FAQ item index

Search every question across sub-FAQs

Find the exact question, open the source answer card, and copy a direct link to the anchored sub-FAQ response.

Indexed coverage
19of19items
Across 5 modules • Updated May 9, 2026
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Back to sub-FAQs
DMA Article 11 Compliance Report Template

What is the DMA Article 11 compliance report template for?

The template turns Article 11's reporting duty into a structured evidence file. For each designated core platform service and each applicable Articles 5 to 7 obligation, the gatekeeper is expected to confirm compliance as of a stated date and explain exhaustively how the measure works.

A useful answer does not stop at saying that a control exists. It identifies the obligation, the service, the pre-designation or post-designation measure, the implementation date, product and geographic scope, technical or engineering changes, customer-experience changes, effects on fees or terms, user consultation, testing, indicators, monitoring systems, and any data-access procedure that third parties use.

  • Create separate standalone annexes for each designated core platform service.
  • For each applicable Articles 5 to 7 obligation, keep a compliance statement, a plain-English measure description, supporting data, and internal documents.
  • Explain why an obligation cannot apply to a core platform service only when that conclusion follows from the obligation's nature, and keep the reasoning separate from Article 9 suspension or Article 10 exemption issues.
  • Keep underlying raw data ready for Commission requests and define metrics clearly enough that a reviewer can reproduce calculations.
Citations
Jump to answerOpen module
DMA Article 11 Compliance Report Template

When should the report be filed and updated?

Article 11 sets the cadence: the first report is due within six months after designation under Article 3, and the report and non-confidential summary must be updated at least annually.

The Commission template also expects change tracking. If a gatekeeper previously submitted a compliance report, the latest report and non-confidential summary should highlight differences from the previous versions, including relevant annexes.

  • Maintain a six-month designation clock for every newly designated gatekeeper or core platform service.
  • Schedule an annual refresh of the full report, annexes, and non-confidential summary.
  • Trigger an interim review when a compliance measure, interface, API, ranking parameter, data flow, consent design, terms, fee structure, or Commission dialogue changes.
  • Keep clean and redline versions so reviewers can see what changed between submissions.
Citations
Jump to answerOpen module
DMA Article 11 Compliance Report Template

What should be public, confidential, and kept as records?

The full compliance report, annexes, and underlying data support the Commission's assessment. Article 11 separately requires a non-confidential summary, and the Commission template says that summary should be self-standing, follow the same structure, cover all sections and sub-sections, and enable third parties to provide meaningful input.

Confidential treatment should be handled deliberately. The template says information may be omitted from the non-confidential summary only if it is a business secret or otherwise confidential, and it asks gatekeepers to use meaningful ranges, baselines, or aggregated data for confidential numerical data rather than redacting entirely.

  • Keep a public-summary version that mirrors the full report structure and gives a faithful picture of every section.
  • Keep a confidential register that explains each redaction, the protected interest, and the replacement range, baseline, or aggregation used in the public summary.
  • Retain evidence for the compliance function: head-of-compliance involvement, monitoring role, management-body reports, risk-of-non-compliance reports, management replies, and approved compliance policies.
  • Keep feedback records from EU business users and end users, grouped by topic when there are more than ten instances, with actions taken and any anonymity or confidentiality request respected in the non-confidential description.
Citations
Jump to answerOpen module
DMA core platform services

What counts as a core platform service under the DMA?

Article 2 of the DMA lists the core platform service categories: online intermediation services, online search engines, online social networking services, video-sharing platform services, number-independent interpersonal communications services, operating systems, web browsers, virtual assistants, cloud computing services, and online advertising services provided by an undertaking that also provides one of the other listed categories.

A service-scope answer should name the category, explain the product boundary, and identify whether the Commission has listed that service in a gatekeeper designation decision. The label used in a product roadmap is not enough; the DMA analysis turns on the Article 2 category and the service that is an important gateway for business users to reach end users.

