---
title: "DMA vs GDPR: gatekeeper data obligations compared"
canonical_url: "https://www.sorena.io/artifacts/eu/digital-markets-act/dma-vs-gdpr"
source_url: "https://www.sorena.io/artifacts/eu/digital-markets-act/dma-vs-gdpr"
author: "Sorena AI"
description: "Compare DMA gatekeeper obligations with high-level GDPR overlap for consent, combining personal data, data access, portability, and Article 11 reporting."
published_at: "2026-05-09"
updated_at: "2026-05-09"
keywords:
  - "DMA vs GDPR"
  - "Digital Markets Act"
  - "GDPR"
  - "gatekeeper data access"
  - "core platform service"
  - "Article 11 compliance report"
  - "DMA"
  - "gatekeeper"
  - "Article 5"
  - "Article 6"
  - "Article 11"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# DMA vs GDPR: gatekeeper data obligations compared

Compare DMA gatekeeper obligations with high-level GDPR overlap for consent, combining personal data, data access, portability, and Article 11 reporting.

*Comparison* *EU*

## DMA vs GDPR gatekeeper data obligations compared

Use this comparison to separate DMA duties for designated gatekeepers and core platform services from broader GDPR privacy compliance.

Focused on Article 5 consent and personal-data combining, Article 6 data access and portability, Article 8 compliance-by-design, and Article 11 compliance reports.

The DMA and GDPR can touch the same login, consent screen, advertising product, API, or data-sharing request, but they do different jobs. The DMA comparison starts with whether the undertaking is a designated gatekeeper and whether the service is a listed core platform service. GDPR remains relevant to personal-data processing; this page keeps GDPR claims high-level and uses the DMA text only where it expressly refers to GDPR definitions, consent, personal data, or compliance with data-protection rules.

## DMA vs GDPR: concrete differences for platform data work

Use these rows to decide whether a data, consent, advertising, portability, or access issue is a DMA gatekeeper obligation, a GDPR privacy obligation, or both.

- **Digital Markets Act**: DMA duties in this comparison apply to designated gatekeepers for the core platform services listed in their designation decisions.
- **GDPR**: GDPR remains the broader EU data-protection regime for personal-data processing; this page only states GDPR points grounded by the DMA sources.

