--- title: "DMA Anti-Circumvention Design Review for Gatekeeper Product Changes" canonical_url: "https://www.sorena.io/artifacts/eu/digital-markets-act/anti-circumvention-design-review" source_url: "https://www.sorena.io/artifacts/eu/digital-markets-act/anti-circumvention-design-review" author: "Sorena AI" description: "Review DMA Article 13 anti-circumvention risks in gatekeeper product, interface, contractual, commercial, and technical changes with obligation mapping and evidence records." published_at: "2026-05-09" updated_at: "2026-05-25" keywords: - "Digital Markets Act" - "DMA Article 13" - "anti-circumvention" - "gatekeeper product design" - "interface design" - "core platform service" - "DMA" - "Article 13" - "gatekeeper" - "product design review" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # DMA Anti-Circumvention Design Review for Gatekeeper Product Changes Review DMA Article 13 anti-circumvention risks in gatekeeper product, interface, contractual, commercial, and technical changes with obligation mapping and evidence records. *Design Review* *EU DMA* ## DMA Article 13 Anti-Circumvention Design Review A focused review format for product, interface, commercial, contractual, and technical changes that could undermine a gatekeeper's DMA obligations. Use it to map a change to Articles 5, 6, and 7, test whether rights or choices become harder to exercise, and preserve evidence suitable for Article 11 compliance reporting. DMA anti-circumvention review is not a generic design sign-off. Article 13 targets practices that avoid gatekeeper designation thresholds or undermine effective compliance with Articles 5, 6, and 7, including through contractual, commercial, technical, behavioral, or interface-design choices. A useful review therefore starts with the designated core platform service, identifies the affected DMA obligation, and asks whether the proposed change preserves the business-user or end-user right in practice. ## When an anti-circumvention design review is needed Run this review before a designated gatekeeper changes a core platform service, adjacent support service, user interface, API, ranking system, consent flow, access condition, fee model, business-user term, interoperability process, data-access process, or enforcement workflow that implements or touches a DMA Article 5, 6, or 7 obligation. The review should also cover changes that split a service, recategorize usage, move functionality between services, add friction to an alternative channel, or change how users exercise a DMA right. Article 13 expressly covers segmentation or fragmentation used to circumvent designation thresholds and behavior that undermines effective compliance. - Start with the Commission designation decision or current gatekeeper list: name the undertaking, designated core platform service, and affected user group. - Identify the DMA obligation affected by the change, such as choice screens, data use, business-user access, app-store access, interoperability, ranking, portability, or complaint rights. - Classify the change mechanism: contractual term, commercial condition, technical implementation, behavioral technique, interface design, service segmentation, or operational policy. - Escalate if the change makes a DMA right slower, less visible, more expensive, conditional on a gatekeeper service, or harder to exercise than the gatekeeper's own equivalent path. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 13 is the legal basis for reviewing segmentation, contractual, commercial, technical, behavioral, and interface-design choices that could circumvent DMA obligations. - [European Commission - DMA gatekeepers](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Commission page for checking current gatekeeper undertakings and listed core platform services before scoping a design review. ## Map the design change to the protected DMA obligation The anti-circumvention question depends on the underlying obligation. A payment-flow change should be tested against the Article 5 and Article 6 rights it affects; an API or operating-system change should be tested against the relevant interoperability or access obligation; a consent or choice-screen change should be tested against whether the user's choice remains neutral and practicable. Do not approve a change only because the formal obligation text is still mentioned in policy. The review has to test whether the implemented product path remains effective for the business user, end user, advertiser, publisher, developer, or third-party provider that the obligation is meant to protect. - Create one row per affected DMA obligation with article reference, core platform service, user group, current control, proposed change, and anti-circumvention risk. - For user-interface changes, capture screenshots or click paths before and after the change and note whether choices are displayed neutrally. - For technical access changes, record API scope, access conditions, documentation changes, testing results, security or integrity justification, and any less restrictive alternatives considered. - For commercial or contractual changes, compare old and new fees, revenue-share rules, access conditions, termination conditions, complaint clauses, and business-user pricing restrictions. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Articles 5, 6, and 7 define the obligations whose effective compliance must not be undermined by Article 13 circumvention. - [European Commission - DMA legislation](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission legislation page identifies the DMA as the main rules for gatekeeper designation and implementation of obligations and prohibitions. ## Gatekeeper controls that should stop weak designs A design review should have stop conditions, not just comments. If a change affects a DMA right, the approver should be able to point to a test result, user journey, or technical record showing that the right remains usable and that any security, integrity, or privacy restriction is justified and proportionate. Article 13 makes interface structure, design, function, and manner of operation relevant. That means dark-pattern testing, neutral presentation checks, friction analysis, and degradation checks belong in the product release control. - Block release if a protected choice becomes less prominent, more confusing, or bundled with unrelated acceptance steps without a documented basis. - Block release if a business user, developer, advertiser, publisher, or third-party provider loses existing practical access without an obligation-specific justification. - Block release if the change relies on security, integrity, or privacy reasons but the team has not documented why the measure is strictly necessary and why less restrictive options were rejected. - Block release if implementation evidence is not tied to the same core platform service and obligation that will appear in the gatekeeper compliance report. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 13 expressly covers degradation, non-neutral choices, and user-interface design that subverts autonomy, decision-making, or free choice. - [European Commission - Article 11 DMA compliance report template](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission template asks gatekeepers to report technical and engineering changes, customer-interface changes, testing, indicators, and supporting data for each obligation. ## Evidence to keep for Article 11 reporting and later review The evidence pack should let a reviewer reconstruct how the change affected a specific DMA obligation. Article 11 reporting expects detailed and transparent descriptions of compliance measures, and the Commission template asks for product scope, geographic scope, technical changes, customer-experience changes, consultations, alternatives, testing, indicators, and monitoring tools. For anti-circumvention, keep both approval evidence and rejected alternatives. The rejected-alternatives record is important where a gatekeeper chooses a more restrictive access path, warning, choice architecture, fee rule, or technical limitation. - Review header: change name, product owner, legal owner, affected core platform service, affected DMA article, launch geography, release date, and reviewer decision. - Implementation evidence: before-and-after user journeys, API or interface documentation, feature flags, access logs, metrics definitions, test plans, survey or A/B-test methodology, and monitoring dashboards. - User and business-user evidence: complaints, developer requests, advertiser or publisher feedback, consultation notes, support tickets, and changes made after feedback. - Control evidence: privacy, security, or integrity justification; less restrictive alternatives; approval history; compliance-function review; and links to the compliance-report annex that will describe the measure. Sources for this answer: - [European Commission - Article 11 DMA compliance report template](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission template supports the evidence fields for measures, user journeys, testing, indicators, raw data, monitoring systems, and assessment projects. - [European Commission - DMA legislation](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission page links the Article 11 compliance report template and DMA legal materials used for gatekeeper reporting. ## Checklist for an anti-circumvention design review Use this checklist at the release gate for DMA-relevant product and policy changes. The goal is to show that the change preserves effective compliance, not merely that the team considered DMA in general terms. The checklist should be attached to the product-change record and reused when the same feature is localized, extended to another core platform service, or changed after user feedback. - The affected gatekeeper, core platform service, user group, and DMA article are named. - The change mechanism is classified as interface, technical, contractual, commercial, behavioral, segmentation, or operational. - Before-and-after evidence shows whether the protected right or choice remains easy to find, understand, and exercise. - Any restriction based on security, privacy, or integrity has a documented necessity and proportionality explanation. - Metrics exist to detect degradation after launch, such as completion rates, denial rates, access latency, opt-in or choice rates, complaints, and business-user request outcomes. - The compliance-function owner can retrieve the evidence for Article 11 reporting and annual updates. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 13 supports the checklist focus on effective compliance, non-neutral choices, degradation, and interface-design circumvention. - [European Commission - Article 11 DMA compliance report template](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission template supports the checklist requirement for implementation detail, testing, indicators, monitoring tools, and user or business-user feedback. *Recommended next step* *Placement: before sources* ## Turn Article 13 review into a release control Sorena can help convert this DMA anti-circumvention review into product-change questions, obligation mapping, evidence requests, and compliance-report-ready records. - [Open Research Copilot for DMA](/solutions/research-copilot.md): Ask source-linked questions about Article 13, gatekeeper obligations, design changes, and evidence records using the cited DMA sources. - [Talk through implementation](/contact.md): Review a DMA-relevant product change, map it to Articles 5, 6, or 7, and identify the evidence needed before release. ## Primary sources - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Primary legal source for DMA Article 13 anti-circumvention and the Articles 5, 6, and 7 obligations whose effective compliance must be preserved. - Quote: "Anti-circumvention" - [European Commission - DMA legislation](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission source for DMA legislation materials, including the main DMA regulation and compliance-report template downloads. - Quote: "main rules for the designation of gatekeepers" - [European Commission - DMA gatekeepers](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Commission source for identifying designated gatekeepers and listed core platform services before scoping a design review. - Quote: "Gatekeepers" - [European Commission - Article 11 DMA compliance report template](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission template source for evidence expectations: technical changes, customer-experience changes, testing, indicators, feedback, monitoring tools, and compliance-function material. - Quote: "detailed and transparent manner" ## Related Topic Guides - [DMA Article 11 Compliance Report Template FAQ](/artifacts/eu/digital-markets-act/faq/compliance-report-template.md): How gatekeepers should use the DMA Article 11 compliance report template to document obligation-by-obligation measures, evidence, updates, and non-confidential summaries. - [DMA Article 6 Business User Data Access Guide](/artifacts/eu/digital-markets-act/business-user-data-access.md): Grounded guide to EU Digital Markets Act Article 6 data access for business users, end users, authorised third parties, consent boundaries, and evidence handoffs. - [DMA Article 6(7) and Article 7 interoperability obligations](/artifacts/eu/digital-markets-act/article-6-7-interoperability.md): Grounded guide to DMA interoperability duties: Article 6(7) operating-system feature access, Article 7 messaging interoperability, request handling, security conditions, and compliance evidence. - [DMA Articles 5, 6 and 7 obligations mapped to CPS evidence](/artifacts/eu/digital-markets-act/core-obligations-by-obligation.md): Map EU Digital Markets Act Articles 5, 6 and 7 obligations to affected core platform services, product evidence, legal owners, and Article 11 compliance-report artifacts. - [DMA compliance program and monitoring for gatekeepers](/artifacts/eu/digital-markets-act/compliance-program-and-monitoring.md): Build a DMA compliance program around Article 8 effective compliance, Article 11 reporting evidence, Article 13 anti-circumvention controls, and Article 28 compliance-function governance. - [DMA Core Platform Service Scoping](/artifacts/eu/digital-markets-act/core-platform-service-scoping-by-service.md): Scope EU Digital Markets Act core platform services by service category, designation evidence, user thresholds, and Form GD service-boundary records. - [DMA core platform services FAQ](/artifacts/eu/digital-markets-act/faq/core-platform-services.md): FAQ on EU Digital Markets Act core platform services: Article 2 service categories, gatekeeper designation evidence, user thresholds, service scoping, and Article 11 reporting. - [DMA CPS Obligation Matrix Workflow: Articles 5, 6, 7 and Article 11 Evidence](/artifacts/eu/digital-markets-act/cps-obligation-matrix-workflow.md): Build a DMA core platform service obligation matrix that links each designated CPS to Articles 5, 6 and 7 duties, product owners, designation evidence, Article 11 report artifacts and review gates. - [DMA designation intake workflow for gatekeeper notifications](/artifacts/eu/digital-markets-act/designation-intake-workflow.md): Build a grounded DMA designation intake record covering core platform service classification, Article 3 thresholds, Form GD evidence, Commission handoff, and Article 11 readiness. - [DMA enforcement, penalties, and remedies: Commission powers and evidence](/artifacts/eu/digital-markets-act/enforcement-penalties-and-remedies.md): EU Digital Markets Act enforcement guide covering Commission non-compliance decisions, DMA fine caps, periodic penalty payments, remedies, interim measures, commitments, and Article 11 evidence. - [DMA Gatekeeper Compliance Checklist for Articles 5, 6, 7 and 11](/artifacts/eu/digital-markets-act/gatekeeper-compliance-checklist.md): A grounded EU Digital Markets Act checklist for designated gatekeepers: core platform service scope, Article 5/6/7 controls, Article 11 report evidence, anti-circumvention checks, and review gates. - [DMA Gatekeeper Designation Guide: Article 3 thresholds, Form GD, and Article 11 readiness](/artifacts/eu/digital-markets-act/gatekeeper-designation-guide.md): A grounded EU Digital Markets Act guide for assessing Article 3 gatekeeper thresholds, scoping core platform services, preparing Form GD evidence, handling rebuttal annexes, and planning Article 11 compliance reporting. - [DMA gatekeeper thresholds: what counts and when to notify](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md): Standalone FAQ on the EU Digital Markets Act gatekeeper thresholds, Article 3 notification timing, Form GD evidence, and active user-count methodology. - [DMA interoperability requests: Article 7 and Commission guidance](/artifacts/eu/digital-markets-act/faq/interoperability-requests.md): How EU Digital Markets Act interoperability requests work for Article 7 messaging services, Article 6(7) operating-system access, gatekeeper evidence, requester