Artifact GuideEU

EU Digital Markets Act (DMA) Obligations (By Obligation)

A practical breakdown of DMA obligations you can turn into controls and acceptance criteria.

Built for mapping to product features, engineering workstreams, monitoring checks, and the Article 11 compliance report.

Back to main artifactReview sources
Author
Sorena AI
Published
Feb 21, 2026
Updated
Feb 23, 2026
Sections
5

Structured answer sets in this page tree.

Primary sources
4

Cited legal and guidance references.

Publication metadata
Sorena AI
Published Feb 21, 2026
Updated Feb 23, 2026
Overview

DMA obligations attach to each core platform service (CPS) listed in a gatekeeper designation decision. Use this list to build an obligation-to-feature map per CPS, assign owners, and capture evidence as you implement. This page focuses on the core obligation set in Articles 5, 6, and 7.

Section 1

How to use this obligations list (execution format)

For each CPS, convert every obligation into: (1) product requirement(s), (2) control(s), (3) monitoring check(s), and (4) evidence artifacts.

The Commission's Article 11 compliance report template expects a detailed, transparent explanation per CPS and per applicable obligation - this list helps you build that structure.

  • Create a row per obligation: obligation text -> impacted surfaces -> owner -> acceptance criteria -> evidence.
  • Track "by design" obligations (e.g., ranking neutrality) separately from "by policy" obligations (e.g., anti-steering contract language).
  • Treat integrity/security restrictions as exceptions requiring necessity + proportionality justification and test evidence.
Section 2

Article 5 obligations (selected high-impact obligations)

Article 5 contains obligations that restrict certain practices and require concrete operational and product controls.

These are often high-impact because they touch ads systems, consent flows, and commercial terms with business users.

  • Personal data restrictions for advertising and cross-service combination: do not combine/cross-use personal data across CPS and other services unless the end user has specific choice and consent; do not re-prompt more than once per year if refused/withdrawn.
  • Anti-steering: do not prevent business users from offering different prices/conditions via other channels; allow business users to communicate/promote offers and conclude contracts with end users acquired via the CPS.
  • End-user access: allow end users to access content/subscriptions/features via a business user's app even if acquired outside the gatekeeper's CPS.
  • No retaliation for complaints: do not prevent or restrict business users/end users from raising non-compliance issues with public authorities and courts.
  • No tying to gatekeeper services: do not require gatekeeper identification services, browser engines, payment services, or in-app payment technical services in the context of business users' services using the CPS.
  • Ads transparency reporting: provide advertisers and publishers daily information on prices/fees/remuneration and the metrics used (subject to consent constraints).
Section 3

Article 6 obligations (susceptible of further specification under Article 8)

Article 6 obligations are broad and often implemented through product changes, APIs, and transparent access conditions. They are also susceptible of further specification under Article 8, so design for adaptability.

Below is an execution-oriented summary of the obligations that commonly drive engineering roadmaps.

  • No use of non-public business-user data to compete: including inferred/aggregated data such as click, search, view, and voice data generated via CPS use.
  • Uninstall + defaults + choice screens: allow easy uninstall of apps (except essential OS/device apps); allow easy default changes; prompt end users at first use to choose among main providers for search, virtual assistant, and browser where applicable.
  • Third-party apps and app stores: allow installation and effective use of third-party apps/app stores using or interoperating with the OS; allow access by means other than the gatekeeper's CPS; allow setting downloaded apps/app stores as default (subject to strictly necessary and proportionate integrity/security measures).
  • No self-preferencing in ranking/indexing/crawling: apply transparent, fair, non-discriminatory ranking conditions.
  • No switching restrictions: do not technically or otherwise restrict end users from switching between apps/services accessed using the CPS (including choice of internet access services).
  • OS/virtual assistant feature interoperability (Article 6(7)): allow free and effective interoperability and access for interoperability to the same hardware/software features available to gatekeeper services/hardware (subject to strictly necessary and proportionate integrity measures).
  • Ads verification: provide access to performance measuring tools and data needed for independent verification of ad inventory (aggregated and non-aggregated data).
  • Data portability for end users: provide effective portability of data provided by end users or generated through their activity, including continuous and real-time access and tools facilitating portability.
  • Data access for business users: provide effective, high-quality, continuous and real-time access to aggregated and non-aggregated data generated in CPS use by business users and their end users (personal data only with end-user opt-in consent).
  • Search data access: provide third-party search engines access on FRAND terms to ranking, query, click and view data for searches on the gatekeeper's search engine (personal data anonymised).
  • FRAND access terms and transparency: apply fair, reasonable, and non-discriminatory general conditions of access for business users to app stores, search engines, and social networks; publish conditions including alternative dispute settlement.
  • No disproportionate termination conditions: ensure termination conditions are proportionate and can be exercised without undue difficulty.
Section 4

Article 7 obligations (messaging interoperability with staged deadlines)

Article 7 applies when a gatekeeper provides number-independent interpersonal communications services (NICS) listed in the designation decision.

Interoperability is request-based, free of charge, and must preserve security (including end-to-end encryption where applicable).

