§ DORA · DSA COMPARISON

DORA vs DSA: Where They Overlap and Conflict

3 overlaps, 0 conflicts and 2 gaps mapped between DORA and DSA in the Fontvera regulatory corpus.

Summary

DORA and DSA both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two in the Fontvera corpus.

3 overlaps mean the same conduct triggers obligations in both regimes — design controls once, document twice. 0 conflicts mean the two regulations push in opposite directions on a specific question. 2 gaps mean one regulation leaves something on a topic the other addresses.

Who this applies to
Compliance teams who need to map a single control framework onto both DORA and DSA.
Compliance deadline
§ Detail

In depth

Summary statistics

Overlaps: 3 · Conflicts: 0 · Gaps: 2

5 article-level crossrefs catalogued between DORA and DSA from the Fontvera EU regulatory corpus. Article numbers are verbatim from the underlying obligation_crossrefs table; descriptions are extracted, not paraphrased.

All crossrefs between these regulations

Article (A)Article (B)TypeSeverityDescription
DORA Art 14DSA Art 11overlaplow[entity affected: Financial entities providing online platforms] Both regulations require entities to designate specific points of contact for communication with authorities and stakeholders during in
DORA Art 17DSA Art 16overlaplow[entity affected: Financial entities providing hosting services] Both regulations require the establishment of mechanisms to receive, process, and act upon notifications or reports regarding incidents
DORA Art 14DSA Art 17overlaplow[entity affected: Financial entities providing hosting services] Both regulations mandate clear communication and provision of reasons to affected parties (clients/recipients) regarding actions taken
DORA Art ?DSA Art ?gapmedium[entity affected: Financial entities using AI for content moderation] Neither regulation explicitly addresses the intersection of ICT resilience testing for AI-driven content moderation systems, creat
DORA Art ?DSA Art ?gapmedium[entity affected: Cross-border financial platforms] There is no clear guidance on how to reconcile DORA's strict incident notification timelines with DSA's requirement for user-friendly, non-technical

Overlaps explained

No conflict-type crossrefs were catalogued for this pair, but the 3 overlaps below mean a single control can be designed to satisfy both regulations at once. Plan the controls jointly to avoid duplicate effort:

Which regulation takes precedence

EU law does not lay down a universal precedence rule between DORA and DSA. In practice three resolution approaches apply: lex specialis (the more specific provision wins when both purport to govern the same conduct); regulator guidance (EDPB, EBA, ESMA and the AI Office have all issued joint readings on overlapping articles — check the most recent applicable opinion); and document the choice (when the regulations leave the call to the controller, the audit defence is your written reasoning, not the regulator's silence). Where the corpus surfaces a conflict rather than an overlap, treat that as an escalation path to legal — not a control-design question.

What this means for your compliance team

Treat the 3 overlaps as design opportunities — one control, two regulatory anchors. Treat the 0 conflicts as escalation paths to legal: the regulations themselves don't resolve them, you do, and you document the reasoning. The 2 gaps point at scenarios where one regulation is silent while the other speaks — assume the regulator who has the explicit rule will win.

Related Fontvera pages

Check your full compliance exposure with the 5-minute Fontvera diagnostic →

§ What Fontvera found

Documents in our corpus

edpb EU Fetched 2026-05
EDPB-EDPS Joint Opinion 02/2023 on the Proposal for a Regulation of the European Parliament and of the Council on the establishment of the digital euro
edpb EU Fetched 2026-05
EDPB-EDPS Joint opinion 2/2026 on the Proposal for a Regulation as regards the simplification of the digital legislative framework (Digital Omnibus)
eurlex EU Fetched 2026-04
Commission Delegated Regulation (EU) 2025/420 of 16 December 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards to specify the criteria for determining the composition of the joint examination team ensuring a balanced participation of staff members from the ESAs and from the relevant competent authorities, their designation, tasks and working arrangements
eurlex EU Fetched 2026-04
Commission Implementing Regulation (EU) 2025/302 of 23 October 2024 laying down implementing technical standards for the application of Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to the standard forms, templates, and procedures for financial entities to report a major ICT-related incident and to notify a significant cyber threat
eurlex EU Fetched 2026-04
Commission Delegated Regulation (EU) 2025/301 of 23 October 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the content and time limits for the initial notification of, and intermediate and final report on, major ICT-related incidents, and the content of the voluntary notification for significant cyber threats
eurlex EU Fetched 2026-04
Commission Delegated Regulation (EU) 2025/295 of 24 October 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards on harmonisation of conditions enabling the conduct of the oversight activities
eurlex EU Fetched 2026-04
Commission Implementing Regulation (EU) 2024/2956 of 29 November 2024 laying down implementing technical standards for the application of Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to standard templates for the register of information
eurlex EU Fetched 2026-04
Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance)
§ Cross-references

Related Fontvera intelligence

COMPARISON
AI Act vs DORA: Financial Services AI
COMPARISON
AI Act vs DSA comparison
COMPARISON
Data Act vs DORA comparison
COMPARISON
Data Act vs DSA comparison
COMPARISON
Data Governance Act vs DORA comparison
Need a cross-border briefing on this?
Search Fontvera ↵ Run the AI Act diagnostic
AI Act enforcement
63 days
until 2026-08-02, when most AI Act provisions begin to apply.
Intelligence · About · Pricing · Privacy · Terms
100% European infrastructure