Summary statistics
Overlaps: 2 · Conflicts: 0 · Gaps: 1
3 article-level crossrefs catalogued between AI Act and ePrivacy Directive from the Fontvera EU regulatory corpus. Article numbers are verbatim from the underlying obligation_crossrefs table; descriptions are extracted, not paraphrased.
All crossrefs between these regulations
| Article (A) | Article (B) | Type | Severity | Description |
|---|---|---|---|---|
| AI Act Art 10 | ePrivacy Directive Art 5 | overlap | medium | [entity affected: provider] Both regulations require providers to implement technical and organizational measures to ensure data quality and security, with the AI Act focusing on bias/error reduction |
| AI Act Art 12 | ePrivacy Directive Art 6 | overlap | medium | [entity affected: provider] Both regulations mandate the recording and processing of data logs; the AI Act requires logging for high-risk AI system monitoring, while ePrivacy restricts traffic data pr |
| AI Act Art ? | ePrivacy Directive Art ? | gap | medium | [entity affected: deployer] Neither regulation explicitly addresses the liability or compliance obligations for deployers of AI systems that process personal data via electronic communications network |
Overlaps explained
No conflict-type crossrefs were catalogued for this pair, but the 2 overlaps below mean a single control can be designed to satisfy both regulations at once. Plan the controls jointly to avoid duplicate effort:
- AI Act Art 10 vs ePrivacy Directive Art 5 (medium severity) — [entity affected: provider] Both regulations require providers to implement technical and organizational measures to ensure data quality and security, with the AI Act focusing on bias/error reduction in training data and ePrivacy focusing on confidentiality of communications.
- AI Act Art 12 vs ePrivacy Directive Art 6 (medium severity) — [entity affected: provider] Both regulations mandate the recording and processing of data logs; the AI Act requires logging for high-risk AI system monitoring, while ePrivacy restricts traffic data processing to specific purposes like billing and fraud detection.
Which regulation takes precedence
EU law does not lay down a universal precedence rule between AI Act and ePrivacy Directive. In practice three resolution approaches apply: lex specialis (the more specific provision wins when both purport to govern the same conduct); regulator guidance (EDPB, EBA, ESMA and the AI Office have all issued joint readings on overlapping articles — check the most recent applicable opinion); and document the choice (when the regulations leave the call to the controller, the audit defence is your written reasoning, not the regulator's silence). Where the corpus surfaces a conflict rather than an overlap, treat that as an escalation path to legal — not a control-design question.
What this means for your compliance team
Treat the 2 overlaps as design opportunities — one control, two regulatory anchors. Treat the 0 conflicts as escalation paths to legal: the regulations themselves don't resolve them, you do, and you document the reasoning. The 1 gaps point at scenarios where one regulation is silent while the other speaks — assume the regulator who has the explicit rule will win.
Related Fontvera pages
- ai act art 17 provider obligations
- ai act art 70 commission obligations
- ai act authorized representative
- ai act automotive
Check your full compliance exposure with the 5-minute Fontvera diagnostic →