European Commission proposes Digital Markets Act

Quick summary

The European Commission unveiled the draft Digital Markets Act on 15 December 2020, proposing ex-ante regulation of large online platforms designated as "gatekeepers." The DMA introduces categorical obligations around data portability, self-preferencing prohibitions, interoperability requirements, and restrictions on personal data combination, with penalties reaching 10% of global turnover for violations.

Regulatory Context

The DMA addresses competition concerns specific to digital markets:

• Competition limitations: Traditional antitrust enforcement—ex-post and case-by-case—struggles to address fast-moving digital market dynamics.
• Network effects: Platform economics create winner-take-all dynamics limiting competitive entry.
• Gatekeeper power: Dominant platforms control access to users, creating dependency for business users.
• Self-preferencing: Vertically integrated platforms can advantage their own services over competitors.

Gatekeeper Designation

The DMA applies to platforms meeting quantitative thresholds:

• Financial thresholds: €7.5 billion annual EU turnover or €75 billion market valuation.
• User thresholds: 45 million monthly active EU end users and 10,000 yearly active EU business users.
• Durability: Thresholds met in three of the preceding financial years.

Core platform services subject to designation include: online search engines, social networking services, video-sharing platforms, messaging services, operating systems, app stores, cloud computing, advertising services, and virtual assistants.

Prohibited Practices

Gatekeepers face categorical prohibitions:

• Self-preferencing: Cannot rank own services more favorably than third-party competitors.
• Data combination: Cannot combine personal data across different services without explicit consent.
• Most-favored-nation clauses: Cannot require business users to offer identical or better terms than on other platforms.
• Tying: Cannot require use of identification, payment, or other services as condition of platform access.

Positive Obligations

Gatekeepers must implement specific requirements:

• Data portability: Enable users to port data and ensure continuous data access.
• Interoperability: Allow third-party interoperability for ancillary services.
• Business user data access: Provide business users access to their platform-generated data.
• Advertising transparency: Disclose pricing, performance, and placement information.
• App store openness: Allow sideloading and alternative app stores.

Enforcement and Penalties

The Commission holds primary enforcement authority:

• Fines: Up to 10% of global annual turnover for violations.
• Periodic penalties: Up to 5% of daily turnover for continuing non-compliance.
• Structural remedies: Divestiture possible for systematic violations.
• Market investigations: Commission may investigate market dynamics and update gatekeeper list.

Compliance Timeline

Designated gatekeepers receive six months to comply with obligations after designation. Organizations potentially meeting thresholds should begin compliance planning before formal designation.

Final assessment

The DMA represents fundamental change in platform regulation, shifting from ex-post antitrust to ex-ante obligations. If you are affected, assess potential gatekeeper designation, map compliance requirements, and monitor legislative negotiations that may adjust final obligations.

Detailed guidance

Successful implementation requires a structured approach that addresses technical, operational, and organizational considerations. Organizations should establish dedicated implementation teams with clear responsibilities and sufficient authority to drive necessary changes across the enterprise.

Project governance should include regular status reviews, risk assessments, and stakeholder communications. Executive sponsorship is essential for securing resources and removing organizational barriers that might impede progress.

Change management practices help ensure smooth transitions and stakeholder acceptance. Training programs, communication plans, and feedback mechanisms all contribute to effective change management outcomes.

Assurance and verification

Compliance verification involves systematic evaluation of implemented controls against applicable requirements. Organizations should establish verification procedures that provide objective evidence of compliance status and identify areas requiring remediation.

Internal audit functions play an important role in providing independent assurance over compliance activities. Audit plans should incorporate risk-based prioritization and coordination with external audit requirements where applicable.

Continuous compliance monitoring capabilities enable early detection of control failures or compliance drift. Automated monitoring tools can provide real-time visibility into compliance status across multiple control domains.

Working with vendors

Third-party relationships require careful management to ensure compliance obligations are properly addressed throughout the vendor ecosystem. Due diligence procedures should evaluate vendor compliance capabilities before engagement.

Contractual provisions should clearly allocate compliance responsibilities and establish appropriate oversight mechanisms. Service level agreements should address compliance-relevant performance metrics and reporting requirements.

Ongoing vendor monitoring ensures continued compliance throughout the relationship lifecycle. Periodic assessments, audit rights, and incident response procedures all contribute to effective third-party risk management.

What planners should consider

Strategic alignment ensures that compliance initiatives support broader organizational objectives while addressing regulatory requirements. Leadership should evaluate how this development affects competitive positioning, operational efficiency, and stakeholder relationships.