| Dimension | Digital Markets Act | GDPR | Operational implication | Sources |
| --- | --- | --- | --- | --- |
| Scope boundary | Start with Article 3 designation and the specific core platform service listed for the gatekeeper. The same undertaking may have DMA duties for one listed service and different treatment for another service. | Start with personal-data processing and the organisation's role in that processing. GDPR analysis does not depend on being a DMA gatekeeper. | Run the DMA scope test and the GDPR processing-role test separately before assigning controls or reusing evidence. | [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Supports keeping DMA scope tied to gatekeeper designation while treating GDPR as applicable law for personal-data processing.<br>[European Commission - DMA gatekeepers](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Commission page grounds the current public list of designated gatekeepers and core platform services. |
| Covered actors | Article 5(2) restricts listed practices by gatekeepers: online-advertising processing of third-party-service end-user personal data, combining personal data across services, cross-using personal data across services, and signing users into other gatekeeper services to combine personal data, unless the DMA consent condition is met. | GDPR supplies the referenced meaning of consent and remains relevant to lawful personal-data processing. Do not infer wider GDPR tests from this page beyond the DMA's express references. | A consent screen for a gatekeeper may need both a GDPR privacy review and a DMA Article 5(2) review of the specific gatekeeper practice and user choice. | [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Supports a dual review when a product change changes Article 5(2) practices and personal-data processing. |
| Trigger | Article 6(10) requires the gatekeeper, upon request and free of charge, to provide business users and authorised third parties with effective, high-quality, continuous and real-time access to relevant aggregated and non-aggregated data, including personal data only under the conditions stated in the DMA. | GDPR remains relevant when the data is personal data, including consent where the DMA requires end users to opt in to sharing. | Treat the API, entitlement, consent capture, data-category list, and request log as DMA evidence; link to GDPR records only for personal-data handling. | [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 13(5) grounds the point that required personal-data consent for DMA compliance must respect Union data protection and privacy rules.<br>[European Commission - Resources for businesses under the DMA](https://digital-markets-act.ec.europa.eu/questions-and-answers/resources-businesses_en?ref=sorena.io) - Commission page points businesses to resources for Article 6(10) data access and related gatekeeper materials. |
| Core obligations | Article 6(9) requires effective portability, free of charge, for data provided by the end user or generated through the end user's activity in the relevant core platform service, including tools and continuous real-time access. | GDPR has its own data-portability right, but the DMA source grounds this page only for the DMA Article 6(9) gatekeeper obligation and its relationship to GDPR as applicable law. | Do not satisfy Article 6(9) only by pointing to a generic privacy download page; test whether the relevant CPS data, third-party authorisation flow, and continuous access requirement are covered. | [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - DMA recitals describe Article 6(9) as complementing the GDPR portability right without replacing GDPR.<br>[European Commission - Resources for businesses under the DMA](https://digital-markets-act.ec.europa.eu/questions-and-answers/resources-businesses_en?ref=sorena.io) - Commission page collects public resources for Article 6(9) end-user data portability. |
| Evidence record | Article 11 requires the gatekeeper to provide a detailed and transparent compliance report, a non-confidential summary, and at least annual updates. The Commission template asks for CPS-by-CPS and obligation-by-obligation evidence. | GDPR accountability records may support parts of the evidence, but a GDPR record alone is not an Article 11 report because Article 11 is tied to DMA Articles 5, 6, and 7. | Maintain a mapped evidence pack: CPS, DMA article, implemented measure, product or engineering change, consent or user-journey artifact, data source, indicator, owner, and linked GDPR record if relevant. | [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 8 grounds the need for DMA compliance measures to comply with GDPR where applicable.<br>[European Commission - Article 11 DMA Compliance Report Template Form](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Template details the evidence fields that make the DMA report more specific than a generic privacy accountability record. |
| Timing and deadlines | Articles 5(9), 5(10), and 6(8) create DMA duties for gatekeepers around advertiser and publisher information, performance measuring tools, and data needed for independent verification of advertising inventory. | Where advertising data includes personal data or profiling, GDPR analysis remains a separate privacy workstream. The DMA sources here do not support detailed GDPR advertising tests. | Separate advertising-product evidence into DMA information-access evidence, GDPR privacy evidence, and any commercial confidentiality review. | [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Supports separating DMA advertising-access evidence from personal-data compliance evidence. |
| Enforcement | The Commission is the DMA enforcement authority for gatekeeper obligations, designation, Article 11 reports, specification processes, and non-compliance proceedings. | GDPR enforcement is not described in detail by the DMA grounding used for this page; route privacy escalations through the organisation's GDPR governance and relevant supervisory-authority process. | Avoid penalty tables unless separately grounded. For this page, route DMA issues to the Commission-facing DMA owner and GDPR issues to privacy governance. | [European Commission - DMA legislation](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission legislation page identifies the DMA rules for gatekeeper designation and implementation of obligations and prohibitions.<br>[Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Supports avoiding unsupported GDPR penalty or enforcement comparisons in this DMA-grounded page. |
| Overlap and reuse | Article 13 prohibits conduct that undermines effective compliance with Articles 5, 6, and 7 and specifically addresses making rights or choices unduly difficult or using interface design to subvert user or business-user autonomy. | GDPR review may also examine interfaces for valid consent and transparent processing, but this page only grounds the DMA anti-circumvention requirement and the DMA's references to GDPR consent. | Review consent prompts, choice screens, default settings, request forms, API access, and warning messages for both DMA effectiveness and GDPR privacy requirements where personal data is involved. | [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 5(2) grounds the DMA's reference to GDPR consent for listed personal-data practices.<br>[European Commission - Article 11 DMA Compliance Report Template Form](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Template grounds evidence for user-interface changes, choice screens, consent forms, warning messages, and customer journeys. |
| Practical decision rule | Start with Article 3 designation and the specific core platform service listed for the gatekeeper. The same undertaking may have DMA duties for one listed service and different treatment for another service. | Start with personal-data processing and the organisation's role in that processing. GDPR analysis does not depend on being a DMA gatekeeper. | Run the DMA scope test and the GDPR processing-role test separately before assigning controls or reusing evidence. | [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Supports keeping DMA scope tied to gatekeeper designation while treating GDPR as applicable law for personal-data processing.<br>[European Commission - DMA gatekeepers](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Commission page grounds the current public list of designated gatekeepers and core platform services. |

