EU Set to Classify ChatGPT Under the Digital Services Act

Brussels is preparing to name ChatGPT a 'very large online search engine,' subjecting OpenAI to transparency, risk-assessment, and algorithm disclosure rules inside four months.

The European Commission is preparing to designate ChatGPT as a 'very large online search engine' under the Digital Services Act, according to German newspaper Handelsblatt citing Commission sources. OpenAI's own transparency data shows ChatGPT search reached roughly 120 million monthly active EU users in the six months to September 2025, well above the 45-million threshold that triggers the designation. Once designated, OpenAI would have four months to comply with obligations that include annual risk assessments, public transparency reports, clear user and regulator contact channels, external audits, and disclosure of recommendation-algorithm logic.

The DSA is the EU's platform-liability law, and it has already been applied to Amazon, Apple, Google, Meta, Microsoft, and X. Extending it to ChatGPT is significant because the DSA was written before general-purpose chatbots were consumer products, and its core obligations — systemic-risk assessment, researcher data access, illegal-content reporting — map awkwardly onto a model that generates rather than hosts content. The Commission's approach so far has been to stretch existing rules to cover AI rather than wait for the EU AI Act's general-purpose-model provisions to ramp up, which would take longer.

For OpenAI the practical consequences are procedural more than existential. Fines top out at 6% of global annual revenue, but the bigger drag is compliance cost: standing up a DSA liaison office, producing auditable risk assessments, and giving approved researchers API-level access to internal signals. That is a moat for incumbents and a tax on smaller EU-facing AI companies that will face similar scrutiny as they cross the user threshold. It is also another data point in a pattern where the EU sets the global compliance floor, because vendors would rather build one control regime than two.

For learners: regulation is becoming an AI-product discipline in its own right. If you work on an AI system with European users, you will soon need to produce a risk assessment that names foreseeable harms, describes mitigations, and quantifies residual risk — and you will need to document the evaluations behind those claims. That is a skill set at the intersection of ML evaluation, policy, and technical writing, and it pays well for exactly the reason it is unpleasant: most engineers do not want to do it.