← Back to all briefings
Compliance 6 min read Published Updated Credibility 71/100

EU Digital Markets Act Enters Into Force

The EU Digital Markets Act took legal effect on 1 November 2022, starting the countdown to gatekeeper designations and the mid-2023 compliance obligations for large online platforms.

Kodi C.

Editor & Research Lead

Fact-checked and reviewed — Kodi C.

Compliance pillar illustration for Zeph Tech briefings
Compliance controls, audit, and evidence briefings

Digital Markets Act Entry into Force

The EU Digital Markets Act officially entered into force on 1 November 2022, establishing a full regulatory framework for digital platforms designated as gatekeepers based on their market significance and entrenchment. The Act targets large digital platforms that serve as essential gateways between business users and consumers, imposing ex ante obligations designed to ensure contestable and fair markets. Unlike competition law enforcement that addresses anti-competitive behavior after harm occurs, the DMA creates preventive behavioral requirements that gatekeepers must continuously meet. This is a fundamental shift in how European regulators approach digital platform power.

Gatekeeper Designation Criteria

The Act applies to companies meeting quantitative thresholds presuming gatekeeper status: annual EU turnover exceeding EUR 7.5 billion or market valuation above EUR 75 billion, combined with provision of core platform services to over 45 million monthly active end users and 10,000 yearly active business users in the EU. Core platform services subject to designation include online intermediation services, search engines, social networking, video sharing platforms, operating systems, web browsers, virtual assistants, cloud computing, and advertising services.

Companies meeting thresholds must notify the Commission, which can also designate gatekeepers qualitatively based on market analysis. Designated platforms face the full range of DMA obligations.

Core Obligations for Gatekeepers

The DMA imposes detailed behavioral obligations designed to prevent practices that entrench gatekeeper positions or disadvantage competitors. Gatekeepers must enable interoperability with their messaging services for competitors requesting access. Self-preferencing prohibitions prevent gatekeepers from favoring their own services over those of third parties in rankings and presentations.

Business users must receive access to their performance data and be allowed to offer products at different prices through other channels. App store operators cannot prohibit developers from linking to off-platform purchase options or require use of gatekeeper payment systems. These obligations directly address business practices that competition authorities have investigated but struggled to remedy quickly.

Data Portability and Interoperability

Gatekeepers must provide effective portability tools enabling end users to move their data to other services and provide continuous real-time access to data generated through platform use. For messaging services, gatekeepers must enable interoperability allowing users on competing platforms to exchange messages, voice calls, and eventually group messages and video calls with users of gatekeeper services.

The interoperability obligations phase in over time, with basic text messaging requirements applying first and more complex functionality following. Implementation raises significant technical and security questions regarding how to enable cross-platform communication while maintaining encryption and preventing abuse.

Enforcement Mechanisms and Penalties

The European Commission serves as exclusive enforcer for DMA compliance, conducting investigations, issuing compliance findings, and imposing penalties. Financial sanctions can reach 10% of worldwide turnover for initial violations, escalating to 20% for repeat offenses.

For systematic non-compliance, the Commission can impose behavioral or structural remedies including requiring divestitures to address identified harms. National authorities support enforcement through market investigations and complaint processing but cannot directly enforce DMA obligations. The centralized enforcement model ensures consistent interpretation while raising capacity concerns given the breadth of gatekeeper activities requiring oversight.

Implementation Timeline and Compliance

Following entry into force, companies had until July 2023 to notify potential gatekeeper status based on threshold assessments. The Commission then designated platforms and individual services, triggering six-month compliance periods for implementing required changes.

Gatekeepers must show compliance through detailed reports explaining how their practices meet obligations, with Commission review authority to challenge insufficient measures. The ongoing compliance requirement demands continuous monitoring and adaptation as the Commission interprets obligations and issues guidance. Legal and product teams at designated platforms should maintain close engagement with Commission proceedings and prepare for iterative compliance adjustments.

Competitive Implications and Market Effects

The DMA aims to improve competition in digital markets by reducing barriers that prevent smaller companies from challenging incumbent platforms. Business users gain negotiating use and reduced dependence on individual gatekeeper decisions. Consumers should benefit from increased choice, innovation, and potentially lower prices as competitive dynamics improve. However, the obligations create setup complexity that may affect service quality or features, and interoperability requirements raise security considerations requiring careful technical setup. Market observers are monitoring whether DMA achieves intended competitive benefits while managing unintended consequences.

Source material

More on this topic

Further reading from our research library.

Continue in the Compliance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Third-Party Risk Oversight Playbook

    Operationalize OCC, Federal Reserve, EBA, and MAS outsourcing expectations with lifecycle controls, continuous monitoring, and board reporting.

  • Compliance Operations Control Room

    Implement cross-border compliance operations that satisfy Sarbanes-Oxley, DOJ guidance, EU DORA, and MAS TRM requirements with verifiable evidence flows.

  • ESG Assurance Operating Guide

    Deploy credible ESG assurance across CSRD, SEC climate disclosure, and ISSA 5000 requirements with regulator-aligned controls, data governance, and audit-ready evidence.

Coverage intelligence

Published
Coverage pillar
Compliance
Source credibility
71/100 — medium confidence
Topics
Digital Markets Act · Platform Governance · Competition · European Union
Sources cited
2 sources (iso.org, federalregister.gov)
Reading time
6 min

Source material

  1. Industry Standards and Best Practices — International Organization for Standardization
  2. Federal Register Regulatory Notices
  • Digital Markets Act
  • Platform Governance
  • Competition
  • European Union
Back to curated briefings

Comments

Community

We publish only high-quality, respectful contributions. Every submission is reviewed for clarity, sourcing, and safety before it appears here.

    Share your perspective

    Submissions showing "Awaiting moderation" are in review. Spam, low-effort posts, or unverifiable claims will be rejected. We verify submissions with the email you provide, and we never publish or sell that address.

    Verification

    Complete the CAPTCHA to submit.