Sources for Scope boundary - Digital Markets Act:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 3 and Article 2 ground DMA designation and core platform service scope.
  - Quote: "designated as a gatekeeper"
- [European Commission - DMA gatekeepers](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Commission page grounds the current public list of designated gatekeepers and core platform services.
  - Quote: "core platform services"

Sources for Scope boundary - GDPR:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - DMA text references GDPR as the data-protection regime but does not turn GDPR into a gatekeeper-only law.
  - Quote: "Regulation (EU) 2016/679"

Sources for Scope boundary - operational implication:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Supports keeping DMA scope tied to gatekeeper designation while treating GDPR as applicable law for personal-data processing.
  - Quote: "applicable law"

Sources for Covered actors - Digital Markets Act:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 5(2) grounds DMA restrictions on combining, cross-use, advertising processing, sign-in, and consent.
  - Quote: "combine personal data"

Sources for Covered actors - GDPR:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - DMA Article 5(2) cites GDPR consent provisions and preserves certain GDPR legal bases where applicable.
  - Quote: "given consent"

Sources for Covered actors - operational implication:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Supports a dual review when a product change changes Article 5(2) practices and personal-data processing.
  - Quote: "specific choice"

Sources for Trigger - Digital Markets Act:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 6(10) grounds business-user access to aggregated and non-aggregated data and the personal-data opt-in condition.
  - Quote: "effective, high-quality"

Sources for Trigger - GDPR:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 13(5) grounds the point that required personal-data consent for DMA compliance must respect Union data protection and privacy rules.
  - Quote: "required consent"

Sources for Trigger - operational implication:

- [European Commission - Resources for businesses under the DMA](https://digital-markets-act.ec.europa.eu/questions-and-answers/resources-businesses_en?ref=sorena.io) - Commission page points businesses to resources for Article 6(10) data access and related gatekeeper materials.
  - Quote: "Data access"

Sources for Core obligations - Digital Markets Act:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 6(9) grounds the DMA portability obligation for end users and authorised third parties.
  - Quote: "effective portability"

Sources for Core obligations - GDPR:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - DMA recitals describe Article 6(9) as complementing the GDPR portability right without replacing GDPR.
  - Quote: "complements"

Sources for Core obligations - operational implication:

- [European Commission - Resources for businesses under the DMA](https://digital-markets-act.ec.europa.eu/questions-and-answers/resources-businesses_en?ref=sorena.io) - Commission page collects public resources for Article 6(9) end-user data portability.
  - Quote: "data portability"

Sources for Evidence record - Digital Markets Act:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 11 grounds gatekeeper compliance reports, non-confidential summaries, and annual updates.
  - Quote: "update that report"
- [European Commission - Article 11 DMA Compliance Report Template Form](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission template grounds the expected CPS-by-CPS annexes, supporting data, documents, user journeys, engineering changes, indicators, and privacy safeguards.
  - Quote: "supporting data"

Sources for Evidence record - GDPR:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 8 grounds the need for DMA compliance measures to comply with GDPR where applicable.
  - Quote: "applicable law"

Sources for Evidence record - operational implication:

