--- title: "DMA Article 6 Business User Data Access Guide" canonical_url: "https://www.sorena.io/artifacts/eu/digital-markets-act/business-user-data-access" source_url: "https://www.sorena.io/artifacts/eu/digital-markets-act/business-user-data-access" author: "Sorena AI" description: "Grounded guide to EU Digital Markets Act Article 6 data access for business users, end users, authorised third parties, consent boundaries, and evidence handoffs." published_at: "2026-05-09" updated_at: "2026-05-25" keywords: - "Digital Markets Act" - "DMA Article 6(10)" - "business user data access" - "end user data portability" - "gatekeeper data access" - "DMA" - "Article 6(10)" - "data portability" - "gatekeeper" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # DMA Article 6 Business User Data Access Guide Grounded guide to EU Digital Markets Act Article 6 data access for business users, end users, authorised third parties, consent boundaries, and evidence handoffs. *DMA Article 6* *EU* ## DMA Business User Data Access Use this page to scope Article 6 data-access work for a designated gatekeeper core platform service without turning it into a generic privacy, API, or reporting checklist. It separates business-user access under Article 6(10), end-user portability under Article 6(9), non-public business-user data restrictions under Article 6(2), and the evidence expected in DMA compliance reporting. DMA business-user data access is not a broad entitlement to every dataset a gatekeeper holds. Article 6(10) requires a gatekeeper, on request and free of charge, to give business users and their authorised third parties effective, high-quality, continuous and real-time access to aggregated and non-aggregated data provided for or generated through the relevant core platform service by those business users and by end users engaging with their products or services. Personal data access is narrower: the data must be directly connected to the end user's use of the relevant business user's product or service, and the end user must opt in by consent. ## What Article 6 data-access obligations cover Start with the designated core platform service. The Article 6(10) access duty attaches to the relevant core platform service, and to services provided together with or in support of it, when the data was provided for or generated in that context by the business user and by end users engaging with that business user's offer. Do not collapse Article 6(10) into Article 6(9). Article 6(9) is end-user portability for data provided by the end user or generated through the end user's activity, including continuous and real-time access. Article 6(10) is the business-user data-access obligation, including authorised third-party access on the business user's request. - Confirm the gatekeeper and the exact core platform service listed in the designation context. - Identify the requesting business user and any third party authorised by that business user. - Separate business-user access under Article 6(10) from end-user portability under Article 6(9). - Limit personal data access to data directly connected with end-user use of the relevant business user's product or service, and only where the end user opts in by consent. - Treat Article 6(8) advertising measurement data separately when the request comes from advertisers, publishers, or their authorised third parties. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 6(10) defines business-user access to aggregated and non-aggregated data, including the personal-data consent boundary. - [European Commission - Resources for businesses](https://digital-markets-act.ec.europa.eu/questions-and-answers/resources-businesses_en?ref=sorena.io) - Commission page groups gatekeeper resources for Article 6(9) data portability and Article 6(10) data access. ## Access scope and request handoff A useful intake record should describe the business user's product or service, the relevant gatekeeper interface, the requested data categories, whether the data is aggregated or non-aggregated, and whether personal data is included. It should also state whether the requester is the business user or an authorised third party. The Commission's business-resource page lists gatekeeper access routes such as data-access documentation, dashboards, portals, APIs, and request forms. That list supports the handoff pattern, but it does not prove that any one technical route is sufficient for Article 6(10). Product teams should therefore review whether the available route actually delivers the scope, quality, continuity, and timeliness the obligation requires. - Capture the request date, requesting entity, authorisation basis, core platform service, and affected business account or property. - Classify requested data as