WorkflowDMA

DMA product change release review workflow

Use this release gate to decide whether a product change affects DMA duties for a designated core platform service before the change ships.

The workflow focuses on Articles 5, 6, 7, Article 13 anti-circumvention, Article 11 compliance-report evidence, and product-owner/legal approval.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
6

Structured answer sets in this page tree.

Primary sources
6

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

A DMA product change review is a release-control record for designated gatekeepers and the teams that support them. It should identify the affected core platform service, map the change to Articles 5, 6, 7 and 13, collect Article 11-quality evidence, and require product-owner and legal signoff before launch.

Section 1

When to open a DMA release review

Open this workflow when a release changes how a designated core platform service handles data, ranking, access terms, interoperability, user choice, ads measurement, app-store behavior, defaults, portability, business-user data, or complaint channels.

The first checkpoint is scope. Article 5, Article 6 and Article 7 obligations apply by reference to each core platform service listed in the gatekeeper designation decision, so the review record should name the designated service, the user groups affected, and the exact release artifact being approved.

  • Record the designated core platform service, product area, release version, rollout geography, affected end users and affected business users.
  • State whether the release changes a user journey, API, data flow, ranking parameter, access condition, fee, contract term, consent flow, warning message, default setting or interoperability request process.
  • Block release approval if the team cannot identify which DMA obligation is unaffected, affected, or needs legal interpretation.
  • Attach product-owner and legal-owner names to the review before engineering approval is treated as complete.
Sources for this answer
Regulation (EU) 2022/1925 (Digital Markets Act)
Article 5, Article 6 and Article 7 obligations are tied to designated gatekeepers and their listed core platform services.
European Commission - DMA gatekeepers page
Commission page identifying currently designated gatekeepers and core platform services for scope checks.
Section 2

Article 5 release checks

Article 5 checks should run before any launch that changes consent, cross-service data use, business-user communications, off-platform offers, payment or identity requirements, tying of core platform services, or advertising transparency outputs.

Treat an Article 5 issue as a release blocker unless legal approves the interpretation and product confirms the user journey, business-user journey, and evidence record.

  • Data and consent: confirm the release does not newly combine, cross-use, or sign users into services for personal-data combination without the required specific choice and consent.
  • Business-user freedom: confirm the release does not prevent different prices or conditions through third-party channels or direct sales channels.
  • Communication and access: confirm business users can promote offers and conclude contracts with acquired end users, and that end users can access purchased content, subscriptions, features or items through the business user's application.
  • No forced gatekeeper services: confirm the change does not require use of the gatekeeper's identification service, browser engine, payment service, payment-supporting technical service, or another core platform service as a condition of access.
  • Ads transparency: if online advertising is affected, confirm the release preserves daily, free-of-charge advertiser and publisher information flows required by Article 5.
Sources for this answer
Regulation (EU) 2022/1925 (Digital Markets Act)
Article 5 sets obligations covering consent-based data processing, anti-steering restrictions, access to purchased content, tying limits, complaint rights, and advertising transparency.
Section 3

Article 6 release checks: data access, self-preferencing and access terms

Article 6 checks are needed when a release changes ranking, search, app-store access, operating-system defaults, app installation paths, ad measurement tools, business-user data access, end-user portability, search data access, or termination conditions.

The review should compare the pre-release and post-release state. For DMA evidence, a bare control description is not enough; the team should show what changed in data flows, ranking logic, APIs, OS features, user screens, terms, fees, and operational queues.

  • Business-user data: confirm the gatekeeper is not using non-public data generated or provided by business users, or their customers, to compete with those business users.
  • Self-preferencing: confirm ranking, indexing and crawling do not treat the gatekeeper's own services or products more favourably than similar third-party services or products, and document ranking-condition changes.
  • Interoperability and access: confirm providers of services and hardware receive free, effective interoperability with relevant hardware and software features where Article 6(7) applies.
  • Measurement and ads data: confirm advertisers, publishers and authorised third parties retain free access to performance measuring tools and data needed for independent verification.
  • Portability and business-user data access: confirm end-user portability tools and business-user access to aggregated and non-aggregated data remain effective, high-quality, continuous and real-time where required.
  • FRAND and termination: confirm app-store, search-engine and social-network access conditions remain fair, reasonable and non-discriminatory, and that core platform service termination conditions are not disproportionate.
Sources for this answer
Regulation (EU) 2022/1925 (Digital Markets Act)
Article 6 covers non-public business-user data use, self-preferencing, interoperability, ad-measurement access, portability, business-user data access, search data access, FRAND access conditions, and termination conditions.
European Commission - DMA resources for businesses
Commission business resources page for practical DMA access, portability and interoperability materials.
Section 4

Article 7 and interoperability request checks

For number-independent interpersonal communications services, Article 7 requires a separate interoperability review. The release record should state whether the change affects technical interfaces, reference offers, security, end-to-end encryption, request intake, or the data exchanged for interoperability.