- [European Commission - Article 11 DMA Compliance Report Template Form](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Template details the evidence fields that make the DMA report more specific than a generic privacy accountability record.
  - Quote: "technical/engineering changes"

Sources for Timing and deadlines - Digital Markets Act:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Articles 5(9), 5(10), and 6(8) ground DMA advertising information and measurement-access obligations.
  - Quote: "performance measuring tools"

Sources for Timing and deadlines - GDPR:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - DMA text references GDPR for personal data, profiling, and applicable data-protection compliance.
  - Quote: "profiling"

Sources for Timing and deadlines - operational implication:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Supports separating DMA advertising-access evidence from personal-data compliance evidence.
  - Quote: "online advertising services"

Sources for Enforcement - Digital Markets Act:

- [European Commission - DMA legislation](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission legislation page identifies the DMA rules for gatekeeper designation and implementation of obligations and prohibitions.
  - Quote: "main rules"
- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - DMA text grounds Commission procedures and Article 11 reporting to the Commission.
  - Quote: "provide the Commission"

Sources for Enforcement - GDPR:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - DMA text preserves GDPR as applicable law but this grounding set does not support detailed GDPR enforcement claims.
  - Quote: "without prejudice"

Sources for Enforcement - operational implication:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Supports avoiding unsupported GDPR penalty or enforcement comparisons in this DMA-grounded page.
  - Quote: "Commission"

Sources for Overlap and reuse - Digital Markets Act:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 13 grounds anti-circumvention and interface-design limits tied to DMA rights and choices.
  - Quote: "unduly difficult"

Sources for Overlap and reuse - GDPR:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 5(2) grounds the DMA's reference to GDPR consent for listed personal-data practices.
  - Quote: "consent"

Sources for Overlap and reuse - operational implication:

- [European Commission - Article 11 DMA Compliance Report Template Form](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Template grounds evidence for user-interface changes, choice screens, consent forms, warning messages, and customer journeys.
  - Quote: "customer journey"

Sources for Practical decision rule - Digital Markets Act:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 3 and Article 2 ground DMA designation and core platform service scope.
  - Quote: "designated as a gatekeeper"
- [European Commission - DMA gatekeepers](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Commission page grounds the current public list of designated gatekeepers and core platform services.
  - Quote: "core platform services"

Sources for Practical decision rule - GDPR:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - DMA text references GDPR as the data-protection regime but does not turn GDPR into a gatekeeper-only law.
  - Quote: "Regulation (EU) 2016/679"

Sources for Practical decision rule - operational implication:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Supports keeping DMA scope tied to gatekeeper designation while treating GDPR as applicable law for personal-data processing.
  - Quote: "applicable law"

### How to use the comparison in a product review

- Name the gatekeeper and listed core platform service before applying a DMA row.
- Identify the affected DMA obligation: Article 5 consent and data-combining limits, Article 6 data access or portability, Article 8 compliance demonstration, Article 11 reporting, or Article 13 anti-circumvention.
- Run GDPR analysis separately for the personal-data processing, using privacy records outside this DMA comparison where needed.
- For shared evidence, label the exact DMA article and the exact GDPR record it supports instead of treating one as proof of the other.

Sources for the practical decision rule:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Grounds the article-by-article DMA split used in the product-review bullets.
  - Quote: "Articles 5, 6 and 7"
- [European Commission - Article 11 DMA Compliance Report Template Form](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Grounds the recommendation to keep CPS-by-CPS and obligation-by-obligation evidence for DMA reporting.
  - Quote: "standalone annexes"

## Start with designation and core platform service scope

A DMA analysis is not triggered by every personal-data processing activity. The DMA applies to core platform services provided or offered by gatekeepers to business users established in the Union or end users established or located in the Union.

For a product review, first identify the designated gatekeeper, the exact core platform service listed in the designation decision, and the Article 5, 6, or 7 obligation affected by the change. Then run the GDPR review separately for the personal-data processing affected by the same product change.

