Digital Markets Act Explained: EU Gatekeeper Rules, Compliance & Enforcement Guide

The Digital Markets Act (Regulation (EU) 2022/1925) represents the most ambitious attempt by any jurisdiction to regulate the power of dominant technology platforms. Signed into law on 14 September 2022 and fully applicable since 2 May 2023, the DMA creates a new regulatory category — the “gatekeeper” — and imposes specific behavioral obligations on platforms that meet defined thresholds of market power. With the first enforcement fines now issued and gatekeepers actively modifying their products, this guide provides a comprehensive explanation of what the Digital Markets Act means for businesses, consumers, and the future of platform regulation.

What Is the Digital Markets Act?

The Digital Markets Act is an EU regulation designed to ensure contestable and fair markets in the digital sector. Its legal basis is Article 114 of the Treaty on the Functioning of the European Union (TFEU), the internal market harmonization provision. Unlike traditional competition law, which operates ex post (after anticompetitive behavior has occurred and been proven), the DMA operates ex ante — it defines specific obligations that designated platforms must follow proactively.

The DMA targets a specific market failure: the tendency of digital markets toward “winner-takes-most” dynamics. Strong network effects, data advantages, high switching costs, and ecosystem bundling create self-reinforcing market positions that are nearly impossible to challenge through normal competitive processes. Google commands approximately 95% of EU search market share, Facebook holds roughly 90% of social media, and Microsoft Windows maintains around 78% of desktop operating systems — market concentrations that traditional antitrust has struggled to address effectively.

The regulation’s legislative journey was rapid by EU standards: proposed on 15 December 2020, politically agreed on 24 March 2022, and signed into law within six months. This speed reflected a broad political consensus that existing competition tools — illustrated by the €4.3 billion Google Android fine that took years to conclude — were too slow to address the pace of digital market evolution. For organizations navigating the broader European regulatory landscape, the DMA represents a paradigm shift in how the EU approaches market power.

Gatekeeper Designation: Who Qualifies and Why

The DMA establishes clear quantitative thresholds for gatekeeper designation under Article 3, creating a predictable framework that companies can assess against their own metrics:

• Financial threshold: Annual EEA turnover of €7.5 billion or more for at least 3 financial years, OR market capitalization/equivalent of €75 billion or more.
• User threshold: At least 45 million monthly active end users in the EU AND at least 10,000 yearly active business users in the EU.
• Entrenchment: The platform holds a durable, entrenched position — typically presumed if user thresholds are met for 3 consecutive years.

Companies meeting these thresholds must self-notify the European Commission, which then has 45 days to assess the notification and formally designate (or decline to designate) the platform as a gatekeeper. The Commission also retains the power to conduct market investigations and designate companies as gatekeepers even if they don’t meet all quantitative thresholds but nonetheless act as important gateways to business users and consumers.

This threshold-based approach represents a deliberate departure from the fact-intensive, case-by-case analysis typical of EU competition enforcement. By defining clear criteria, the DMA creates legal certainty for platforms and enables faster regulatory action — addressing one of the key criticisms of traditional antitrust in fast-moving digital markets.

The Six Designated Gatekeepers and Their 22 Core Services

In September 2023, the European Commission published the initial gatekeeper designations, identifying six companies operating 22 core platform services:

Alphabet (Google)

The most extensively designated gatekeeper with eight core services: Google Search, Google Maps, Google Play, Google Shopping, Google Ads, Chrome browser, Android operating system, and YouTube. This breadth reflects Google’s unique position straddling search, advertising, mobile operating systems, and video — creating an interconnected ecosystem that the DMA’s cross-service data combination restrictions are specifically designed to address.

Meta (Facebook)

Designated for five services: Facebook, Instagram, Facebook Marketplace, WhatsApp, and Messenger. Meta’s cross-platform data integration capabilities — combining social media behavior with messaging and commerce data — are a primary target of the DMA’s consent requirements for data combination.

Apple

Designated for the App Store, Safari browser, and iOS. Apple’s tightly controlled ecosystem, where the App Store is the sole distribution channel for iOS applications, has been a particular focus of DMA enforcement. iPadOS was later added as a gatekeeper service following a market investigation in April 2024. Notably, iMessage was investigated but the Commission determined it did not qualify as a gatekeeper service.

Amazon

Designated for Amazon Marketplace and Amazon Product Advertising. The DMA directly addresses Amazon’s dual role as both marketplace operator and competing seller — specifically prohibiting the use of non-public seller data to gain competitive advantage.