For operating-system and device interoperability under Article 6(7), use the same release gate for technical documentation, request queues, developer communications, access to features, security justifications, and predictable handling of requests.

  • Article 7 service fit: identify whether the designated service is a number-independent interpersonal communications service and whether the changed functionality is one of the basic functionalities the gatekeeper provides to its own users.
  • Reference offer: confirm the published interoperability terms and technical details remain accurate after the release.
  • Reasonable requests: confirm the intake, triage, engineering and security review process can handle requests without hidden delay or non-neutral criteria.
  • Security and privacy: document any integrity, security or privacy measure as strictly necessary, proportionate and justified, rather than as a general refusal reason.
  • Personal data minimisation: confirm the release exchanges only personal data strictly necessary to provide effective interoperability.
Sources for this answer
Regulation (EU) 2022/1925 (Digital Markets Act)
Article 7 sets interoperability duties for number-independent interpersonal communications services, including reference offers, reasonable requests, security and data-minimisation conditions.
European Commission - DMA interoperability questions and answers
Commission Q&A and specification context for interoperability processes, including developer-facing request handling.
European Commission - Apple interoperability guidance
Commission example of specification decisions requiring clearer technical documentation, timely communication and predictable review of interoperability requests.
Section 5

Article 13 anti-circumvention review

Article 13 should be checked after the Article 5, 6 and 7 mapping. A release may look compliant at the obligation level but still undermine the effective exercise of DMA rights through design, commercial terms, technical fragmentation, degraded quality, non-neutral choices or unnecessary friction.

The anti-circumvention review should be conducted from the perspective of affected business users and end users, not only from the perspective of the internal product design.

  • Service segmentation: confirm the release does not segment, divide, subdivide, fragment or split core platform services to avoid DMA thresholds or scope.
  • Effective compliance: confirm contractual, commercial, technical and interface-design changes do not undermine obligations under Articles 5, 6 or 7.
  • No degradation: confirm users who exercise DMA rights do not receive worse conditions or lower service quality because they used those rights.
  • No undue difficulty: confirm the release does not make rights or choices harder to exercise through extra steps, confusing screens, degraded defaults or behavioural nudges.
  • Neutral choices: test choice screens, consent flows, warnings and developer-request flows for non-neutral presentation.
Sources for this answer
Regulation (EU) 2022/1925 (Digital Markets Act)
Article 13 prohibits circumvention through technical, contractual, commercial, behavioural or interface-design means and prohibits degrading conditions for users exercising DMA rights.
Section 6

Article 11 evidence pack and signoff

Close the workflow with an Article 11-ready evidence pack. The Commission template expects standalone information for each core platform service and applicable Articles 5 to 7 obligation, with a compliance statement, detailed explanation, supporting data and internal documents.

The product owner should sign for the release facts and operational implementation. Legal should sign for the obligation mapping, interpretation, anti-circumvention assessment, and whether the release needs to be reflected in the next compliance report or non-confidential summary.

  • Compliance statement: identify the Article and paragraph reviewed, the core platform service, the launch date or planned launch date, and whether the release maintains or changes compliance measures.
  • Before-and-after evidence: capture the prior situation, new measure, implementation date, product/service/device scope, geographic scope and affected user journeys.
  • Technical evidence: attach data-flow diagrams, API or OS-functionality changes, ranking parameters, auction or measurement changes, security justifications, logs, test results, screenshots, demos or recorded walkthroughs where relevant.
  • Commercial and terms evidence: attach fee changes, access terms, privacy notices, contract clauses, dispute mechanisms, developer documentation and customer communications affected by the release.
  • Consultation and request evidence: record business-user, end-user, developer or interested-party input where used, plus request tickets and response records for access, data, portability or interoperability flows.
  • Approval gate: require named product-owner, engineering-owner, data-governance-owner and legal-owner approval before release, and store the final decision with the source citations used for the review.
Sources for this answer
Regulation (EU) 2022/1925 (Digital Markets Act)
Article 11 requires gatekeepers to report measures implemented to ensure compliance with Articles 5, 6 and 7 and to update the report and non-confidential summary at least annually.
European Commission - Article 11 DMA compliance report template
Commission template specifying minimum Article 11 report information, including compliance statements, supporting data, internal documents, technical changes, user journeys, terms and consultation records.
Recommended next step

Use this DMA workflow as a release gate

Sorena can help convert product changes into cited DMA review records with obligation mapping, Article 11 evidence fields, anti-circumvention checks and signoff routing.

