--- title: "EU Digital Markets Act FAQ: gatekeepers, DMA obligations, reports, and enforcement" canonical_url: "https://www.sorena.io/artifacts/eu/digital-markets-act/faq" source_url: "https://www.sorena.io/artifacts/eu/digital-markets-act/faq/items" author: "Sorena AI" description: "Concise FAQ on the EU Digital Markets Act for gatekeeper designation, core platform services, Articles 5, 6 and 7 obligations, Article 11 reports, interoperability, business-user data access, compliance evidence, and enforcement." published_at: "2026-05-09" updated_at: "2026-05-09" keywords: - "EU Digital Markets Act" - "DMA FAQ" - "gatekeepers" - "core platform services" - "Article 5" - "Article 6" - "Article 7" - "Article 11 compliance report" - "Article 11 reports" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # EU Digital Markets Act FAQ: gatekeepers, DMA obligations, reports, and enforcement Concise FAQ on the EU Digital Markets Act for gatekeeper designation, core platform services, Articles 5, 6 and 7 obligations, Article 11 reports, interoperability, business-user data access, compliance evidence, and enforcement. *Artifact Guide* *EU* ## EU Digital Markets Act Frequently asked questions Answers to the core DMA questions visitors ask about gatekeepers, core platform services, Articles 5, 6 and 7 obligations, Article 11 reporting, interoperability, business-user data access, compliance evidence, and enforcement. Use this page to orient product, legal, policy, engineering, and compliance work before reading the full legal text or a specific Commission designation decision. The EU Digital Markets Act applies to undertakings designated by the European Commission as gatekeepers for listed core platform services. This FAQ gives concise, grounded answers on designation thresholds, covered services, Articles 5, 6 and 7 duties, Article 11 compliance reports, interoperability, data access, evidence, and enforcement. ## Browse sub-FAQ modules ### [DMA Article 11 Compliance Report Template FAQ](/artifacts/eu/digital-markets-act/faq/compliance-report-template.md) How gatekeepers should use the DMA Article 11 compliance report template to document obligation-by-obligation measures, evidence, updates, and non-confidential summaries. - 3 items ### [DMA core platform services FAQ](/artifacts/eu/digital-markets-act/faq/core-platform-services.md) FAQ on EU Digital Markets Act core platform services: Article 2 service categories, gatekeeper designation evidence, user thresholds, service scoping, and Article 11 reporting. - 4 items ### [DMA gatekeeper thresholds: what counts and when to notify](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md) Standalone FAQ on the EU Digital Markets Act gatekeeper thresholds, Article 3 notification timing, Form GD evidence, and active user-count methodology. - 5 items ### [DMA interoperability requests: Article 7 and Commission guidance](/artifacts/eu/digital-markets-act/faq/interoperability-requests.md) How EU Digital Markets Act interoperability requests work for Article 7 messaging services, Article 6(7) operating-system access, gatekeeper evidence, requester evidence, and security safeguards. - 3 items ### [What do DMA Articles 5, 6, and 7 require from gatekeepers?](/artifacts/eu/digital-markets-act/faq/articles-5-6-and-7-obligations.md) FAQ explaining how EU Digital Markets Act Articles 5, 6, and 7 group gatekeeper obligations, what product evidence they require, and how Article 11 reporting connects. - 4 items Browse all indexed questions: [/artifacts/eu/digital-markets-act/faq/items](/artifacts/eu/digital-markets-act/faq/items.md) ## All FAQ items *Page 1 of 1. Showing 19 of 19 items.* ### [What is the DMA Article 11 compliance report template for?](/artifacts/eu/digital-markets-act/faq/compliance-report-template.md#what-is-the-dma-article-11-compliance-report-template-for) *Module: [DMA Article 11 Compliance Report Template](/artifacts/eu/digital-markets-act/faq/compliance-report-template.md)* The template turns Article 11's reporting duty into a structured evidence file. For each designated core platform service and each applicable Articles 5 to 7 obligation, the gatekeeper is expected to confirm compliance as of a stated date and explain exhaustively how the measure works. - Create separate standalone annexes for each designated core platform service. - For each applicable Articles 5 to 7 obligation, keep a compliance statement, a plain-English measure description, supporting data, and internal documents. - Explain why an obligation cannot apply to a core platform service only when that conclusion follows from the obligation's nature, and keep the reasoning separate from Article 9 suspension or Article 10 exemption issues. - Keep underlying raw data ready for Commission requests and define metrics clearly enough that a reviewer can reproduce calculations. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 11 requires a report on measures implemented for Articles 5, 6, and 7 and requires a non-confidential summary. - [European Commission - Article 11 DMA Compliance Report Template Form](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission template source for the report structure, required annexes, compliance statements, evidence fields, testing, indicators, and declaration. ### [When should the report be filed and updated?](/artifacts/eu/digital-markets-act/faq/compliance-report-template.md#when-should-the-report-be-filed-and-updated) *Module: [DMA Article 11 Compliance Report Template](/artifacts/eu/digital-markets-act/faq/compliance-report-template.md)* Article 11 sets the cadence: the first report is due within six months after designation under Article 3, and the report and non-confidential summary must be updated at least annually. - Maintain a six-month designation clock for every newly designated gatekeeper or core platform service. - Schedule an annual refresh of the full report, annexes, and non-confidential summary. - Trigger an interim review when a compliance measure, interface, API, ranking parameter, data flow, consent design, terms, fee structure, or Commission dialogue changes. - Keep clean and redline versions so reviewers can see what changed between submissions. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 11 provides the six-month initial reporting deadline and the annual update requirement. - [European Commission - Article 11 DMA Compliance Report Template Form](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - The template explains redline-style change tracking and says specification discussions do not remove the reporting obligation. ### [What should be public, confidential, and kept as records?](/artifacts/eu/digital-markets-act/faq/compliance-report-template.md#what-should-be-public-confidential-and-kept-as-records) *Module: [DMA Article 11 Compliance Report Template](/artifacts/eu/digital-markets-act/faq/compliance-report-template.md)* The full compliance report, annexes, and underlying data support the Commission's assessment. Article 11 separately requires a non-confidential summary, and the Commission template says that summary should be self-standing, follow the same structure, cover all sections and sub-sections, and enable third parties to provide meaningful input. - Keep a public-summary version that mirrors the full report structure and gives a faithful picture of every section. - Keep a confidential register that explains each redaction, the protected interest, and the replacement range, baseline, or aggregation used in the public summary. - Retain evidence for the compliance function: head-of-compliance involvement, monitoring role, management-body reports, risk-of-non-compliance reports, management replies, and approved compliance policies. - Keep feedback records from EU business users and end users, grouped by topic when there are more than ten instances, with actions taken and any anonymity or confidentiality request respected in the non-confidential description. Sources for this answer: - [European Commission - Article 11 DMA Compliance Report Template Form](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - The template supports the non-confidential-summary structure, confidentiality approach, compliance-function records, feedback records, and declaration fields. - [European Commission - Further information about the DMA](https://digital-markets-act.ec.europa.eu/questions-and-answers/further-information-about-dma_en?ref=sorena.io) - Commission Q&A explains how confidential information and business secrets are identified and handled in DMA enforcement access-to-file processes. - [European Commission - DMA gatekeepers page](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Commission gatekeeper page links designated gatekeepers, core platform services, and published compliance-report materials. ### [What counts as a core platform service under the DMA?](/artifacts/eu/digital-markets-act/faq/core-platform-services.md#what-counts-as-a-core-platform-service-under-the-dma) *Module: [DMA core platform services](/artifacts/eu/digital-markets-act/faq/core-platform-services.md)* Article 2 of the DMA lists the core platform service categories: online intermediation services, online search engines, online social networking services, video-sharing platform services, number-independent interpersonal communications services, operating systems, web browsers, virtual assistants, cloud computing services, and online advertising services provided by an undertaking that also provides one of the other listed categories. - Map the product to one Article 2 category before applying Articles 5 to 7 obligations. - Treat advertising separately only where the DMA online-advertising category is supported by the undertaking's other core platform services. - Do not collapse integrated products automatically; the Annex says services may be distinct where they are in different categories or used for different purposes. - Do not split a service mainly by country-code domain, generic domain, or geographic attribute when calculating active users. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 2 lists the DMA core platform service categories and Article 3 links listed services to gatekeeper designation. - [European Commission - DMA gatekeepers](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Commission page identifying designated gatekeepers and their listed core platform services. ### [Which evidence supports a DMA gatekeeper designation assessment?](/artifacts/eu/digital-markets-act/faq/core-platform-services.md#which-evidence-supports-a-dma-gatekeeper-designation-assessment) *Module: [DMA core platform services](/artifacts/eu/digital-markets-act/faq/core-platform-services.md)* Article 3 designates an undertaking as a gatekeeper when it has significant impact on the internal market, provides a core platform service that is an important gateway for business users to reach end users, and has an entrenched and durable position or is expected to have one soon. The quantitative presumption uses business-size evidence plus service-level user evidence. - Keep the undertaking-level evidence for Union turnover, market capitalisation, or equivalent fair market value and the Member States where the same service is provided. - Keep service-level active end-user and active business-user counts with the Annex methodology used for that category. - Document duplicate-risk controls for users across devices, platforms, accounts, logged-in and non-logged-in environments. - Preserve the notification or designation record for each core platform service that meets the Article 3 thresholds. - If a service meets the thresholds but the undertaking argues the presumption should not apply, keep the substantiated rebuttal arguments and Commission response. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 3 provides the gatekeeper designation criteria, quantitative thresholds, notification rule, and service listing rule. - [European Commission - DMA gatekeepers](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Commission page with current designation examples and case links for listed gatekeepers and core platform services. ### [How should teams scope one core platform service versus another?](/artifacts/eu/digital-markets-act/faq/core-platform-services.md#how-should-teams-scope-one-core-platform-service-versus-another) *Module: [DMA core platform services](/artifacts/eu/digital-markets-act/faq/core-platform-services.md)* The DMA Annex is the most useful scoping control because it explains how active end users and active business users are identified for each category. It also gives boundary rules: services in the same category should not be split mainly by domain name or geography, while services used for different purposes can be treated as distinct even when users overlap. - State whether the service is online intermediation, search, social networking, video sharing, messaging, operating system, browser, virtual assistant, cloud computing, or online advertising. - Describe end-user activity used for the count, such as login, query, content play, communication, device use, browser address entry, assistant activation, cloud use, or ad impression. - Describe business-user activity used for the count, such as listings, transactions, indexed business websites, business accounts, uploaded content, business communications, developer activity, hosted cloud services, or advertiser and publisher interactions. - Explain why overlapping users do or do not create one service boundary. - Record any renamed, bundled, split, or newly launched service because Article 4 allows designation decisions to be reconsidered, amended, or repealed when facts substantially change. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - The Annex sets active-user counting methodology and service-boundary rules for core platform services. ### [What are the Article 11 reporting implications?](/artifacts/eu/digital-markets-act/faq/core-platform-services.md#what-are-the-article-11-reporting-implications) *Module: [DMA core platform services](/artifacts/eu/digital-markets-act/faq/core-platform-services.md)* Article 11 reporting is organised by designated core platform service and applicable obligation. The Commission template says each designated gatekeeper must provide a compliance report within 6 months after designation, update it at least annually, and provide separate standalone annexes for each core platform service for which it has been designated. - Build one evidence bundle per designated core platform service, not one generic DMA bundle for the undertaking. - Map each Articles 5 to 7 obligation to the service and explain any obligation that cannot by nature apply to that service. - Keep raw data and calculation explanations ready for Commission requests. - Preserve redlines or change summaries for annual report updates. - Track the top business-user information requested by the template for each core platform service. Sources for this answer: - [European Commission - Article 11 DMA compliance report template](https://digital-markets-act.ec.europa.eu/about-dma/practical-information_en?ref=sorena.io) - Commission practical-information page hosting the Article 11 compliance report template and related DMA reporting materials. - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 11 requires gatekeepers to report implemented compliance measures and update the report at least annually. ### [What are the DMA gatekeeper thresholds?](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md#what-are-the-dma-gatekeeper-thresholds) *Module: [DMA gatekeeper thresholds: what counts and when to notify](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md)* Article 3 creates three cumulative gatekeeper requirements and then sets quantitative presumptions for them. For significant internal-market impact, the undertaking is presumed to qualify if it has annual Union turnover of at least EUR 7.5 billion in each of the last three financial years, or average market capitalisation or equivalent fair market value of at least EUR 75 billion in the last financial year, and provides the same core platform service in at least three Member States. - Do not aggregate all products together unless the DMA core platform service delineation supports doing so. - Check the undertaking-level financial threshold separately from the service-level EU user thresholds. - Use the Annex methodology for active end users and active business users before deciding whether Article 3(2)(b) is met. - Treat the threshold result as a notification and designation question; only the Commission designates a gatekeeper. Sources