Summary statistics
Overlaps: 4 · Conflicts: 1 · Gaps: 2
7 article-level crossrefs catalogued between Data Act and DSA from the Fontvera EU regulatory corpus. Article numbers are verbatim from the underlying obligation_crossrefs table; descriptions are extracted, not paraphrased.
All crossrefs between these regulations
| Article (A) | Article (B) | Type | Severity | Description |
|---|---|---|---|---|
| DSA Art 11 | Data Act Art 26 | overlap | low | [entity affected: provider of intermediary services / provider of data processing services] Both regulations require entities to provide easily accessible, machine-readable, or public information rega |
| DSA Art 17 | Data Act Art 10 | overlap | medium | [entity affected: provider of hosting services / dispute settlement body] Both regulations mandate that decisions affecting users or parties must be supported by a clear statement of reasons to ensure |
| DSA Art 20 | Data Act Art 10 | overlap | medium | [entity affected: provider of online platforms / dispute settlement body] Both regulations require the establishment of accessible, user-friendly mechanisms for handling complaints or disputes, includ |
| DSA Art 15 | Data Act Art 10 | overlap | low | [entity affected: provider of intermediary services / dispute settlement body] Both regulations impose obligations to publish annual reports detailing activities, such as content moderation actions or |
| DSA Art ? | Data Act Art ? | gap | high | [entity affected: provider of data processing services] Neither regulation clearly defines the liability or compliance obligations for data processing providers regarding the security of data during t |
| DSA Art ? | Data Act Art ? | gap | high | [entity affected: public sector body] While the Data Act allows public bodies to request data, neither regulation provides a unified framework for how public bodies must handle requests for data that |
| DSA Art 10 | Data Act Art 18 | conflict | medium | [entity affected: provider of intermediary services / data holder] DSA Art 10 requires providers to inform authorities of the receipt and effect of orders without undue delay, while Data Act Art 18 al |
Conflicts explained
The 1 article-level conflicts between Data Act and DSA mean a control that satisfies one can pull the wrong way on the other:
- DSA Art 10 vs Data Act Art 18 — [entity affected: provider of intermediary services / data holder] DSA Art 10 requires providers to inform authorities of the receipt and effect of orders without undue delay, while Data Act Art 18 allows data holders up to 30 working days to decline or modify requests, potentially conflicting with the immediacy expected under DSA enforcement orders.
Which regulation takes precedence
EU law does not lay down a universal precedence rule between Data Act and DSA. In practice three resolution approaches apply: lex specialis (the more specific provision wins when both purport to govern the same conduct); regulator guidance (EDPB, EBA, ESMA and the AI Office have all issued joint readings on overlapping articles — check the most recent applicable opinion); and document the choice (when the regulations leave the call to the controller, the audit defence is your written reasoning, not the regulator's silence). Where the corpus surfaces a conflict rather than an overlap, treat that as an escalation path to legal — not a control-design question.
What this means for your compliance team
Treat the 4 overlaps as design opportunities — one control, two regulatory anchors. Treat the 1 conflicts as escalation paths to legal: the regulations themselves don't resolve them, you do, and you document the reasoning. The 2 gaps point at scenarios where one regulation is silent while the other speaks — assume the regulator who has the explicit rule will win.
Related Fontvera pages
- data act article 37 commission
- data act obligations data services
- data act vs data governance act comparison
- data act vs dma comparison
Check your full compliance exposure with the 5-minute Fontvera diagnostic →