EU Digital Markets Act Frequently asked questions

A DMA gatekeeper is an undertaking designated by the European Commission because it has a significant impact on the internal market, provides a core platform service that is an important gateway for business users to reach end users, and has or is expected to have an entrenched and durable position.

The quantitative presumption uses three main tests: at least EUR 7.5 billion annual Union turnover in each of the last three financial years or at least EUR 75 billion average market capitalisation or equivalent fair market value in the last financial year; the same core platform service in at least three Member States; and, for that service, at least 45 million monthly active end users in the Union and at least 10,000 yearly active business users in the Union.

The DMA's core platform service categories include online intermediation services, online search engines, online social networking services, video-sharing platform services, number-independent interpersonal communications services, operating systems, web browsers, virtual assistants, cloud computing services, software application stores, and online advertising services.

The designation decision matters: DMA Articles 5, 6 and 7 apply to the gatekeeper with respect to each core platform service listed for that undertaking. Do not assume every product of a gatekeeper is covered in the same way.

Article 5 contains obligations that apply directly to listed core platform services, including restrictions on combining or cross-using personal data without valid consent, anti-steering limits, app-store and payment-choice protections, complaint-access protections, and advertising transparency for advertisers and publishers.

Article 6 contains obligations that can be further specified under Article 8. It covers restrictions on using non-public business-user data to compete with those business users, uninstall and default-choice requirements, third-party app and app-store access, self-preferencing in ranking, switching, interoperability with operating system or virtual assistant features, advertising measurement access, end-user data portability, business-user data access, search-data access, fair access conditions, and termination conditions.

Article 7 addresses interoperability for number-independent interpersonal communications services. Where such a service is listed in the designation decision, the gatekeeper must make specified basic functionalities interoperable with services of another provider offering or intending to offer such services in the Union, upon request and free of charge.

Within six months after designation, a gatekeeper must provide the Commission with a report describing, in a detailed and transparent manner, the measures implemented to ensure compliance with Articles 5, 6 and 7. It must also publish and provide the Commission with a non-confidential summary, then update the report and summary at least annually.

The Commission's Article 11 template asks gatekeepers to report for each designated core platform service and each applicable obligation. It expects a compliance statement, an exhaustive explanation, supporting data, internal documents, implementation dates, product and geographic scope, technical and engineering changes, terms and condition changes, user or business-user consultation, testing, metrics, and reasons where an obligation cannot by nature apply to a service.

Interoperability appears in two important places. Article 6(7) requires free and effective interoperability with, and access for interoperability to, the same hardware and software features controlled through listed operating systems or virtual assistants as are available to the gatekeeper's own services or hardware, subject to strictly necessary and proportionate integrity protections that the gatekeeper justifies. Article 7 separately covers interoperability of listed number-independent interpersonal communications services.

Article 6(10) requires a gatekeeper, on request and free of charge, to provide business users and authorised third parties with effective, high-quality, continuous and real-time access to aggregated and non-aggregated data generated in the context of the relevant core platform service or supporting services by those business users and the end users engaging with their products or services. Personal data access is limited to data directly connected with the end user's use of the relevant business user's products or services and requires end-user opt-in consent.

DMA evidence should prove effective compliance, not only policy intent. The Article 11 template points to concrete evidence categories: implemented measures, supporting data, internal documents, implementation timing, technical and engineering changes, user-interface flows, APIs, terms and condition changes, consultation records, market analysis, A/B testing, user or business-user surveys, consent rates, metrics, and impact evaluation.

Article 13 also matters for evidence because a gatekeeper may not undermine effective compliance through contractual, commercial, technical, interface-design, or other behaviour. Evidence should therefore show that DMA rights are not made unduly difficult to exercise and that choices are not presented in a non-neutral way.

The European Commission enforces the DMA. It can open proceedings, specify measures for effective compliance, adopt non-compliance decisions, order the gatekeeper to cease and desist, and require explanations of how the gatekeeper plans to comply.

For non-compliance with Articles 5, 6 or 7 and specified measures, remedies, interim measures, or binding commitments, the Commission may impose fines up to 10% of the gatekeeper's total worldwide turnover in the preceding financial year. For the same or similar infringement of an Article 5, 6 or 7 obligation for the same core platform service after a non-compliance decision in the preceding eight years, the fine can be up to 20%. The Commission may also impose periodic penalty payments up to 5% of average daily worldwide turnover in the preceding financial year per day to compel compliance with listed DMA decisions or information duties.