The Digital Markets Act Explained

• Introduction
• Chapter 1: What is the Digital Markets Act?: An Overview for the Modern Business
• Chapter 2: The "Why" Behind the DMA: Understanding the Push for Fairer Digital Markets
• Chapter 3: Are You a "Gatekeeper"?: Identifying the Key Players
• Chapter 4: The Core Platform Services at the Heart of the DMA
• Chapter 5: The Designation Process: How a Company Becomes a Gatekeeper
• Chapter 6: Key Differences: DMA vs. Traditional Antitrust Law
• Chapter 7: The "Do's": A Breakdown of Gatekeeper Obligations
• Chapter 8: The "Don'ts": Understanding the Prohibitions for Gatekeepers
• Chapter 9: Interoperability Explained: Connecting Messaging Services and Social Networks
• Chapter 10: Data Portability: Empowering Users and Businesses to Move Their Data
• Chapter 11: Fair Access: Rules for Business Users on Gatekeeper Platforms
• Chapter 12: The End of Self-Preferencing: Ensuring a Level Playing Field
• Chapter 13: App Stores and Sideloading: New Opportunities for Developers
• Chapter 14: Transparency in Digital Advertising: What Businesses Need to Know
• Chapter 15: The Ban on Tying and Bundling Services
• Chapter 16: How the DMA Impacts Data Collection and Usage Strategies
• Chapter 17: Compliance and Auditing: Proving You Play by the Rules
• Chapter 18: The European Commission: The DMA's Investigator and Enforcer
• Chapter 19: The Consequences of Non-Compliance: Fines and Penalties
• Chapter 20: How to Raise a Concern or Complaint Under the DMA
• Chapter 21: Strategic Implications for Businesses Not Designated as Gatekeepers
• Chapter 22: Engineering for Compliance: Technical Adjustments in a Post-DMA World
• Chapter 23: The Impact on Innovation and Start-ups in the EU
• Chapter 24: A New Deal for Consumers: How the DMA Affects End Users
• Chapter 25: The Global Ripple Effect: The Future of Digital Regulation Beyond the EU

If you’ve ever tried to launch a new app, sell a product online, or even just switch from one messaging service to another to chat with a friend, you’ve likely bumped into an invisible wall. It’s a wall built by the very platforms that are supposed to connect us. You want your new product to be found? You have to play by the rules of a specific online marketplace or search engine. You developed a killer app? Getting it onto your customers’ phones means going through an app store that takes a significant cut of your revenue and dictates the terms. You simply want to text a friend who uses a different app? Too bad. You both need to be on the same one. For years, this has simply been the cost of doing business—and living—in the digital age.

The digital world, for all its promise of open access and limitless connection, has become dominated by a handful of very large, very powerful companies. These companies run the essential services that underpin much of the modern economy: the search engines we use to find information, the social networks where businesses build their brands, the app stores that are the primary gateway to mobile customers, and the operating systems that run our devices. They have become the modern equivalent of medieval lords who controlled the key bridges, mountain passes, and marketplaces. To get your goods to market, you had to pass through their gates and pay their tolls. In the twenty-first century, these digital gatekeepers control the flow of data, commerce, and communication. Their influence is so profound that they can make or break a new business, shape consumer choices, and even stifle the next wave of innovation.

This concentration of power has not gone unnoticed. For years, smaller businesses have complained about unfair practices, developers have bristled at restrictive terms and conditions, and consumers have become increasingly aware of how little choice they truly have. Regulators, particularly in the European Union, have been watching closely, launching lengthy antitrust investigations and levying massive fines against some of the biggest names in tech. However, these traditional methods have often felt like playing a game of whack-a-mole; by the time one issue was resolved after years of legal battles, the market had already shifted, and new problems had emerged. It became clear that a new approach was needed—one that didn't just punish past behavior but set clear rules for the future.

Enter the Digital Markets Act, or DMA. This book is your guide to understanding this landmark piece of European legislation. The DMA is the EU's ambitious attempt to rewrite the rules of the digital economy, to make it fairer and more open for everyone. It officially entered into force on November 1, 2022, with its rules becoming applicable on May 2, 2023. It represents one of the most significant regulatory overhauls of the digital sector anywhere in the world, aiming to foster innovation and ensure a level playing field for all businesses, big and small. The core idea is simple: if you are a massive digital platform that acts as a primary gateway between businesses and consumers, you have special responsibilities. You can no longer use your power to give your own products an unfair advantage or lock users and businesses into your ecosystem.