- Use the Commission gatekeepers page to confirm current designated gatekeepers and core platform services before relying on a DMA obligation.
- Do not treat GDPR status as a shortcut for DMA scope; a controller or processor can have GDPR duties without being a DMA gatekeeper.
- Do not treat DMA scope as a substitute for GDPR analysis; Article 8 requires DMA compliance measures to comply with applicable law, including GDPR where relevant.

Sources for this answer:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Supports the distinction between DMA gatekeeper/core-platform-service scope and GDPR as applicable data-protection law.
- [European Commission - DMA gatekeepers](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Identifies designated gatekeepers and the Commission's current public list of designated core platform services.

## Where DMA and GDPR overlap on consent and personal data

Article 5(2) is the clearest DMA-GDPR touchpoint. For listed core platform services, it restricts specified gatekeeper practices involving personal data unless the end user is presented with a specific choice and gives consent within the meaning of GDPR consent provisions cited by the DMA.

The DMA text covers four practices: processing third-party-service end-user personal data for online advertising services, combining personal data from the relevant core platform service with other gatekeeper or third-party services, cross-using personal data between services, and signing users into other gatekeeper services in order to combine personal data.

- Build separate evidence for the DMA question: which Article 5(2) practice is being enabled, blocked, or changed for the listed core platform service.
- Build separate privacy evidence for the GDPR question instead of assuming that a DMA consent or access record proves GDPR compliance.
- Where consent is refused or withdrawn for Article 5(2), the DMA says the gatekeeper must not repeat the request for the same purpose more than once within one year.

Sources for this answer:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 5(2) grounds the DMA comparison for combining, cross-using, advertising processing, sign-in, consent, and repeated consent requests.

## Data access and portability are DMA product obligations, not just privacy rights

Article 6 creates operational duties that often require engineering work: access to performance measuring tools and advertising data, end-user data portability, and business-user access to aggregated and non-aggregated data generated in the context of relevant core platform services.

The GDPR comparison should stay precise. GDPR may also govern personal-data processing, but the DMA adds competition-focused duties for gatekeepers to make particular data, tools, APIs, or access channels available in the core-platform-service context.

- Article 6(9) covers effective portability for data provided by the end user or generated through the end user's activity in the relevant core platform service.
- Article 6(10) covers business-user access to aggregated and non-aggregated data, including personal data where the DMA conditions are met and end users opt in to such sharing.
- Use the Commission resources-for-businesses page to find public examples of gatekeeper resources for interoperability, data portability, and data access.

Sources for this answer:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 6 supports the DMA-specific duties for advertising data, end-user portability, and business-user access to data.
- [European Commission - Resources for businesses under the DMA](https://digital-markets-act.ec.europa.eu/questions-and-answers/resources-businesses_en?ref=sorena.io) - Commission page collecting gatekeeper resources for interoperability, end-user data portability, and data access.

## Article 11 reports are the DMA evidence spine

GDPR accountability records and DMA Article 11 reports can share facts, but they should not be merged into one generic evidence file. Article 11 requires every gatekeeper to provide the Commission with a detailed and transparent report describing measures implemented to ensure compliance with Articles 5, 6, and 7, plus a non-confidential summary.

The Commission's Article 11 template turns the comparison into concrete evidence: separate annexes for each core platform service and each applicable obligation, compliance statements, supporting data and internal documents, implementation dates, product and geographic scope, technical and engineering changes, user-interface changes, terms changes, consultation, testing, indicators, and privacy or data-access safeguards where applicable.

- For DMA work, maintain a CPS-by-CPS obligation matrix that maps each Article 5, 6, or 7 duty to implemented measures and supporting data.
- For GDPR work, maintain privacy records in the relevant GDPR system of record and cross-reference them only where they support a DMA compliance measure.
- When a DMA measure changes consent forms, user journeys, privacy policy terms, APIs, ranking parameters, data flows, or data-retention policies, store those artifacts with the Article 11 evidence pack.

