Artifact GuideEU

EU Digital Markets Act (DMA) Fines & Penalties

What DMA penalties look like and what triggers escalation.

Use this to prioritise high-risk obligations and build evidence and monitoring that reduce enforcement exposure.

Back to main artifactReview sources
Author
Sorena AI
Published
Feb 21, 2026
Updated
Feb 23, 2026
Sections
5

Structured answer sets in this page tree.

Primary sources
4

Cited legal and guidance references.

Publication metadata
Sorena AI
Published Feb 21, 2026
Updated Feb 23, 2026
Overview

DMA penalties are turnover-based and designed to be material at gatekeeper scale. The headline numbers matter (10% / 20% / 1% / 5% per day), but the practical risk is driven by how quickly you can demonstrate effective compliance per core platform service (CPS) and per obligation - and how you respond when the Commission asks for information or testing evidence.

Section 1

The DMA penalty framework at a glance (Articles 30-31)

The DMA includes (1) fines for non-compliance with obligations and related decisions, (2) fines for procedural failures (information/notification failures), and (3) periodic penalty payments that can run daily to compel compliance.

You should treat this as a risk model: each CPS + obligation has a compliance risk score, and each risk score maps to evidence and monitoring controls.

  • Non-compliance fines: up to 10% of total worldwide turnover in the preceding financial year for failing to comply with Articles 5-7 (and related measures).
  • Repeat infringements: up to 20% of total worldwide turnover for the same or similar infringement within 8 years for the same CPS after a prior non-compliance decision.
  • Procedural fines: up to 1% of total worldwide turnover for failures such as not providing required information for designation or failing to notify under Article 3(3).
  • Periodic penalty payments: up to 5% of average daily worldwide turnover per day to compel compliance with certain decisions and requests.
  • Systematic non-compliance risk: repeated non-compliance decisions can trigger an Article 18 market investigation and remedies in addition to monetary penalties.
Section 2

What typically triggers non-compliance fines (10% / 20%)

The 10% (and 20% repeat) fine tiers are tied to failures to comply with obligations in Articles 5, 6, and 7 and certain related decisions/measures (remedies, interim measures, commitments).

Practically, the risk rises when your implementation is incomplete, inconsistently applied across EU users, or not provably effective.

  • Article 5(2) consent/data combination failures (e.g., "pay or consent" patterns) can become enforcement narratives because they affect user choice directly.
  • Article 6 ranking and self-preferencing concerns are hard to defend without transparent rules, testing, and governance over ranking parameters and experiments.
  • Interoperability and access obligations (Article 6(7), Article 7) are often judged by outcomes and developer experience, not just policy statements.
Recommended next step

Use EU Digital Markets Act (DMA) Fines & Penalties as a cited research workflow

Research Copilot can take EU Digital Markets Act (DMA) Fines & Penalties from understanding exposure and enforcement with cited answers to a reusable workflow inside Sorena. Teams working on EU Digital Markets Act (DMA) can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Research workflow
Open Research Copilot for EU Digital Markets Act (DMA) Fines & Penalties

Start from EU Digital Markets Act (DMA) Fines & Penalties and answer scope, timing, and interpretation questions with cited outputs.

Explore next step
Talk to Sorena
Talk through EU Digital Markets Act (DMA)

Review your current process, evidence gaps, and next steps for EU Digital Markets Act (DMA) Fines & Penalties.

Explore next step
Section 3

Procedural fines (up to 1%): the avoidable penalties

Procedural failures can be expensive and are often preventable with a strong submissions and data governance workflow.

Build a single "Commission response" process: who owns requests, how you validate completeness and accuracy, and how you preserve internal documents and raw data.

  • Risk examples: supplying incorrect/incomplete/misleading information for gatekeeper assessment; failing to notify the Commission under Article 3(3); failing to provide access to requested data/algorithms/testing information.
  • Mitigation: establish data lineage for MAU/BAU calculations, EU location methodology, and CPS boundary definitions; enforce review gates before submission.
  • Operational control: use secure submission channels (EU SEND) and keep receipts and correspondence tied to CPS case numbers.
Section 4

Periodic penalty payments (up to 5% per day): why "speed to compliance" matters

Periodic penalty payments can apply per day to compel compliance with specific Commission decisions or requests. This makes response-time and remediation-time a first-class KPI.

Your compliance program should be able to ship a mitigation quickly and prove it worked, with evidence captured in parallel.

