Summary statistics
Overlaps: 2 · Conflicts: 0 · Gaps: 2
4 article-level crossrefs catalogued between DSA and NIS2 Directive from the Fontvera EU regulatory corpus. Article numbers are verbatim from the underlying obligation_crossrefs table; descriptions are extracted, not paraphrased.
All crossrefs between these regulations
| Article (A) | Article (B) | Type | Severity | Description |
|---|---|---|---|---|
| DSA Art 11 | NIS2 Directive Art 13 | overlap | low | [entity affected: Member States / Providers of intermediary services] Both regulations require the designation of single points of contact to facilitate communication between entities and authorities, |
| DSA Art 10 | NIS2 Directive Art 13 | overlap | low | [entity affected: Member States / Authorities] Both regulations mandate mechanisms for authorities to transmit orders or notifications to designated contacts, ensuring structured communication channel |
| DSA Art ? | NIS2 Directive Art ? | gap | high | [entity affected: Providers of intermediary services classified as essential/important entities] Entities providing intermediary services that are also classified as essential or important under NIS2 |
| DSA Art ? | NIS2 Directive Art ? | gap | medium | [entity affected: Hosting service providers] Hosting providers must report criminal threats under DSA Art 18 and cybersecurity incidents under NIS2, but there is no clear guidance on how to distinguis |
Overlaps explained
No conflict-type crossrefs were catalogued for this pair, but the 2 overlaps below mean a single control can be designed to satisfy both regulations at once. Plan the controls jointly to avoid duplicate effort:
- DSA Art 11 vs NIS2 Directive Art 13 (low severity) — [entity affected: Member States / Providers of intermediary services] Both regulations require the designation of single points of contact to facilitate communication between entities and authorities, though DSA focuses on service providers and NIS2 on national authorities.
- DSA Art 10 vs NIS2 Directive Art 13 (low severity) — [entity affected: Member States / Authorities] Both regulations mandate mechanisms for authorities to transmit orders or notifications to designated contacts, ensuring structured communication channels for regulatory compliance.
Which regulation takes precedence
EU law does not lay down a universal precedence rule between DSA and NIS2 Directive. In practice three resolution approaches apply: lex specialis (the more specific provision wins when both purport to govern the same conduct); regulator guidance (EDPB, EBA, ESMA and the AI Office have all issued joint readings on overlapping articles — check the most recent applicable opinion); and document the choice (when the regulations leave the call to the controller, the audit defence is your written reasoning, not the regulator's silence). Where the corpus surfaces a conflict rather than an overlap, treat that as an escalation path to legal — not a control-design question.
What this means for your compliance team
Treat the 2 overlaps as design opportunities — one control, two regulatory anchors. Treat the 0 conflicts as escalation paths to legal: the regulations themselves don't resolve them, you do, and you document the reasoning. The 2 gaps point at scenarios where one regulation is silent while the other speaks — assume the regulator who has the explicit rule will win.
Related Fontvera pages
- dsa vs gdpr comparison
- ai act art 17 provider obligations
- ai act art 70 commission obligations
- ai act authorized representative
Check your full compliance exposure with the 5-minute Fontvera diagnostic →