Sources for this answer:

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 11 supports the report, non-confidential summary, and annual update obligations for gatekeepers.
- [European Commission - Article 11 DMA Compliance Report Template Form](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission template specifies the minimum information gatekeepers should provide for Article 11 compliance reporting.

*Recommended next step*

*Placement: before sources*

## Separate DMA gatekeeper evidence from GDPR privacy records

Sorena can help structure DMA Article 5, Article 6, and Article 11 evidence so product, legal, privacy, and engineering teams can see where GDPR records support the DMA work and where they do not.

- [Open Research Copilot for DMA](/solutions/research-copilot.md): Ask source-linked questions about DMA gatekeeper obligations, core platform service scope, consent, data access, portability, and Article 11 reporting.
- [Talk through implementation](/contact.md): Review your DMA vs GDPR evidence split, Article 11 reporting inputs, and product-change controls with Sorena.

## Primary sources

- [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Grounds the article-by-article DMA split used in the product-review bullets.
  - Quote: "Articles 5, 6 and 7"
- [European Commission - DMA gatekeepers](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Commission page grounds the current public list of designated gatekeepers and core platform services.
  - Quote: "core platform services"
- [European Commission - Resources for businesses under the DMA](https://digital-markets-act.ec.europa.eu/questions-and-answers/resources-businesses_en?ref=sorena.io) - Commission page collects public resources for Article 6(9) end-user data portability.
  - Quote: "data portability"
- [European Commission - Article 11 DMA Compliance Report Template Form](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Grounds the recommendation to keep CPS-by-CPS and obligation-by-obligation evidence for DMA reporting.
  - Quote: "standalone annexes"
- [European Commission - DMA legislation](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission legislation page identifies the DMA rules for gatekeeper designation and implementation of obligations and prohibitions.
  - Quote: "main rules"