business-user-provided, end-user-generated through engagement with that business user's offer, advertising-measurement data, or outside Article 6(10). - For personal data, record the consent path or the reason only anonymised or non-personal data is being used. - Check whether the available portal, export, API, or support channel covers both aggregated and non-aggregated data where required. - Keep response-time, data-quality, completeness, error, and denial records because Article 6(10) is not satisfied by a nominal access link alone. Sources for this answer: - [European Commission - Resources for businesses](https://digital-markets-act.ec.europa.eu/questions-and-answers/resources-businesses_en?ref=sorena.io) - Commission source for business-facing gatekeeper resources covering data portability and data access request routes. - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 13(5) explains that gatekeepers must not make required consent collection more burdensome for business users than for their own services. ## Restrictions that product reviews must catch Article 6 data access has a defensive side as well as an access side. Article 6(2) prohibits a gatekeeper from using, in competition with business users, non-public data generated or provided by those business users in the context of their use of the relevant core platform service, including data generated or provided by their customers. Product review should therefore test both directions: whether business users can obtain the data Article 6(10) covers, and whether internal gatekeeper uses of non-public business-user data are blocked where Article 6(2) applies. A launch that expands ranking, ads, analytics, marketplace insights, AI training inputs, recommendation features, or internal competitive benchmarking can reopen both questions. - Add an Article 6(2) check when non-public business-user or customer interaction data feeds internal products or competitive services. - Add an Article 6(10) check when a new dashboard, API, report, export, or permission model changes business-user access to generated data. - Flag any design that makes personal-data consent more difficult for business users than for the gatekeeper's own services. - Review data retention, access revocation, account ownership, third-party authorisation, and error handling before release. - Do not claim compliance from an API name, a help page, or a data-export button unless the actual data scope and access quality have been tested. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 6(2) restricts gatekeeper use of non-public data generated or provided by business users when competing with them. - [European Commission - Article 11 DMA compliance report template](https://digital-markets-act.ec.europa.eu/document/download/1a70566c-f394-4d29-9454-c0eac0678e05_en?ref=sorena.io) - The compliance-report template asks gatekeepers to explain data access, retention, security, privacy, testing, indicators, and effectiveness evidence. ## Evidence to keep for Article 6(10) Evidence should prove the substance of access, not just the existence of a policy. Keep the business-user request, authorisation documents for third parties, data-category mapping, consent handling for personal data, delivery method, error logs, denials, partial responses, and follow-up communications. The DMA compliance-report template points to a broader evidence package: measures implemented, changes to business-user terms, consultations, actions to inform business users, security or privacy measures, testing, indicators, underlying data, and monitoring systems. For Article 6(10), those records should connect the legal scope to the actual access mechanism and to measurable outcomes such as request counts, fulfilled requests, rejected requests, latency, completeness, and data-quality issues. - Maintain a data-category matrix showing source, aggregation level, personal-data status, consent dependency, delivery route, and exclusion reason. - Retain evidence of business-user and authorised-third-party identity checks without making authorisation a hidden barrier. - Save screenshots, API documentation versions, export schemas, response samples, and incident records that show what access actually delivered. - Track indicators by core platform service and, where useful, by business-user segment or request type. - Keep non-confidential summaries aligned with the underlying compliance evidence when Article 11 reporting is updated. Sources for this answer: - [European Commission - Article 11 DMA compliance report template](https://digital-markets-act.ec.europa.eu/document/download/1a70566c-f394-4d29-9454-c0eac0678e05_en?ref=sorena.io) - Commission template supports keeping detailed evidence, indicators, monitoring records, and