Comparison · Updated 2026
EU AI Act vs DSA
The EU AI Act governs AI systems — how they are classified, documented, and deployed — while the Digital Services Act (DSA) governs online platforms and the content they carry, covering illegal-content handling, advertising transparency, and systemic-risk duties. They are complementary, not competing: a platform that uses AI for moderation, recommendation, or ad targeting usually has to comply with both. This page compares their scope, deadlines, penalties, and obligations side by side.
At a glance
| Dimension | EU AI Act | Digital Services Act (DSA) |
|---|---|---|
| What it governs | AI systems — how they are built, classified, and deployed | Online intermediaries & platforms — content, ads, systemic risk |
| Regulation | Regulation (EU) 2024/1689 | Regulation (EU) 2022/2065 |
| In force / applies | In force 1 Aug 2024; high-risk obligations from 2 Aug 2026 | VLOPs from 25 Aug 2023; all services from 17 Feb 2024 |
| Maximum fine | €35M or 7% of global annual turnover | Up to 6% of global annual turnover |
| Core mechanism | Risk tiers — unacceptable, high, limited, minimal | Tiered duties by service size; systemic-risk assessment for VLOPs |
| Key obligation | Conformity assessment + Annex IV technical documentation | Notice-and-action, ad transparency, risk reports, audits |
| Who is liable | Providers, deployers, importers, distributors | Hosting services, online platforms, VLOPs/VLOSEs |
| Regulator | National authorities + EU AI Office | European Commission (VLOPs) + national Digital Services Coordinators |
How they overlap
The two laws meet at the platform’s AI. A recommender system that ranks feed content is an AI system under the EU AI Act and a core DSA concern (recommender-system transparency and, for very large platforms, systemic-risk mitigation). In practice you run both sets of duties in parallel:
- Classify the AI (AI Act). Determine the risk tier of each AI system the platform operates.
- Meet platform duties (DSA). Implement notice-and-action, ad transparency, and recommender-system disclosures.
- Assess systemic risk (DSA, for VLOPs). Run the annual systemic-risk assessment and independent audit.
- Document the systems (AI Act). Maintain Annex IV technical documentation, human oversight, and logging.
- Stay audit-ready (both). Keep shared evidence current for the AI Office and your Digital Services Coordinator.
Which applies to you?
- You build or deploy AI but run no platform: EU AI Act (if your AI output is used in the EU).
- You run an online platform but use no AI: DSA only (scaled to your service’s size).
- You run a platform that uses AI for moderation, recommendation, or ads (the common case): both.
Not sure where you land? Use the free GeraCompliance classifier to qualify your AI Act risk tier in minutes.
EU AI Act vs DSA — frequently asked questions
- What is the difference between the EU AI Act and the DSA?
- The EU AI Act (Regulation (EU) 2024/1689) regulates AI systems — how they are classified by risk, documented, and deployed — while the Digital Services Act (Regulation (EU) 2022/2065, the DSA) regulates online intermediaries and platforms — how they handle illegal content, advertising transparency, and systemic risks. The AI Act is about the technology; the DSA is about the platform and the content it carries.
- Do online platforms need to comply with both the AI Act and the DSA?
- Frequently, yes. A large online platform that uses AI for content moderation, recommendation, or ad targeting falls under the DSA as an intermediary service and under the EU AI Act for the AI systems it operates. The two regimes are complementary: the DSA governs the content and platform duties while the AI Act governs the AI systems used to deliver them.
- Which has bigger fines, the EU AI Act or the DSA?
- They use different bases. The EU AI Act’s top tier reaches up to €35 million or 7% of global annual turnover for prohibited practices. The DSA reaches up to 6% of global annual turnover, with periodic penalties up to 5% of average daily turnover for ongoing non-compliance. For a very large platform both can run into hundreds of millions of euros.
- When did each regulation take effect?
- The DSA applied to Very Large Online Platforms and Search Engines (VLOPs/VLOSEs) from 25 August 2023 and to all other in-scope services from 17 February 2024. The EU AI Act entered into force on 1 August 2024 and phases in: prohibitions and GPAI rules from August 2025, and the main high-risk obligations from 2 August 2026.
- Does DSA transparency reporting cover my AI Act obligations?
- No. DSA transparency reports cover content moderation, recommender-system parameters, and advertising disclosures at the platform level. The EU AI Act separately requires risk classification, Annex IV technical documentation, conformity assessment, human oversight, and logging for the AI systems themselves. They overlap on recommender and moderation systems but do not replace each other — GeraCompliance maps both so shared evidence is reused.
Map the AI Act and DSA together
GeraCompliance maps the EU AI Act against your platform’s systems so shared evidence is reused — classify once, document once, stay audit-ready.
EU AI Act & GDPR deadline alerts
Get the dates, fines and checklist changes that matter — a short, no-spam update when the rules move. Unsubscribe anytime.