## Related Topic Guides

- [DMA Anti-Circumvention Design Review for Gatekeeper Product Changes](/artifacts/eu/digital-markets-act/anti-circumvention-design-review.md): Review DMA Article 13 anti-circumvention risks in gatekeeper product, interface, contractual, commercial, and technical changes with obligation mapping and evidence records.
- [DMA Article 11 Compliance Report Template FAQ](/artifacts/eu/digital-markets-act/faq/compliance-report-template.md): How gatekeepers should use the DMA Article 11 compliance report template to document obligation-by-obligation measures, evidence, updates, and non-confidential summaries.
- [DMA Article 6 Business User Data Access Guide](/artifacts/eu/digital-markets-act/business-user-data-access.md): Grounded guide to EU Digital Markets Act Article 6 data access for business users, end users, authorised third parties, consent boundaries, and evidence handoffs.
- [DMA Article 6(7) and Article 7 interoperability obligations](/artifacts/eu/digital-markets-act/article-6-7-interoperability.md): Grounded guide to DMA interoperability duties: Article 6(7) operating-system feature access, Article 7 messaging interoperability, request handling, security conditions, and compliance evidence.
- [DMA Articles 5, 6 and 7 obligations mapped to CPS evidence](/artifacts/eu/digital-markets-act/core-obligations-by-obligation.md): Map EU Digital Markets Act Articles 5, 6 and 7 obligations to affected core platform services, product evidence, legal owners, and Article 11 compliance-report artifacts.
- [DMA compliance program and monitoring for gatekeepers](/artifacts/eu/digital-markets-act/compliance-program-and-monitoring.md): Build a DMA compliance program around Article 8 effective compliance, Article 11 reporting evidence, Article 13 anti-circumvention controls, and Article 28 compliance-function governance.
- [DMA Core Platform Service Scoping](/artifacts/eu/digital-markets-act/core-platform-service-scoping-by-service.md): Scope EU Digital Markets Act core platform services by service category, designation evidence, user thresholds, and Form GD service-boundary records.
- [DMA core platform services FAQ](/artifacts/eu/digital-markets-act/faq/core-platform-services.md): FAQ on EU Digital Markets Act core platform services: Article 2 service categories, gatekeeper designation evidence, user thresholds, service scoping, and Article 11 reporting.
- [DMA CPS Obligation Matrix Workflow: Articles 5, 6, 7 and Article 11 Evidence](/artifacts/eu/digital-markets-act/cps-obligation-matrix-workflow.md): Build a DMA core platform service obligation matrix that links each designated CPS to Articles 5, 6 and 7 duties, product owners, designation evidence, Article 11 report artifacts and review gates.
- [DMA designation intake workflow for gatekeeper notifications](/artifacts/eu/digital-markets-act/designation-intake-workflow.md): Build a grounded DMA designation intake record covering core platform service classification, Article 3 thresholds, Form GD evidence, Commission handoff, and Article 11 readiness.
- [DMA enforcement, penalties, and remedies: Commission powers and evidence](/artifacts/eu/digital-markets-act/enforcement-penalties-and-remedies.md): EU Digital Markets Act enforcement guide covering Commission non-compliance decisions, DMA fine caps, periodic penalty payments, remedies, interim measures, commitments, and Article 11 evidence.
- [DMA Gatekeeper Compliance Checklist for Articles 5, 6, 7 and 11](/artifacts/eu/digital-markets-act/gatekeeper-compliance-checklist.md): A grounded EU Digital Markets Act checklist for designated gatekeepers: core platform service scope, Article 5/6/7 controls, Article 11 report evidence, anti-circumvention checks, and review gates.
- [DMA Gatekeeper Designation Guide: Article 3 thresholds, Form GD, and Article 11 readiness](/artifacts/eu/digital-markets-act/gatekeeper-designation-guide.md): A grounded EU Digital Markets Act guide for assessing Article 3 gatekeeper thresholds, scoping core platform services, preparing Form GD evidence, handling rebuttal annexes, and planning Article 11 compliance reporting.
- [DMA gatekeeper thresholds: what counts and when to notify](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md): Standalone FAQ on the EU Digital Markets Act gatekeeper thresholds, Article 3 notification timing, Form GD evidence, and active user-count methodology.
- [DMA interoperability requests: Article 7 and Commission guidance](/artifacts/eu/digital-markets-act/faq/interoperability-requests.md): How EU Digital Markets Act interoperability requests work for Article 7 messaging services, Article 6(7) operating-system access, gatekeeper evidence, requester evidence, and security safeguards.
- [DMA penalties and fines: caps, triggers, and enforcement evidence](/artifacts/eu/digital-markets-act/penalties-and-fines.md): EU Digital Markets Act penalties guide covering Article 30 fine caps, Article 31 periodic penalty payments, non-compliance decisions, remedies, and evidence records.
