Home Resources Articles Digital Markets Act (DMA) for startups: benefits and challenges

Digital Markets Act (DMA) for startups: benefits and challenges

With the Digital Markets Act (DMA) in effect, what challenges and benefits can start-ups and SMEs that rely on gatekeepers’ digital platforms expect on the road to compliance? We provide insights and tips.
by Usercentrics
Jun 18, 2024
Table of contents
Show more Show less
Book a demo
Learn how our consent management solution can improve privacy and user experience for your users.
Get your free data privacy audit now!

As the digital landscape continues to evolve, startups and small to medium-sized enterprises (SMEs) face unique challenges in establishing and maintaining their data privacy practices and competing with larger companies in digital markets.


The introduction of the Digital Markets Act (DMA) by the European Commission brought both opportunities and hurdles for these businesses as it aims to promote fair competition while enhancing data privacy and protection.


We’ll explore what you need to know to comply with the DMA, including the benefits and challenges that the Act presents for startups and SMEs. Understanding these factors will help you to better navigate the new regulatory landscape.

Digital Markets Act (DMA) benefits for startups and SMEs

The DMA aims to foster fairness and competition by improving SME access to markets, audiences, and data, and increasing opportunities for innovation for companies in the EU or accessing EU markets.


This is while simultaneously providing more extensive data protection and greater transparency for customers. Here are the top benefits that the DMA brings to startups and SMEs.

Enhanced market access


The DMA aims to help startups and SMEs have fairer and more equal access to digital markets. By targeting the six designated gatekeepers — large tech corporations like Meta and Google that have outsized reach and influence — the DMA promotes competition with a number of requirements to open up access to data and prevent preferential practices.


The goal is to prevent unfair practices that can hinder smaller players from reaching their target audiences and accessing the data they need to grow.

Increased innovation opportunities under the DMA


With the DMA in place, startups and SMEs can work toward a more innovative ecosystem. By deterring anti-competitive behaviors and enabling access to more resources, smaller entities can embrace a culture of innovation and knowledge exchange.

How the DMA requires safeguarding of user data


One of the DMA’s core objectives is to require additional protections for user data and privacy. While the regulation directly requires gatekeepers to comply — companies that have received extensive scrutiny by European data protection authorities — those companies have millions of customers, so to achieve and maintain compliance, their customers must meet privacy standards as well.


Data privacy requirements are expected to widely “trickle down.” Companies like Google are requiring their customers to implement data privacy measures and tools to enable compliantly obtaining user consent and signaling it to Google services, like those for advertising and analytics.


Beneficially, compliance with the DMA helps smaller businesses have access to the same consented data as large enterprises, enabling both privacy compliance and data-driven marketing operations.

Enhanced transparency with DMA requirements


The DMA introduces stricter transparency requirements for the designated gatekeepers, helping startups and SMEs gain clearer insights into how platforms are designed to work (e.g. algorithms), audience activities, and other valuable data that affects these third parties.

Access to data portability under the DMA


The DMA requires enablement of data portability. That is a potential boon to smaller companies on the competitive front, as it means customers have easier access to their data and can move it from one company to another.


This means consumers have better access to competitive pricing, innovative features, and more, and aren’t locked into one company’s products, services, or ecosystem. Large players can’t necessarily retain their customers anymore just because they aren’t able to leave without significant expense and disruption.

The DMA’s streamlined complaint mechanisms


The DMA requires establishment of transparent and efficient complaint mechanisms and dispute resolution so gatekeepers can’t restrict or prevent SMEs or end users from raising noncompliance issues with public authorities.


As SMEs tend to have limited resources, including legal ones, this is an important tool to help them operate and compete with companies that have much much more influence and reach.

Embrace transparency to build trust

Transparency is a core requirement of the Digital Markets Act, and is also the cornerstone of successful monetization strategies in business online. As a startup or SME you can leverage the DMA to enhance transparency and build trust with your customers. It can also be easier for smaller companies to provide comprehensive transparency about business practices and data use, as there are fewer “moving parts”.


