What Is the Digital Markets Act? Europe’s DMA Explained

By: Teodor Stanciu, CIPP/E, CIPM Teodor Stanciu, CIPP/E, CIPM | Updated on: December 21, 2023

What-Is-the-Digital-Markets-Act-01

The Internet has long been an unregulated digital space — often compared to the wild west.

But in November 2022, Europe’s Digital Markets Act (DMA) entered into force — and became applicable on May 2, 2023 — with new rules for users, businesses, and platforms.

The DMA is Europe’s attempt at governing online market practices in the European Union (EU), outlining what large online platforms providing so-called core platform services that qualify as gatekeepers can and cannot do.

Keep reading to learn all about the DMA, who it impacts, what it requires, and how it might permanently change the Internet for businesses and consumers worldwide.

Table of Contents
  1. What Is Europe’s Digital Markets Act (DMA)?
  2. DMA Key Terms and Definitions
  3. What Does the Digital Markets Act Aim to Achieve?
  4. What Is the Status of the DMA?
  5. Is There Pushback Against the DMA?
  6. Requirements of the Digital Markets Act
  7. How Does the DMA Impact Businesses?
  8. Who Does the DMA Apply To?
  9. Who Must Comply With the DMA?
  10. How Can Businesses Comply the DMA?
  11. How Are Consumers Impacted by the DMA?
  12. How Is the DMA Enforced?
  13. Fines and Penalties Under the Digital Markets Act
  14. How Does The Digital Markets Act Relate To The Digital Services Act?
  15. Summary

What Is Europe’s Digital Markets Act (DMA)?

The Digital Markets Act — or DMA — is Europe’s attempt at regulating unfair online market practices that impact users in the European Union (EU).

No other law has attempted to regulate the digital market environment as much as the DMA, making it a groundbreaking piece of legislation likely to have a global impact.

It describes what digital industry leaders — called gatekeepers by the DMA — can and cannot do based on what’s considered a fair or unfair business practice.

The goal is to prevent large online platforms from abusing their digital market power, leading to more consumer choice, opportunities to switch providers, fairer prices, and greater innovations.

DMA Effective Date

The Digital Markets Act entered into force on November 1, 2022, and became applicable on May 2, 2023.

DMA Key Terms and Definitions

To understand the DMA, it’s important to familiarize yourself with how the law defines key terms in Article 2, which includes the following:

Some phrases use definitions from other leading EU regulations, like the definition for consent and personal data, which comes from the EU General Data Protection Regulation (GDPR).

What Does the Digital Markets Act Aim to Achieve?

The DMA aims to achieve a just, open digital market by ensuring that online platforms acting as “gatekeepers” and businesses active on such online platforms behave fairly.

At the same time, business users will also have a better and fair business environment.

The DMA also provides a number of benefits to innovators and technology start-ups as the latter have better opportunities to compete and innovate in this environment, bringing fairer terms and conditions.

To give consumers more choice and control over their online goods and services that they can choose from, the DMA outlines clear obligations tailored to the current digital landscape.

Other existing consumer protection laws were created before the influx of the digital economy, meaning the way online entities conduct business has been left somewhat unregulated from this perspective.

Because only a few large online platforms control most of the digital and online marketplace, they could easily take advantage of consumers if left unregulated. For example, they might set any price point for goods and services or control what advertisements and products people see, favoring their offerings over those from smaller platforms.

The DMA is the first law that directly regulates the online marketplace, and it’s likely to inspire other countries to create and adopt similar laws in the future.

What Is the Status of the DMA?

The Digital Markets Act is in full force, and qualifying entities must follow all its guidelines, requirements, and restrictions.

First proposed in December 2020, the final revisions to the DMA were written in October 2022.

It passed into law in November 2022 and took action on May 2, 2023.

Within two months, companies providing core platform services have to notify the Commission and provide all relevant information.

Since that date, the European Commission can take up to 45 days to determine if a business is considered a gatekeeper. If so, that entity (i.e., the gatekeeper) has an additional six months to ensure compliance with the law.

Due to the evolving and rapidly changing nature of the digital space, the European Commission will continue to follow up on who qualifies as a gatekeeper.

Is There Pushback Against the DMA?

When the DMA was first proposed, there was some pushback against its provisions by some of the internet’s heavy hitters — notably, Google and Apple.

The tech giants expressed concerns over the possible privacy and security vulnerabilities the new law might create and claimed it could reduce innovation and available choices to Europeans. Despite their concerns, the DMA has passed and become applicable in Europe.

