Digital Markets Act (DMA) Resources

The Digital Markets Act is a regulation that applies to large tech companies operating in the European Union and/or European Economic Area. The goal of the regulation is to bolster fairness and innovation, and to increase competition. The Digital Markets Act requires an increase in transparency, access to data, and interoperability among platforms. The law also helps to increase user privacy and consumer choice.

The European Commission has designated six companies as gatekeepers under the Digital Markets Act, with specific obligations. Third-party companies that rely on the gatekeepers’ platforms and services for advertising, tracking, and other data-based operations will also need to meet certain compliance requirements to maintain business operations and growth in the gatekeepers’ digital ecosystem in the EU.

The Digital Markets Act officially came into effect on November 1, 2022. Most of the regulation’s rules were active by May 2023, and the EC designated the gatekeepers on September 6, 2023. By March 6, 2024 the gatekeepers must be in compliance with the DMA

The Digital Markets Act applies to companies doing business in digital markets in the European Union and/or European Economic Area, and to the users and customers that live in those areas.

The Digital Markets Act applies to organizations that operate large online platforms that meet specific criteria. These include:

• having significant market share, audience, and influence over digital markets
• acting as intermediaries between businesses and users
• enjoying a durable position of market power with significant influence over innovation

The companies owning these platforms and services have been designated by the EC as “gatekeepers” and will be subject to enhanced regulatory responsibilities and scrutiny under the Digital Markets Act.

Although the Digital Markets Act applies to these gatekeepers, the smaller companies doing business on their platforms also need to understand the law, as it’ll directly impact how they use the large online platforms and services owned by the gatekeepers. Business owners will be responsible to comply with legal compliance requirements that companies like Google and Amazon impose on third parties.

The Digital Markets Act has several areas of focus, including improved fairness and competition, more transparency, and greater competition in digital markets, in addition to enhancing consumers’ data privacy. The Act should help smaller players to grow and innovate to compete with the big tech platforms, and works to prevent gatekeepers from using their dominant position to stifle growth and competition.

To date, the European Commission has designated the following companies as gatekeepers, though the list may grow or change in the future:

• Alphabet (owner of Google and Android)
• Amazon
• Apple
• ByteDance (owner of TikTok)
• Meta (owner of Facebook, Instagram, WhatsApp, and others)
• Microsoft

These platforms, services, operating systems, etc. are owned and run by the gatekeepers, and have been deemed integral to digital business operations. They also have massive user bases, generate huge amounts of data, and possess significant influence over user activity, market function, social and political events, and more. The CPS include online search engines, operating systems, web browsers, voice assistants, online social networks, video sharing platforms, and more. To date 22 core platform services (CPS) have been identified under the DMA, though the list may grow or change in the future:

• 6 intermediary platforms (Amazon Marketplace, Google Maps, Google Play, Google Shopping, iOS App Store, Meta Marketplace)
• 4 social networks (Facebook, Instagram, LinkedIn, TikTok)
• 3 online advertising services (Amazon, Google, and Meta)
• 3 most popular operating systems (Google Android, iOS, Windows PC OS)
• 2 large communication services (Facebook Messenger and WhatsApp)
• 2 web browsers (Chrome and Safari)
• 1 search engine (Google)
• 1 video sharing platform (YouTube)

The main obligations that gatekeepers have under the Digital Markets Act are to:

• eliminate anti-competitive or other unfair or biased practices
• provide access to third parties for data generated or collected on their platforms
• ensure interoperability and portability
• prevent favor for their own or specific partners’ products or services

To comply with the Digital Markets Act, gatekeepers will likely need to consider and implement substantial changes to business models and operations, given their new obligations. Gatekeepers and third-party companies that rely on their platforms will likely need to make investments in technology, staffing, and legal resources, which could increase operating costs.

The Digital Markets Act’s provision for imposing fines and other penalties on noncompliant platforms adds to possible financial burden for gatekeepers, and, downstream, to third parties. Loss of access to gatekeepers’ platforms for noncompliant third parties presents a significant potential financial risk.

Over time the DMA should help foster innovation and growth among smaller companies as the business playing field is leveled. This would help to recoup investment costs as companies grow and expand their user bases.

Consumers can look forward to more competitive pricing and increased innovation in tech platforms and services. Consumers in the EU will be able to switch providers more easily and take their data with them. They will have more control over the apps and services they use, and how they customize their user experiences. Consumers will also get enhanced data privacy and choices regarding use of their personal data.

Third parties that use gatekeepers’ platforms and services will need to obtain valid user consent and signal that to the gatekeepers, e.g. via Google Consent Mode for Google’s platforms. Businesses operating in the EU that collect and process consumers’ personal data likely already need to comply with the GDPR. A consent management platform like Cookiebot CMP enables companies to obtain prior consent (opt in) for cookie and tracker usage that accesses personal data. It also securely stores the information and can signal it to gatekeepers, per new requirements. The consent data is then also available to data protection authorities in the event of an audit.