But let’s be clear about what this book is—and what it isn’t. This is not a legal textbook for lawyers filled with dense citations and convoluted interpretations of obscure clauses. If that’s what you’re looking for, you’re in the wrong place. Instead, this book is designed for the people on the front lines of the digital economy: the entrepreneurs with a disruptive idea, the engineers building the next great app, the marketing manager trying to reach new customers, and the business owner who relies on digital platforms to survive and thrive. It’s for anyone who doesn't have a law degree but needs to understand how this new regulatory landscape will impact their work, their business, and their future. We will translate the legalese into plain English, focusing on the practical implications of the DMA.

Our goal is to demystify the DMA, breaking down its complex provisions into understandable concepts. We will explore what it means to be a "gatekeeper," the specific companies that have been given this designation, and the core platform services they provide that are now subject to these new rules. As of September 2023, the European Commission designated six companies as gatekeepers: Alphabet (Google's parent company), Amazon, Apple, ByteDance (the owner of TikTok), Meta (which owns Facebook, Instagram, and WhatsApp), and Microsoft. Later, Booking.com was also added to the list. These companies now have a list of "do's and don'ts" they must follow, and we will unpack exactly what those obligations and prohibitions are.

Throughout this book, we will maintain a straightforward and engaging style. We’ll use analogies and real-world examples to illustrate key points. Where appropriate, we might even inject a little humor, because let's face it, regulations can sometimes be painfully dry. Our focus will always be on the facts, presenting them plainly without sermonizing. This isn't about whether the DMA is "good" or "bad"—it's about what it is and what it does. We will provide a neutral, factual guide to help you navigate the changes and identify the new opportunities and challenges that lie ahead. The aim is to empower you with knowledge, so you can make informed strategic decisions for your business or project.

This book is structured to take you on a logical journey through the DMA. We'll start with the fundamentals in the initial chapters, explaining the "why" behind the regulation and defining its key concepts, like "gatekeepers" and "core platform services." From there, we'll dive into the heart of the legislation: the specific obligations and prohibitions that gatekeepers must now adhere to. These are the rules of the road that are already reshaping the digital marketplace. We’ll dedicate chapters to crucial topics like interoperability for messaging services, data portability for users and businesses, and the end of self-preferencing, where gatekeepers can no longer unfairly favor their own products.

We’ll explore the practical impact of these changes on various aspects of business and technology. For software developers and engineers, we will look at what the new rules for app stores, including the potential for "sideloading," actually mean for you. For advertisers and marketers, we will break down the new transparency requirements in digital advertising. For business strategists, we’ll analyze how the restrictions on data collection and the ban on tying services together will force a rethinking of long-standing business models. We want to provide concrete insights that you can apply directly to your work.

Of course, rules are only as effective as their enforcement. We will dedicate chapters to understanding the role of the European Commission, which acts as the primary investigator and enforcer of the DMA. We'll look at the significant fines and penalties for non-compliance, which can be as high as 10% of a company's total worldwide annual turnover, and even up to 20% for repeated infringements. This gives the regulation some serious teeth. We’ll also guide you on how smaller businesses or individuals can raise concerns or file complaints if they believe a gatekeeper is not playing by the new rules.

Crucially, this book is not just for those who interact directly with gatekeepers. The ripple effects of the DMA will be felt far and wide. Therefore, we will also consider the strategic implications for businesses that are not designated as gatekeepers. The DMA is designed to create a more contestable market, which means new opportunities for smaller players and startups to compete. Understanding the new landscape is essential for anyone looking to innovate or grow in the European digital market. We will also touch on what this means for consumers, who are promised more choice and control over their data.

Finally, we'll look at the bigger picture. The DMA is not just a European affair. It is part of a global trend of increased scrutiny of the tech sector and is likely to influence regulations in other parts of the world, a phenomenon sometimes referred to as the "Brussels effect." Understanding the DMA is therefore not just about compliance within the EU; it’s about understanding the future direction of digital regulation globally.

So, whether you are an engineer designing a product, a business leader charting your company’s course, or simply a curious observer of the digital world, this book is for you. It is your practical guide to one of the most important legal frameworks of our time. Let’s pull back the curtain on the Digital Markets Act and discover what it means for the future of digital business.

