Introduction to the Digital Markets Act
The Digital Markets Act, or DMA, was introduced by the European Commission (EC), and enforcement begins on March 6, 2024. The DMA law is meant to protect the data privacy of users online and help ensure fair competition in digital markets among companies doing business in the EU and/or EEA.
Under the Digital Markets Act, the EC has designated six companies that represent some of the largest and most influential big tech corporations as gatekeepers. These companies have specific operational and compliance requirements under the Act. The regulation also affects third-party businesses that use the gatekeepers’ platforms and services, e.g. for advertising purposes.
Learn more: DMA: The European Digital Markets Act explained
To which companies does the Digital Markets Act (DMA) apply?
Five of the currently designated gatekeepers are US-based companies, and one is Chinese. They are all influential, with massive user bases, and have significant impacts on consumers as well as digital businesses.
The six gatekeepers are:
- Alphabet (parent company of Google and Android)
- Amazon
- Apple
- ByteDance (parent company of TikTok)
- Meta (parent company of Facebook, Instagram and WhatsApp)
- Microsoft (parent company of LinkedIn)
The European Commission goes further in the DMA, identifying what they refer to as core platform services (CPS) that are provided by these gatekeepers. The CPS are:
- 6 intermediary platforms (Amazon Marketplace, Google Maps, Google Play, Google Shopping, iOS App Store, Meta Marketplace)
- 4 social networks (Facebook, Instagram, LinkedIn, TikTok)
- 3 online advertising services (Amazon, Google, and Meta)
- 3 most popular operating systems (Google Android, iOS, Windows PC OS)
- 2 web browsers (Chrome and Safari)
- 2 large communication services (Facebook Messenger and WhatsApp, both owned by Meta)
- 1 video sharing platform (YouTube)
- 1 search engine (Google)
Several other companies and a number of additional platforms and services are being considered as additions to the CPS list, and so these may change in the future.
You can get ready for the DMA now by implementing Cookiebot CMP on your business website. Start your free 14-day trial and see how easy it is to achieve and maintain compliance with the most important privacy regulations.
What responsibilities do gatekeepers have under the DMA?
One of the main goals of the Digital Markets Act is to improve smaller third companies’ ability to compete with gatekeepers, and to level the playing field, business-wise.
The biggest requirements of gatekeepers to achieve those aims relate to:
- interoperability
- nondiscrimination
- data access
- data portability
- transparency
- profiling
Read the EC’s list of “do’s and don’ts” for gatekeepers: The Digital Markets Act: ensuring fair and open digital markets
Broadly, gatekeepers must ensure greater openness on their platforms, enabling third parties to have equal access to audiences and data produced on the platforms. Gatekeepers can’t show preference in rankings or access to their products and services over others’, and must make it easy for users to port their data away from their platforms to other services.
Gatekeepers must also obtain consent before users’ data is collected or used, and can enforce this requirement of third parties using their platforms. They are also prohibited from using personal data to profile users without consent. Users must also be able to uninstall apps and functions that come pre-installed on gatekeepers’ platforms.
What responsibilities do smaller companies have under the EU Digital Markets Act?
Smaller companies that use the gatekeepers’ services will likely be required to ensure and be able to prove compliance with the DMA. Mainly this will be in the form of obtaining valid user consent prior to any personal data being collected or used via gatekeepers’ platforms or services that third parties are using. These companies will also be required in many cases to signal consent to the gatekeepers to maintain access to their platforms, e.g. via Google Consent Mode.
A consent management platform (CMP) like Cookiebot CMP™ enables easy, seamless notification of users, collection of consent preferences, secure storage of consents, and integrated signaling to gatekeepers that consent has been obtained.
Learn more: Digital Markets Act (DMA) for startups and SMEs: Opportunities and challenges ahead
Benefits of the Digital Markets Act
The DMA brings potential benefits to a wide number of groups, and is intended to benefit everyone from end users to new and innovative companies.
For technology startups and SMEs:
- Broader opportunities to innovate and compete in the digital marketplace
- More fair terms and conditions that don’t limit development, growth or product and service offerings
For businesses that depend on gatekeepers’ platforms:
- Work in a more fair business environment
- Better access to data and audiences to facilitate growth and innovation
For online consumers:
- Access to more and better services
- Favorable conditions for accelerated innovation
- More opportunities to exercise their privacy rights
- Better protections for their data
- Improved opportunities to use the platforms and services they want, how they want, at fairer prices
For designated gatekeepers:
- Maintain everything that they’ve built and the reach that they have acquired
- Improve operations to ensure data privacy compliance with multiple regulations
- Opportunity to bolster brand reputation and consumer trust with more open business practices and more transparency about data privacy
How can companies be ready for DMA with Cookiebot CMP?
Cookiebot CMP can help companies meet the user consent requirements of the Digital Markets Act (DMA) and prevent the risk of disruption of their use of gatekeepers’ services, like advertising operations.
Cookiebot CMP uses the latest legal expertise and tech innovation to deliver a consent management solution that is GDPR, ePrivacy and DMA-ready.
Cookiebot CMP features and benefits to get ready for DMA
- Multiple convenient implementation methods, depending on your tech stack
- Implementation in minutes with just 3 steps
- Easy, seamless integrations with popular CMS platforms
- High quality pre-built consent banner template
- Option to customize your consent banner via HTML, CSS or JavaScript for brand consistency
- Geolocation functionality enables flexible configurations to display regulatory messaging and language based on users’ geographic location
- Support for 47+ languages
- Patented deep scanning technology that identifies, categorizes and blocks the cookies and trackers in use on your website, until user consent is obtained.
