Understanding the Digital Markets Act (DMA): Obligations for Gatekeepers and Large Platforms

In March 2024, the European Commission slapped designations on six major players—Apple, Amazon, Alphabet's Google, Meta, Microsoft, and ByteDance's TikTok—as gatekeepers under the Digital Markets Act. These companies now face strict rules to open up their platforms. If you're steering a tech business or advising one, grasping these changes matters. They reshape how platforms interact with users, developers, and rivals across the EU.

What is the Digital Markets Act?

The Digital Markets Act, or DMA, entered into force on November 1, 2022, with full application starting March 7, 2024. This EU regulation aims to foster fairer competition in digital markets dominated by a handful of powerful firms. It sets out ex-ante rules—meaning preventive measures applied before any harm occurs—unlike traditional antitrust laws that react after the fact.

Picture the digital economy as a vast ecosystem where a few giants control the gateways to users and data. The DMA targets this imbalance directly. It complements the Digital Services Act, which deals with illegal content and transparency in online platforms. Where the DSA polices the content flowing through these platforms, the DMA restructures the platforms themselves to prevent economic bottlenecks.

At its core, the DMA promotes contestability and fairness. Contestability means new entrants can challenge incumbents without barriers. Fairness ensures no undue favoritism skews the market. For instance, the regulation requires gatekeepers to share certain data under strict conditions, allowing smaller players to innovate without starting from scratch. This approach draws from years of EU investigations into tech mergers and practices, like the 2018 Google Android case that fined the company €4.34 billion for anti-competitive bundling.

Businesses operating in the EU should note the DMA's extraterritorial reach. Even non-EU companies qualify if they meet thresholds and provide services to EU users. This global pull affects U.S. and UK firms too, pushing them to align strategies across markets.

Who Qualifies as a Gatekeeper Under the DMA?

Gatekeepers aren't your average startups or mid-sized apps. The DMA defines them precisely to focus on the biggest influencers. A company earns this label if it operates at least one core platform service, such as a search engine like Google, an app store like Apple's, or a social network like Facebook.

The quantitative thresholds are steep. Firms need an annual turnover in the EU of at least €7.5 billion, or a market capitalization of €75 billion worldwide. They must also serve 45 million monthly active end-users in the EU and connect with 10,000 yearly active business users. These numbers reflect entrenched dominance—think platforms that have held sway for at least three years.

Qualitative factors seal the deal. The European Commission assesses if the service acts as a key entry point for business users to reach customers, or if it locks in end-users through network effects. For example, WhatsApp's value skyrockets with more users, creating a barrier for newcomers. In practice, the Commission presumed gatekeeper status for those hitting the numbers, but companies can rebut this with evidence of non-dominance.

As of now, the six designated gatekeepers control vast swaths of the market. Apple oversees iOS ecosystems reaching over 1 billion devices globally. Google processes billions of searches daily. These designations aren't static; the Commission can add more based on evolving markets, like emerging cloud providers.

Key Obligations: What Gatekeepers Must Do

Gatekeepers have a list of mandatory actions to promote openness. First, they must ensure interoperability. This means allowing third-party apps or services to work seamlessly with their platforms. Take messaging: WhatsApp now has to connect with apps like Signal, so users can chat across services without switching apps.

Another duty involves data access. Business users get real-time performance data generated on the platform, such as sales metrics or user engagement stats. For advertisers on Google or Meta, this levels the playing field by revealing insights previously hoarded. Gatekeepers must provide this data via APIs, ensuring technical feasibility and privacy compliance under GDPR.

User choice ranks high too. Platforms can't force default settings. Users should uninstall any pre-installed app and pick alternatives, like setting DuckDuckGo as their search engine on Android. For operating systems, this extends to allowing sideloading of apps outside official stores.

Direct communication gets a boost. Gatekeepers permit businesses to reach customers outside the platform, say via email or their own websites, without restrictions. This anti-steering rule helps sellers on Amazon build independent relationships. Overall, these obligations demand significant internal overhauls, from engineering teams building new interfaces to legal reviews of data-sharing protocols.

Prohibitions: What Gatekeepers Cannot Do

The DMA's bans hit at common anti-competitive tactics. Self-preferencing tops the list—no more bumping your own services to the top of search results. Google, for instance, can't favor Google Flights over competitors in travel queries, echoing past fines but now with proactive rules.

Data reuse faces tight controls. Gatekeepers can't combine personal data from different services without explicit consent. If you're logged into Facebook, Meta can't automatically use that data to target ads on Instagram unless you opt in. This protects privacy while curbing cross-service advantages.

Bundling and tying get the axe. Platforms can't force users to take multiple services together, like requiring a Google account for Android devices. App developers gain freedom to use external payment systems, bypassing Apple's 30% commission on in-app purchases.

Anti-steering provisions prevent platforms from blocking businesses from promoting better deals elsewhere. An Amazon seller can now direct customers to their site for discounts, without platform retaliation. These rules dismantle lock-in effects, but implementation varies—Apple's iOS changes, for example, include new fees for alternative app distribution.

Real-World Examples of DMA in Action

Apple's response to the DMA offers a clear snapshot. By late 2024, iPhones in the EU will support third-party app stores and alternative browsers. Developers can distribute apps directly, potentially slashing costs. Yet, Apple introduced a €0.50 core technology fee per install after the first million annually, sparking debates on whether it truly opens the market.

