§ DSA · NIS2 Directive COMPARISON

DSA vs NIS2 Directive: Where They Overlap and Conflict

2 overlaps, 0 conflicts and 2 gaps mapped between DSA and NIS2 Directive in the Fontvera regulatory corpus.

Summary

DSA and NIS2 Directive both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two in the Fontvera corpus.

2 overlaps mean the same conduct triggers obligations in both regimes — design controls once, document twice. 0 conflicts mean the two regulations push in opposite directions on a specific question. 2 gaps mean one regulation leaves something on a topic the other addresses.

Who this applies to
Compliance teams who need to map a single control framework onto both DSA and NIS2 Directive.
Compliance deadline
§ Detail

In depth

Summary statistics

Overlaps: 2 · Conflicts: 0 · Gaps: 2

4 article-level crossrefs catalogued between DSA and NIS2 Directive from the Fontvera EU regulatory corpus. Article numbers are verbatim from the underlying obligation_crossrefs table; descriptions are extracted, not paraphrased.

All crossrefs between these regulations

Article (A)Article (B)TypeSeverityDescription
DSA Art 11NIS2 Directive Art 13overlaplow[entity affected: Member States / Providers of intermediary services] Both regulations require the designation of single points of contact to facilitate communication between entities and authorities,
DSA Art 10NIS2 Directive Art 13overlaplow[entity affected: Member States / Authorities] Both regulations mandate mechanisms for authorities to transmit orders or notifications to designated contacts, ensuring structured communication channel
DSA Art ?NIS2 Directive Art ?gaphigh[entity affected: Providers of intermediary services classified as essential/important entities] Entities providing intermediary services that are also classified as essential or important under NIS2
DSA Art ?NIS2 Directive Art ?gapmedium[entity affected: Hosting service providers] Hosting providers must report criminal threats under DSA Art 18 and cybersecurity incidents under NIS2, but there is no clear guidance on how to distinguis

Overlaps explained

No conflict-type crossrefs were catalogued for this pair, but the 2 overlaps below mean a single control can be designed to satisfy both regulations at once. Plan the controls jointly to avoid duplicate effort:

Which regulation takes precedence

EU law does not lay down a universal precedence rule between DSA and NIS2 Directive. In practice three resolution approaches apply: lex specialis (the more specific provision wins when both purport to govern the same conduct); regulator guidance (EDPB, EBA, ESMA and the AI Office have all issued joint readings on overlapping articles — check the most recent applicable opinion); and document the choice (when the regulations leave the call to the controller, the audit defence is your written reasoning, not the regulator's silence). Where the corpus surfaces a conflict rather than an overlap, treat that as an escalation path to legal — not a control-design question.

What this means for your compliance team

Treat the 2 overlaps as design opportunities — one control, two regulatory anchors. Treat the 0 conflicts as escalation paths to legal: the regulations themselves don't resolve them, you do, and you document the reasoning. The 2 gaps point at scenarios where one regulation is silent while the other speaks — assume the regulator who has the explicit rule will win.

Related Fontvera pages

Check your full compliance exposure with the 5-minute Fontvera diagnostic →

§ What Fontvera found

Documents in our corpus

Enforcement data is expanding. AI Act Article 50 transparency obligations take effect 2 August 2026; Annex III high-risk obligations are expected 2 December 2027, pending formal adoption of the Digital Omnibus. This section will populate automatically as authorities and courts publish decisions citing the regulations covered on this page.
§ Cross-references

Related Fontvera intelligence

Need a cross-border briefing on this?
Search Fontvera ↵ Run the AI Act diagnostic
AI Act Article 50 transparency
18 days
until 2026-08-02, when Article 50 transparency obligations apply (unchanged). Annex III high-risk obligations move provisionally to 2 December 2027 under the Digital Omnibus agreement of 7 May 2026, pending formal adoption.
Preparing for 2 August 2026? Read the EU AI Act August 2026 deadline requirements checklist.