What is the Digital Markets Act?
The Digital Markets Act (EU Regulation 2022/1925, "DMA") entered into force on 1 November 2022 and became fully applicable on 2 May 2023. It introduces a new regulatory framework for the largest digital platform companies — called gatekeepers — with the goal of ensuring that digital markets remain contestable and fair across the European Union.
The DMA is administered exclusively by the European Commission (not national competition authorities), with fines of up to 10% of global annual turnover for non-compliance (Art. 26(1)), rising to 20% for repeated infringements within 8 years (Art. 26(2)), and structural remedies including divestiture for systemic violations after three repeated infringements (Art. 18).
Gatekeeper Designation: Who Does the DMA Apply To?
The DMA applies to companies designated as gatekeepers for one or more Core Platform Services (CPS). A company may be designated if it meets the quantitative thresholds in Art. 3(1):
- Annual turnover in the EU of ≥ €7.5 billion, OR market capitalisation of ≥ €75 billion
- ≥ 45 million monthly active end users in the EU for the CPS
- ≥ 10,000 annual active business users in the EU for the CPS
- All three conditions met for the last three financial years
The Commission may also designate a company on qualitative grounds if it has a significant impact on the internal market, provides a CPS that is an important gateway for business users to reach end users, and enjoys or is expected to enjoy an entrenched and durable position (Art. 3(8)).
As of 2024, the Commission has designated six gatekeepers: Alphabet (Google), Apple, Meta, Amazon, Microsoft, and ByteDance (TikTok) — across 22 designated Core Platform Services.
Core Platform Services (CPS)
The DMA covers ten categories of Core Platform Services (Art. 2(2)):
- Online intermediation services (marketplaces, app stores)
- Online search engines
- Online social networking services
- Video-sharing platform services
- Number-independent interpersonal communications services (messaging apps: WhatsApp, iMessage, FaceTime)
- Operating systems (iOS, Android, Windows)
- Web browsers (Chrome, Safari)
- Virtual assistants (Siri, Google Assistant)
- Cloud computing services (AWS, Google Cloud, Azure)
- Online advertising services (Google Ads, Meta Ads)
Art. 5: Absolute Obligations — No Justification Defence
Article 5 obligations are per se — they cannot be justified by efficiency arguments, proportionality, or legitimate business reasons. Non-compliance is a violation regardless of intent or effect. Key Art. 5 obligations:
- Art. 5(2)(a) — Data combination prohibition: A gatekeeper must not combine personal data from its CPS with personal data from other CPS or third-party services (e.g., combining Google Search data with YouTube data with third-party website data for advertising) unless the end user has given specific, GDPR-compliant explicit consent. This cannot be implemented through "consent" buried in Terms of Service updates. The Commission found Meta's pay-or-consent model potentially non-compliant with this obligation.
- Art. 5(3) — Parity clause prohibition: Gatekeepers cannot prevent business users from offering the same products/services at the same or lower prices through other channels. This directly targets Most Favoured Nation (MFN) clauses, which Apple previously used in the App Store.
- Art. 5(4) — Business user data prohibition: Data generated by business user activities on the CPS cannot be used by the gatekeeper to compete against those business users (e.g., Amazon using seller data to design its own competing products).
- Art. 5(5) — Business user communication freedom: Business users must be free to communicate with end users they acquired through the platform outside the platform, including to promote offers and conclude contracts at better conditions.
- Art. 5(6) — Business user data access: Business users must be provided free access to data they generate or that is generated through their interactions on the CPS (e.g., seller analytics on a marketplace).
- Art. 5(7) — Pre-installed app un-installation: End users must be able to un-install pre-installed applications (apps that cannot be un-installed are not permitted). Apple was required to implement this on iOS.
- Art. 5(8) — Identity service independence: Gatekeepers cannot require business users to use the gatekeeper's own authentication or identity service (e.g., "Sign in with Apple") as a condition of service access.
Art. 6: Contestable & Fair Conduct — Subject to Specification
Article 6 obligations are subject to Commission specification — the Commission can open specification proceedings to clarify precisely how a gatekeeper must implement them. Key Art. 6 obligations:
- Art. 6(4) — Third-party interoperability & app stores: Gatekeepers must allow technical interoperability with ancillary services and allow third-party app stores and side-loading (direct installation of apps outside the gatekeeper's app store). Apple was required to allow alternative app distribution on iOS in the EU from March 2024.