  • Map the product to one Article 2 category before applying Articles 5 to 7 obligations.
  • Treat advertising separately only where the DMA online-advertising category is supported by the undertaking's other core platform services.
  • Do not collapse integrated products automatically; the Annex says services may be distinct where they are in different categories or used for different purposes.
  • Do not split a service mainly by country-code domain, generic domain, or geographic attribute when calculating active users.
Citations
Jump to answerOpen module
DMA core platform services

Which evidence supports a DMA gatekeeper designation assessment?

Article 3 designates an undertaking as a gatekeeper when it has significant impact on the internal market, provides a core platform service that is an important gateway for business users to reach end users, and has an entrenched and durable position or is expected to have one soon. The quantitative presumption uses business-size evidence plus service-level user evidence.

For the user-gateway presumption, the DMA threshold is at least 45 million monthly active end users established or located in the Union and at least 10,000 yearly active business users established in the Union for the core platform service in the last financial year. The Annex requires unique users to be counted once for the relevant service and period: monthly for active end users and yearly for active business users.

  • Keep the undertaking-level evidence for Union turnover, market capitalisation, or equivalent fair market value and the Member States where the same service is provided.
  • Keep service-level active end-user and active business-user counts with the Annex methodology used for that category.
  • Document duplicate-risk controls for users across devices, platforms, accounts, logged-in and non-logged-in environments.
  • Preserve the notification or designation record for each core platform service that meets the Article 3 thresholds.
  • If a service meets the thresholds but the undertaking argues the presumption should not apply, keep the substantiated rebuttal arguments and Commission response.
Citations
Jump to answerOpen module
DMA core platform services

How should teams scope one core platform service versus another?

The DMA Annex is the most useful scoping control because it explains how active end users and active business users are identified for each category. It also gives boundary rules: services in the same category should not be split mainly by domain name or geography, while services used for different purposes can be treated as distinct even when users overlap.

A good scoping file therefore separates category, user purpose, business-user route to end users, metrics, and designation status. It should also name category-specific counting logic: for example, search uses queries and indexed business websites, operating systems use activated or used devices and developers, and online advertising uses advertisement-impression and advertiser or intermediary interactions.

  • State whether the service is online intermediation, search, social networking, video sharing, messaging, operating system, browser, virtual assistant, cloud computing, or online advertising.
  • Describe end-user activity used for the count, such as login, query, content play, communication, device use, browser address entry, assistant activation, cloud use, or ad impression.
  • Describe business-user activity used for the count, such as listings, transactions, indexed business websites, business accounts, uploaded content, business communications, developer activity, hosted cloud services, or advertiser and publisher interactions.
  • Explain why overlapping users do or do not create one service boundary.
  • Record any renamed, bundled, split, or newly launched service because Article 4 allows designation decisions to be reconsidered, amended, or repealed when facts substantially change.
Citations
Jump to answerOpen module
DMA core platform services

What are the Article 11 reporting implications?

Article 11 reporting is organised by designated core platform service and applicable obligation. The Commission template says each designated gatekeeper must provide a compliance report within 6 months after designation, update it at least annually, and provide separate standalone annexes for each core platform service for which it has been designated.

For each core platform service and each applicable Articles 5 to 7 obligation, the template asks for a compliance statement, an exhaustive explanation of measures, supporting data and internal documents, implementation timing, product and geographic scope, technical and engineering changes, customer-experience changes, remuneration and terms changes, consultation with users or interested parties, testing and indicators, monitoring systems, and feedback from business users or end users.

  • Build one evidence bundle per designated core platform service, not one generic DMA bundle for the undertaking.
  • Map each Articles 5 to 7 obligation to the service and explain any obligation that cannot by nature apply to that service.
  • Keep raw data and calculation explanations ready for Commission requests.
  • Preserve redlines or change summaries for annual report updates.
  • Track the top business-user information requested by the template for each core platform service.
Citations
Jump to answerOpen module
DMA gatekeeper thresholds: what counts and when to notify

What are the DMA gatekeeper thresholds?

Article 3 creates three cumulative gatekeeper requirements and then sets quantitative presumptions for them. For significant internal-market impact, the undertaking is presumed to qualify if it has annual Union turnover of at least EUR 7.5 billion in each of the last three financial years, or average market capitalisation or equivalent fair market value of at least EUR 75 billion in the last financial year, and provides the same core platform service in at least three Member States.