  • Build "hotfix pathways" for DMA issues (like security issues): expedited engineering, policy signoff, and monitored rollout.
  • Prepare test harnesses: ensure you can validate choice screens, uninstall flows, portability APIs, and interoperability endpoints quickly.
  • Keep evidence machine-readable and exportable so requests do not create multi-week data extraction projects.
Section 5

How to reduce penalty exposure: evidence, monitoring, and governance

Penalty exposure is reduced when compliance is demonstrable and sustained: you can show what you implemented, when, why it is compliant, and how you prevent regressions.

The Commission's Article 11 compliance report template is a practical guide to the evidence you should have ready.

  • Evidence library per CPS and per obligation: prior state, implementation date, scope, engineering changes, UX changes, and metrics demonstrating effectiveness.
  • Monitoring: automated checks for regressions and a governance process for ranking and experimentation changes.
  • Compliance function: independence, resources, and direct reporting to the management body (Article 28) so risks are surfaced early.
  • Escalation control: track whether any non-compliance decisions are accumulating across CPS, because 3 decisions in 8 years can open the door to Article 18 systematic non-compliance remedies.
Primary sources

References and citations

Related guides

Explore more topics

DMA Applicability Test (Gatekeeper Scoping) | EU Digital Markets Act
A practical DMA applicability test for teams scoping EU Digital Markets Act exposure: core platform service (CPS) mapping, gatekeeper presumption thresholds.
DMA Compliance Checklist (Execution-Ready) | EU Digital Markets Act
An execution-ready EU DMA checklist: CPS scoping, gatekeeper thresholds, designation readiness, Article 5-7 obligation mapping, product/engineering controls.
DMA Compliance Program & Monitoring (Compliance Function + Evidence)
How to build an EU DMA compliance program that survives scrutiny: Article 28 compliance function design, monitoring readiness.
DMA Deadlines & Compliance Calendar (Key Dates) | EU Digital Markets Act
A calendar-ready DMA deadlines guide: application date, gatekeeper notification (2 months), designation (45 working days), 6-month compliance deadline.
DMA Do's and Don'ts for Product Teams | EU Digital Markets Act
Practical DMA do's and don'ts for product and engineering teams: how to avoid self-preferencing, implement choice screens and default changes.
DMA Enforcement: Penalties, Remedies, and Process | EU Digital Markets Act
How EU DMA enforcement works: information requests, monitoring, preliminary findings, non-compliance decisions, commitments, interim measures, remedies.
DMA Obligations List (Articles 5, 6, 7) - By Obligation | EU Digital Markets Act
A detailed, obligation-by-obligation breakdown of the EU Digital Markets Act (DMA): Article 5 restrictions, Article 6 obligations (choice screens, app stores.
DMA Self-Preferencing Compliance Examples (Article 6(5)) | EU Digital Markets Act
Practical self-preferencing compliance guidance for DMA Article 6(5): what counts as self-preferencing in ranking/indexing/crawling, what "transparent, fair.
DMA vs DSA: What's the Difference? (EU Platform Laws)
A practical comparison of the EU Digital Markets Act (DMA) vs the Digital Services Act (DSA): what each law regulates, who is in scope, core obligations.
EU Digital Markets Act (DMA) Requirements (Articles 5-7)
A deep, execution-ready overview of EU DMA requirements for gatekeepers: Article 5 restrictions, Article 6 obligations (choice screens, app distribution.
EU DMA Compliance Guide (How to Comply) | Digital Markets Act (DMA)
A practical guide to EU Digital Markets Act (DMA) compliance: how to scope CPS, start the 6-month clock after designation, implement Articles 5-7 obligations.
EU DMA FAQ (Gatekeepers, Obligations, Deadlines) | Digital Markets Act
EU Digital Markets Act (DMA) FAQ: what is a gatekeeper, what counts as a core platform service (CPS), what are the key obligations (Articles 5-7).
EU DMA Timeline & Key Milestones | Digital Markets Act (2022/1925)
A grounded EU Digital Markets Act (DMA) timeline: application date, gatekeeper designations, compliance clocks, Article 7 staged interoperability milestones.
Gatekeeper Compliance Checklist (DMA Articles 5-7 + Article 11)
A gatekeeper-focused DMA compliance checklist: what to implement within 6 months per listed CPS, how to structure the Article 11 compliance report.
Gatekeeper Designation Guide (DMA Article 3) | EU Digital Markets Act
A practical guide to DMA gatekeeper designation: core platform service mapping, Article 3 thresholds (45M / 10,000 / EUR 7.5B / EUR 75B).