verified_user
Standardful
Homechevron_rightStandardschevron_rightDMA
ActiveInternational Standardupdate Standard Updated: March 2024fact_check Fact checked: Jun 28, 2026

DMA

Digital Markets Act — EU Regulation (EU) 2022/1925

apartmentPublishing Organization:European Union

Standard Introduction

The Digital Markets Act (DMA) is a landmark European Union regulation that came into full effect in March 2024. It aims to ensure fair and open digital markets by imposing specific obligations on large technology platforms designated as 'gatekeepers.' The DMA addresses anti-competitive practices in the digital sector, particularly concerning app stores, search engines, social media platforms, and operating systems. Companies with significant market power must allow interoperability, enable users to choose alternative services, and refrain from self-preferencing their own services over competitors. The regulation specifically requires gatekeepers like Apple to allow sideloading of apps and alternative app marketplaces, fundamentally changing how users can access and install software on their devices.

The DMA designates gatekeepers based on criteria including: providing core platform services to over 45 million monthly active EU users and over 10,000 yearly active business users, having an annual EEA turnover of at least €7.5 billion in the last three financial years or a market capitalization of at least €75 billion, and operating in at least three EU member states. Designated gatekeepers include Apple, Alphabet (Google), Meta, Amazon, Microsoft, and ByteDance (TikTok). These companies must comply with obligations such as allowing third-party app stores, enabling interoperability with competitors, providing business users with access to their own data, and not pre-installing certain apps. The European Commission can impose fines up to 10% of global turnover for non-compliance, with repeated infringements potentially reaching 20% of global turnover. Several investigations into potential non-compliance have already been initiated, particularly concerning Apple's implementation of the DMA requirements.

corporate_fare

Gatekeeper Designation

The European Commission designates large platforms as "gatekeepers" based on turnover, market cap, and user thresholds — currently 7 companies are designated.

lock_open

Interoperability Mandates

Gatekeepers must allow third-party interoperability, sideloading of apps, and access to core platform services on fair terms.

block

Self-Preferencing Ban

Prohibits gatekeepers from ranking their own products/services more favorably than those of third-party competitors on their platforms.

list_alt Key Obligations

  • Allow users to uninstall pre-installed apps
  • Enable third-party app stores and sideloading
  • Prohibit self-preferencing in rankings
  • Allow switching default apps (browser, search, etc.)
  • Provide data portability for end users and businesses
  • Refrain from tracking users across services without consent
  • Share advertising performance data with publishers
  • Allow interoperability with messaging services

Who Needs to Comply?

groups

Primarily targets large digital platforms designated as "gatekeepers" by the European Commission — currently Alphabet (Google), Amazon, Apple, ByteDance, Meta, and Microsoft. Also affects businesses operating on these platforms.

Key Requirements

1

Gatekeeper Compliance Reports

Designated gatekeepers must submit detailed compliance reports to the European Commission describing how they meet each obligation for every designated core platform service.

2

Data Sharing & Portability

Provide business users with access to performance and audience data generated on the platform. Allow end users to port their data freely.

3

Fair App Store Practices

Allow developers to use alternative payment systems, link to external offers, and distribute apps through third-party stores without unreasonable restrictions.

4

Anti-Circumvention

Gatekeepers must not engage in any behavior that undermines the obligations, regardless of whether the behavior is contractual, commercial, technical, or otherwise.

Implementation Roadmap

1
Phase 1schedule Duration: 2-4 weeks

Prepare scope, ownership and obligations

Define the gatekeeper platform compliance program scope across designated core platform services, business users, end users, ranking, data use, interoperability, app stores, advertising, consent, reporting, and Commission engagement. Assign accountable owners, identify applicable legal, customer, certification, or regulatory drivers, and agree how evidence will be governed.

2
Phase 2schedule Duration: 4-8 weeks

Gap analysis and risk prioritisation

Assess current practices against EU Digital Markets Act expectations and risk context. Review gatekeeper designation, Article 5 and 6 obligations, self-preferencing controls, data combination consent, business-user access, interoperability, anti-circumvention, compliance reports, profiling audits, and remediation of Commission findings, then prioritize gaps by legal exposure, safety or consumer impact, customer impact, operational dependency, and review readiness.