- Art. 6(5) — Self-preferencing prohibition: Gatekeepers must not rank their own products/services more favourably than comparable third-party offerings in search rankings, app stores, or recommendation systems. This applies to Google Search, Google Shopping, Google Play, and similar surfaces. Algorithmic neutrality is required — not identical treatment, but no systematic bias in favour of the gatekeeper's own services.
- Art. 6(7) — Hardware/software/OS feature access: Gatekeepers must provide third-party providers the same access to OS, hardware, and software features as the gatekeeper's own services. NFC access for mobile payments (Apple Pay vs third-party wallets) is a key example.
- Art. 6(8) — Advertising transparency: Advertisers and publishers must have daily access to performance measurement tools and the data needed to carry out independent verification of ad impressions, ad inventory, and ad safety.
- Art. 6(9)/(10) — Data portability: Effective, real-time data portability for end users and business users. Business users must have continuous and real-time access to data generated through their activities on the platform.
- Art. 6(13) — Non-retaliation: Gatekeepers cannot prevent business users or end users from raising compliance issues with public authorities, national courts, or national competition authorities.
Art. 7: Messaging Interoperability
Article 7 imposes specific interoperability requirements on gatekeepers providing number-independent interpersonal communications services (messaging apps). The implementation timeline is phased:
- Phase 1 (within 3 months of designation): One-to-one messaging and file/image/voice message exchange between third-party messaging services and the gatekeeper's service. WhatsApp, iMessage, and FaceTime are in scope.
- Phase 2 (within 2 years): Group messaging and group file sharing.
- Phase 3 (within 4 years): Voice and video calling interoperability.
End-to-end encryption is required for interoperable messages under the same security standards as the gatekeeper's own messages. The Commission published technical specifications for messaging interoperability in 2024.
Transparency & Annual Compliance Reporting
Key transparency obligations under Art. 9–15:
- Annual compliance report (Art. 11): Every gatekeeper must submit a detailed report to the Commission describing the measures taken to comply with each obligation for each designated CPS.
- Acquisition notifications (Art. 14): Gatekeepers must notify the Commission of any planned merger, acquisition, or joint venture in the digital sector — even below national merger control thresholds. The Commission may refer the matter to national competition authorities.
- Algorithmic ranking transparency (Art. 6(5) + Delegated Regulation): Publicly accessible descriptions of main parameters used in ranking and recommendation systems must be published for each CPS.
- Independent profiling audit (Art. 37): An independent audit of profiling techniques must be conducted every 3 years and submitted to the Commission.
- Researcher data access (Art. 40): Vetted researchers from academic institutions must be given access to data for oversight purposes.
Commission Enforcement Activity (2024–2026)
The Commission has been active in DMA enforcement since the first designation decisions in September 2023:
- Apple — App Store (March 2024 non-compliance finding): Apple's alternative app distribution implementation found non-compliant — "core technology fee" and contractual restrictions on developers found to circumvent DMA obligations. Apple also found non-compliant with Art. 5(3) (parity clause prohibition in App Store).
- Alphabet/Google — Google Search (2024 proceedings): Commission investigating whether Google's self-preferencing in Search results (Google Shopping, Google Flights, Google Hotels) complies with Art. 6(5).
- Meta — Consent or Pay (2024 proceedings): Commission investigating whether Meta's pay-or-consent advertising model complies with Art. 5(2)(a) data combination obligations.
- Apple — iMessage interoperability (2024): Commission investigating whether Apple's implementation of Art. 7 messaging interoperability for iMessage is compliant.
- Apple — NFC access (2024): Commission investigating NFC access for third-party mobile payment apps under Art. 6(7).
Use the Free DMA Compliance Checklist
ComplyKit's Digital Markets Act Compliance Checklist covers 42 DMA obligations across 6 domains — Gatekeeper Status & Designation, Art. 5 Absolute Obligations, Art. 6 Fair Conduct, Interoperability & Data Portability, Transparency & Audit, and Governance & Enforcement. Generate a professional DMA compliance report with a gap analysis and remediation roadmap. Free, no account required.