Research workflow
Open Research Copilot for DMA review

Ask source-linked questions about Article 5, Article 6, Article 7, Article 11 evidence and anti-circumvention review.

Explore next step
Talk to Sorena
Review a DMA product release

Map a product change to DMA obligations, evidence gaps and owner approvals before launch.

Explore next step
Primary sources

References and citations

European Commission - Apple interoperability guidance
digital-markets-act.ec.europa.eu
Referenced sections
  • Commission example of specification decisions requiring clearer technical documentation, timely communication and predictable review of interoperability requests.
"transparency and effectiveness of the process"
European Commission - Article 11 DMA compliance report template
digital-markets-act.ec.europa.eu
Referenced sections
  • Commission template specifying minimum Article 11 report information, including compliance statements, supporting data, internal documents, technical changes, user journeys, terms and consultation records.
"supporting data and internal documents"
European Commission - DMA gatekeepers page
digital-markets-act.ec.europa.eu
Referenced sections
  • Commission page identifying currently designated gatekeepers and core platform services for scope checks.
"23 core platform services provided by those gatekeepers"
Regulation (EU) 2022/1925 (Digital Markets Act)
eur-lex.europa.eu
Referenced sections
  • Article 11 requires gatekeepers to report measures implemented to ensure compliance with Articles 5, 6 and 7 and to update the report and non-confidential summary at least annually.
"detailed and transparent manner"
Related guides