3
Phase 3schedule Duration: 8-20 weeks

Implement controls, records and reporting

Deploy required controls, operating processes, documentation, supplier or partner workflows, testing, reporting, and escalation paths. Build traceable evidence around designation analyses, obligation maps, product control records, consent flows, business-user documentation, interoperability evidence, compliance reports, audit reports, incident or complaint logs, and Commission correspondence.

4
Phase 4schedule Duration: Ongoing

Review, audit and keep current

Complete readiness reviews, internal checks, and corrective actions before the European Commission review or independent audit. Refresh the program after product, service, supplier, technology, legal, market, incident, or regulator changes.

Compliance Checklist

0 / 12

checklist Scope and accountability

checklist Controls and evidence

checklist Monitoring and improvement

Penalties & Enforcement

warning

Fines up to 10% of worldwide annual turnover, rising to 20% for repeated infringements. The Commission can also impose periodic penalty payments of up to 5% of daily turnover and order structural remedies including divestitures.

Frequently Asked Questions

Who needs EU Digital Markets Act?

expand_more

EU Digital Markets Act is relevant for organizations whose products, services, systems, or regulated activities fall within designated core platform services, business users, end users, ranking, data use, interoperability, app stores, advertising, consent, reporting, and Commission engagement. It is commonly driven by regulation, customers, certification, market access, or assurance needs.

What is the main purpose of EU Digital Markets Act?

expand_more

The practical purpose is to create a repeatable program for gatekeeper designation, Article 5 and 6 obligations, self-preferencing controls, data combination consent, business-user access, interoperability, anti-circumvention, compliance reports, profiling audits, and remediation of Commission findings. The program should make obligations visible, define accountable owners, operate controls, and keep evidence current.

What should be done first?

expand_more

Start by confirming scope, ownership, and applicable obligations. This prevents teams from building documents or controls that do not match the actual product, service, system, or regulated activity.

How long does implementation take?

expand_more

A focused implementation can take several weeks or months. Timing depends on maturity, number of sites or systems, supplier involvement, technical complexity, testing needs, and external review depth.

What evidence is most useful?

expand_more

Useful evidence includes designation analyses, obligation maps, product control records, consent flows, business-user documentation, interoperability evidence, compliance reports, audit reports, incident or complaint logs, and Commission correspondence. Reviewers usually expect traceable evidence that connects obligations to decisions, controls, tests, reports, and corrective actions.

How should suppliers or partners be managed?

expand_more

Supplier and partner duties should be documented through contracts, onboarding requirements, data or evidence requests, performance monitoring, and escalation routes for findings, incidents, or changes.

When should the program be updated?

expand_more

Update the program after legal changes, product or service changes, supplier changes, new markets, incidents, complaints, regulator feedback, or audit findings. Stale evidence is a common compliance failure.

Can this be integrated with other programs?

expand_more

Yes. EU Digital Markets Act can usually share governance, document control, training, supplier management, issue tracking, risk management, internal review, and corrective-action workflows with adjacent compliance programs.

Official Documentation

View All

Affected Companies (Gatekeepers)

phone_iphone

Apple

Gatekeeper
search

Google (Alphabet)

Gatekeeper
tag_faces

Meta

Gatekeeper
shopping_cart

Amazon

Gatekeeper
window

Microsoft

Gatekeeper
music_note

ByteDance (TikTok)

Gatekeeper

Implementation Timeline

gavel
May 2023
DMA came into force - Regulation entered into force 20 days after publication in Official Journal
corporate_fare
Sept 2023
First gatekeepers designated - European Commission designated Apple, Alphabet, Amazon, Meta, Microsoft, and ByteDance
check_circle
March 2024
DMA became fully applicable - All gatekeeper obligations became enforceable, including app sideloading requirements
add_business
May 2024
Apple found potentially non-compliant - European Commission issued preliminary findings that Apple violated DMA Article 5(4)
warning
June 2024
Apple updated compliance rules - Apple modified developer rules for external communication in response to Commission feedback
gavel
Apr 2025
EC imposes first DMA fines: EUR 500M on Apple (App Store anti-steering) and EUR 200M on Meta (pay-or-consent)
sync
2025-2026
Ongoing enforcement actions including new specification proceedings on interoperability and data portability

Related Categories