However, according to the Financial Times, Apple and Microsoft are protesting their classification as gatekeepers under the law.

Nonetheless, on September 6, 2023, the European Commission designated six gatekeepers:

Requirements of the Digital Markets Act

The DMA describes what gatekeepers can and cannot do to keep the internet marketplace fair and safe in Articles 5 and 6 of the law

Some examples of what gatekeepers shall do include:

  • Allow business users to access data generated by their use of the gatekeeper platform.
  • Make the gatekeeper’s services interoperable with third parties in specific circumstances.
  • Ensure third-party advertising companies on the gatekeeper platform have access to all information necessary to perform verification of their advertisements.
  • Allow business users to promote their own offers and follow through on contracts with their customers outside of the gatekeeper platform.
  • Allow and enable end-users to change default settings on their operating systems, virtual assistants, and web browsers owned by the gatekeeper that leads the user to their internal products.
  • Explain the technical details and general terms and conditions for interoperability between the gatekeeper’s platform and number-independent interpersonal communication systems.

Some examples of what gatekeepers shall not do under the DMA include:

  • Treat their own services more favorably in ranking than other similar services or products offered on the gatekeeper’s platform.
  • Prevent consumers from linking to businesses outside of the gatekeeper’s platform.
  • Track end users outside their core platform for targeted advertising without obtaining effective consent.
  • Stop users from uninstalling any pre-installed software or apps they wish to remove.
  • Prevent or restrict users directly or indirectly from raising any noncompliance issue with the appropriate Union or national law.

How Does the DMA Impact Businesses?

Like the GDPR, the DMA impacts businesses in and outside of Europe and may inspire countries in other parts of the world to adopt similar digital consumer protection laws.

Let’s discuss its possible global scope in greater detail.

How Are European Businesses Impacted by the DMA?

The DMA impacts businesses in Europe that operate online in two significant ways:

If the DMA successfully achieves its goals, businesses in Europe that operate online should see more opportunities in the online marketplace and expanded space for technological innovations. The goal is to limit the power of large tech companies and foster fair competition.

How Are US Businesses Impacted by the DMA?

Businesses in the U.S. may also be impacted by the DMA, especially those that qualify as gatekeepers under the law, like Apple, Google, Meta, and more.

To continue interacting with the European digital marketplace, these entities must adapt their protocols and techniques to meet all the do’s and don’ts described by the DMA.

Otherwise, they may face significant financial penalties or be forced to stop dismantling parts of their business or cease providing products and services in Europe.

Smaller U.S. businesses that operate in Europe may also benefit from the DMA.

Because the DMA requires gatekeepers to allow more interoperability between their platforms and other third-party services, it might help businesses gain new customers and reach a broader audience.

How Are Worldwide Businesses Impacted by the DMA?

The DMA impacts businesses worldwide because the big tech companies that fall under the threshold of the law are used around the globe by consumers and businesses alike.

Because gatekeepers must make technical changes to their products and services under the DMA, it will affect the software and platforms that business users rely on.

They’ll likely see greater insights into their targeted advertisements if they’re a customer of one of the gatekeepers and might have more controls and choices.

Additionally, like in Europe and the U.S., there’s a chance smaller and medium-sized entities may see a growth in their consumer base.

Removing some of the control of the market held by the enterprise companies provides opportunities for these businesses to gain new consumers who may not have otherwise been able to use their services.

It’s also possible that other countries will adopt similar laws to the DMA, much like what happened after the GDPR entered into force.

Who Does the DMA Apply To?

The Digital Markets Act protects and applies to consumers in the European Union (EU).

It outlines a list of do’s and don’ts that gatekeepers must follow to ensure a fair online market for EU consumers.

Who Must Comply With the DMA?

Any entity that qualifies as a gatekeeper must comply with all aspects of the DMA.

Article 3 of the DMA defines gatekeepers as large digital platforms that provide a core service, like online search engines, messaging services, social media networks, and app stores.

To be considered a gatekeeper, entities must meet the following criteria:

  • Have a strong economic position, a significant impact on the internet market, and be active in multiple EU countries.
  • Have a strong intermediation position, for example, an entity that links a large number of users to a large number of businesses.
  • Have or will have an entrenched, durable position in the market that is stable over time, for example, entities that meet the two prior criteria for the last three financial years.