underlying data for Articles 5 to 7 compliance. - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 11 requires gatekeepers to report measures implemented to ensure compliance with Articles 5 to 7. ## Business-user data-access review checklist Use this checklist before approving a DMA data-access mechanism, a business-user dashboard, a data export, a third-party authorisation flow, or a product change that touches business-user generated data. The expected output is a scoped evidence packet: the Article 6 paragraph, the service and data categories, the access route, the personal-data consent treatment, the restriction review, test results, and the owner who can fix gaps. - Article 6 paragraph identified: 6(10) business-user access, 6(9) end-user portability, 6(8) ad measurement, 6(2) non-public data-use restriction, or out of scope. - Relevant gatekeeper, core platform service, business user, authorised third party, and data categories are named. - Aggregated, non-aggregated, personal, non-personal, and anonymised data treatment is recorded. - Consent handling for personal data is tested and does not make the business user's consent path more burdensome than the gatekeeper's own path. - Access is tested for quality, continuity, real-time behaviour where relevant, completeness, authentication, permissioning, and failure handling. - Denials and exclusions state the legal or factual reason and are reviewable by legal, product, and compliance owners. - Compliance-report evidence can be retrieved without reconstructing the product decision from memory. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Binding source for Article 6(9), Article 6(10), Article 6(2), Article 11, and the consent-related Article 13(5) guardrail. - [European Commission - DMA gatekeepers page](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Commission source for designated gatekeeper context and links to compliance reports and related gatekeeper materials. - [European Commission - Resources for businesses](https://digital-markets-act.ec.europa.eu/questions-and-answers/resources-businesses_en?ref=sorena.io) - Commission source for business-facing resources organized by Article 6 data portability and data-access topics. *Recommended next step* *Placement: before sources* ## Turn Article 6(10) access duties into a scoped evidence packet Sorena can help compare a business-user request, data categories, consent handling, access route, and product-change evidence against the DMA sources cited on this page. - [Open Research Copilot for DMA](/solutions/research-copilot.md): Ask source-linked questions about Article 6 data access, end-user portability, gatekeeper scope, and compliance-report evidence. - [Talk through Article 6 evidence](/contact.md): Review your business-user access route, consent boundaries, product-change checks, and compliance evidence with Sorena. ## Primary sources - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Binding DMA source for Article 6(10) business-user data access, Article 6(9) end-user data portability, Article 6(2) non-public data restrictions, Article 11 reporting, and Article 13(5) consent guardrails. - Quote: "effective, high-quality, continuous and real-time access" - [European Commission - Resources for businesses](https://digital-markets-act.ec.europa.eu/questions-and-answers/resources-businesses_en?ref=sorena.io) - Commission page listing business-facing resources for Article 6(9) data portability and Article 6(10) data access across designated gatekeepers. - Quote: "Article 6(10) - Data access" - [European Commission - Article 11 DMA compliance report template](https://digital-markets-act.ec.europa.eu/document/download/1a70566c-f394-4d29-9454-c0eac0678e05_en?ref=sorena.io) - Commission template supporting evidence expectations for effective compliance, monitoring, indicators, data access, interfaces, security, privacy, and underlying data. - Quote: "demonstrate effective compliance" - [European Commission - DMA gatekeepers page](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Commission page for designated gatekeeper context and public access to gatekeeper compliance materials. - Quote: "designated gatekeepers" ## Related Topic Guides - [DMA Anti-Circumvention Design Review for Gatekeeper Product Changes](/artifacts/eu/digital-markets-act/anti-circumvention-design-review.md): Review DMA Article 13 anti-circumvention risks in gatekeeper product, interface, contractual, commercial, and technical changes with obligation mapping and evidence records. - [DMA Article 11 Compliance Report Template FAQ](/artifacts/eu/digital-markets-act/faq/compliance-report-template.md): How gatekeepers should use the DMA Article 11 compliance report template to document obligation-by-obligation