- Google Consent Mode is used by default for businesses using Google services, to help meet DMA requirements
How to get started with Cookiebot CMP for DMA compliance?
If your business relies on the gatekeepers’ platforms or services, you need to be ready for the DMA. Get started today with Cookiebot’s ready for DMA consent management solution.
Achieve compliance in 3 simple steps
Step 1
Create an account and add your domain
Step 2
Select and customize your banner
Step 3
Implement the code into your website. Done!
Cancel any time
Frequently Asked Questions
The Digital Markets Act is a regulation that applies to large tech companies operating in the European Union and/or European Economic Area. The goal of the regulation is to bolster fairness and innovation, and to increase competition. The Digital Markets Act requires an increase in transparency, access to data, and interoperability among platforms. The law also helps to increase user privacy and consumer choice.
The European Commission has designated six companies as gatekeepers under the Digital Markets Act, with specific obligations. Third-party companies that rely on the gatekeepers’ platforms and services for advertising, tracking, and other data-based operations will also need to meet certain compliance requirements to maintain business operations and growth in the gatekeepers’ digital ecosystem in the EU.
The Digital Markets Act officially came into effect on November 1, 2022. Most of the regulation’s rules were active by May 2023, and the EC designated the gatekeepers on September 6, 2023. By March 6, 2024 the gatekeepers must be in compliance with the DMA
The Digital Markets Act applies to companies doing business in digital markets in the European Union and/or European Economic Area, and to the users and customers that live in those areas.
The Digital Markets Act applies to organizations that operate large online platforms that meet specific criteria. These include:
- having significant market share, audience, and influence over digital markets
- acting as intermediaries between businesses and users
- enjoying a durable position of market power with significant influence over innovation
The companies owning these platforms and services have been designated by the EC as “gatekeepers” and will be subject to enhanced regulatory responsibilities and scrutiny under the Digital Markets Act.
Although the Digital Markets Act applies to these gatekeepers, the smaller companies doing business on their platforms also need to understand the law, as it’ll directly impact how they use the large online platforms and services owned by the gatekeepers. Business owners will be responsible to comply with legal compliance requirements that companies like Google and Amazon impose on third parties.
The Digital Markets Act has several areas of focus, including improved fairness and competition, more transparency, and greater competition in digital markets, in addition to enhancing consumers’ data privacy. The Act should help smaller players to grow and innovate to compete with the big tech platforms, and works to prevent gatekeepers from using their dominant position to stifle growth and competition.
To date, the European Commission has designated the following companies as gatekeepers, though the list may grow or change in the future:
- Alphabet (owner of Google and Android)
- Amazon
- Apple
- ByteDance (owner of TikTok)
- Meta (owner of Facebook, Instagram, WhatsApp, and others)
- Microsoft
These platforms, services, operating systems, etc. are owned and run by the gatekeepers, and have been deemed integral to digital business operations. They also have massive user bases, generate huge amounts of data, and possess significant influence over user activity, market function, social and political events, and more. The CPS include online search engines, operating systems, web browsers, voice assistants, online social networks, video sharing platforms, and more. To date 22 core platform services (CPS) have been identified under the DMA, though the list may grow or change in the future:
- 6 intermediary platforms (Amazon Marketplace, Google Maps, Google Play, Google Shopping, iOS App Store, Meta Marketplace)
- 4 social networks (Facebook, Instagram, LinkedIn, TikTok)
- 3 online advertising services (Amazon, Google, and Meta)
- 3 most popular operating systems (Google Android, iOS, Windows PC OS)
- 2 large communication services (Facebook Messenger and WhatsApp)
- 2 web browsers (Chrome and Safari)
- 1 search engine (Google)
- 1 video sharing platform (YouTube)
The main obligations that gatekeepers have under the Digital Markets Act are to:
- eliminate anti-competitive or other unfair or biased practices
- provide access to third parties for data generated or collected on their platforms
- ensure interoperability and portability
- prevent favor for their own or specific partners’ products or services
To comply with the Digital Markets Act, gatekeepers will likely need to consider and implement substantial changes to business models and operations, given their new obligations. Gatekeepers and third-party companies that rely on their platforms will likely need to make investments in technology, staffing, and legal resources, which could increase operating costs.
The Digital Markets Act’s provision for imposing fines and other penalties on noncompliant platforms adds to possible financial burden for gatekeepers, and, downstream, to third parties. Loss of access to gatekeepers’ platforms for noncompliant third parties presents a significant potential financial risk.
Over time the DMA should help foster innovation and growth among smaller companies as the business playing field is leveled. This would help to recoup investment costs as companies grow and expand their user bases.
Consumers can look forward to more competitive pricing and increased innovation in tech platforms and services. Consumers in the EU will be able to switch providers more easily and take their data with them. They will have more control over the apps and services they use, and how they customize their user experiences. Consumers will also get enhanced data privacy and choices regarding use of their personal data.
Third parties that use gatekeepers’ platforms and services will need to obtain valid user consent and signal that to the gatekeepers, e.g. via Google Consent Mode for Google’s platforms. Businesses operating in the EU that collect and process consumers’ personal data likely already need to comply with the GDPR. A consent management platform like Cookiebot CMP enables companies to obtain prior consent (opt in) for cookie and tracker usage that accesses personal data. It also securely stores the information and can signal it to gatekeepers, per new requirements. The consent data is then also available to data protection authorities in the event of an audit.
