DMA vs Data Act Gatekeeper obligations and data-sharing rules

Starts with a designated gatekeeper and each core platform service listed in the Commission designation decision, including categories such as online intermediation, search, social networking, video sharing, number-independent messaging, operating systems, browsers, virtual assistants, cloud computing, and online advertising.

Starts with access to and use of data, especially connected-product and related-service data, data-holder availability duties, public-sector access where the Data Act permits it, and data-processing-service switching.

A large digital platform is not automatically a DMA workstream for every service, and a data access request is not automatically a Data Act workstream for every dataset. Record the gatekeeper/CPS trigger separately from the Data Act data trigger.

The obligated actor is the designated gatekeeper for the relevant core platform service. Implementation usually involves competition counsel, product owners, platform engineering, data teams, developer relations, advertising, search/ranking, app-store, browser, operating-system, or messaging teams depending on the obligation.

The relevant actors depend on the Data Act role: user, data holder, data recipient, product or related-service provider, public-sector requester, or provider of data processing services.

Assign owners by legal role and product surface, not by a generic 'data platform' label.

Articles 5, 6, and 7 cover gatekeeper conduct duties such as limits on certain data combination, business-user offer freedom, complaint freedom, advertising transparency, non-public business-user data use, default settings, app-store access, self-preferencing in ranking, switching, interoperability, advertising measurement data, end-user portability, business-user data access, search-data access, fair access conditions, and messaging interoperability.

The Data Act comparator covers making data available, terms for data sharing, public-sector access where the Act permits it, and switching or interoperability requirements for data processing services.

Translate DMA duties into service-specific product controls and Article 11 evidence; translate Data Act duties into data-access, contract, request-handling, or switching controls.

DMA data work is tied to gatekeeper obligations: business users can need access to data generated through their use of the relevant core platform service, end users can need portability, advertisers and publishers can need measurement data, and search competitors can request certain ranking, query, click, and view data on fair, reasonable, and non-discriminatory terms.

Data Act data work is broader and starts from the data covered by the Act, including connected-product and related-service data and the rules for making that data available to users, third parties, or public-sector bodies where applicable.

A DMA business-user data-access control should cite the relevant Article 6 obligation and CPS; a Data Act data-access control should cite the data category, data holder, user or recipient, and request route.

Article 11 requires a gatekeeper to provide the Commission, within 6 months after designation, a detailed and transparent report on measures implemented to ensure Articles 5 to 7 compliance, publish and provide a non-confidential summary, and update the report and summary at least annually.

The Data Act comparison should maintain evidence for the applicable data-access, data-sharing, public-sector request, contract-term, or switching obligation; it does not use the DMA Article 11 compliance-report template.

Use Article 11 evidence for DMA only. The report should be organized by core platform service and obligation, with supporting data, internal documents, implementation dates, product scope, geography, technical changes, user-interface changes, business-user terms, consultation evidence, and alternatives considered where applicable.

DMA timing is driven by designation and ongoing compliance. Article 11 sets the 6-month post-designation reporting point and at-least-annual updates; product changes that affect Articles 5 to 7 controls should be reviewed before release because the gatekeeper must ensure and demonstrate effective compliance.

Data Act timing should be checked against the applicable Data Act provision, product or service launch, access request, contract event, public-sector request, or data-processing-service switching event.

Do not reuse a single compliance calendar label. Track DMA designation and Article 11 cycles separately from Data Act product, request, contract, and switching milestones.

The Commission is the sole DMA enforcer, with cooperation mechanisms for Member State authorities. DMA non-compliance can lead to Commission decisions, remedies, fines up to 10% of total worldwide turnover, up to 20% for certain repeat infringements, and periodic penalty payments up to 5% of average daily worldwide turnover.

The Data Act enforcement route is separate from DMA gatekeeper enforcement. Use the Data Act source and competent-authority analysis for Data Act penalties, rather than borrowing DMA fine caps.

Escalate DMA risk to the gatekeeper's Commission-facing team and Article 11 evidence owners. Escalate Data Act risk through the owners responsible for the relevant data-access, request, contract, or switching obligation.

Keep DMA labels on facts tied to a designated gatekeeper, CPS, Articles 5 to 7 obligation, Article 11 report, Article 6(7) or Article 7 interoperability request, or Commission DMA proceeding.

Keep Data Act labels on facts tied to covered data, data-holder availability, user or third-party access, B2B terms, public-sector access, or data-processing-service switching.

A shared evidence pack is acceptable only if each item states which law it supports. Avoid one blended 'platform data compliance' control that hides the DMA gatekeeper/CPS test or the Data Act data-role test.

DMA interoperability can arise under Article 6(7) for operating-system, virtual-assistant, hardware, and software features, and under Article 7 for number-independent interpersonal communications services. The Commission's interoperability Q&A shows how specification decisions can make this operational for business users and developers.

Data Act interoperability is a separate data and data-processing-services topic; do not use DMA Article 6(7) or Article 7 language unless the service is a designated DMA core platform service.

For DMA, keep records of requests, eligibility decisions, technical interfaces, API documentation, security or integrity justifications, developer communications, and Commission specification materials. For Data Act, keep the switching or data-interoperability record separate.