measures, evidence, updates, and non-confidential summaries. - [DMA Article 6(7) and Article 7 interoperability obligations](/artifacts/eu/digital-markets-act/article-6-7-interoperability.md): Grounded guide to DMA interoperability duties: Article 6(7) operating-system feature access, Article 7 messaging interoperability, request handling, security conditions, and compliance evidence. - [DMA Articles 5, 6 and 7 obligations mapped to CPS evidence](/artifacts/eu/digital-markets-act/core-obligations-by-obligation.md): Map EU Digital Markets Act Articles 5, 6 and 7 obligations to affected core platform services, product evidence, legal owners, and Article 11 compliance-report artifacts. - [DMA compliance program and monitoring for gatekeepers](/artifacts/eu/digital-markets-act/compliance-program-and-monitoring.md): Build a DMA compliance program around Article 8 effective compliance, Article 11 reporting evidence, Article 13 anti-circumvention controls, and Article 28 compliance-function governance. - [DMA Core Platform Service Scoping](/artifacts/eu/digital-markets-act/core-platform-service-scoping-by-service.md): Scope EU Digital Markets Act core platform services by service category, designation evidence, user thresholds, and Form GD service-boundary records. - [DMA core platform services FAQ](/artifacts/eu/digital-markets-act/faq/core-platform-services.md): FAQ on EU Digital Markets Act core platform services: Article 2 service categories, gatekeeper designation evidence, user thresholds, service scoping, and Article 11 reporting. - [DMA CPS Obligation Matrix Workflow: Articles 5, 6, 7 and Article 11 Evidence](/artifacts/eu/digital-markets-act/cps-obligation-matrix-workflow.md): Build a DMA core platform service obligation matrix that links each designated CPS to Articles 5, 6 and 7 duties, product owners, designation evidence, Article 11 report artifacts and review gates. - [DMA designation intake workflow for gatekeeper notifications](/artifacts/eu/digital-markets-act/designation-intake-workflow.md): Build a grounded DMA designation intake record covering core platform service classification, Article 3 thresholds, Form GD evidence, Commission handoff, and Article 11 readiness. - [DMA enforcement, penalties, and remedies: Commission powers and evidence](/artifacts/eu/digital-markets-act/enforcement-penalties-and-remedies.md): EU Digital Markets Act enforcement guide covering Commission non-compliance decisions, DMA fine caps, periodic penalty payments, remedies, interim measures, commitments, and Article 11 evidence. - [DMA Gatekeeper Compliance Checklist for Articles 5, 6, 7 and 11](/artifacts/eu/digital-markets-act/gatekeeper-compliance-checklist.md): A grounded EU Digital Markets Act checklist for designated gatekeepers: core platform service scope, Article 5/6/7 controls, Article 11 report evidence, anti-circumvention checks, and review gates. - [DMA Gatekeeper Designation Guide: Article 3 thresholds, Form GD, and Article 11 readiness](/artifacts/eu/digital-markets-act/gatekeeper-designation-guide.md): A grounded EU Digital Markets Act guide for assessing Article 3 gatekeeper thresholds, scoping core platform services, preparing Form GD evidence, handling rebuttal annexes, and planning Article 11 compliance reporting. - [DMA gatekeeper thresholds: what counts and when to notify](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md): Standalone FAQ on the EU Digital Markets Act gatekeeper thresholds, Article 3 notification timing, Form GD evidence, and active user-count methodology. - [DMA interoperability requests: Article 7 and Commission guidance](/artifacts/eu/digital-markets-act/faq/interoperability-requests.md): How EU Digital Markets Act interoperability requests work for Article 7 messaging services, Article 6(7) operating-system access, gatekeeper evidence, requester evidence, and security safeguards. - [DMA penalties and fines: caps, triggers, and enforcement evidence](/artifacts/eu/digital-markets-act/penalties-and-fines.md): EU Digital Markets Act penalties guide covering Article 30 fine caps, Article 31 periodic penalty payments, non-compliance decisions, remedies, and evidence records. - [DMA Product Change Review Workflow for Articles 5, 6, 7, 11 and 13](/artifacts/eu/digital-markets-act/product-change-review-workflow.md): Review DMA-relevant product releases for Article 5, Article 6, Article 7, anti-circumvention, Article 11 evidence, and product-owner/legal signoff. - [DMA Self-Preferencing Compliance Examples for Ranking and Display](/artifacts/eu/digital-markets-act/self-preferencing-compliance-examples.md): Examples and release-review controls for DMA Article 6(5) self-preferencing checks across ranking, indexing, crawling, search results, marketplaces, app stores, feeds, and