Navigating Generative AI Risks: New EU Guidelines for VLOPs Under DSA

Navigating Generative AI Risks: New EU Guidelines for VLOPs Under DSA

The proliferation of generative AI within digital platforms presents both unprecedented opportunities and significant systemic risks. Recognising this, the European Commission has issued new, expanded guidelines on 28 May 2026, clarifying how Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) must assess these AI-driven applications for systemic risks under Article 34 of the Digital Services Act (DSA). These directives are critical for B2B companies operating digital platforms or whose business models rely heavily on integrating with VLOPs, as they introduce stringent new requirements for transparency, due diligence, and potential liability concerning AI-powered features.

Enhanced Risk Assessments for Generative AI

The core of the new guidelines mandates that platforms conduct specific, in-depth risk assessments for AI systems that generate or significantly influence content. This goes beyond general content moderation, targeting the unique systemic risks posed by generative AI, such as the spread of disinformation, the amplification of discriminatory content, or privacy breaches. For B2B entities, particularly those developing or integrating AI features into their services, this means a shift towards proactive identification and mitigation strategies.

Adherence to these new mandates is not without cost. Industry analyses project an average increase of 10-15% in compliance expenditures within product development and security departments for affected companies. This financial implication underscores the necessity for businesses to reassess their current Digital Services Act obligations and allocate adequate resources to ensure their AI implementations meet these elevated standards.

The Imperative of 'Red Teaming' Exercises

A central, proactive measure introduced by the guidelines is the strong recommendation for obligatoty 'Red Teaming' exercises. This involves engaging external experts to rigorously test AI systems for vulnerabilities, potential biases, and avenues for misuse, particularly concerning the generation of misinformation or harmful content. These simulated attacks aim to uncover weaknesses before they can be exploited in real-world scenarios, thereby fortifying the platform's resilience against systemic risks.

For example, a recent 'Red Teaming' simulation conducted by a major social media VLOP identified that its generative AI model, when prompted with specific political queries, generated content with a 12% higher bias score towards one political ideology compared to human-curated content. Such findings highlight the crucial role of external, expert-led testing in uncovering and rectifying inherent biases that might otherwise go unnoticed.

Demanding Transparency and Accountability

The new guidelines place a significant emphasis on transparency. Platforms are now required to provide more detailed and transparent reports regarding the functionality and moderation outcomes of their generative AI tools. This includes statistical data on error rates in identifying illegal or harmful content. The Commission has set ambitious targets, for instance, expecting AI-driven moderation tools to achieve an error rate of under 5% for identifying misinformation.

This heightened demand for transparency extends to how AI systems are trained, what datasets are used, and the methodologies employed to mitigate risks. For companies that build or manage DSA-compliant platforms, this means developing robust internal reporting mechanisms and potentially overhauling existing AI governance frameworks to meet these stringent disclosure requirements. The goal is to provide regulators and users with a clearer understanding of how these powerful AI tools operate and where their limitations lie.

Conclusion: Actionable Steps for B2B Leaders

The EU Commission's expanded guidelines on generative AI risk assessments under the DSA signal a new era of accountability for online platforms. With implementation expected within six months of the May 28, 2026, publication, rapid adaptation is crucial. B2B decision-makers in legal, compliance, and technology must immediately review their AI strategies and ensure their internal processes and tech stacks are aligned with these evolving regulatory demands. Proactive engagement in 'Red Teaming', investment in transparent reporting, and continuous risk assessment are no longer optional but essential. To successfully navigate these complexities, businesses must understand their exposures and act decisively to implement DSA compliance solutions that future-proof their operations.