Startups and SMEs also often have a less formal brand and messaging, which can make it easier and on-brand for notifications about data use, consent, and user rights to be clear, accessible, and easily understood.


By clearly communicating your data handling practices, privacy policies, and consent mechanisms, you demonstrate a commitment to respecting consumers and protecting user privacy. This can be critical in early phases when every new customer really counts.


These practices foster trust, which in turn leads to development of a more trusted brand to attract prospects, stronger customer loyalty, higher engagement over time, and increased monetization opportunities.

Creating transparency with the DMA law in practice


Per the requirements of the DMA (and related laws like the GDPR), in addition to clearly communicating about your data handling and consent management practices, there are other obvious areas where being transparent is a best practice.


  • Clearly communicate pricing, tiers, and any supplemental fees associated with your services (including when there are changes, and how the transition from free trial to paid plan works)
  • Provide transparent information about your business practices and policies (in addition to privacy)
  • Publish customer reviews and testimonials to showcase social proof
  • If relevant, provide multiple product or service tiers that customers can grow into, as they may not need a “premium” offering right away (your customers want to scale as much as you do)
  • Offer a money-back guarantee or a free trial to reduce risk for potential customers, in addition to making migration as seamless as possible

How to be transparent about data use and build trust


For example: a startup offering a mobile app. By implementing clear and concise privacy notices, providing granular control over data sharing, and obtaining explicit consent for targeted advertising, the startup can establish itself as a trustworthy brand in the eyes of its users. And with clear plans and pricing and a super easy migration process from competitors services, it makes the startup a very attractive choice.

Understand the gatekeepers’ obligations under the DMA and how they affect your business.

Achieve data privacy compliance with the GDPR and DMA.

Leveraging the DMA to unlock your business potential

If you’re a startup or SME growing in digital markets in the EU, you can capitalize on the advantages of the DMA. Follow these straightforward steps to unlock your business potential.

  1. Get a free data privacy audit for your website.
  2. Understand where you stand on GDPR compliance — the regulatory framework with which the DMA aligns.
  3. Confirm the third-party requirements levied by all gatekeeper companies you do business with, e.g. for digital advertising or marketplaces.
  4. Map out changes to your data handling and privacy compliance operations to enable your organization to meet DMA (and gatekeepers’) requirements for the platforms and services you use.

If you haven’t implemented a consent management platform (CMP) already, it should be your number one priority. Adopting a consent solution for your website(s) and app(s) that enables you to meet gatekeepers’ DMA requirements for their customers will help ensure your continued use of the gatekeepers’ core platform services.


Using these solutions, you can obtain and signal explicit user consent to collect, process, and share any personal data obtained via these platforms.

Prepare for Digital Markets Act Compliance

Usercentrics’ fully customizable and flexible CMP seamlessly integrates with many CMS platforms, core platform services, and more

Harness the potential of data-driven insights


Data is the lifeblood of the digital economy, and as startups or small businesses you may have access to valuable streams of user data. The Digital Markets Act emphasizes the importance of data access and portability, helping to level the playing field for smaller players.


By obtaining high quality consented data, you can leverage data analytics and insights to make more informed decisions to optimize your monetization strategies. Understanding user behavior, preferences, and trends enables you to tailor your offerings, improve customer experiences, and drive higher conversions.

Increasing customer visibility with data analytics


  • Collect and analyze customer data (with required consent) to understand their needs, preferences, and behaviors
  • Use data to personalize and optimize your offerings, pricing, and marketing strategies
  • Analyze data to identify trends and gaps — opportunities for new revenue streams or areas for business growth
  • Consider offering data analytics or insights as a separate service to generate additional revenue

How to use data to increase sales


An example: a fashion ecommerce startup can analyze customer browsing patterns and frequency, as well as purchase history (including both information about the items purchased, and payment information), to offer personalized recommendations and targeted promotions. More broadly, they can identify key demographics, how they shop online, and what they’re interested in seeing or buying.


By leveraging data-driven insights, the startup can increase cross-selling opportunities, boost customer satisfaction, potentially build relevant partnerships, and ultimately drive revenue growth.