For the gateway requirement, the relevant core platform service must have had, in the last financial year, at least 45 million monthly active end users established or located in the Union and at least 10,000 yearly active business users established in the Union. For the entrenched-and-durable-position presumption, those user thresholds must have been met in each of the last three financial years.

  • Do not aggregate all products together unless the DMA core platform service delineation supports doing so.
  • Check the undertaking-level financial threshold separately from the service-level EU user thresholds.
  • Use the Annex methodology for active end users and active business users before deciding whether Article 3(2)(b) is met.
  • Treat the threshold result as a notification and designation question; only the Commission designates a gatekeeper.
Citations
Jump to answerOpen module
DMA gatekeeper thresholds: what counts and when to notify

What happens after the thresholds are met?

If an undertaking providing core platform services meets all Article 3(2) thresholds, Article 3(3) requires notification to the Commission without delay and within two months after the thresholds are met. The notification must include the relevant threshold information for each core platform service that meets the user threshold.

After receiving complete information, the Commission must designate the undertaking as a gatekeeper without undue delay and at the latest within 45 working days if the thresholds are met. A previously designated gatekeeper must also notify when another core platform service later meets the relevant user and durability thresholds.

  • Prepare one threshold file per relevant core platform service, including any plausible alternative service delineations.
  • Track the two-month notification trigger from the point the Article 3(2) thresholds are met.
  • Keep the completeness review visible because incomplete, incorrect, or misleading information can affect the effective date of the notification.
  • Escalate when an already designated gatekeeper launches or grows another service that may newly meet Article 3(2)(b) and (c).
Citations
Jump to answerOpen module
DMA gatekeeper thresholds: what counts and when to notify

What evidence belongs in Form GD?

Form GD is the notification form for Article 3(3) gatekeeper designation. It asks for information about the notifying undertaking, its corporate structure, the entities operating each core platform service, contact details, and whether the undertaking has already been designated for any core platform services.

For threshold evidence, Form GD requires an exhaustive list of core platform services and plausible alternative delineations, explanations of the boundaries between distinct services, Union turnover for each of the last three financial years, average market capitalisation or equivalent fair market value for the last financial year, Member States where each service is provided, monthly active end users in the Union, yearly active business users in the Union, methodology explanations, and external reports or internal documents relied on for the user figures.

  • Map each product to a DMA core platform service category before calculating users.
  • Document broader and narrower plausible service delineations where the boundary is contestable.
  • Separate undertaking-level financial data from service-level user counts.
  • Attach methodology notes and source documents for Sections 4.1 and 4.2 instead of relying on a spreadsheet total alone.
  • If rebutting the presumption, prepare a separate annex for each distinct core platform service.
Citations
Jump to answerOpen module
DMA gatekeeper thresholds: what counts and when to notify

How should CPS user counts be calculated?

The DMA Annex uses unique users for each core platform service. Active end users are counted once for the relevant service over a month, and active business users are counted once over a year, even if they engage many times during that period. The same person or entity can still be an active user for different core platform services.

Monthly active end users are based on the average number of monthly active end users throughout the largest part of the financial year. Signed-in or logged-in data is treated as the lowest duplication-risk source where it exists; where services are also used outside signed-in environments, the undertaking must also submit aggregate anonymized data based on an alternate metric if those identifiers are objectively necessary for providing the service. Business users are counted at business-account level where that concept applies.

  • Use aggregate anonymized signed-in or logged-in unique-user data where available.
  • Explain how the count avoids under-counting and over-counting across devices and platforms.
  • Identify estimates as estimates and document the best available approximation method.
  • Keep annually recurring events separate from outliers; recurring promotions are not treated as outliers under the Annex explanation.
  • Do not use the Annex as a reason to create new user tracking; the Annex says it is not a legal basis for tracking users.
Citations
Jump to answerOpen module
DMA gatekeeper thresholds: what counts and when to notify

Can a company rebut the gatekeeper presumption?

