EU moves to classify ChatGPT as a very large search engine under the Digital Services Act, imposing its strictest regulatory tier on OpenAI's flagship product
OpenAI and its ChatGPT chatbot are set to be classified as a 'very large online search engine' (VLOSE) under the EU Digital Services Act (DSA) — the European Union's flagship content regulation for online platforms — according to sources cited in German newspaper Handelsblatt. The classification would subject OpenAI to the DSA's most stringent compliance obligations, which are triggered once a platform reaches 45 million monthly active users in the EU. The DSA's VLOSE designation, which currently applies to services including Google Search and Microsoft's Bing, requires the platform operator to conduct annual risk assessments identifying systemic risks arising from the platform's design and functioning; implement mitigation measures; provide data access to vetted researchers; and submit to independent audits. For a generative AI (artificial intelligence capable of producing text, images, or other content in response to user prompts) chatbot operating as a search substitute, questions arise about how DSA obligations designed for index-based search engines apply — including how to assess 'recommender system' risks when ChatGPT does not rank URLs but generates synthesised responses. OpenAI declined to comment, while an EU Commission spokesperson confirmed that available user data was under review. OpenAI had published ChatGPT Search's average monthly active user figures in line with existing DSA obligations, suggesting the Commission is working from disclosed data rather than conducting an investigation. A VLOSE designation would place OpenAI in the same regulatory tier as the largest tech platforms in Europe — a significant step in the EU's effort to bring generative AI within its existing digital regulatory architecture before the EU AI Act sectoral rules are fully phased in.
Why this matters
A DSA VLOSE classification for OpenAI would be the most significant EU regulatory action against a generative AI platform to date, with direct implications for legal teams advising both OpenAI and the ecosystem of businesses that rely on ChatGPT as an infrastructure service. The key legal questions are ones of regulatory characterisation: the DSA was written for platforms that host and distribute user-generated content, while ChatGPT generates synthetic content — the application of risk assessment, content moderation, and algorithmic transparency obligations to a generative model requires interpretive work for which there is limited precedent. For law firms, this creates demand for EU tech regulation advisory work, compliance gap analysis between DSA requirements and OpenAI's current practices, and — further down the line — potential enforcement defence work. The 'why now' is the EU Commission's desire to establish jurisdiction over AI before the EU AI Act high-risk system obligations fully bite, using the DSA as a bridging instrument.
On the Ground
A trainee supporting a client subject to DSA obligations would assist with regulatory impact assessment memos — mapping the specific DSA VLOSE obligations (risk assessments, audit cooperation, researcher data access) against the client's current product architecture — and prepare vendor due diligence questionnaires for third-party AI tools integrated into the client's platform.
Interview prep
Soundbite
Classifying ChatGPT as a search engine under the DSA forces EU regulators to apply rules designed for link indexes to a technology that generates answers — a fundamental mismatch that courts will eventually resolve.
Question you might get
“What are the key legal arguments OpenAI could deploy to challenge a DSA classification as a very large online search engine, and what forum would that challenge take place in?”
Full answer
The EU Commission is moving toward classifying ChatGPT as a very large online search engine under the Digital Services Act, which would impose the DSA's most demanding compliance tier on OpenAI — including risk assessments, independent audits, and data access for researchers. The legal challenge is that the DSA was designed for platforms hosting and ranking user-generated content, not for generative AI systems that synthesise responses; applying the framework requires regulators to make interpretive choices that may not hold up to judicial scrutiny. For law firms, the immediate demand is for EU tech regulatory advisory — helping both OpenAI and its enterprise clients understand what DSA compliance looks like for a generative AI product. The broader trend is regulatory arbitrage: the EU is using existing instruments like the DSA to extend regulatory reach over AI while the AI Act's more tailored obligations are phased in over 2025 to 2027. This story will generate sustained legal work as the classification is formalised and OpenAI's compliance obligations become concrete.
My notes
saved