Where do DSA and ePrivacy Directive overlap?

In 3 article-level pairings recorded in the Fontvera corpus. The table above lists each pair with the specific articles and a plain-language description.

Where do DSA and ePrivacy Directive conflict?

In 2 article-level conflicts. The most concrete ones are summarised in the Conflicts explained section.

Which regulation prevails in a conflict between DSA and ePrivacy Directive?

Neither regulation resolves the conflict on its face. Conflicts are typically resolved by the more specific provision or by regulator guidance — a legal-judgement call, not a mechanical rule.

§ DSA · ePrivacy Directive COMPARISON

DSA vs ePrivacy Directive: Where They Overlap and Conflict

3 overlaps, 2 conflicts and 2 gaps mapped between DSA and ePrivacy Directive in the Fontvera regulatory corpus.

Summary

DSA and ePrivacy Directive both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two in the Fontvera corpus.

3 overlaps mean the same conduct triggers obligations in both regimes — design controls once, document twice. 2 conflicts mean the two regulations push in opposite directions on a specific question. 2 gaps mean one regulation leaves something on a topic the other addresses.

Who this applies to

Compliance teams who need to map a single control framework onto both DSA and ePrivacy Directive.

Compliance deadline

§ Detail

In depth

Summary statistics

Overlaps: 3 · Conflicts: 2 · Gaps: 2

7 article-level crossrefs catalogued between DSA and ePrivacy Directive from the Fontvera EU regulatory corpus. Article numbers are verbatim from the underlying obligation_crossrefs table; descriptions are extracted, not paraphrased.

All crossrefs between these regulations

Article (A)	Article (B)	Type	Severity	Description
DSA Art 11	ePrivacy Directive Art 4	overlap	low	[entity affected: provider of intermediary services / provider of a publicly available electronic communications service] Both regulations require service providers to maintain contact points or commu
DSA Art 14	ePrivacy Directive Art 5	overlap	low	[entity affected: provider of intermediary services / provider of a publicly available electronic communications service] Both regulations mandate that providers make terms, conditions, or privacy pol
DSA Art 20	ePrivacy Directive Art 12	overlap	medium	[entity affected: provider of online platforms / provider of public subscriber directories] Both regulations require entities to provide mechanisms for users to exercise rights regarding their data or
DSA Art 15	ePrivacy Directive Art 6	conflict	high	[entity affected: provider of hosting services / provider of a publicly available electronic communications service] DSA requires reporting on content moderation actions and data processing for transp
DSA Art 10	ePrivacy Directive Art 5	conflict	high	[entity affected: provider of intermediary services / provider of a publicly available electronic communications service] DSA allows authorities to order providers to provide specific information, whe
DSA Art ?	ePrivacy Directive Art ?	gap	medium	[entity affected: providers of IoT devices with communication capabilities] Neither regulation clearly defines the obligations for IoT devices that act as both electronic communications services and o
DSA Art ?	ePrivacy Directive Art ?	gap	high	[entity affected: providers of encrypted messaging services] There is a compliance risk gap regarding end-to-end encrypted services where DSA requires action on illegal content but ePrivacy and techni

Conflicts explained

The 2 article-level conflicts between DSA and ePrivacy Directive mean a control that satisfies one can pull the wrong way on the other:

DSA Art 15 vs ePrivacy Directive Art 6 — [entity affected: provider of hosting services / provider of a publicly available electronic communications service] DSA requires reporting on content moderation actions and data processing for transparency, while ePrivacy strictly limits the processing and retention of traffic data to specific purposes like billing, potentially conflicting with broad reporting requirements if they imply data retention beyond necessity.
DSA Art 10 vs ePrivacy Directive Art 5 — [entity affected: provider of intermediary services / provider of a publicly available electronic communications service] DSA allows authorities to order providers to provide specific information, whereas ePrivacy strictly prohibits interception or surveillance of communications without user consent, creating tension when orders require access to private communication content.

Which regulation takes precedence

EU law does not lay down a universal precedence rule between DSA and ePrivacy Directive. In practice three resolution approaches apply: lex specialis (the more specific provision wins when both purport to govern the same conduct); regulator guidance (EDPB, EBA, ESMA and the AI Office have all issued joint readings on overlapping articles — check the most recent applicable opinion); and document the choice (when the regulations leave the call to the controller, the audit defence is your written reasoning, not the regulator's silence). Where the corpus surfaces a conflict rather than an overlap, treat that as an escalation path to legal — not a control-design question.

What this means for your compliance team

Treat the 3 overlaps as design opportunities — one control, two regulatory anchors. Treat the 2 conflicts as escalation paths to legal: the regulations themselves don't resolve them, you do, and you document the reasoning. The 2 gaps point at scenarios where one regulation is silent while the other speaks — assume the regulator who has the explicit rule will win.

Related Fontvera pages

Check your full compliance exposure with the 5-minute Fontvera diagnostic →

§ What Fontvera found

Documents in our corpus

Enforcement data is expanding. AI Act enforcement begins 2 August 2026 — this section will populate automatically as authorities and courts publish decisions citing the regulations covered on this page.

§ Cross-references

Related Fontvera intelligence

Need a cross-border briefing on this?

Search Fontvera ↵ Run the AI Act diagnostic

AI Act enforcement

63 days

until 2026-08-02, when most AI Act provisions begin to apply.