Yes, but the rebuttal is narrow and evidence-heavy. Article 3(5) allows the undertaking to present sufficiently substantiated arguments showing that, exceptionally, although it meets all Article 3(2) thresholds, the circumstances of the relevant core platform service mean it does not satisfy the Article 3(1) requirements.

The implementing regulation requires those arguments to be filed with the notification in an annex. There must be a separate annex for each distinct core platform service, and the undertaking must identify which Article 3(1) requirement the argument addresses and explain why the corresponding threshold presumption is not satisfied for that service.

  • Do not treat a rebuttal memo as a reason to skip notification when all Article 3(2) thresholds are met.
  • Tie each rebuttal argument to significant impact, gateway function, or entrenched and durable position.
  • Keep rebuttal evidence service-specific rather than relying on group-level narratives.
  • Remember that the Commission may reject insufficiently substantiated arguments that do not manifestly call the presumptions into question.
Citations
Regulation (EU) 2022/1925 - Article 3(5)

Article 3(5) grounds the ability to present sufficiently substantiated arguments against the Article 3(2) presumptions and the Commission's ability to reject weak arguments.

Jump to answerOpen module
DMA interoperability requests: Article 7 and Commission guidance

How should teams handle DMA Article 7 interoperability requests?

First confirm that the request is really an Article 7 request: the gatekeeper must provide a number-independent interpersonal communication service listed in its DMA designation decision, and the requester must be another provider offering or intending to offer such services in the Union.

If that scope test is met, Article 7 requires the gatekeeper to provide the technical interfaces or similar solutions needed for interoperability, upon request and free of charge. The request can cover some or all of the basic functionalities listed in Article 7, and the gatekeeper must render reasonable requested functionalities operational within three months after receiving the request unless the Commission extends time limits on a reasoned gatekeeper request.

  • Record the designated gatekeeper service and confirm whether it is a number-independent interpersonal communication service, such as a listed messaging service.
  • Identify the requester as a provider that offers, or intends to offer, number-independent interpersonal communication services in the Union.
  • Map the requested functionality to Article 7's basic functionality categories: one-to-one text and media sharing, group text and media sharing, or voice and video call functionality where the relevant Article 7 timing applies.
  • Check the gatekeeper's published reference offer for technical details, general terms, security details, and end-to-end encryption information.
  • Keep the requester choice and end-user choice separate: Article 7 preserves end users' freedom to decide whether to use interoperable functionality.
Citations
Regulation (EU) 2022/1925 (Digital Markets Act)

Article 7 defines the messaging-service interoperability obligation, requester category, reference-offer requirement, three-month response rule for reasonable requests, end-user choice, and privacy/security safeguards.

Jump to answerOpen module
DMA interoperability requests: Article 7 and Commission guidance

What evidence should requesters and gatekeepers keep?

The request file should prove the Article 7 scope, the requested functionality, and the security and privacy handling. A requester should be able to show that it is offering or intends to offer a number-independent interpersonal communication service in the Union and that the request maps to Article 7 functionality. A gatekeeper should be able to show how it assessed the request against its reference offer and why any condition, limitation, sequencing decision, or refusal is grounded in the DMA standard.

Gatekeeper compliance evidence should also align with the Commission's Article 11 compliance-report template: for obligations under Articles 5 to 7, gatekeepers are expected to explain measures, scope, technical or engineering changes, security aspects, alternatives considered, and actions taken to protect integrity, security, or privacy.

  • Requester evidence: service description, Union offering or launch intent, requested Article 7 functionality, contact details, and any information needed to assess compatibility with the reference offer.
  • Gatekeeper evidence: designation decision service, current reference offer, receipt date, functionality mapping, reasonableness assessment, implementation status, and whether the three-month operational deadline applies.
  • Security and privacy evidence: the security level offered to the gatekeeper's own users, end-to-end encryption treatment where applicable, strictly necessary personal-data exchange, and any duly justified integrity, security, or privacy measures.
  • Decision evidence: rejection reasons, unmet criteria, extension requests to the Commission if any, and the distinction between Article 7 messaging interoperability and non-DMA commercial integrations.
Citations
Regulation (EU) 2022/1925 (Digital Markets Act)

Article 7 supports the requester/gatekeeper evidence fields because it specifies who may request, what must be published in the reference offer, what data may be exchanged, and what safeguards may be justified.