for this answer: - [Regulation (EU) 2022/1925 - Article 3 gatekeeper designation](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Supports the three Article 3 designation requirements, the financial and user threshold presumptions, the two-month notification rule, and the Commission designation timing. - [European Commission - DMA legislation](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission overview linking the DMA text, the procedural implementing regulation, Form GD, and designation-process materials. ### [What happens after the thresholds are met?](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md#what-happens-after-the-thresholds-are-met) *Module: [DMA gatekeeper thresholds: what counts and when to notify](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md)* If an undertaking providing core platform services meets all Article 3(2) thresholds, Article 3(3) requires notification to the Commission without delay and within two months after the thresholds are met. The notification must include the relevant threshold information for each core platform service that meets the user threshold. - Prepare one threshold file per relevant core platform service, including any plausible alternative service delineations. - Track the two-month notification trigger from the point the Article 3(2) thresholds are met. - Keep the completeness review visible because incomplete, incorrect, or misleading information can affect the effective date of the notification. - Escalate when an already designated gatekeeper launches or grows another service that may newly meet Article 3(2)(b) and (c). Sources for this answer: - [Regulation (EU) 2022/1925 - Article 3 notification and designation](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 3(3) and 3(4) ground the notification obligation, the two-month notification period, and the 45-working-day designation period after complete information. - [Commission Implementing Regulation (EU) 2023/814](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A32023R0814&ref=sorena.io) - Procedural regulation explaining notification content, completeness, substantiated arguments, business-secret handling, language, authorisation, and effective-date rules. ### [What evidence belongs in Form GD?](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md#what-evidence-belongs-in-form-gd) *Module: [DMA gatekeeper thresholds: what counts and when to notify](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md)* Form GD is the notification form for Article 3(3) gatekeeper designation. It asks for information about the notifying undertaking, its corporate structure, the entities operating each core platform service, contact details, and whether the undertaking has already been designated for any core platform services. - Map each product to a DMA core platform service category before calculating users. - Document broader and narrower plausible service delineations where the boundary is contestable. - Separate undertaking-level financial data from service-level user counts. - Attach methodology notes and source documents for Sections 4.1 and 4.2 instead of relying on a spreadsheet total alone. - If rebutting the presumption, prepare a separate annex for each distinct core platform service. Sources for this answer: - [Commission Implementing Regulation (EU) 2023/814 - Form GD](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A32023R0814&ref=sorena.io) - Annex I Form GD grounds the undertaking, core-platform-service, financial, user-count, methodology, document-support, declaration, and rebuttal-annex evidence fields. - [European Commission - DMA legislation](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission legislation page identifies Form GD as the notification form potential gatekeepers use when providing figures in the designation process. ### [How should CPS user counts be calculated?](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md#how-should-cps-user-counts-be-calculated) *Module: [DMA gatekeeper thresholds: what counts and when to notify](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md)* The DMA Annex uses unique users for each core platform service. Active end users are counted once for the relevant service over a month, and active business users are counted once over a year, even if they engage many times during that period. The same person or entity can still be an active user for different core platform services. - Use aggregate anonymized signed-in or logged-in unique-user data where available. - Explain how the count avoids under-counting and over-counting across devices and platforms. - Identify estimates as estimates and document the best available approximation method. - Keep annually recurring events separate from outliers; recurring promotions are not treated as outliers under the Annex explanation. - Do not use the Annex as a reason to create new user tracking; the Annex says it is not a legal basis for tracking users. Sources for this answer: - [Regulation (EU) 2022/1925 - Annex user-count methodology](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - The Annex grounds the unique-user approach, monthly and yearly counting periods, signed-in and alternate metrics, outlier treatment, and responsibility for complete and accurate user-count submissions. - [Commission Implementing Regulation (EU) 2023/814 - Form GD Section 4](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A32023R0814&ref=sorena.io) - Form GD Section 4 requires service-by-service active end-user and active business-user