Imagine the internet is a massive, sprawling city. Some companies own the foundational infrastructure: the main roads, the biggest marketplaces, the public squares, and the postal service. Now, what if those companies also owned shops and delivery services that used that same infrastructure? And what if they designed the roads to steer traffic to their own stores, made it difficult for other delivery services to use the best routes, and built the marketplaces so their own products always appeared at the front? For years, that’s essentially how the digital economy has worked. A few giant tech companies built the essential pathways of the modern internet and, as a result, have had an enormous say in who succeeds and who fails. The European Union’s Digital Markets Act (DMA) is a bold, first-of-its-kind attempt to redraw the map of this digital city.

At its heart, the DMA is a rulebook for the largest digital platforms, which it calls “gatekeepers.” It’s not about punishing them for being successful; rather, it’s about acknowledging that their size and influence give them a special responsibility to keep the market fair for everyone. The DMA sets out a clear list of “do’s and don’ts”—proactive rules designed to prevent these powerful companies from using their gatekeeper status to shut out competitors and limit consumer choice. The stated goal is to make digital markets “contestable and fair.” In simple terms, the EU wants to ensure that smaller businesses have a fair shot at competing and that users have more freedom and choice online.

This legislation represents a fundamental shift in how regulators are approaching the tech industry. It’s a move away from the old way of doing things, which often involved long, drawn-out legal battles, and toward a new, proactive model. The DMA officially entered into force on November 1, 2022, and its rules became applicable on May 2, 2023. By March 7, 2024, the first group of designated gatekeepers had to be in full compliance with the new obligations, marking a new era for digital business in Europe. This chapter will provide a bird’s-eye view of what the DMA is, how it works, and why it matters to any business or engineer operating in today’s digital world.

Not Your Typical Regulation: A Proactive Rulebook

To understand the DMA, it’s crucial to distinguish it from traditional antitrust or competition law. For decades, regulators have used antitrust laws to tackle anti-competitive behavior. Think of this as the legal equivalent of police and firefighters. They typically respond after a problem has occurred—a price-fixing scheme has been uncovered, or a company has illegally monopolized a market. These investigations are reactive; they look backward to punish wrongdoing and try to restore competition, a process that can take many years of legal wrangling. By the time a case is resolved, the market may have already been permanently altered, and the damage done.

The DMA, on the other hand, is designed to be proactive. It’s more like a building code. Instead of waiting for a building to collapse, a building code sets out the rules in advance—specifying the strength of materials, the number of fire exits, and the standards for electrical wiring—to ensure the structure is safe and sound from the outset. The DMA applies this logic to the digital economy. It doesn’t wait for a gatekeeper to abuse its power; it establishes a set of obligations and prohibitions up front to prevent unfair practices from happening in the first place. This is what is meant by an ex-ante regulatory framework—the rules are known ahead of time.

This forward-looking approach is intended to be faster and more effective in the fast-paced digital sector, where markets can change in the blink of an eye. The DMA is not trying to prove that a company is a "monopoly" in the traditional legal sense. In fact, a company can be designated a gatekeeper without being legally "dominant" under competition law. The focus is on the platform's structural role as an essential gateway between businesses and consumers. If a platform functions as a critical bridge, the DMA says it must operate that bridge fairly and not exploit its position to its own advantage. This complementary relationship means that traditional competition law will continue to exist alongside the DMA, creating two different but related sets of rules for the digital economy.

A Quick Journey: The DMA's Path to Law

The Digital Markets Act didn't just appear overnight. It was the culmination of years of growing concern within the European Union about the concentration of power in the hands of a few large tech firms. The European Commission, the EU's executive arm, had launched numerous antitrust investigations against major tech companies, but these case-by-case actions were seen as insufficient to address the systemic issues at play. Recognizing the need for a broader, more structural solution, the Commission unveiled its proposal for the DMA in December 2020.

From there, the legislative process moved with relative speed for a policy of this magnitude. After intense negotiations and debates involving the European Parliament and the Council of the European Union (representing the governments of the member states), a political agreement on the final text was reached. The DMA was formally adopted by the Parliament and Council in July 2022. It was then published in the Official Journal of the EU on October 12, 2022, and officially entered into force twenty days later, on November 1, 2022.