It’s the business’s responsibility to inform the European Commission that they’ve met the requirements of a gatekeeper within two months of qualifying. They must also provide relevant information and details proving they’ve met the thresholds.

Who Is Exempt From the DMA?

Any business that doesn’t offer goods and services in the EU or doesn’t meet the legal definition and requirements of a gatekeeper is exempt from following the DMA.

How Can Businesses Comply the DMA?

Businesses that qualify as gatekeepers must follow all aspects of the DMA, which includes:

  • Providing all necessary information to the European Commission to document their status as a gatekeeper.
  • Meeting all technical and security requirements outlined by the DMA.
  • Obtaining opt-in, explicit consent from consumers before performing any targeted advertising.
  • Updating or creating terms and conditions that outline the interoperability of their services with other third-party services.

Ecommerce businesses that operate in Europe that don’t yet qualify as gatekeepers should also prepare for the changes the DMA brings.

According to the European Commission, entities that may scale up and eventually meet the threshold of a gatekeeper should consider implementing the guidelines now to make the future transition easier.

Otherwise, European businesses that rely on services provided by a gatekeeper should plan to see some shifts in the user interface, options, and settings provided to them.

How Are Consumers Impacted by the DMA?

EU consumers gained the following benefits with the passing of the DMA:

In addition, consumers can expect all gatekeepers to request their affirmative opt-in consent before performing any targeted advertising.

It is also easier for users to switch from one platform to another, like exchanging an Android product for an Apple one, and vice-versa.

How Is the DMA Enforced?

The European Commission has the full power to enforce all aspects of the Digital Markets Act and shall carry out market investigations as necessary to:

  • Qualify entities as gatekeepers under the law.
  • Dynamically update the obligations for gatekeepers as necessary.
  • Design remedies meant to address systematic infringements of the DMA rules.

Fines and Penalties Under the Digital Markets Act

Penalties for violating the DMA are described in Articles 29 – 30 and are steep — up to 10% of a business’s total worldwide turnover for first-time offenders and up to 20% for repeated infringements.

Additionally, businesses might need to pay a periodic penalty of up to 5% of their average daily turnover.

Other remedies may be imposed on gatekeepers who violate the law systematically as a last resort option, especially after a market investigation, including behavioral and structural remedies and the disbandment of the business.

How Does The Digital Markets Act Relate To The Digital Services Act?

In addition to the DMA, Europe also recently passed the Digital Services Act (DSA).

The two laws work together to create a safer internet for European users.

While the DMA describes what big tech businesses can and can’t do concerning digital marketing techniques, the DSA addresses data transparency and proportionality, creating a balanced environment for:

  • Users
  • Platforms
  • Public authorities

The DSA is meant to make it easier to:

  • Remove illegal content online
  • Protect users’ fundamental rights, like those granted by the GDPR
  • Offer more control and choice
  • Stronger protection of children online
  • Less exposure to illegal content

At the same time, it aims to provide more legal certainty and easier start-up and scale in Europe for providers of digital services.

It also provides access to EU-wide markets through platforms and a level-playing field against providers of illegal content to business users of digital services.

The DSA intends to provide more democratic control and oversight over systemic platforms and mitigate systemic risks, such as manipulation or disinformation for society at large.

In a nutshell, the DSA includes rules for online intermediary services, hosting services, and online platforms, including the very large ones that millions of Europeans use daily.

It is important to stress that the obligations of different online players are proportionate to their role, size, and impact in this online ecosystem.

Summary

The Digital Markets Act may be a European law, but it will undoubtedly impact entities worldwide.

As the first law attempting to regulate the online marketplace, which has rapidly grown in recent years, it’s a trailblazing piece of legislation that may inspire other countries to pass similar regulations.

We can expect to see changes in the way big tech companies operate online, impacting everything from app stores to web browsers to social media platforms, digital advertising options, and more.

Teodor Stanciu, CIPP/E, CIPM
More about the author

Written by Teodor Stanciu, CIPP/E, CIPM

Teo is a Data Privacy Specialist and experienced Data Protection Officer (DPO) who is passionate about helping companies meet their data protection obligations. He has an experience of more than seven years as a DPO for an international organization active in 50 countries and based in Brussels, Belgium. Teo is a Certified Information Privacy Professional/Europe (CIPP/E) and Certified Information Privacy Manager (CIPM) with the International Association of Privacy Professionals (IAPP).

More about the author

Related Articles

Explore more resources