figures for the last three financial years, methodology explanations, and supporting documents. ### [Can a company rebut the gatekeeper presumption?](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md#can-a-company-rebut-the-gatekeeper-presumption) *Module: [DMA gatekeeper thresholds: what counts and when to notify](/artifacts/eu/digital-markets-act/faq/gatekeeper-thresholds.md)* Yes, but the rebuttal is narrow and evidence-heavy. Article 3(5) allows the undertaking to present sufficiently substantiated arguments showing that, exceptionally, although it meets all Article 3(2) thresholds, the circumstances of the relevant core platform service mean it does not satisfy the Article 3(1) requirements. - Do not treat a rebuttal memo as a reason to skip notification when all Article 3(2) thresholds are met. - Tie each rebuttal argument to significant impact, gateway function, or entrenched and durable position. - Keep rebuttal evidence service-specific rather than relying on group-level narratives. - Remember that the Commission may reject insufficiently substantiated arguments that do not manifestly call the presumptions into question. Sources for this answer: - [Regulation (EU) 2022/1925 - Article 3(5)](https://eur-lex.europa.eu/eli/reg/2022/1925/2022-10-12/eng?ref=sorena.io) - Article 3(5) grounds the ability to present sufficiently substantiated arguments against the Article 3(2) presumptions and the Commission's ability to reject weak arguments. - [Commission Implementing Regulation (EU) 2023/814 - substantiated arguments annex](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A32023R0814&ref=sorena.io) - Article 2(3) and Annex II ground the separate-annex requirement and the 30-page limit for Article 3(5) substantiated arguments per distinct core platform service. ### [How should teams handle DMA Article 7 interoperability requests?](/artifacts/eu/digital-markets-act/faq/interoperability-requests.md#how-should-teams-handle-dma-article-7-interoperability-requests) *Module: [DMA interoperability requests: Article 7 and Commission guidance](/artifacts/eu/digital-markets-act/faq/interoperability-requests.md)* First confirm that the request is really an Article 7 request: the gatekeeper must provide a number-independent interpersonal communication service listed in its DMA designation decision, and the requester must be another provider offering or intending to offer such services in the Union. - Record the designated gatekeeper service and confirm whether it is a number-independent interpersonal communication service, such as a listed messaging service. - Identify the requester as a provider that offers, or intends to offer, number-independent interpersonal communication services in the Union. - Map the requested functionality to Article 7's basic functionality categories: one-to-one text and media sharing, group text and media sharing, or voice and video call functionality where the relevant Article 7 timing applies. - Check the gatekeeper's published reference offer for technical details, general terms, security details, and end-to-end encryption information. - Keep the requester choice and end-user choice separate: Article 7 preserves end users' freedom to decide whether to use interoperable functionality. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 7 defines the messaging-service interoperability obligation, requester category, reference-offer requirement, three-month response rule for reasonable requests, end-user choice, and privacy/security safeguards. - [European Commission - DMA gatekeepers](https://digital-markets-act.ec.europa.eu/gatekeepers_en?ref=sorena.io) - Commission page identifying designated gatekeepers and core platform services, including services that may be relevant to an Article 7 scope check. ### [What evidence should requesters and gatekeepers keep?](/artifacts/eu/digital-markets-act/faq/interoperability-requests.md#what-evidence-should-requesters-and-gatekeepers-keep) *Module: [DMA interoperability requests: Article 7 and Commission guidance](/artifacts/eu/digital-markets-act/faq/interoperability-requests.md)* The request file should prove the Article 7 scope, the requested functionality, and the security and privacy handling. A requester should be able to show that it is offering or intends to offer a number-independent interpersonal communication service in the Union and that the request maps to Article 7 functionality. A gatekeeper should be able to show how it assessed the request against its reference offer and why any condition, limitation, sequencing decision, or refusal is grounded in the DMA standard. - Requester evidence: service description, Union offering or launch intent, requested Article 7 functionality, contact details, and any information needed to assess compatibility with the reference offer. - Gatekeeper evidence: designation decision service, current reference offer, receipt date, functionality mapping, reasonableness assessment, implementation status, and whether the three-month operational deadline applies. - Security and privacy evidence: the security level offered to the gatekeeper's own users, end-to-end encryption treatment where applicable, strictly necessary personal-data exchange, and any duly justified integrity, security, or privacy measures. - Decision evidence: rejection reasons, unmet criteria, extension requests to the Commission if any, and the distinction between Article 7 messaging interoperability and non-DMA commercial integrations. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 7 supports the requester/gatekeeper evidence fields because it specifies who may request, what must be published in the reference offer, what data may be exchanged, and what safeguards may be justified. - [European Commission - Article 11 DMA compliance report template](https://digital-markets-act.ec.europa.eu/about-dma/practical-information_en?ref=sorena.io#templates) - Commission template context for gatekeeper evidence on Articles 5 to 7 compliance, including technical changes, security aspects, alternatives considered, and integrity, security, or privacy measures. ### [How does the Commission's Apple interoperability Q&A affect request handling?](/artifacts/eu/digital-markets-act/faq/interoperability-requests.md#how-does-the-commissions-apple-interoperability-qa-affect-request-handling) *Module: [DMA interoperability requests: Article 7 and Commission guidance](/artifacts/eu/digital-markets-act/faq/interoperability-requests.md)* The Commission's Apple interoperability Q&A is important, but it is mainly about Article 6(7) operating-system interoperability for iOS and iPadOS, not Article 7 messaging interoperability. It is still useful because it shows the kind of request-process discipline the Commission expects in a specified interoperability setting: transparent submission guidance, assessment criteria, feedback on proposed solutions, recourse for rejections, tracker visibility, protection of non-public requester information, and public reporting. - Article 6(7) operating-system or virtual-assistant requests involve access to hardware or software features available to the gatekeeper's own services or hardware. - Article 7 requests involve interoperability between number-independent interpersonal communication services and are tied to the gatekeeper's published reference offer. - The Commission Q&A says Apple's request process includes clear submission guidance, expected timelines, assessment criteria, feedback before final solutions, appeal or dispute mechanisms, a request tracker, separation of non-public requester information, and annual reporting. - Security and integrity safeguards must be tied to the relevant article: Article 6(7) allows strictly necessary and proportionate integrity measures for the operating system, virtual assistant, hardware, or software features; Article 7 allows strictly necessary, proportionate, and duly justified measures for integrity, security, and privacy of messaging services. Sources for this answer: - [European Commission - DMA interoperability questions and answers](https://digital-markets-act.ec.europa.eu/questions-and-answers/interoperability_en?ref=sorena.io) - Commission Q&A on Apple Article 6(7) iOS and iPadOS interoperability, including the request-based process, developer feedback, rejection handling, tracker, information separation, and reporting. - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - DMA text distinguishing Article 6(7) operating-system and virtual-assistant interoperability from Article 7 messaging-service interoperability. ### [What do DMA Articles 5, 6, and 7 require from gatekeepers?](/artifacts/eu/digital-markets-act/faq/articles-5-6-and-7-obligations.md#what-do-dma-articles-5-6-and-7-require-from-gatekeepers) *Module: [What do DMA Articles 5, 6, and 7 require from gatekeepers?](/artifacts/eu/digital-markets-act/faq/articles-5-6-and-7-obligations.md)* Article 5 contains direct gatekeeper obligations for the listed core platform services. It covers practices such as combining or cross-using personal data without the required user choice and consent, restricting business users from steering customers to different prices or conditions, blocking access to content or subscriptions bought outside the gatekeeper channel, stopping complaints to public authorities, tying use of the gatekeeper's identification, browser-engine, or payment services, and daily advertising-price transparency for advertisers and publishers. - Do not summarize Articles 5, 6, and 7 as one generic compliance duty; map each obligation to the affected core platform service. - Treat Article 5 issues as direct conduct controls, especially data combination, anti-steering, tying, complaints, and advertising transparency. - Treat Article 6 issues as product, access, ranking, data, portability, switching, and interoperability controls that may require technical specification. - Treat Article 7 as the special interoperability regime for number-independent interpersonal communications services. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Primary DMA text for the obligations in Articles 5, 6, and 7 and their application to listed core platform services. - [European Commission DMA legislation page](https://digital-markets-act.ec.europa.eu/legislation_en?ref=sorena.io) - Commission page linking the DMA legislation and implementing materials that frame how the rules are administered. ### [How should product and compliance teams prove these DMA obligations are implemented?](/artifacts/eu/digital-markets-act/faq/articles-5-6-and-7-obligations.md#how-should-product-and-compliance-teams-prove-these-dma-obligations-are-implemented) *Module: [What do DMA Articles 5, 6, and 7 require from gatekeepers?](/artifacts/eu/digital-markets-act/faq/articles-5-6-and-7-obligations.md)* The useful evidence unit is an obligation-by-service record. For each Article 5, 6, or 7 requirement, the record should identify the designated core platform service, the product surface affected, the pre-change state, the implemented measure, the date of implementation, the geographic and product scope, and the supporting data or internal documents. - Link every measure to a specific Article paragraph, core platform service, owner, implementation artifact, and review trigger. - Keep before-and-after evidence where the obligation changes a user journey, business-user term, API, ranking method, payment flow, or data-use policy. - Document why any integrity, security, or privacy limit is strictly necessary and proportionate when the DMA text allows such limits. - Keep non-applicability explanations separate from implementation evidence; the template allows omission only where the obligation cannot by nature apply to that core platform service. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 8 requires gatekeepers to ensure and demonstrate effective compliance with Articles 5, 6, and 7. - [European Commission Article 11 DMA compliance report template](https://digital-markets-act.ec.europa.eu/about-dma/practical-information_en?ref=sorena.io#templates) - Commission template specifying service-by-service and obligation-by-obligation evidence expected in Article 11 compliance reports. ### [How does Article 11 reporting connect to Articles 5, 6, and 7?](/artifacts/eu/digital-markets-act/faq/articles-5-6-and-7-obligations.md#how-does-article-11-reporting-connect-to-articles-5-6-and-7) *Module: [What do DMA Articles 5, 6, and 7 require from gatekeepers?](/artifacts/eu/digital-markets-act/faq/articles-5-6-and-7-obligations.md)* Article 11 is the reporting bridge between the legal obligations and operational proof. Within 6 months after designation, the gatekeeper must give the Commission a detailed and transparent report describing the measures implemented to ensure compliance with Articles 5, 6, and 7, publish and provide a non-confidential summary, and update both at least annually. - Use Article 11 report sections as the filing structure for Article 5, 6, and 7 implementation evidence. - Prepare non-confidential summaries early so business secrets are protected without removing the substance needed for third-party input. - Update the report when measures, user journeys, APIs, service scope, rankings, ads data, terms, or evidence indicators materially change. - Retain raw data and internal documents so they can be made available if the Commission asks for them. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Article 11 sets the compliance-report timing, non-confidential summary, and annual update obligation. - [European Commission Article 11 DMA compliance report template](https://digital-markets-act.ec.europa.eu/about-dma/practical-information_en?ref=sorena.io#templates) - Template support for compliance statements, supporting data, internal documents, non-confidential summaries, and report updates. ### [What Article 6 and Article 7 interoperability examples are grounded in DMA sources?](/artifacts/eu/digital-markets-act/faq/articles-5-6-and-7-obligations.md#what-article-6-and-article-7-interoperability-examples-are-grounded-in-dma-sources) *Module: [What do DMA Articles 5, 6, and 7 require from gatekeepers?](/artifacts/eu/digital-markets-act/faq/articles-5-6-and-7-obligations.md)* Article 6(7) is the general hardware and software interoperability duty for operating systems and virtual assistants listed in a designation decision. The Commission's interoperability Q&A uses Apple iOS and iPadOS as a concrete example: it explains that Apple must provide developers and businesses with free and effective interoperability with hardware and software features controlled by those operating systems. - For Article 6(7), keep request intake, technical assessment, API or framework documentation, security justification, feedback, status tracking, and implementation-report evidence. - For Article 7, keep the reference offer, technical-interface records, request handling records, security and encryption analysis, personal-data minimisation analysis, and end-user choice evidence. - Do not merge Article 6(7) operating-system interoperability with Article 7 messaging-service interoperability; they have different service triggers and evidence needs. - Do not treat a security objection as self-proving; the DMA sources require strict necessity, proportionality, and justification where security or integrity limits are used. Sources for this answer: - [Regulation (EU) 2022/1925 (Digital Markets Act)](https://eur-lex.europa.eu/eli/reg/2022/1925/oj?ref=sorena.io) - Primary text for Article 6(7) hardware and software interoperability and Article 7 messaging interoperability obligations. - [European Commission DMA interoperability questions and answers](https://digital-markets-act.ec.europa.eu/questions-and-answers/interoperability_en?ref=sorena.io) - Commission Q&A giving concrete Apple iOS and iPadOS examples for Article 6(7) interoperability implementation and request handling. *Recommended next step* *Placement: before sources* ## Build a DMA obligation map for each designated core platform service Sorena can help map Article 5, 6, 7 and 11 requirements to product controls, source citations, owners, evidence, and reassessment triggers. - [Open Research Copilot for the EU Digital Markets Act](/solutions/research-copilot.md): Ask source-linked questions about DMA designation, obligations, interoperability, reporting, evidence, and enforcement. - [Talk through DMA implementation](/contact.md): Review your DMA scope map, compliance-report evidence, and product-control gaps with Sorena. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/digital-markets-act/faq/items