Microsoft

Designated for LinkedIn and Windows. The Commission investigated Bing, Edge, and Microsoft Advertising but decided on 13 February 2024 that these did not meet gatekeeper criteria — demonstrating that designation is not automatic even for large technology companies.

ByteDance

Designated solely for TikTok, reflecting the platform’s rapid growth to gatekeeper-scale user numbers in the EU. ByteDance’s inclusion signals that the DMA applies to non-European companies equally when they meet the threshold criteria.

Digital Markets Act Explained: Core Behavioral Rules (Article 5)

Article 5 of the DMA establishes absolute prohibitions — a “blacklist” of behaviors that all designated gatekeepers must cease, without exceptions or case-by-case assessment:

• No cross-service data combination without consent: Gatekeepers cannot combine personal data from their core platform service with data from other services (their own or third-party) unless the user has been given a genuine choice and provided consent. This directly targets the data pooling practices that have given platforms like Google and Meta their advertising advantage.
• No parity clauses: Gatekeepers cannot prevent business users from offering different prices or conditions on third-party platforms. A hotel listed on a gatekeeper’s booking platform must be free to offer lower prices on its own website or competing platforms.
• Allow off-platform transactions: Business users must be free to promote offers and conclude contracts with end users outside the gatekeeper’s platform, and end users must be able to access content and services obtained elsewhere.
• No retaliation: Gatekeepers cannot prevent business users from raising issues with public authorities — protecting whistleblowing and regulatory complaint channels.
• No forced identification bundling: Gatekeepers cannot require business users to use the gatekeeper’s own identification or payment services as a condition of platform access.
• Anti-bundling: Restrictions on forcing users to subscribe to or register for additional core platform services as a condition of accessing any single service.
• Advertising transparency: Gatekeepers must provide advertisers and publishers, on request, with information about prices paid and revenues earned for advertising services — addressing the opacity of digital advertising supply chains.

Article 6 Obligations: Case-by-Case Digital Markets Act Requirements

While Article 5 creates absolute rules, Article 6 establishes obligations that may be further specified through regulatory dialogue between the Commission and individual gatekeepers. These provisions address more nuanced competitive concerns that require contextual assessment:

Anti-Self-Preferencing

Gatekeepers must treat third-party services fairly and non-discriminatorily in ranking. Google cannot rank Google Shopping above competing comparison shopping services; Amazon cannot favor its own products over competing sellers. This provision builds directly on the lessons of the Google Shopping antitrust case, converting years of enforcement into a clear prospective rule.

Sideloading and Third-Party App Stores

Gatekeepers must permit the installation and effective use of third-party applications and app stores. This provision strikes directly at Apple’s iOS App Store monopoly, requiring Apple to allow users to download apps from sources other than the official App Store. Apple has implemented changes in the EU while publicly contesting their scope and security implications.

Uninstallation Rights

End users must be able to uninstall pre-installed applications. This addresses decades-old bundling concerns — from Microsoft’s Internet Explorer bundling to the pre-installation of Google apps on Android devices. Users must have genuine choice over which applications remain on their devices.

Data Access and Portability

Gatekeepers must provide effective, continuous, real-time data portability tools consistent with the data protection framework. Business users and authorized third parties must receive access to aggregated and (subject to GDPR) non-aggregated data generated through platform use. This goes beyond GDPR’s data portability right by requiring continuous, real-time access rather than one-time data exports.

Search Data Sharing

Gatekeepers operating search engines must provide third-party search providers with access to anonymized ranking, query, click, and view data on fair, reasonable, and non-discriminatory terms. This provision aims to reduce barriers to entry in search markets where Google’s data advantage is self-reinforcing.

Enforcement, Fines, and the First DMA Penalties

The DMA’s enforcement framework is designed for deterrence. Administrative fines for non-compliance can reach up to 10% of worldwide annual turnover for initial infringements, and up to 20% for repeated violations. For companies like Alphabet (annual revenue exceeding $300 billion), this translates to potential fines of tens of billions of euros — far exceeding any penalties previously imposed under EU competition law.

The first enforcement actions came faster than many expected. Apple was charged under the DMA on 24 June 2024 — the first formal DMA charge against any company. By April 2025, the Commission had issued its first fines: Apple €500 million and Meta €200 million. These penalties, while substantial, represent a relatively modest fraction of both companies’ global revenues, and observers expect the Commission to pursue larger fines for continued or escalated non-compliance.