- [DMA Product Change Review Workflow for Articles 5, 6, 7, 11 and 13](/artifacts/eu/digital-markets-act/product-change-review-workflow.md): Review DMA-relevant product releases for Article 5, Article 6, Article 7, anti-circumvention, Article 11 evidence, and product-owner/legal signoff.
- [DMA Self-Preferencing Compliance Examples for Ranking and Display](/artifacts/eu/digital-markets-act/self-preferencing-compliance-examples.md): Examples and release-review controls for DMA Article 6(5) self-preferencing checks across ranking, indexing, crawling, search results, marketplaces, app stores, feeds, and virtual assistants.
- [DMA vs Data Act: gatekeeper duties compared with EU data-sharing rules](/artifacts/eu/digital-markets-act/dma-vs-data-act.md): Compare the EU Digital Markets Act and EU Data Act by scope, actors, data access, interoperability, reporting, evidence, and enforcement without merging distinct obligations.
- [DMA vs DSA: Digital Markets vs Services Act](/artifacts/eu/digital-markets-act/dma-vs-dsa.md): A grounded comparison of the DMA and DSA focused on gatekeepers, core platform services, DMA obligations, Article 11 reporting, interoperability, data access, and enforcement.
- [DMA vs EU competition law: gatekeeper obligations, Article 11 evidence, and enforcement](/artifacts/eu/digital-markets-act/dma-vs-eu-competition-law.md): Compare the EU Digital Markets Act with EU competition law: ex ante gatekeeper and core platform service duties, Articles 5 to 7, Article 11 reports, penalties, and evidence records.
- [EU Digital Markets Act Article 11 Evidence Calendar](/artifacts/eu/digital-markets-act/annual-report-evidence-calendar.md): Build a source-grounded DMA Article 11 compliance report calendar with evidence owners, annual update checkpoints, report sections, and review gates.
- [EU Digital Markets Act checklist for gatekeeper compliance](/artifacts/eu/digital-markets-act/checklist.md): A source-grounded DMA checklist for designated gatekeepers and core platform services, covering scope, Articles 5, 6 and 7 obligations, Article 11 reporting, evidence, anti-circumvention, and governance.
- [EU Digital Markets Act compliance: gatekeeper obligations and evidence](/artifacts/eu/digital-markets-act/compliance.md): DMA compliance guide for designated gatekeepers: core platform service scoping, Articles 5, 6 and 7 controls, Article 11 reports, anti-circumvention checks, interoperability evidence, and enforcement risk.
- [EU Digital Markets Act deadlines and compliance calendar](/artifacts/eu/digital-markets-act/deadlines-and-compliance-calendar.md): Track DMA notification, designation, six-month obligation start, Article 11 reporting, Article 14 concentration notices, Article 15 profiling audits, and preparation milestones using official EU sources.
- [EU Digital Markets Act FAQ: gatekeepers, DMA obligations, reports, and enforcement](/artifacts/eu/digital-markets-act/faq.md): Concise FAQ on the EU Digital Markets Act for gatekeeper designation, core platform services, Articles 5, 6 and 7 obligations, Article 11 reports, interoperability, business-user data access, compliance evidence, and enforcement.
- [EU Digital Markets Act requirements for gatekeepers](/artifacts/eu/digital-markets-act/requirements.md): DMA requirements for designated gatekeepers: core platform service scope, Articles 5, 6 and 7 obligations, Article 11 reporting, anti-circumvention, evidence, remedies, and fines.
- [EU Digital Markets Act Timeline and Key Milestones: practical obligations and evidence guide](/artifacts/eu/digital-markets-act/timeline-and-key-milestones.md): Practical EU Digital Markets Act guide to Timeline and Key Milestones: scope, owners, evidence, edge cases, checklist steps, and external source-linked citations.
- [EU DMA Applicability Test: gatekeeper thresholds, core platform services, and evidence](/artifacts/eu/digital-markets-act/applicability-test.md): Test whether the EU Digital Markets Act may apply to a platform service using the DMA gatekeeper criteria, core platform service categories, EU user thresholds, notification steps, and evidence records.
- [EU DMA Article 11 Compliance Reporting Guide](/artifacts/eu/digital-markets-act/article-11-reporting.md): Source-grounded guide to EU Digital Markets Act Article 11 compliance reports: report purpose, template evidence, non-confidential summaries, annual updates, and submission steps.
- [EU DMA do's and don'ts for product teams](/artifacts/eu/digital-markets-act/dos-and-donts-for-product-teams.md): Product release checks for designated DMA gatekeepers: Article 5, 6 and 7 obligations, anti-circumvention review, data access, interoperability, self-preferencing and Article 11 evidence.
- [What do DMA Articles 5, 6, and 7 require from gatekeepers?](/artifacts/eu/digital-markets-act/faq/articles-5-6-and-7-obligations.md): FAQ explaining how EU Digital Markets Act Articles 5, 6, and 7 group gatekeeper obligations, what product evidence they require, and how Article 11 reporting connects.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/eu/digital-markets-act/dma-vs-gdpr