Stay agile and innovate

Startups and SMEs must remain agile and embrace innovation to stay ahead of the competition, even more so than well-known or established brands (which are also competition). Fortunately, smaller companies are often more agile than bigger ones, which, having gained success and market dominance, may focus less on innovation and getting ahead of changing trends.


The Digital Markets Act encourages innovation by promoting interoperability and helping to ensure fair access to essential digital platforms and services. By continuously exploring emerging technologies, experimenting with new business models, delivering excellent and creative customer experiences, and adapting to or getting out ahead of market trends, startups can seize monetization opportunities that others might overlook. Never ignore the opportunities of first-mover advantage.

Continuous innovation in practice


There are a number of ways that startups and SMEs can stay agile and gain first-mover advantage, even in markets with huge dominant players.

  • Continuously monitor market trends and customer needs to identify new monetization opportunities, including outside the usual channels, which may not pick up on more niche or “left field” developments
  • Experiment with different pricing models, such as freemium, tiered pricing, or subscription-based models
  • Regularly update and improve your products or services based on customer feedback, but be sure to continue to be the driver of your own strategy
  • Stay ahead of competitors by investing in research and development to introduce new features or offerings, also test early and often to find true potential
  • Use requirements of laws like the DMA as marketing opportunities — make sure customers and prospects know about data portability when you tell their about your great new services and pricing

How to explore technology to seize monetization opportunities under the DMA


An example: a software-as-a-service (SaaS) startup offers project management tools. By integrating with popular collaboration platforms and leveraging emerging technologies, like artificial intelligence, the startup can enhance its offerings, attract new customers, and position itself as a leader in its market segment. They can also advertise how easy they make it to migrate from major competitive platforms.

Potential DMA challenges for small businesses and startups

Navigating the privacy requirements of the DMA as they apply to third-party customers of the gatekeepers can be daunting for startups and small businesses.


Smaller companies need to focus on growth and their core business and have limited resources technically, legally, and otherwise. At the same time, the financial and reputational risks of privacy noncompliance cannot be ignored.

Staying ahead of compliance regulations


The DMA contains complex requirements that will be updated as technologies, the legal landscape, and ecommerce evolve.


Keeping up with its provisions — like ensuring your website is compliant with the DMA — demands ongoing monitoring and the means to adapt your processes, policies, and technologies quickly. This can be particularly challenging for startups and SMEs.

Compliance costs


There may be added costs to achieving and maintaining privacy compliance, like implementing a consent management platform. Consulting with qualified legal counsel and/or a privacy expert is also strongly recommended if your company doesn’t have these resources in-house.


These actions do have a cost, but compared to privacy noncompliance fines or losing access to platforms and ad revenue, for example, could be far more costly. Retaining full access to gatekeepers’ products and services, along with additional data and audience access, can help your company grow faster, as can building trust with your customers and prospects by clearly demonstrating respect for data privacy. The DMA also presents some opportunities for monetization.

Ensuring data protection and data privacy


Data protection, privacy, and user consent management are central to the DMA’s requirements, for gatekeepers’ customers all the way through the ecosystem to the end user. Your startup or SME will need to adjust its operations if it hasn’t yet to ensure it has robust data protection and secure user consent processes in place to comply with the Act.


While the DMA applies in the EU, Google, for example, has already expanded requirements for compliance, so companies doing business with UK and Swiss residents will also need to meet privacy standards.


It’s a best practice to implement strong data privacy operations globally, as the likelihood is strong that your company will need to operate to these standards globally before long.


This may involve data operations auditing, implementing advanced security protocols, updating policies, training teams, and continuously monitoring data handling practices. A CMP can go a long way toward helping to meet these requirements and maintain high data privacy standards.