evidence, and security safeguards. - [DMA penalties and fines: caps, triggers, and enforcement evidence](/artifacts/eu/digital-markets-act/penalties-and-fines.md): EU Digital Markets Act penalties guide covering Article 30 fine caps, Article 31 periodic penalty payments, non-compliance decisions, remedies, and evidence records. - [DMA Product Change Review Workflow for Articles 5, 6, 7, 11 and 13](/artifacts/eu/digital-markets-act/product-change-review-workflow.md): Review DMA-relevant product releases for Article 5, Article 6, Article 7, anti-circumvention, Article 11 evidence, and product-owner/legal signoff. - [DMA Self-Preferencing Compliance Examples for Ranking and Display](/artifacts/eu/digital-markets-act/self-preferencing-compliance-examples.md): Examples and release-review controls for DMA Article 6(5) self-preferencing checks across ranking, indexing, crawling, search results, marketplaces, app stores, feeds, and virtual assistants. - [DMA vs Data Act: gatekeeper duties compared with EU data-sharing rules](/artifacts/eu/digital-markets-act/dma-vs-data-act.md): Compare the EU Digital Markets Act and EU Data Act by scope, actors, data access, interoperability, reporting, evidence, and enforcement without merging distinct obligations. - [DMA vs DSA: Digital Markets vs Services Act](/artifacts/eu/digital-markets-act/dma-vs-dsa.md): A grounded comparison of the DMA and DSA focused on gatekeepers, core platform services, DMA obligations, Article 11 reporting, interoperability, data access, and enforcement. - [DMA vs EU competition law: gatekeeper obligations, Article 11 evidence, and enforcement](/artifacts/eu/digital-markets-act/dma-vs-eu-competition-law.md): Compare the EU Digital Markets Act with EU competition law: ex ante gatekeeper and core platform service duties, Articles 5 to 7, Article 11 reports, penalties, and evidence records. - [DMA vs GDPR: gatekeeper data obligations compared](/artifacts/eu/digital-markets-act/dma-vs-gdpr.md): Compare DMA gatekeeper obligations with high-level GDPR overlap for consent, combining personal data, data access, portability, and Article 11 reporting. - [EU Digital Markets Act Article 11 Evidence Calendar](/artifacts/eu/digital-markets-act/annual-report-evidence-calendar.md): Build a source-grounded DMA Article 11 compliance report calendar with evidence owners, annual update checkpoints, report sections, and review gates. - [EU Digital Markets Act checklist for gatekeeper compliance](/artifacts/eu/digital-markets-act/checklist.md): A source-grounded DMA checklist for designated gatekeepers and core platform services, covering scope, Articles 5, 6 and 7 obligations, Article 11 reporting, evidence, anti-circumvention, and governance. - [EU Digital Markets Act compliance: gatekeeper obligations and evidence](/artifacts/eu/digital-markets-act/compliance.md): DMA compliance guide for designated gatekeepers: core platform service scoping, Articles 5, 6 and 7 controls, Article 11 reports, anti-circumvention checks, interoperability evidence, and enforcement risk. - [EU Digital Markets Act deadlines and compliance calendar](/artifacts/eu/digital-markets-act/deadlines-and-compliance-calendar.md): Track DMA notification, designation, six-month obligation start, Article 11 reporting, Article 14 concentration notices, Article 15 profiling audits, and preparation milestones using official EU sources. - [EU Digital Markets Act FAQ: gatekeepers, DMA obligations, reports, and enforcement](/artifacts/eu/digital-markets-act/faq.md): Concise FAQ on the EU Digital Markets Act for gatekeeper designation, core platform services, Articles 5, 6 and 7 obligations, Article 11 reports, interoperability, business-user data access, compliance evidence, and enforcement. - [EU Digital Markets Act requirements for gatekeepers](/artifacts/eu/digital-markets-act/requirements.md): DMA requirements for designated gatekeepers: core platform service scope, Articles 5, 6 and 7 obligations, Article 11 reporting, anti-circumvention, evidence, remedies, and fines. - [EU Digital Markets Act Timeline and Key Milestones: practical obligations and evidence guide](/artifacts/eu/digital-markets-act/timeline-and-key-milestones.md): Practical EU Digital Markets Act guide to Timeline and Key Milestones: scope, owners, evidence, edge cases, checklist steps, and external source-linked citations. - [EU DMA Applicability Test: gatekeeper thresholds, core platform services, and evidence](/artifacts/eu/digital-markets-act/applicability-test.md): Test whether the EU Digital Markets Act may apply to a platform service using the DMA gatekeeper criteria, core platform service categories, EU user thresholds, notification steps, and evidence records. - [EU DMA Article 11 Compliance Reporting Guide](/artifacts/eu/digital-markets-act/article-11-reporting.md): Source-grounded guide to EU Digital Markets Act Article 11 compliance reports: report purpose, template evidence, non-confidential summaries, annual updates, and submission steps. - [EU DMA do's and don'ts for product teams](/artifacts/eu/digital-markets-act/dos-and-donts-for-product-teams.md): Product release checks for designated DMA gatekeepers: Article 5, 6 and 7 obligations, anti-circumvention review, data access, interoperability, self-preferencing and Article 11 evidence. - [What do DMA Articles 5, 6, and 7 require from gatekeepers?](/artifacts/eu/digital-markets-act/faq/articles-5-6-and-7-obligations.md): FAQ explaining how EU Digital Markets Act Articles 5, 6, and 7 group gatekeeper obligations, what product evidence they require, and how Article 11 reporting connects. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/digital-markets-act/anti-circumvention-design-review