initiative content moderation #
Content moderation that fremverk performed on its own initiative — including the use of automated tools, the qualifications of human reviewers, and any safeguards applied. fremforge applies its Acceptable Use Policy uniformly to all Customer organisations.
| Metric | Count |
|---|---|
| Own-initiative actions taken | 0 |
| …of which used automated tools (push-protection scanner) | 0 |
| …of which involved human review | 0 |
| Errors of automated tools (false positives, on appeal or internal review) | 0 |
| Indicators used for accuracy / error rate | n/a |
| Training given to human reviewers | n/a — no own-initiative actions yet |
The push-protection scanner referenced above is a server-side scanner that rejects pushes containing high-confidence secret material at the git protocol layer. It is not a content-moderation system in the conventional DSA sense (it does not classify content as illegal, and the rejection is a technical refusal of a developer commit, not a moderation outcome on hosted material). It is reported here for completeness only, and counts will appear in future periods if any rejections occur.
Art. 15(1)(d) — Internal complaint-handling system #
The internal complaint-handling system required by DSA Art. 20 lets users and notifiers appeal moderation decisions. The right of appeal is documented in AUP §5. Complaints are received at abuse@frem.sh with the subject line appeal: and resolved within 14 days.
| Metric | Count |
|---|---|
| Total complaints received | 0 |
| Complaints resolved in favour of the original decision | 0 |
| Complaints resolved against the original decision (decision reversed) | 0 |
| Median time to resolution | n/a |
| Decisions referred to out-of-court dispute resolution under Art. 21 | 0 |
Average monthly active recipients of the service in the EU #
Per DSA Art. 24(2), intermediary services must publish — at least once every six months — the average monthly active recipients of the service in the EU. fremforge is below the threshold for very-large-online-platform (VLOP) designation; this metric is published here for completeness.
| Period | Average monthly active EU recipients |
|---|---|
| 2026 (partial — pre-launch) | 0 |
This count includes natural and legal persons in the EU who used the service at least once in the calendar month, computed as a six-monthly arithmetic mean. The methodology will be documented in future periods once fremforge has paying customers and a non-zero count to publish.
Methodology and data sources #
Counts on this page are derived from:
- The
audit_eventstable (see Audit log on docs) — every legally significant action against fremforge infrastructure produces an immutable, hash-chained audit event. The aggregator job runs againstevent_type IN ('legal_takedown_received', 'legal_takedown_actioned', 'content_moderation_action', 'art16_notice_received', 'art20_complaint_received')once per quarter and updates this page. - Inbound
abuse@frem.shandcompliance@frem.shmailbox correspondence — a per-correspondence index is maintained internally for cross-referencing against the audit-event aggregate. - The Forgejo organisation register, which tracks suspension, throttling, and termination actions per AUP §7.
The first non-zero report (covering full calendar year 2027) will publish in Q1 2028 and will include the methodology section in machine-readable form per the European Commission’s Implementing Regulation 2024/2835 templates.
Subscribe to updates #
This page updates annually (typically late January for the prior year, plus a six-monthly Art. 24 update for the EU recipients metric). To be notified when a new report publishes, subscribe to the security mailing list — the same list announces sub-processor changes per DPA §10 and the government-access transparency report.
Related #
- Acceptable Use Policy §5 (DSA Art. 16 notice-and-action) — the contractual basis of the notice-and-action mechanism summarised on this page
- Government access transparency report — DPA §11A.2 report on law-enforcement and government access requests (separate obligation)
- Trust page — overall security and compliance posture
- DSA Art. 15 reporting templates (EU Commission Implementing Regulation 2024/2835) — the standardised reporting format applied from year 2 onwards
Last updated: 2026-05-07.