Resource planning should account for both immediate implementation needs and ongoing operational requirements. Organizations should develop realistic timelines that balance urgency with practical constraints on resource availability and organizational capacity for change.

How to measure progress

Effective monitoring programs provide visibility into compliance status and control effectiveness. Key performance indicators should be established for critical control areas, with regular reporting to appropriate stakeholders.

Metrics should address both compliance outcomes and process efficiency, enabling continuous improvement of compliance operations. Trend analysis helps identify emerging issues and evaluate the impact of improvement initiatives.

Strategic impact

This development carries significant strategic implications for organizations across multiple sectors. Business leaders should evaluate how these changes affect their competitive positioning, operational models, and stakeholder relationships. Early adopters who address emerging requirements often gain advantages over competitors who delay action until compliance becomes mandatory.

Strategic planning should incorporate scenario analysis that considers various implementation approaches and their associated costs, benefits, and risks. Organizations should also consider how their response to this development affects relationships with customers, partners, regulators, and other key stakeholders.

Excellence in operations

Achieving operational excellence in response to this development requires systematic attention to process design, technology enablement, and workforce capabilities. Organizations should establish clear operational metrics that track both compliance outcomes and process efficiency, enabling continuous improvement over time.

Operational processes should be designed with appropriate controls, checkpoints, and escalation procedures to ensure consistent execution and timely issue resolution. Automation opportunities should be evaluated and prioritized based on their potential to improve accuracy, reduce costs, and enhance scalability.

How governance applies

Effective governance ensures appropriate oversight of compliance activities and timely escalation of significant issues. Organizations should establish clear roles, responsibilities, and accountability structures that align with their compliance objectives and risk appetite.

Regular reporting to senior leadership and board-level committees provides visibility into compliance status and supports informed decision-making about resource allocation and risk management priorities.

Sustaining progress

Compliance programs should incorporate mechanisms for continuous improvement based on lessons learned, emerging best practices, and evolving requirements. Regular program assessments help identify enhancement opportunities and ensure sustained effectiveness over time.

Organizations that approach this development strategically, with appropriate attention to governance, risk management, and operational excellence, will be well-positioned to achieve compliance objectives while supporting broader business goals.

You may also find useful

Hand-picked articles on adjacent topics.

Policy · Credibility 71/100 · June 2, 2020

European Commission opens consultation on Digital Services and Markets Acts

The European Commission launched public consultations on the forthcoming Digital Services Act and Digital Markets Act on 2 June 2020, seeking input on platform accountability, competition rules, and enforcement options.

Policy · Credibility 92/100 · December 15, 2020

EU Digital Services & Markets Acts Proposed

The European Commission unveiled the Digital Services Act and Digital Markets Act proposals to modernize platform liability, content governance, and gatekeeper obligations across the single market.

Policy · Credibility 71/100 · December 15, 2020

European Commission unveils Digital Services Act proposal

The EU's Digital Services Act proposal is fundamentally a new rulebook for running an online platform. Tiered obligations based on size, mandatory risk assessments for very large platforms (45M+ EU users), algorithmic…

Policy · Credibility 90/100 · December 16, 2020

EU Cybersecurity Strategy for the Digital Decade

The European Commission’s December 2020 cybersecurity strategy pairs the NIS2 legislative recast, a proposed Joint Cyber Unit, and investment plans for cloud, 5G, and OT security, signaling stricter board accountability…

Policy · Credibility 71/100 · July 9, 2021

Executive Order 14036 on promoting competition in the American economy

President Biden signed Executive Order 14036 on 9 July 2021, directing agencies to address anticompetitive conduct across technology, labor, agriculture, and healthcare markets, including data portability and…

Continue in the Policy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• AI Policy Implementation Guide

  Coordinate governance, safety, and reporting programmes that meet EU Artificial Intelligence Act timelines and U.S. National AI Initiative Act mandates while sustaining product…

• Digital Markets Compliance Guide

  Implement EU Digital Markets Act, EU Digital Services Act, UK Digital Markets, Competition and Consumers Act, and U.S. Sherman Act requirements with cross-functional operating…

• Semiconductor Industrial Strategy Policy Guide

  Coordinate CHIPS and Science Act, EU Chips Act, and Defense Production Act programmes with capital planning, compliance, and supplier readiness.

Coverage intelligence

Published

December 15, 2020

Coverage pillar

Policy

Source credibility

71/100 — medium confidence

Topics

Digital Markets Act · platform regulation · gatekeepers · EU regulation

Sources cited

2 sources (iso.org, crsreports.congress.gov)

Reading time

5 min

Documentation

1. Industry Standards and Best Practices — International Organization for Standardization
2. Congressional Research Service Analysis