Jump to answerOpen module
DMA interoperability requests: Article 7 and Commission guidance

How does the Commission's Apple interoperability Q&A affect request handling?

The Commission's Apple interoperability Q&A is important, but it is mainly about Article 6(7) operating-system interoperability for iOS and iPadOS, not Article 7 messaging interoperability. It is still useful because it shows the kind of request-process discipline the Commission expects in a specified interoperability setting: transparent submission guidance, assessment criteria, feedback on proposed solutions, recourse for rejections, tracker visibility, protection of non-public requester information, and public reporting.

Do not copy Apple-specific implementation details into other gatekeepers or services unless the same obligation and source support apply. Use the Q&A as grounded Commission context for Article 6(7) iOS/iPadOS requests and as a caution that interoperability request processes should be explainable, documented, and reviewable.

  • Article 6(7) operating-system or virtual-assistant requests involve access to hardware or software features available to the gatekeeper's own services or hardware.
  • Article 7 requests involve interoperability between number-independent interpersonal communication services and are tied to the gatekeeper's published reference offer.
  • The Commission Q&A says Apple's request process includes clear submission guidance, expected timelines, assessment criteria, feedback before final solutions, appeal or dispute mechanisms, a request tracker, separation of non-public requester information, and annual reporting.
  • Security and integrity safeguards must be tied to the relevant article: Article 6(7) allows strictly necessary and proportionate integrity measures for the operating system, virtual assistant, hardware, or software features; Article 7 allows strictly necessary, proportionate, and duly justified measures for integrity, security, and privacy of messaging services.
Citations
Jump to answerOpen module
What do DMA Articles 5, 6, and 7 require from gatekeepers?

What do DMA Articles 5, 6, and 7 require from gatekeepers?

Article 5 contains direct gatekeeper obligations for the listed core platform services. It covers practices such as combining or cross-using personal data without the required user choice and consent, restricting business users from steering customers to different prices or conditions, blocking access to content or subscriptions bought outside the gatekeeper channel, stopping complaints to public authorities, tying use of the gatekeeper's identification, browser-engine, or payment services, and daily advertising-price transparency for advertisers and publishers.

Article 6 contains obligations that can be further specified under Article 8. It covers product and technical conduct such as using non-public business-user data to compete with those users, uninstall and default-setting choice, installation and use of third-party apps and app stores, ranking self-preferencing, switching restrictions, operating-system or virtual-assistant interoperability, advertising measurement access, data portability, business-user data access, search data access, fair access conditions for app stores, search engines, and social networks, and termination conditions.

Article 7 is narrower: it applies where the gatekeeper provides designated number-independent interpersonal communications services. It requires interoperability for listed basic messaging, file-sharing, group, voice, and video-call functionalities through technical interfaces or similar solutions, while preserving security such as end-to-end encryption where applicable.

  • Do not summarize Articles 5, 6, and 7 as one generic compliance duty; map each obligation to the affected core platform service.
  • Treat Article 5 issues as direct conduct controls, especially data combination, anti-steering, tying, complaints, and advertising transparency.
  • Treat Article 6 issues as product, access, ranking, data, portability, switching, and interoperability controls that may require technical specification.
  • Treat Article 7 as the special interoperability regime for number-independent interpersonal communications services.
Citations
Jump to answerOpen module
What do DMA Articles 5, 6, and 7 require from gatekeepers?

How should product and compliance teams prove these DMA obligations are implemented?

The useful evidence unit is an obligation-by-service record. For each Article 5, 6, or 7 requirement, the record should identify the designated core platform service, the product surface affected, the pre-change state, the implemented measure, the date of implementation, the geographic and product scope, and the supporting data or internal documents.

The Commission's Article 11 compliance-report template asks gatekeepers to explain compliance for each core platform service and each applicable obligation. It also points to evidence that product teams can actually maintain: engineering changes, API or operating-system functionality changes, ranking or advertising-auction parameters, consent forms, choice screens, warning messages, customer journeys, business-user terms, consultation input, testing, indicators, data access policies, retention policies, and security or privacy justifications.

