EU moves from rules to enforcement

Europe spent years writing artificial intelligence rules on paper. This week the fight moved to a much narrower question: whether ChatGPT now crosses the European Union’s user threshold for a stricter class of service under the Digital Services Act. (reuters.com) That matters because the Digital Services Act is not a future rulebook. It is an enforcement system already used for very large online services, with duties around risk checks, outside audits, and transparency to regulators. (reuters.com) Reuters reported on April 10 that the European Commission is analyzing whether ChatGPT should be treated as a “large online search engine” after OpenAI disclosed user numbers above the law’s threshold. If Brussels makes that call, OpenAI would face tighter obligations than a normal online service. (reuters.com) At the same time, European officials are signaling that they do not want to pause their broader artificial intelligence agenda. In an April 10 interview with Axios, European Commissioner Magnus Brunner argued that Europe’s approach is “guardrails first,” even as companies warn that regulation can slow product rollouts. (axios.com) The European Union Artificial Intelligence Act works like a risk ladder. It bans a small set of uses outright, puts the heaviest compliance burden on “high-risk” systems such as some hiring or infrastructure tools, and adds separate duties for general-purpose models that can be reused across many products. (commission.europa.eu) The deadlines are staggered, which is why 2026 suddenly feels close. The law entered into force on August 1, 2024, some early obligations started in February 2025, and major requirements for high-risk systems are due in August 2026. (commission.europa.eu) (artificialintelligenceact.eu) That calendar is changing the work inside companies. Instead of debating ethics slides and policy memos, teams now have to show inventories of every model, every application programming interface connection, and every legacy system that touches an artificial intelligence output. (raconteur.net) Raconteur’s April 10 compliance guide describes the new burden in practical terms: audit trails, monitoring, governance controls, and documentation that can survive regulator questions. In other words, firms need the equivalent of an aircraft maintenance log for software that used to behave like an informal experiment. (raconteur.net) The pressure is strongest on companies that did not build one model in one place. A bank, retailer, or manufacturer may have OpenAI tools in one workflow, another model through a cloud provider in a second workflow, and older internal systems in a third, which makes “what is our artificial intelligence system” a harder question than it sounds. (raconteur.net) Europe has done this before with digital regulation. The General Data Protection Regulation changed privacy from a legal memo into a daily operating process, and the Artificial Intelligence Act is starting to do the same for model oversight, logging, and accountability. (raconteur.net) (commission.europa.eu) So the headline is not just about OpenAI. It is about Brussels moving from writing the rules to checking the receipts, with ChatGPT’s status under the Digital Services Act becoming an early test of how hard Europe plans to press that shift. (reuters.com) (axios.com)