Achieve compliance with the European Digital Markets Act (DMA)

The Digital Markets is a regulation developed by the European Commission that applies to large tech companies operating in the European Union, such as Google and Amazon. The law aims to foster competition and innovation and improve fairness for companies operating in digital markets. The DMA requires increased improvements in transparency, data sharing, and platform interoperability, as well as for consumer choice and data privacy.

Under the DMA seven large, influential tech companies have so far been designated “gatekeepers”. This means they have specific obligations under the law. However, many third-party companies rely on the gatekeepers’ platforms and services, e.g. for advertising, and will also have obligations to ensure compliance, like for data privacy and consent.

The Digital Markets Act officially came into force November 1, 2022, with most of its rules active by May 2023. The European Commission designated the first six gatekeepers on September 6, 2023, and Booking.com on May 13, 2024. The original gatekeepers had until March 6, 2024 to comply with the Digital Markets Act. Booking.com has until November 13, 2024.

The Digital Markets Act applies to gatekeepers and third parties doing business with them that operate in the European Union, European Economic Area and United Kingdom. The law also applies to consumers living in those regions.

The Digital Markets Act applies to companies that own and operate large online digital platforms and services that meet the EC’s criteria, including the size of their user base, significant impact on digital markets, influence over innovation, how they act as intermediaries between businesses and users, and their durable position of power in digital markets. These platforms and services have been designated as “gatekeepers” and will be subject to enhanced regulatory obligations and scrutiny under the DMA.

The seven gatekeepers designated by the European Commission to date are:

• Alphabet (owner of Google and Android)
• Amazon
• Apple
• Booking.com
• ByteDance (owner of TikTok)
• Meta (owner of Facebook, Instagram, WhatsApp, and others)
• Microsoft

This list is likely to continue grow and change in the future. Although the Digital Markets Act applies directly to these gatekeepers, many businesses work with and rely on their platforms and services. These third parties need to understand the law and its possible applications to their business, e.g. obtaining valid user consent. The gatekeepers will communicate and impose their own requirements of partners and customer companies to ensure Digital Markets Act compliance.

The Digital Markets Act primarily focuses on developing digital markets that are more transparent, more fair to smaller businesses, and more competitive overall. The Act also aims to better protect user privacy and consumer choice.

Overall, the DMA should help smaller players to grow and innovate in digital markets in the EU to compete with the big tech platforms, and prevent the gatekeepers from using their power and reach to control operations and growth of smaller organizations that rely on them.

These sites, software, and services are owned and operated by the gatekeepers, and are integral to digital business operations and online activities for millions of companies and consumers. The CPS include online search engines, operating systems, web browsers, voice assistants, online social networks, video sharing platforms, and more. To date 23 core platform services (CPS) have been identified under the Digital Markets Act, though the list is likely to continue to grow and change over time:

• 6 intermediary platforms (Amazon Marketplace, Google Maps, Google Play, Google Shopping, iOS App Store, Meta Marketplace)
• 4 social networks (Facebook, Instagram, LinkedIn, TikTok)
• 3 online advertising services (Amazon, Google, and Meta)
• 3 most popular operating systems (Google Android, iOS, Windows PC OS)
• 2 large communication services (Facebook Messenger and WhatsApp)
• 2 web browsers (Chrome and Safari)
• 1 search engine (Google)
• 1 video sharing platform (YouTube)
• 1 online travel agency (Booking.com)

The Digital Markets Act levies a number of obligations on gatekeepers. However, broadly, these are the main ones that will require compliance:

• eliminate anti-competitive or unfair business practices toward smaller companies
• provide access to data that their platforms and services generate or that’s gathered on them
• ensure interoperability and portability for consumers and businesses
• prevent favoring their own or specific partners’ products or services

Digital Markets Act compliance will require the gatekeepers to update their operations and conditions for use of their platforms and services. This work may require significant investment in legal resources, technology infrastructure and staffing. This will likely lead to increases in operating costs, at least for a while. However, the gatekeepers have substantial resources and ways to recoup investment costs.

The Digital Markets Act can also result in significant fines or other penalties for noncompliance, which could be a further financial burden for gatekeepers.

For smaller companies, noncompliance could result in loss of access to the gatekeepers platforms and services, which could cause serious financial problems, as it would deny access to users, data, and revenue streams like advertising.

However, over time the DMA should help foster innovation and bring growth to smaller companies operating in the EU as the business playing field is leveled and they take advantage of additional data, larger potential audiences and new opportunities.

Consumers and users of digital platforms and services in the EU are likely to see more competitive pricing and more innovation in the CPS they use. It will become easier for them to switch providers and take their data with them. Consumers will have more control over the apps and services they use, and in customizing their user experience. They will also have additional data privacy and protection and choices regarding granting use of their personal data.

Prior consent for access to personal data is a key part of the Digital Markets Act’s requirements, so consent management is important to compliance there. Gatekeepers will need to ensure they obtain compliant consent from users, and will require third parties using their platforms and services to be able to prove that they obtain compliant consent as well.

Signally this consent can be done with existing tools, e.g. via Google Consent Mode for Google’s platforms. A consent management platform like Usercentrics CMP enables companies to obtain valid user consent for cookie and tracker usage, securely store the information, and signal it to gatekeepers. It also enables users to change their consent preferences in the future, and ensures that consent data is available to data protection authorities, who may perform compliance audits.

The Digital Markets Act joins a number of regulations and frameworks already in force in the EU, so good coordination will be critical to ensure compliance and enforcement and not put an undue burden on companies.

The DMA is designed to complement existing regulations like the GDPR, which are well established. The European Commission, which will enforce the Digital Markets Act, will be working closely with other regulatory bodies to ensure harmonization and coordination. These will include national competition and data protection authorities. Regular consultations and mechanisms to enable good cooperation will be set up for information exchange, alignment where enforcement actions are required, and to address any inconsistencies or overlaps among the Digital Markets Act and other regulatory frameworks.