That means a product ticket alone is not enough. The evidence should show both the control and its effect: for example, screenshots or demos for a choice screen, API documentation and access logs for interoperability, ranking-methodology records for self-preferencing controls, consent-rate and refusal handling records for data-combination controls, and advertiser or publisher data-export samples for advertising transparency.

  • Link every measure to a specific Article paragraph, core platform service, owner, implementation artifact, and review trigger.
  • Keep before-and-after evidence where the obligation changes a user journey, business-user term, API, ranking method, payment flow, or data-use policy.
  • Document why any integrity, security, or privacy limit is strictly necessary and proportionate when the DMA text allows such limits.
  • Keep non-applicability explanations separate from implementation evidence; the template allows omission only where the obligation cannot by nature apply to that core platform service.
Citations
Jump to answerOpen module
What do DMA Articles 5, 6, and 7 require from gatekeepers?

How does Article 11 reporting connect to Articles 5, 6, and 7?

Article 11 is the reporting bridge between the legal obligations and operational proof. Within 6 months after designation, the gatekeeper must give the Commission a detailed and transparent report describing the measures implemented to ensure compliance with Articles 5, 6, and 7, publish and provide a non-confidential summary, and update both at least annually.

The Article 11 template makes the report a living evidence register rather than a one-time narrative. Gatekeepers are expected to identify the people responsible for drafting the report, provide a compliance statement for each applicable obligation, explain the supporting data and internal documents, and highlight differences from prior reports when the report is updated.

For visitors assessing readiness, the practical implication is straightforward: if a measure cannot be described in the Article 11 format, it is probably not yet mature enough. A DMA control should have a named service, an obligation reference, a product implementation, data or screenshots that verify the implementation, and a non-confidential version that still gives third parties a meaningful picture.

  • Use Article 11 report sections as the filing structure for Article 5, 6, and 7 implementation evidence.
  • Prepare non-confidential summaries early so business secrets are protected without removing the substance needed for third-party input.
  • Update the report when measures, user journeys, APIs, service scope, rankings, ads data, terms, or evidence indicators materially change.
  • Retain raw data and internal documents so they can be made available if the Commission asks for them.
Citations
Jump to answerOpen module
What do DMA Articles 5, 6, and 7 require from gatekeepers?

What Article 6 and Article 7 interoperability examples are grounded in DMA sources?

Article 6(7) is the general hardware and software interoperability duty for operating systems and virtual assistants listed in a designation decision. The Commission's interoperability Q&A uses Apple iOS and iPadOS as a concrete example: it explains that Apple must provide developers and businesses with free and effective interoperability with hardware and software features controlled by those operating systems.

The same Q&A describes specification decisions for iOS interoperability with third-party connected devices and for the request process used by developers. Examples include access to iOS notifications, background execution, automatic audio switching, wireless file transfers, media casting, NFC reader/writer mode, proximity-triggered pairing, and automatic Wi-Fi connection. The Q&A also describes process evidence such as public guidance, request status tracking, rejection reasons, feedback, dispute steps, reporting metrics, and protection of non-public information received from developers.

Article 7 is separate from that Apple Article 6(7) example. It concerns designated number-independent interpersonal communications services and includes interoperability of basic functions such as end-to-end text messaging, file sharing, group messaging, and voice or video calls, with security and end-user choice preserved.

  • For Article 6(7), keep request intake, technical assessment, API or framework documentation, security justification, feedback, status tracking, and implementation-report evidence.
  • For Article 7, keep the reference offer, technical-interface records, request handling records, security and encryption analysis, personal-data minimisation analysis, and end-user choice evidence.
  • Do not merge Article 6(7) operating-system interoperability with Article 7 messaging-service interoperability; they have different service triggers and evidence needs.
  • Do not treat a security objection as self-proving; the DMA sources require strict necessity, proportionality, and justification where security or integrity limits are used.
Citations
Jump to answerOpen module
Page 1 of 1
Previous1Next