Google faces scrutiny over search rankings. The company must display equal treatment for rival comparison shopping services. In tests, this could mean a dedicated box for competitors alongside Google Shopping, increasing click-through rates for smaller players by up to 20% based on prior antitrust remedies.

Meta's WhatsApp interoperability rollout started in 2024 with text messages to other EU apps. Voice and video calls follow by 2025. This technical feat involves end-to-end encryption challenges, ensuring secure cross-platform communication without weakening privacy standards.

Amazon's changes hit seller data. The platform can't use non-public insights from third-party listings to develop competing products. A seller of electronics, for example, won't see their sales data fueling Amazon Basics items, giving independents breathing room to compete on price and innovation.

Penalties and Compliance Risks

Non-compliance carries heavy weights. The baseline fine hits 10% of global annual turnover—for Alphabet, that's over €24 billion based on 2023 figures. Repeat offenders face 20%, plus daily penalties up to 5% of average daily turnover until fixed.

Beyond fines, the Commission can mandate behavioral changes, like forcing data portability tools. Persistent issues might lead to structural remedies, such as divesting parts of the business. Though rare, this echoes U.S. cases like AT&T's breakup in the 1980s.

Companies get a grace period to comply post-designation, typically six months. Apple and others submitted compliance reports in September 2024, but investigations loom. The Commission already probed Apple's app store policies in July 2024, signaling swift action.

For executives, personal risks include director disqualifications in extreme cases, though the focus stays corporate. Proactive audits help mitigate these threats, identifying gaps early.

Enforcement: The Commission's Role

The European Commission holds sole enforcement power, bypassing national authorities for speed. It launches investigations based on complaints, its own initiatives, or market studies. Over 100 stakeholder inputs shaped initial designations.

Market investigations probe broader sectors, like cloud computing, to spot new gatekeepers. The process includes hearings and evidence gathering, with decisions appealable to EU courts. This setup avoids fragmented enforcement across 27 states.

Transparency defines the approach. The Commission publishes non-confidential investigation documents and holds public consultations. For businesses, this means monitoring the DMA dashboard on the Commission's site for updates.

Early enforcement tests the waters. In 2024, probes into Apple's steering rules and Meta's data access show the Commission's readiness. Fines could start flowing by mid-2025 if violations persist.

Benefits for Startups and Small Businesses

Smaller players reap direct gains. App developers access iOS without Apple's full cut, potentially saving millions. A U.S. startup building fintech apps can now integrate payments freely in the EU.

Data transparency empowers analytics. SMEs get platform-generated insights to refine strategies, like optimizing ad spends on Meta without blind spots. This data, once gated, now fuels growth.

Negotiation use rises. Platforms can't impose one-sided terms, so startups negotiate fairer contracts. For UK firms post-Brexit, aligning with DMA principles aids EU market entry.

Overall, the DMA creates openings. A Berlin-based e-commerce tool, for instance, uses interoperable APIs to connect with multiple marketplaces, scaling faster than before.

Challenges and Criticisms Facing the DMA

Tech leaders voice security worries. Interoperability might expose vulnerabilities, as seen in WhatsApp's cautious rollout to avoid encryption breaches. Balancing openness with safety remains tricky.

Innovation concerns surface too. Rules on data use could limit AI training, where vast datasets drive progress. Critics like the Computer & Communications Industry Association argue overreach hampers EU competitiveness against U.S. and China.

Implementation hurdles abound. Gatekeepers complain of vague terms, like defining 'fair' access. Smaller EU states push for clarity to avoid uneven effects.

Yet proponents counter that these rules spur true innovation by diversifying markets. Early signs, like increased developer interest in alternative stores, suggest positive shifts amid the debates.

Practical Tips for DMA Compliance

Start with a compliance audit. Map your services against core platforms and thresholds. Engage legal experts to review user data flows and interoperability readiness.

Build technical safeguards. Invest in API development for data sharing, testing for GDPR alignment. Train teams on new user choice features, like default changers.

Foster transparency. Update privacy policies and notify users of changes. For businesses, create dashboards for data access requests.

Stay informed. Track Commission guidelines, expected quarterly. Join forums like the DMA Stakeholder Forum for peer insights. Numbered steps: 1. Assess status. 2. Gap analysis. 3. Implement changes. 4. Monitor and report.

Frequently Asked Questions

Does the DMA apply to non-EU companies?

Yes, it does. Any company providing core platform services to EU users qualifies if it meets the thresholds, regardless of headquarters. U.S. firms like Apple must comply for their EU operations. This ensures the rules curb global dominance affecting European markets. Non-compliance risks fines based on worldwide turnover, so global strategies need EU alignment.

How will the DMA affect app developers?

Developers gain big. They can use alternative payments, avoiding high commissions, and distribute via third-party stores. On iOS, this means direct EU sales without App Store exclusivity. Expect more choices, but watch for new fees like Apple's install charges. Actionable step: Review contracts for steering clauses and prepare multi-platform launches.

What if a company believes it's wrongly designated as a gatekeeper?

Companies can rebut the presumption during designation. Submit evidence showing no systemic market power, like low user lock-in. Post-designation, appeal to the General Court within two months. Microsoft, for example, accepted its label but monitors for changes. Legal advice is key—gather market share data and user behavior studies early.

Will the DMA influence regulations outside the EU?

It already does. The UK's Digital Markets, Competition and Consumers Act mirrors DMA elements, targeting big tech similarly. U.S. bills like the American Innovation and Choice Online Act draw inspiration. For professionals, this means cross-border compliance plans. Watch for harmonization, as global platforms adapt once to serve multiple regions.