However, the rules didn't all kick in at once. The regulation became fully applicable on May 2, 2023. This started the clock for potential gatekeepers, who had until July 2023 to notify the Commission if they met the specified thresholds. Following a 45-day review, the European Commission designated the first six gatekeepers on September 6, 2023. These companies were then given a six-month deadline, until March 7, 2024, to bring their designated services into full compliance with the DMA's list of do's and don'ts. This phased timeline was designed to give both the regulators and the companies time to prepare for this significant shift in the regulatory landscape.

The Main Characters: Gatekeepers and Core Platform Services

The DMA is not a regulation for every company with a website or an app. It is specifically targeted at a small number of very large and powerful players in the digital economy. The legislation creates a special category for these companies, labeling them "gatekeepers." A company is designated a gatekeeper if it meets a specific set of criteria, which are primarily based on its size, its reach, and its entrenched position in the market. The idea is that these companies operate services that are so essential, they serve as critical gateways for other businesses to reach their customers.

On September 6, 2023, the European Commission identified its first cohort of gatekeepers: Alphabet (Google's parent company), Amazon, Apple, ByteDance (the owner of TikTok), Meta (the parent of Facebook, Instagram, and WhatsApp), and Microsoft. Later, in 2024, Booking.com was also designated as a gatekeeper, and Apple's iPadOS was added to its list of designated services. These are the companies that, for now, are at the center of the DMA's universe and must follow its strict rules.

The rules don't apply to everything these companies do. Instead, the DMA focuses on what it calls "core platform services" (CPS). These are specific services provided by the gatekeepers that are considered to be the most critical choke points in the digital economy. The DMA lists ten types of CPS, including:

• Online search engines (e.g., Google Search)
• Online intermediation services (e.g., Amazon Marketplace, Apple's App Store)
• Social networking services (e.g., Facebook, Instagram, LinkedIn, TikTok)
• Video-sharing platforms (e.g., YouTube)
• Number-independent interpersonal communication services (e.g., WhatsApp, Messenger)
• Operating systems (e.g., Google Android, Apple iOS, Windows PC OS)
• Web browsers (e.g., Chrome, Safari)
• Cloud computing services
• Virtual assistants
• Online advertising services (e.g., Google's and Amazon's advertising networks)

For each designated gatekeeper, the Commission specified which of their services qualify as a CPS. For example, for Alphabet, the list includes Google Search, Google Maps, Google Play, YouTube, and the Android operating system, among others. For Apple, it includes the App Store, iOS, and the Safari browser. It is these specific services that must now operate according to the DMA's new rulebook.

The New Rulebook: A Glimpse at the "Do's and Don'ts"

So, what does this new rulebook actually say? The DMA is built around a series of specific obligations—the "do's"—and prohibitions—the "don'ts"—that are laid out in Articles 5, 6, and 7 of the regulation. These are not vague principles; they are concrete, actionable requirements designed to address specific types of behavior that have been identified as problematic. The goal is to pry open closed ecosystems and ensure a more level playing field.

The "do's" are about forcing gatekeepers to allow for more openness and interoperability. For example, gatekeepers must allow business users to access the data they generate on the platform. A small business selling products on a large online marketplace should be able to see how its products are performing. Gatekeepers must also allow business users to promote their offers and conclude contracts with their customers outside the gatekeeper's platform. This is aimed at preventing platforms from forcing businesses to use their in-house payment systems or from blocking them from offering better deals on their own websites.

Perhaps most notably for consumers, gatekeepers must allow users to easily uninstall pre-installed software or apps. If you buy a new phone, you should have the freedom to remove any apps that the manufacturer or operating system provider put there by default. They must also allow users to install apps from third-party app stores, a practice often called "sideloading." For communication services, the DMA even mandates a degree of interoperability, opening the door for users of different messaging apps to one day be able to communicate with each other.

The "don'ts" are focused on stopping gatekeepers from leveraging their power unfairly. A central prohibition is the ban on "self-preferencing." This means a gatekeeper cannot use its platform to give an unfair advantage to its own products or services over those of its competitors. For instance, a search engine cannot systematically rank its own comparison shopping service higher than rival services. Similarly, an app store cannot promote its own apps at the expense of third-party developers.