Beyond fines, the Commission has the power to order behavioral and structural remedies — including, in extreme cases, requiring gatekeepers to divest services or business units. Market investigations can be opened at any time to assess compliance, designate new gatekeepers, or identify new services subject to obligations. The combination of proactive designation, substantial financial penalties, and structural remedy powers gives the Commission a regulatory toolkit far more powerful than traditional antitrust alone.

How Gatekeepers Are Responding to the DMA

Each designated gatekeeper has adopted distinct compliance strategies, reflecting their different business models and competitive concerns:

Google (Alphabet)

Google has implemented a Data Portability API for EEA users, introduced EU choice screens on Android for default browser and search engine selection, launched an external payment program in Google Play, made Android 14 changes to support third-party app stores and updates, and created options for users to unlink data between Google services. These changes represent significant product modifications, though critics argue they don’t go far enough to create genuine competitive alternatives.

Apple

Apple’s response has been the most contentious. While implementing sideloading capabilities and alternative app store provisions in the EU, Apple has simultaneously introduced new fee structures (the “Core Technology Fee”) and security restrictions that critics argue effectively neutralize the DMA’s intent. The €500 million fine reflects the Commission’s assessment that Apple’s compliance measures have been insufficient.

Microsoft

Microsoft has allowed EEA users to uninstall certain pre-installed applications (including Edge), created APIs for custom search engines and widgets for EEA users, and made Windows more open to third-party default selections. Microsoft’s compliance approach has been generally regarded as more cooperative than Apple’s, though ongoing monitoring continues.

ByteDance (TikTok)

ByteDance created a Data Portability API for EEA users, improved data export tools, and established a compliance web form for business users. As a platform with a single designated service, ByteDance’s compliance obligations are narrower than those of Alphabet or Meta.

Market Context: Why Winner-Takes-Most Dynamics Needed Regulation

The DMA’s rationale becomes clear when examining the market concentration data that motivated its creation. Digital markets exhibit extreme concentration driven by network effects, data advantages, bundling, and ecosystem lock-in:

• Search: Google holds approximately 95% market share in the EU — a dominance so complete that “googling” has become a verb.
• Social media: Facebook maintains roughly 90% market share in key social networking categories.
• Mobile OS: Android (72% global) and iOS (27%) constitute a near-complete duopoly.
• Web browsers: Chrome commands approximately 60% of browser usage.
• E-commerce: Amazon captures around 30% of users and approximately 60% of revenue share in key European markets.
• Desktop OS: Microsoft Windows holds roughly 78% market share.

These market positions are self-reinforcing: more users generate more data, more data enables better services, better services attract more users, and the cycle continues. Traditional competition enforcement — which requires proving abuse of dominance after the fact — has consistently been too slow to prevent this entrenchment. The Google Shopping case took seven years from investigation to final decision; the Google Android case took three years. By the time penalties were imposed, market structures had further consolidated. The DMA’s ex ante approach is designed to break this enforcement lag by setting rules before abuse occurs, not after. Understanding these dynamics alongside AI technology advances is essential for anyone assessing the future of platform competition.

Global Impact: The Brussels Effect on Digital Regulation

The DMA’s influence extends far beyond the European Union. The “Brussels Effect” — the tendency of EU regulation to set global standards — is clearly visible in digital platform regulation:

• United Kingdom: The Digital Markets, Competition and Consumers Act establishes a similar framework with the Competition and Markets Authority empowered to designate firms with “strategic market status” and impose pro-competition interventions.
• Japan: The Transparency Act for Digital Platform Operators, updated with DMA-influenced provisions, targets platform transparency and fairness obligations.
• India: The Competition Commission of India has proposed amendments incorporating platform-specific obligations influenced by the DMA model.
• South Korea, Australia, and Brazil have all advanced legislative proposals that draw on DMA concepts, particularly gatekeeper designation and ex ante behavioral obligations.

For global technology companies, the DMA creates a practical compliance baseline: measures implemented for EU compliance often become global product changes, as maintaining separate product versions for different jurisdictions is operationally complex and expensive. This regulatory convergence effect means that the DMA’s vision of contestable digital markets may shape platform behavior worldwide, not just within Europe. The relationship between digital regulation and financial system innovation further illustrates how interconnected these regulatory domains have become.