Beyond the AI Act: how the EU’s online safety and competition regimes may address AI concerns in digital markets

The EU’s flagship AI Act represents a concerted multi-year effort to mitigate the risks associated with AI. It remains central to the public debate, in particular given the AI-related provisions in the forthcoming Digital Omnibus.

Against this backdrop, it’s important not to overlook how existing regulation might also be relevant to AI in digital markets. In this article, we outline the AI-related topics at the top of the regulatory agenda across the EU’s online safety and competition regimes, namely the Digital Services Act and Digital Markets Act.

The Digital Services Act (DSA)

The DSA, applicable since February 2024 and designed to ensure users in the EU are safe online, may be relevant to AI in two ways. First, by addressing concerns in relation to the integration of AI into existing regulated online services (e.g. social media). Second, by potentially regulating the provision of an AI functionality (e.g. Gen AI) as a standalone service.

In the former category, AI’s potential to amplify disinformation, especially via malicious deepfakes, is already a regulatory priority under the DSA. The recently formalised DSA Code of Conduct on Disinformation commits signatories to fulfilling AI Act transparency obligations and actively countering deepfakes and other forms of disinformation across their services.

The potential for harm caused by AI chatbots, especially among children, is also high on the current regulatory agenda. The Commission’s recent DSA guidelines on minor protection already recommend neither encouraging nor enticing minors to use AI features, including clear warnings about AI interactions, and conducting risk assessments before new AI features are made available to minors.

In the latter category, large in-scope standalone AI services may also be brought under the DSA’s most stringent requirements should they reach 45 million monthly EU users. Such designation would entail compliance with extensive additional obligations, including audits, enhanced transparency, and systemic risk assessments and mitigation.

The Digital Markets Act (DMA)

The DMA, applicable since May 2023, is designed to address competition concerns in digital markets by making them contestable and fair. It does so by regulating the activities of large platforms who are providing certain specific services which act as gateways between businesses and consumers and who meet the required thresholds (referred to under the DMA as Gatekeepers).

Concerns under the DMA may primarily arise in relation to the integration or interaction of AI functionality with existing regulated services provided by Gatekeepers (such as search or operating systems) or categories of regulated service (such as Cloud).

The integration of AI into regulated search is one prominent example. Publishers have already highlighted concerns in relation to their ability to monetise their content and the potential need for regulation of the Gatekeepers using such content. Given the ongoing debate about copyright and AI, this issue is likely to remain relevant for some time yet.

The competitive implications of the deployment of ‘agentic AI’, broadly defined as AI systems capable of autonomous action and decision-making to achieve specific goals, are also potentially relevant under the DMA. This could arise in a scenario where an AI agent is integrated into a Gatekeeper’s service such as an operating system or browser. In this case, any actions taken by the Gatekeeper that hinders effective competition from third-party AI agents, or unfairly favours its own AI agent, may raise competition concerns.

Cloud computing is also a potential regulated category under the DMA, although no Gatekeepers yet have been designated in this category. That said, given the criticality of compute as an AI input, the Commission has recently sought evidence on the interaction between providers of AI products and services and cloud providers. Since cloud computing services is already an in-scope category, new Gatekeeper designations would not require legislative change.

Conclusion

As is clear from the above, AI is already clearly relevant to the current operation of both the DSA and DMA. Furthermore, both regulations are also in the process of being reviewed, with AI being high on the agenda of each. Businesses with an interest in both digital markets and AI should therefore ensure they are keeping track of this still evolving area.

Deloitte’s multi-disciplinary Digital Regulation team is comprised of a range of experts with experience across digital regulatory issues. For expert guidance and support in navigating and adapting to the fast-moving digital regulatory landscape, please reach out to one of the contacts listed below, or sign up to the quarterly digital regulation newsletter