Another key prohibition is on combining personal data from different services without explicit user consent. A gatekeeper can no longer automatically combine the data it collects from its social media service with the data from its messaging service to build a super-profile for targeted advertising unless the user has actively agreed to it. The regulation also forbids gatekeepers from requiring users to subscribe to one of their core services as a condition for using another, a practice known as tying. These are just a few examples, but they illustrate the practical, day-to-day changes the DMA is intended to bring about.

More Than Just a European Affair: The Global Ripple

While the Digital Markets Act is a piece of European legislation, its impact is being felt far beyond the borders of the EU. In the world of global regulation, there is a well-known phenomenon called the "Brussels effect." Coined by law professor Anu Bradford, the term describes the EU's power to set global standards. Because the EU is such a large and lucrative market, multinational companies often find it easier to adopt the EU's rules across all their global operations rather than create different products and standards for different regions. We saw this happen with the General Data Protection Regulation (GDPR), which has become a de facto global benchmark for data privacy.

The DMA is widely expected to have a similar ripple effect. The changes that gatekeepers are implementing for their 450 million users in the EU may, in many cases, be rolled out globally. It can be technically and logistically complex to maintain different versions of a service for different parts of the world. Therefore, a new feature or choice offered to a user in Paris might soon become available to a user in Tokyo or Toronto. This effectively exports the EU's regulatory standards to the rest of the world.

Furthermore, other countries are watching the DMA closely as they grapple with their own concerns about the power of big tech. Nations like the United Kingdom, Japan, South Korea, India, and Brazil are either considering or have already implemented similar regulations inspired by the DMA. While these laws may differ in their details, they share the same fundamental goal of promoting competition and fairness in digital markets. For any business with global ambitions, understanding the DMA is therefore not just about complying with rules in Europe; it's about understanding the future direction of digital regulation worldwide.

The Goal: A More "Contestable" and "Fair" Market

The full title of the DMA is the "Regulation on contestable and fair markets in the digital sector." These two words, "contestable" and "fair," are the philosophical pillars upon which the entire regulation is built. They are not just legal buzzwords; they represent the ultimate objectives of the legislation. Understanding what the EU means by these terms is key to understanding the purpose behind the hundreds of pages of legal text.

"Contestability" is about the ability of new or smaller companies to challenge the established players. A market is contestable if the barriers to entry and expansion are low. The DMA aims to lower these barriers by, for example, preventing gatekeepers from locking users and businesses into their ecosystems. When users can easily switch between platforms and take their data with them, or when developers can distribute their apps without going through a single, dominant app store, the market becomes more contestable. It creates an environment where the best product or service can win on its merits, rather than the one owned by the most powerful platform.

"Fairness" refers to the relationship between the gatekeeper and the businesses and users that depend on its platform. The DMA seeks to correct the significant imbalance of power that often exists in this relationship. It prohibits gatekeepers from imposing unfair terms and conditions on business users. For example, a platform can no longer prevent a hotel from offering a cheaper room rate on its own website than it does on the platform. The principle of fairness also extends to ensuring that the platform doesn't use its dual role—as both the marketplace operator and a seller in that marketplace—to disadvantage other sellers. It's about ensuring the owner of the game isn't also a biased referee.

The Legal Machinery

For the non-lawyer, the intricate web of legal documents can be intimidating, but the basic structure is straightforward. The primary text is Regulation (EU) 2022/1925, which contains the core rules: the definitions of gatekeepers and core platform services, the list of obligations and prohibitions, and the enforcement powers of the European Commission. This is the main engine of the DMA.

Supporting this is the Procedural Implementing Regulation (EU) 2023/814. This document details the "how" of the DMA's enforcement. It lays out the procedures for notifications, investigations, and the rights of companies during proceedings, such as the right to be heard. It also includes the specific forms, like the "Form GD," that potential gatekeepers must use to submit their information to the Commission. Think of it as the detailed instruction manual for the DMA's engine.

Enforcement is primarily in the hands of the European Commission, which has the sole power to designate gatekeepers and enforce the rules. However, it doesn't work in isolation. National authorities in the EU member states can assist the Commission and even open their own investigations into potential non-compliance, though the final decision-making power rests with the Commission. To facilitate a consistent approach, the DMA also established a High-Level Group, bringing together representatives from various European regulatory bodies to advise the Commission. This structure is designed to create a centralized but cooperative enforcement mechanism to ensure the rules are applied consistently across the entire EU single market.