DMA Articles 5, 6 and 7 Core Obligations by Obligation

Article 3 requires the Commission to list the relevant core platform services in the gatekeeper designation decision, and Article 3(10) ties the Articles 5, 6 and 7 compliance clock to those listed services. The obligation matrix should therefore have one row per designated core platform service, not one row per internal product team.

Use the Commission gatekeepers page and the designation decision to name the affected service. Then attach the legal obligation, the user group protected by the obligation, the product surface where the obligation is implemented, and the evidence package that will support the Article 11 report.

Article 5 obligations apply to each listed core platform service and are framed as direct rules for gatekeepers. They should be converted into product controls only where the listed service has the relevant data, business-user, end-user, payment, identity, browser, registration, or advertising surface.

The evidence package should show the before-and-after product or policy state, not just a legal assertion. For example, Article 5(2) needs consent and data-combination evidence; Article 5(3) to 5(5) need business-user contract and journey evidence; Article 5(7) and 5(8) need tying and registration controls; Article 5(9) and 5(10) need daily advertiser and publisher transparency records.

Article 6 obligations are also mapped per listed core platform service, but Article 8 allows the Commission to specify measures for Article 6 obligations. The obligation matrix should therefore include both the statutory duty and any specification, request, API, or technical reference process that affects implementation.

Do not summarize Article 6 as a single duty to be open or fair. The operational evidence differs sharply by paragraph: some rows need non-public data firewalls, others need uninstall or choice-screen evidence, others need OS or virtual-assistant interoperability, ad-measurement access, data portability, business-user data access, search-data access, FRAND access terms, or termination terms.

Article 7 is specific to gatekeepers that provide number-independent interpersonal communications services listed in the designation decision. It should not be applied to unrelated core platform services merely because the group operates other digital products.

For an affected messaging service, the owner set is narrower and more technical: messaging product, protocol engineering, security, privacy, legal, developer relations, and partner intake. The evidence should show the reference offer, request handling, technical interfaces or similar solutions, security and end-to-end encryption treatment, personal-data minimisation, and implementation status for the basic functionalities that the gatekeeper itself provides.

Article 8 requires gatekeepers to ensure and demonstrate effective compliance with Articles 5, 6 and 7. Article 11 then requires a detailed and transparent report on measures implemented, plus a non-confidential summary. The Commission template turns that into a practical evidence standard for each CPS-obligation row.

For every row, keep enough evidence for a reviewer to reconstruct the measure: what changed, when it changed, which products and devices it covers, where it applies, what technical changes were made, what user or business-user experience changed, what terms or remuneration flows changed, what parties were consulted, what alternatives were rejected, what testing was done, and which indicators show the measure is effective.