DMA compliance tips for startups

Meeting the requirements of the DMA and the gatekeepers can help your startup mitigate risks and build trust with its users. Here are some key strategies for getting — and staying — compliant:

  • Get a high-level view of your compliance: Use a compliance checklist to gauge how compliant you are with the various data privacy regulation provisions. A number of DMA requirements overlap with other EU regulations, including the GDPR and ePrivacy Directive. If you’re already GDPR-compliant, you have likely already done much of the necessary work.
  • Conduct a data privacy audit: Use a tool to audit your data privacy practices to identify potential compliance gaps and areas for improvement. Also check your operations to ensure data is only accessed when and by whom it’s needed, and that your security measures are adequate for the types and volume of data you process.
  • Adopt a consent management platform: Use a reliable and scalable CMP to automate and streamline the process of obtaining and managing user consent. A solution like Usercentrics CMP also comes with Google Consent Mode v2 integrated, enabling you to compliantly signal user consent information to Google services to meet their requirements.

Meet Digital Markets Act (DMA) compliance with Usercentrics

The DMA aims to foster innovation and promote fair competition among online businesses while protecting users’ rights and personal data. However, it also introduces potentially complex requirements for startups and SMEs.


As a small business, you need to navigate the evolving digital landscape while ensuring robust customer data protection, all while managing the costs associated with DMA compliance and maintaining focus on your core business and growth.


By integrating a reliable CMP into your tech stack, you can streamline your compliance efforts, build customer trust, and gain a competitive advantage. You also safeguard your online revenues and potentially create new streams by taking advantage of DMA requirements like those for data portability and gatekeepers’ operational transparency.


Usercentrics CMP enables startups and SMEs to achieve DMA compliance with gatekeepers’ requirements by automating consent management processes, enabling transparent data practices, and safeguarding user privacy.

Prepare for Digital Markets Act compliance

Usercentrics’ fully customizable and flexible CMP seamlessly integrates with many CMS platforms, core platform services, and more


What is DMA compliance?

DMA compliance requires meeting the requirements of the Digital Markets Act or DMA. The DMA explicitly targets large gatekeeper tech companies, but those companies can and have levied their own requirements on their millions of customers to ensure end to end privacy compliance in the digital ecosystem.

The DMA aims to promote fair competition and user rights and data privacy in digital markets. Here are some aspects of compliance under the DMA.

  • Adopting transparent data practices and managing user consent
  • Facilitating data portability and interoperability
  • Preventing anti-competitive behaviors
  • Ensuring equal market access for smaller businesses

For startups and SMEs, this means potentially updating your business practices to align with these requirements and those from the gatekeepers, investing in necessary technologies, and continuously monitoring for regulatory updates. It also means taking advantage of increased transparency and flexibility for customers to make your company’s offerings an attractive option.

What are the implications of the Digital Markets Act?

The DMA has far-reaching implications for businesses, particularly startups and SMEs. It contains provisions that prevent gatekeepers — six large businesses with significant influence in their industry — from engaging in unfair practices, thereby enabling smaller companies to better compete with industry giants. The DMA is in effect in the EU, but already its effects and privacy requirements are spreading and becoming influential.

In line with this, the DMA encourages innovation by fostering a more innovative environment and deterring anti-competitive behaviors.

It also enhances data protection and privacy for consumers by requiring businesses to implement stringent consent management and data handling practices. This is ultimately envisioned to increase transparency and data protection among businesses, and between businesses and consumers.

Who are gatekeepers under the Digital Markets Act?

The DMA defines gatekeepers as “large digital platforms providing any of a predefined set of digital services (‘core platform services’), such as online search engines, app stores, and messenger services.” The current gatekeeper companies are: Alphabet (parent company of Google), Apple, Meta (parent company of Facebook, Instagram, and WhatsApp), Amazon, ByteDance (parent company of TikTok), and Microsoft.

As these companies have substantial influence and reach, and millions of smaller companies rely on access to their platforms and services, the DMA aims to provide smaller companies with greater access to the gatekeepers’ resources and prevent anti-competitive actions by the larger companies.

Start your 30-day free Usercentrics CMP trial

Achieve data privacy compliance with the GDPR and DMA.

DMA related pages
Show more

Related Articles


Understanding the Washington My Health My Data Act: a comprehensive guide

The Washington My Health My Data Act is a state-level data privacy law that focuses solely on consumer health...


APIs, CMS integration, and CMPs for DMA compliance

APIs, content management systems and consent management platforms working together can help you achieve compliance with...