ChatGPT Faces EU Regulation: What Changes for OpenAI?
- The European Union is preparing to regulate ChatGPT, a move that signals a significant shift in how Brussels approaches artificial intelligence.
- The primary driver for increased scrutiny is scale and influence.
- With 120.4 million European users reported as of October 2025, ChatGPT has significantly surpassed this benchmark.
The European Union is preparing to regulate ChatGPT, a move that signals a significant shift in how Brussels approaches artificial intelligence. After months of analysis, EU regulators are no longer debating if ChatGPT should be overseen, but how. The potential classification – either as a “Very Large Online Platform” (VLOP) or a “Very Large Online Search Engine” (VLOSE) – represents a pivotal moment for the AI sector.
Why is ChatGPT Now in the DSA’s Crosshairs?
The primary driver for increased scrutiny is scale and influence. The Digital Services Act (DSA) was specifically designed to govern digital platforms exceeding a critical mass of monthly users within Europe – representing 10% of the EU population. Once this threshold is crossed, regulators believe the platform poses a “systemic risk” to society, capable of influencing opinions and even elections.
With European users reported as of October , ChatGPT has significantly surpassed this benchmark. This rapid growth places it squarely in the category of digital giants. It will become the first AI chatbot to be subject to the most stringent obligations under the Digital Services Act, a status previously reserved for established social networks and traditional search engines.
What New Constraints Will OpenAI Face?
This designation will compel OpenAI to adhere to significantly higher standards. The company, led by Sam Altman, will be required to actively “protect users online, including minors” and “assess and mitigate adequately the systemic risks stemming from its services.” This includes a strengthened effort to combat harmful content and disinformation – a critical challenge for generative AI.
Specifically, the American company will be required to undergo an annual external and independent audit, provide detailed reports on its systemic risks, and, in effect, open its internal workings to scrutiny. These new obligations mark a departure from an era where voluntary codes of conduct were considered sufficient. The paradigm shift is complete for ChatGPT and its teams, who will now be accountable for precise reporting.
Is This Regulation a Misapplication of the DSA’s Intent?
Applying the DSA to OpenAI’s AI raises important legal questions. Some experts view this as a significant expansion of the law’s scope, as the DSA was initially conceived to regulate the public circulation of content generated by third parties, as seen on social media platforms. Applying it to a private conversational architecture represents a particularly expansive interpretation of the law by Brussels.
The decision is highly political. By classifying ChatGPT as a very large platform or a very large search engine, the European Commission is not simply regulating a service; We see extending the DSA’s reach to encompass the supervision of AI models themselves, laying the groundwork for a framework that could serve as a global model.
OpenAI has already taken steps to align with EU data privacy regulations, shifting service provision in the European Economic Area (EEA) and Switzerland to its Irish entity, OpenAI Ireland Limited, effective . This move leverages the GDPR’s “one-stop-shop” mechanism, aiming to streamline privacy oversight. However, OpenAI must demonstrate that its Dublin-based entity exerts substantial control over data-related decisions, ensuring meaningful privacy checks on its U.S. Parent company to achieve “main establishment” status under the GDPR.
The EU’s struggle to define how to regulate ChatGPT highlights a broader challenge: the DSA was designed before the widespread adoption of large language models, and its definitions don’t neatly cover AI chatbots. This leaves Brussels at risk of falling behind as these technologies become increasingly ubiquitous. A final decision on how to handle ChatGPT under the DSA is not expected until mid-, according to a senior Commission official.
The implications extend beyond ChatGPT. The EU’s approach will serve as a test case for handling the risks posed by large language models, which are rapidly becoming as integral to daily life as traditional search engines. The regulatory landscape is evolving, and OpenAI, along with other AI developers, will need to adapt to a new era of increased oversight and accountability.