Explore more topics

DMA Anti-Circumvention Design Review for Gatekeeper Product Changes
Review DMA Article 13 anti-circumvention risks in gatekeeper product, interface, contractual, commercial, and technical changes with obligation mapping and evidence records.
DMA Article 11 Compliance Report Template FAQ
How gatekeepers should use the DMA Article 11 compliance report template to document obligation-by-obligation measures, evidence, updates, and non-confidential summaries.
DMA Article 6 Business User Data Access Guide
Grounded guide to EU Digital Markets Act Article 6 data access for business users, end users, authorised third parties, consent boundaries, and evidence handoffs.
DMA Article 6(7) and Article 7 interoperability obligations
Grounded guide to DMA interoperability duties: Article 6(7) operating-system feature access, Article 7 messaging interoperability, request handling, security conditions, and compliance evidence.
DMA Articles 5, 6 and 7 obligations mapped to CPS evidence
Map EU Digital Markets Act Articles 5, 6 and 7 obligations to affected core platform services, product evidence, legal owners, and Article 11 compliance-report artifacts.
DMA compliance program and monitoring for gatekeepers
Build a DMA compliance program around Article 8 effective compliance, Article 11 reporting evidence, Article 13 anti-circumvention controls, and Article 28 compliance-function governance.
DMA Core Platform Service Scoping
Scope EU Digital Markets Act core platform services by service category, designation evidence, user thresholds, and Form GD service-boundary records.
DMA core platform services FAQ
FAQ on EU Digital Markets Act core platform services: Article 2 service categories, gatekeeper designation evidence, user thresholds, service scoping, and Article 11 reporting.
DMA CPS Obligation Matrix Workflow: Articles 5, 6, 7 and Article 11 Evidence
Build a DMA core platform service obligation matrix that links each designated CPS to Articles 5, 6 and 7 duties, product owners, designation evidence, Article 11 report artifacts and review gates.
DMA designation intake workflow for gatekeeper notifications
Build a grounded DMA designation intake record covering core platform service classification, Article 3 thresholds, Form GD evidence, Commission handoff, and Article 11 readiness.
DMA enforcement, penalties, and remedies: Commission powers and evidence
EU Digital Markets Act enforcement guide covering Commission non-compliance decisions, DMA fine caps, periodic penalty payments, remedies, interim measures, commitments, and Article 11 evidence.
DMA Gatekeeper Compliance Checklist for Articles 5, 6, 7 and 11
A grounded EU Digital Markets Act checklist for designated gatekeepers: core platform service scope, Article 5/6/7 controls, Article 11 report evidence, anti-circumvention checks, and review gates.
DMA Gatekeeper Designation Guide: Article 3 thresholds, Form GD, and Article 11 readiness
A grounded EU Digital Markets Act guide for assessing Article 3 gatekeeper thresholds, scoping core platform services, preparing Form GD evidence, handling rebuttal annexes, and planning Article 11 compliance reporting.
DMA gatekeeper thresholds: what counts and when to notify
Standalone FAQ on the EU Digital Markets Act gatekeeper thresholds, Article 3 notification timing, Form GD evidence, and active user-count methodology.
DMA interoperability requests: Article 7 and Commission guidance
How EU Digital Markets Act interoperability requests work for Article 7 messaging services, Article 6(7) operating-system access, gatekeeper evidence, requester evidence, and security safeguards.
DMA penalties and fines: caps, triggers, and enforcement evidence
EU Digital Markets Act penalties guide covering Article 30 fine caps, Article 31 periodic penalty payments, non-compliance decisions, remedies, and evidence records.
DMA Self-Preferencing Compliance Examples for Ranking and Display
Examples and release-review controls for DMA Article 6(5) self-preferencing checks across ranking, indexing, crawling, search results, marketplaces, app stores, feeds, and virtual assistants.
DMA vs Data Act: gatekeeper duties compared with EU data-sharing rules
Compare the EU Digital Markets Act and EU Data Act by scope, actors, data access, interoperability, reporting, evidence, and enforcement without merging distinct obligations.
DMA vs DSA: Digital Markets vs Services Act
A grounded comparison of the DMA and DSA focused on gatekeepers, core platform services, DMA obligations, Article 11 reporting, interoperability, data access, and enforcement.
DMA vs EU competition law: gatekeeper obligations, Article 11 evidence, and enforcement
Compare the EU Digital Markets Act with EU competition law: ex ante gatekeeper and core platform service duties, Articles 5 to 7, Article 11 reports, penalties, and evidence records.
DMA vs GDPR: gatekeeper data obligations compared
Compare DMA gatekeeper obligations with high-level GDPR overlap for consent, combining personal data, data access, portability, and Article 11 reporting.
EU Digital Markets Act Article 11 Evidence Calendar
Build a source-grounded DMA Article 11 compliance report calendar with evidence owners, annual update checkpoints, report sections, and review gates.
EU Digital Markets Act checklist for gatekeeper compliance
A source-grounded DMA checklist for designated gatekeepers and core platform services, covering scope, Articles 5, 6 and 7 obligations, Article 11 reporting, evidence, anti-circumvention, and governance.
EU Digital Markets Act compliance: gatekeeper obligations and evidence
DMA compliance guide for designated gatekeepers: core platform service scoping, Articles 5, 6 and 7 controls, Article 11 reports, anti-circumvention checks, interoperability evidence, and enforcement risk.
EU Digital Markets Act deadlines and compliance calendar
Track DMA notification, designation, six-month obligation start, Article 11 reporting, Article 14 concentration notices, Article 15 profiling audits, and preparation milestones using official EU sources.
EU Digital Markets Act FAQ: gatekeepers, DMA obligations, reports, and enforcement
Concise FAQ on the EU Digital Markets Act for gatekeeper designation, core platform services, Articles 5, 6 and 7 obligations, Article 11 reports, interoperability, business-user data access, compliance evidence, and enforcement.
EU Digital Markets Act requirements for gatekeepers
DMA requirements for designated gatekeepers: core platform service scope, Articles 5, 6 and 7 obligations, Article 11 reporting, anti-circumvention, evidence, remedies, and fines.
EU Digital Markets Act Timeline and Key Milestones: practical obligations and evidence guide
Practical EU Digital Markets Act guide to Timeline and Key Milestones: scope, owners, evidence, edge cases, checklist steps, and external source-linked citations.
EU DMA Applicability Test: gatekeeper thresholds, core platform services, and evidence
Test whether the EU Digital Markets Act may apply to a platform service using the DMA gatekeeper criteria, core platform service categories, EU user thresholds, notification steps, and evidence records.
EU DMA Article 11 Compliance Reporting Guide
Source-grounded guide to EU Digital Markets Act Article 11 compliance reports: report purpose, template evidence, non-confidential summaries, annual updates, and submission steps.
EU DMA do's and don'ts for product teams
Product release checks for designated DMA gatekeepers: Article 5, 6 and 7 obligations, anti-circumvention review, data access, interoperability, self-preferencing and Article 11 evidence.
What do DMA Articles 5, 6, and 7 require from gatekeepers?
FAQ explaining how EU Digital Markets Act Articles 5, 6, and 7 group gatekeeper obligations, what product evidence they require, and how Article 11 reporting connects.