← Back to all briefings
Policy 5 min read Published Updated Credibility 92/100

Policy Briefing — EU Digital Markets Act Formally Adopted

EU member states formally adopted the Digital Markets Act, setting timelines for designating gatekeepers and imposing interoperability, data access, and self-preferencing bans that digital platforms must operationalise.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
3 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: On 18 July 2022 the Council of the European Union gave final approval to the Digital Markets Act (DMA), clearing the way for publication in the Official Journal and entry into force on 1 November 2022. The DMA establishes ex-ante competition rules for large online platforms designated as “gatekeepers.” Once designated, gatekeepers have six months to comply with obligations covering interoperability, access to data, advertising transparency, and anti-self-preferencing measures. Digital platforms, app stores, search engines, social networks, and cloud services that meet the size thresholds must mobilise compliance programmes to avoid fines of up to 10 % of global turnover (20 % for repeat infringements) and potential structural remedies.

The DMA applies to core platform services (CPS) such as online intermediation services, search engines, social networking, video-sharing platforms, messaging services, operating systems, cloud computing, advertising services, web browsers, and virtual assistants. Gatekeepers are identified by quantitative thresholds—€7.5 billion annual turnover in the EU or €75 billion market capitalisation, combined with at least 45 million monthly active end users and 10,000 annual business users in the EU—or through a market investigation. The Commission will designate gatekeepers by September 2023, and obligations will apply from March 2024.

Key obligations

  • No self-preferencing. Gatekeepers must not rank their own services or products more favourably than third-party offerings. This includes search rankings, app store results, and marketplace listings. Companies must implement algorithmic fairness reviews and independent testing to evidence compliance.
  • Interoperability and access. Messaging services must offer interoperability with third-party providers upon request, starting with basic text messaging and expanding to voice and video. Operating systems must allow users to install third-party app stores and default applications. Gatekeepers must ensure business users can access data generated through their interactions on the platform.
  • Advertising transparency. Gatekeepers must provide advertisers and publishers with information on pricing, fees, and ad performance. They must offer tools that allow advertisers to independently verify ad inventory.
  • Data combination restrictions. Without user consent, gatekeepers cannot combine personal data sourced from different services or from third-party sites. They must offer meaningful consent mechanisms and maintain logs demonstrating user choices.
  • Anti-tying provisions. Gatekeepers cannot require business users to use their identification, payment, or web browser services as a condition for accessing the platform. Bundling practices must be reviewed and potentially unbundled.
  • Portability and access. Gatekeepers must provide tools for data portability and access to real-time data for business users. This requires APIs, documentation, and support channels.

Implementation planning

Compliance leaders should initiate programmes spanning legal, technical, and operational workstreams:

  • Designation readiness. Assess whether services meet the quantitative thresholds. Map corporate structure and subsidiaries to understand which legal entities might be designated. Prepare data necessary for the Commission’s notification forms (user counts, business user metrics, turnover).
  • Governance. Establish a DMA steering committee with representation from legal, competition, privacy, security, engineering, and product management. Assign accountable executives for each obligation, including interoperability, data access, transparency reporting, and consent management.
  • Architecture assessments. Conduct gap analyses for interoperability (APIs, messaging protocols), default settings, pre-installed apps, and sideloading restrictions. Evaluate the feasibility of exposing APIs or adapters while maintaining security and reliability.
  • Data governance. Implement systems to separate data collected for distinct purposes, track consent, and enable granular access controls. Document data flows and update privacy impact assessments to reflect DMA requirements.
  • Transparency tooling. Build or enhance dashboards for advertisers and business users covering pricing, impressions, conversions, and fees. Ensure data can be exported and verified.
  • Monitoring and audit. Develop compliance monitoring frameworks, including KPIs (e.g., number of interoperability requests fulfilled, percentage of consent logs audited, time to respond to data access requests). Schedule internal audits and independent assurance engagements.

Outcome testing expectations

The Commission may require gatekeepers to demonstrate effective compliance through audits, data samples, and user research. Organisations should implement outcome testing approaches:

  • Algorithmic audits. Test search ranking and recommendation systems for biases favouring proprietary services. Use statistical analyses, counterfactual testing, and third-party audits.
  • Interoperability validations. Conduct cross-platform messaging tests with competitor services. Measure latency, error rates, and feature parity. Document remedial actions for failed tests.
  • Consent effectiveness. Run usability studies to ensure consent prompts are understandable and that opt-out options are effective. Track opt-in rates and complaint volumes.
  • Data access rehearsals. Simulate business user data access requests and verify that APIs deliver complete, timely data with secure authentication. Monitor incidents or SLA breaches.
  • Advertising transparency metrics. Track advertiser adoption of reporting dashboards, ensure data accuracy, and integrate independent verification tools.

Enforcement and penalties

The European Commission’s Directorate-General for Competition will lead enforcement, supported by a dedicated DMA task force. Non-compliance can lead to fines up to 10 % of global turnover (20 % for repeated breaches) and periodic penalty payments of up to 5 % of average daily turnover. In cases of systematic non-compliance, the Commission can impose behavioural or structural remedies, including divestitures or bans on acquisitions.

Member states will designate national competition authorities to cooperate with the Commission. Businesses should monitor guidance from the Commission, including compliance templates, reporting formats, and standardised methodologies for data access and interoperability.

Timeline

  • 1 November 2022: DMA enters into force.
  • 2 May 2023: Gatekeepers must notify the Commission if they meet thresholds.
  • By 6 September 2023: Commission designates gatekeepers.
  • Six months after designation: Compliance obligations become binding (likely March 2024).
  • Annual: Gatekeepers must provide compliance reports describing measures taken.

Strategic considerations

The DMA interacts with other EU regulations, including the Digital Services Act (DSA), Data Act proposal, and ePrivacy rules. Companies should align compliance programmes to avoid contradictory designs—for example, ensuring transparency dashboards satisfy both DMA and DSA reporting. Interoperability and data access commitments should integrate with security frameworks and privacy obligations under the GDPR.

Gatekeepers should also evaluate commercial impacts: potential shifts in default settings, revenue sharing, or API monetisation models. Engage product and finance teams to forecast revenue implications and adjust pricing or partnership strategies.

By acting now, platforms can demonstrate good faith to regulators, reduce enforcement risk, and potentially influence secondary legislation and implementation guidelines.

Large platforms should also plan public transparency reporting aligned with DMA Article 15, which requires annual statements describing compliance measures, monitoring results, and independent audit outcomes. Establish cross-functional working groups to craft these reports, ensure they align with ESG disclosures, and prepare for Commission requests for additional data or on-site inspections.

Timeline plotting source publication cadence sized by credibility.
3 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Policy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • EU Digital Markets Act
  • Platform compliance
  • Competition law
  • Data interoperability
Back to curated briefings