The European Union is preparing to bring OpenAI's ChatGPT under its powerful tech regulations for the very first time.
This move centers on a key number: 45 million. The EU's Digital Services Act (DSA) imposes its strictest rules on platforms and search engines with more than 45 million average monthly active users in the region. In October 2025, OpenAI itself disclosed that ChatGPT's search feature had attracted over 120 million monthly users in the EU, decisively crossing that regulatory threshold. This self-reported data was the direct trigger, transforming the European Commission's inquiry from a theoretical exercise into an actionable enforcement process.
The Commission is expected to classify ChatGPT as a Very Large Online Search Engine (VLOSE). This classification is a deliberate choice. By defining ChatGPT's function as 'search-like,' regulators can apply the DSA's rules on systemic risks—such as the dissemination of illegal content or disinformation—directly to the AI's outputs. This is a landmark moment, marking the first time a generative AI tool has been pulled into the same regulatory category as the world's largest tech companies.
Once designated, OpenAI will have a tight four-month window to comply with a host of demanding obligations. These include conducting comprehensive risk assessments, implementing mitigation measures, submitting to annual independent audits, and providing vetted researchers with access to data to study potential societal risks. The financial stakes are also significant. With OpenAI's annualized revenue reportedly topping $20 billion, the maximum fine for non-compliance could reach a staggering $1.2 billion, which is 6% of its global turnover. The EU has already demonstrated its willingness to use these powers, as seen in the €120 million fine levied against social media platform X, signaling that these penalties are a credible threat.
Furthermore, this timeline overlaps with another major piece of legislation, the AI Act, whose obligations begin to phase in around August 2026. This creates a compressed and complex compliance challenge for OpenAI in the second half of the year, forcing it to navigate two powerful, overlapping regulatory frameworks simultaneously.
- Digital Services Act (DSA): An EU regulation aimed at creating a safer digital space by compelling online platforms and search engines to manage illegal and harmful content, increase transparency, and protect users' rights.
- Very Large Online Search Engine (VLOSE): A designation under the DSA for search engines with over 45 million monthly active users in the EU, subjecting them to the most stringent regulatory obligations.
- Systemic Risk: Risks posed by large online platforms to democratic processes, public security, and public health, such as the spread of disinformation or illegal content.