virtual assistants. - [DMA vs Data Act: gatekeeper duties compared with EU data-sharing rules](/artifacts/eu/digital-markets-act/dma-vs-data-act.md): Compare the EU Digital Markets Act and EU Data Act by scope, actors, data access, interoperability, reporting, evidence, and enforcement without merging distinct obligations. - [DMA vs DSA: Digital Markets vs Services Act](/artifacts/eu/digital-markets-act/dma-vs-dsa.md): A grounded comparison of the DMA and DSA focused on gatekeepers, core platform services, DMA obligations, Article 11 reporting, interoperability, data access, and enforcement. - [DMA vs EU competition law: gatekeeper obligations, Article 11 evidence, and enforcement](/artifacts/eu/digital-markets-act/dma-vs-eu-competition-law.md): Compare the EU Digital Markets Act with EU competition law: ex ante gatekeeper and core platform service duties, Articles 5 to 7, Article 11 reports, penalties, and evidence records. - [DMA vs GDPR: gatekeeper data obligations compared](/artifacts/eu/digital-markets-act/dma-vs-gdpr.md): Compare DMA gatekeeper obligations with high-level GDPR overlap for consent, combining personal data, data access, portability, and Article 11 reporting. - [EU Digital Markets Act Article 11 Evidence Calendar](/artifacts/eu/digital-markets-act/annual-report-evidence-calendar.md): Build a source-grounded DMA Article 11 compliance report calendar with evidence owners, annual update checkpoints, report sections, and review gates. - [EU Digital Markets Act checklist for gatekeeper compliance](/artifacts/eu/digital-markets-act/checklist.md): A source-grounded DMA checklist for designated gatekeepers and core platform services, covering scope, Articles 5, 6 and 7 obligations, Article 11 reporting, evidence, anti-circumvention, and governance. - [EU Digital Markets Act compliance: gatekeeper obligations and evidence](/artifacts/eu/digital-markets-act/compliance.md): DMA compliance guide for designated gatekeepers: core platform service scoping, Articles 5, 6 and 7 controls, Article 11 reports, anti-circumvention checks, interoperability evidence, and enforcement risk. - [EU Digital Markets Act deadlines and compliance calendar](/artifacts/eu/digital-markets-act/deadlines-and-compliance-calendar.md): Track DMA notification, designation, six-month obligation start, Article 11 reporting, Article 14 concentration notices, Article 15 profiling audits, and preparation milestones using official EU sources. - [EU Digital Markets Act FAQ: gatekeepers, DMA obligations, reports, and enforcement](/artifacts/eu/digital-markets-act/faq.md): Concise FAQ on the EU Digital Markets Act for gatekeeper designation, core platform services, Articles 5, 6 and 7 obligations, Article 11 reports, interoperability, business-user data access, compliance evidence, and enforcement. - [EU Digital Markets Act requirements for gatekeepers](/artifacts/eu/digital-markets-act/requirements.md): DMA requirements for designated gatekeepers: core platform service scope, Articles 5, 6 and 7 obligations, Article 11 reporting, anti-circumvention, evidence, remedies, and fines. - [EU Digital Markets Act Timeline and Key Milestones: practical obligations and evidence guide](/artifacts/eu/digital-markets-act/timeline-and-key-milestones.md): Practical EU Digital Markets Act guide to Timeline and Key Milestones: scope, owners, evidence, edge cases, checklist steps, and external source-linked citations. - [EU DMA Applicability Test: gatekeeper thresholds, core platform services, and evidence](/artifacts/eu/digital-markets-act/applicability-test.md): Test whether the EU Digital Markets Act may apply to a platform service using the DMA gatekeeper criteria, core platform service categories, EU user thresholds, notification steps, and evidence records. - [EU DMA Article 11 Compliance Reporting Guide](/artifacts/eu/digital-markets-act/article-11-reporting.md): Source-grounded guide to EU Digital Markets Act Article 11 compliance reports: report purpose, template evidence, non-confidential summaries, annual updates, and submission steps. - [EU DMA do's and don'ts for product teams](/artifacts/eu/digital-markets-act/dos-and-donts-for-product-teams.md): Product release checks for designated DMA gatekeepers: Article 5, 6 and 7 obligations, anti-circumvention review, data access, interoperability, self-preferencing and Article 11 evidence. - [What do DMA Articles 5, 6, and 7 require from gatekeepers?](/artifacts/eu/digital-markets-act/faq/articles-5-6-and-7-obligations.md): FAQ explaining how EU Digital Markets Act Articles 5, 6, and 7 group gatekeeper obligations, what product evidence they require, and how Article 11 reporting connects. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/digital-markets-act/business-user-data-access