Digital Markets Act timeline: a roadmap to regulation

In recent years, authorities in the European Union have had concerns about the concentration of power and lack of competition in the digital market. This has prompted the introduction of regulations to ensure greater fairness and foster competition and innovation. One such regulation is the Digital Markets Act (DMA). This law sets out rules for digital platforms that act as gatekeepers. In this article, we examine the DMA timeline, from when the Act became law to when it took effect and the next steps in implementing the DMA.

The journey of the DMA began with the European Commission’s (EC) recognition of the need to address the challenges posed by dominant digital platforms, owned by companies that they designated as “gatekeepers”. In December 2020, the EC published a proposal for a regulation to promote fairer markets in the digital sector. This legislation would become the DMA. The proposal aimed to establish a comprehensive framework for regulating the behavior of gatekeeper companies and the influential platforms they operated, ensuring a more level playing field for all businesses and promoting innovation and consumer welfare.

The DMA was introduced together with the Digital Services Act (DSA) in the DSA Package. The DMA proposal received significant attention and underwent a thorough legislative process. It involved consultations, discussions, and negotiations with various stakeholders, including EU member states, the European Parliament, and industry representatives.

After an extensive deliberation process, the DMA received approval from both the European Parliament and the Council of the European Union. In July 2022, the European Parliament, sitting in plenary, voted in favor of the DMA with an overwhelming majority. The Council also endorsed the text, signifying the agreement of member states.

The final text of the DMA law was published in the Official Journal of the European Union on October 12, 2022, and it officially entered into force on November 1, 2022. This marked a significant milestone in the regulation of digital markets and the establishment of a new framework regulating the gatekeepers.

In May 2023, most of the DMA rules became applicable and on September 6, 2023, the European Commission designated the six gatekeeper companies that need to comply with the European Digital Markets Act. The gatekeepers are: Meta, Alphabet, Amazon, ByteDance, Apple, Microsoft. More companies may receive this designation in the future.

The DMA timeline extends into the future with important upcoming milestones. The gatekeepers have six months from the date of their designation to comply with the new obligations, until March 6, 2024. By this deadline gatekeepers are required to:

• adhere to the duties and restrictions outlined in Articles 5, 6, and 7, as stated in Article 3 (10)
• deliver a detailed report outlining the measures taken to guarantee compliance, as per Article 11
• present an audit to the EC that outlines the techniques used for customer profiling, in accordance with Article 15

Following an 18-month market investigation initiated either independently by the European Commission or upon the request of a minimum of three member states, the EC is required to submit a report. This report may result in any of the following actions:

• proposing a legislative amendment to introduce new Digital Services Act (DMA) provisions or additional obligations
• suggesting a delegated act for the inclusion of supplementary obligations within the existing framework outlined in Articles 12 and 19 of the DMA
• requiring mandatory consultation of Council and Parliament experts

By May 3, 2026, the European Commission is required to review the rules and report to the Parliament, the Council and the European Economic and Social Committee on any changes that need to be made.

For businesses, it is crucial to prioritize preparations for the DMA’s requirements, as they will significantly impact their future in the European digital market. To prepare for the DMA, follow these steps:

1. Begin by understanding the data your organization collects, how it is collected, used, shared, and with whom it is shared. Review your internal policies related to user data handling, obtaining user consent, and data usage, including any third-party data sharing agreements.

2. Ensure that your website or app is equipped with the necessary privacy tools, collects user consent in a compliant manner, and maintains a comprehensive and easily understandable privacy policy.

3. Consider implementing a privacy compliance solution that helps to achieve compliance with the DMA, such as the Usercentrics Consent Management Platform (CMP) or the Mobile App SDK.

The Usercentrics CMP is regularly updated and automated to help achieve compliance with all DMA requirements. Additionally, it assists organizations in adhering to the General Data Protection Regulation (GDPR), the primary data protection regulation within the European Union. The solution helps you to:

• securely and compliantly collect user consent
• respect user privacy and personal data
• analyze consent preferences to improve opt-in rates

Stay informed about future DMA updates and related developments by subscribing to Usercentrics’ newsletter.

By following these steps, your business can be well-prepared for the DMA’s requirements and changes in the European digital market.

Disclaimer:

Usercentrics does not provide legal advice, and information is provided for educational purposes only. We always recommend engaging qualified legal counsel or privacy specialists regarding data privacy and protection issues and operations.