  • After listing: make 1:1 end-to-end text messaging interoperable; and sharing of images/voice messages/videos/other files in 1:1 communication interoperable (where offered to your users).
  • Within 2 years from designation: group text messaging and group-to-individual file sharing interoperability.
  • Within 4 years from designation: voice and video calls interoperability (1:1 and group-to-individual).
  • Publish a reference offer with technical details/terms within the 6-month compliance period; comply with reasonable interoperability requests within 3 months.
  • Limit personal data exchange to what is strictly necessary and comply with EU data protection law.
Section 5

Obligation-to-control mapping: the minimum evidence set (Article 11 style)

For each obligation you implement, capture evidence in a way that can be reused in the compliance report: what changed, when, and how it achieves effective compliance.

This is the fastest way to avoid "compliance by assertion" and to reduce enforcement risk.

  • Prior state vs new state: UX screenshots, API docs, system diagrams, and change logs.
  • Implementation details: scope (products/devices), geography (EU vs global), and engineering details (data usage policies, ranking parameters, security measures).
  • Effectiveness proof: metrics, tests, and user/business-user impact monitoring.
Recommended next step

Use EU Digital Markets Act (DMA) Obligations (By Obligation) as a cited research workflow

Research Copilot can take EU Digital Markets Act (DMA) Obligations (By Obligation) from getting cited answers and faster research on this topic to a reusable workflow inside Sorena. Teams working on EU Digital Markets Act (DMA) can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Research workflow
Open Research Copilot for EU Digital Markets Act (DMA) Obligations (By Obligation)

Start from EU Digital Markets Act (DMA) Obligations (By Obligation) and answer scope, timing, and interpretation questions with cited outputs.

Explore next step
Talk to Sorena
Talk through EU Digital Markets Act (DMA)

Review your current process, evidence gaps, and next steps for EU Digital Markets Act (DMA) Obligations (By Obligation).

Explore next step
Primary sources

References and citations

Related guides

Explore more topics

DMA Applicability Test (Gatekeeper Scoping) | EU Digital Markets Act
A practical DMA applicability test for teams scoping EU Digital Markets Act exposure: core platform service (CPS) mapping, gatekeeper presumption thresholds.
DMA Compliance Checklist (Execution-Ready) | EU Digital Markets Act
An execution-ready EU DMA checklist: CPS scoping, gatekeeper thresholds, designation readiness, Article 5-7 obligation mapping, product/engineering controls.
DMA Compliance Program & Monitoring (Compliance Function + Evidence)
How to build an EU DMA compliance program that survives scrutiny: Article 28 compliance function design, monitoring readiness.
DMA Deadlines & Compliance Calendar (Key Dates) | EU Digital Markets Act
A calendar-ready DMA deadlines guide: application date, gatekeeper notification (2 months), designation (45 working days), 6-month compliance deadline.
DMA Do's and Don'ts for Product Teams | EU Digital Markets Act
Practical DMA do's and don'ts for product and engineering teams: how to avoid self-preferencing, implement choice screens and default changes.
DMA Enforcement: Penalties, Remedies, and Process | EU Digital Markets Act
How EU DMA enforcement works: information requests, monitoring, preliminary findings, non-compliance decisions, commitments, interim measures, remedies.
DMA Fines & Penalties (10% / 20% / 1% + 5% per day) | EU Digital Markets Act
A practitioner guide to DMA penalties: non-compliance fines up to 10% worldwide turnover, repeat infringement fines up to 20%, procedural fines up to 1%.
DMA Self-Preferencing Compliance Examples (Article 6(5)) | EU Digital Markets Act
Practical self-preferencing compliance guidance for DMA Article 6(5): what counts as self-preferencing in ranking/indexing/crawling, what "transparent, fair.
DMA vs DSA: What's the Difference? (EU Platform Laws)
A practical comparison of the EU Digital Markets Act (DMA) vs the Digital Services Act (DSA): what each law regulates, who is in scope, core obligations.
EU Digital Markets Act (DMA) Requirements (Articles 5-7)
A deep, execution-ready overview of EU DMA requirements for gatekeepers: Article 5 restrictions, Article 6 obligations (choice screens, app distribution.
EU DMA Compliance Guide (How to Comply) | Digital Markets Act (DMA)
A practical guide to EU Digital Markets Act (DMA) compliance: how to scope CPS, start the 6-month clock after designation, implement Articles 5-7 obligations.
EU DMA FAQ (Gatekeepers, Obligations, Deadlines) | Digital Markets Act
EU Digital Markets Act (DMA) FAQ: what is a gatekeeper, what counts as a core platform service (CPS), what are the key obligations (Articles 5-7).
EU DMA Timeline & Key Milestones | Digital Markets Act (2022/1925)
A grounded EU Digital Markets Act (DMA) timeline: application date, gatekeeper designations, compliance clocks, Article 7 staged interoperability milestones.
Gatekeeper Compliance Checklist (DMA Articles 5-7 + Article 11)
A gatekeeper-focused DMA compliance checklist: what to implement within 6 months per listed CPS, how to structure the Article 11 compliance report.
Gatekeeper Designation Guide (DMA Article 3) | EU Digital Markets Act
A practical guide to DMA gatekeeper designation: core platform service mapping, Article 3 thresholds (45M / 10,000 / EUR 7.5B / EUR 75B).