Skip to main content

Everyone loves a good game of Monopoly, especially when they’re winning. CEOs like Mark Zuckerberg have been leading the rest of the board for years by capitalizing upon tech trends before any competition – or regulators – can catch up. But this strategy could soon be coming to an end under the Digital Markets Act (DMA).

One of several major consumer data protection laws to come out of the European Union in recent years, the DMA will further tighten restrictions on how big companies can profit off of their public dominance. This article dives into the details to explain what you need to know about the DMA, who it applies to, and the implications it has for those who qualify.

EU Digital Markets Act (DMA) - What you need to know.EU Digital Markets Act (DMA) – What you need to know

What Is the Digital Markets Act (DMA)?

The Digital Markets Act, or DMA for short, is a regulation that was implemented by the European Union in 2022. A slightly lesser-known law compared to broader ones like the GDPR, the DMA exists for the specific purpose of regulating how large tech companies operate within the EU’s borders. It establishes a set of expectations for how those companies should handle their business practices, including advertising and user data.

Why Was the DMA Created?

The internet has been characteristically dominated by a select number of technology companies since its inception, with very few opportunities for new businesses to break in along the way. Pioneers of major online products and services – like Google with Search and Facebook with social media – are ubiquitous with their discoveries and therefore face little to no serious competition. This is a phenomenon that’s held true for decades now, even in spite of massive ethics scandals that would put any other organization out of business.

The EU Digital Markets Act can be thought of as a traditional competition law, only digital. It exists for the same purpose of regulating large companies’ control of the playing field to create a fairer game for everyone. While famous names like Google and Meta have their place on the internet, up-and-coming platforms should have an equal chance to compete, so say lawmakers. It’s all about giving consumers the freedom of choice so that they don’t feel coerced into working with any one company as their ‘only option’.

A Brief History of the DMA

The Digital Markets Act was first conceived back in December 2020 in response to growing concern over large tech companies’ control over European and global citizens’ online activities. The proposal was created by the European Commission and Parliament to create a more level playing field between tech giants, online platforms, and other businesses. Several months later in March 2022, officials approved the final version and set it for implementation later that year on November 1st, 2022. Not all of the provisions were enforced immediately, however – companies had up until May 2023 to get all of their houses in a row. The DMA has since been in full effect across the European Union and currently applies to six major tech organizations.

Cookie Consent Manager | Take a 2 week free trial

Take a 2 week free trial for our paid plans or create a free account …

Create an accountView our plans

Qualifying Criteria for Digital Market Act (DMA) Rules

Lawmakers had their work cut out for them when drafting the EU Digital Markets Act in the sense that it targets a very small number of large and powerful businesses. Their size and control warrant an extra set of rules from what the average startup may have to play by. Applying new stringent policies to everyone would only serve to further oppress the smaller, less resource-equipped companies that need help.

As such, the DMA has a very narrow set of criteria for what makes an organization qualify for its policies. It uses the term ‘gatekeeper’ to define large online platforms with systemic control over their market segment.

A company is considered a gatekeeper when it has…

A Strong Economic Position In the EU

Gatekeepers possess a large share of not only their digital market but of the overall EU market as well. Their economic significance can be measured in several ways, such as revenue, transaction value, and profit. EU legislators will generally consider a company subject to the DMA if they have either earned a minimum of EUR 7.5 billion over each of the last three fiscal years or reached an average market capitalization of at least EUR 75 billion within the past single fiscal year. Organizations do not need to do business in every part of the European Union to qualify, either – only three Member States.

Intermediatory Characteristics

At a certain point, online platforms become so big and widely used that they’re relied on as a standard means of connection between people and businesses. Social media is a great example of this. While websites and direct phone lines were once the norm, most consumers now turn to Instagram and Facebook as their first point of contact. Being the middleman, these services are recognized by the EU for having a particularly large influence over everyday internet users. Platforms with more than 45 million monthly active EU-based users and more than 10,000 yearly active business users can be considered an intermediary under the DMA.

Established Status of the Digital Markets Act

The DMA applies to companies with “significant market power”, i.e. those that are very well established and have the ability to shape markets. User data, prices, and access to digital resources are all factors taken into account when assessing their status. Companies may qualify if they have met both of the abovementioned criteria in each of the last three fiscal years.

What Companies Are Already Subject to the Digital Markets Act (DMA)?

Wondering what a real, live gatekeeper looks like? They’re pretty rare, albeit widely well-known industry giants. To date, the European Commission only officially recognizes six gatekeepers that collectively offer 22 core platform services to EU citizens.

Alphabet, Inc
The DMA applies to Google and all of its subsidiary products, including Google Maps, Google Play, Google Shopping, Youtube, Google Search, Chrome, and Google Android., Inc
From A to Z, the DMA applies to both Amazon and Amazon Marketplace.

Apple Inc
The App Store, iOS, and Safari all fall under the purview of DMA legislation.

ByteDance Ltd.
You may not recognize ByteDance Ltd. by name, but its wildly popular video-sharing app TikTok rings a few bells for European lawmakers.

Meta Platforms, Inc.
The company responsible for many of the social media networks we use today, including Facebook, Instagram, WhatsApp, Messenger, and Meta Marketplace must abide by DMA rules.

Microsoft Corporation
Microsoft’s LinkedIn and Windows PC OS fall into the DMA’s scope.

Are your an agency, webdesigner or another reseller?

Earn 30% commission, take a look at our reseller model or contact us for numbers larger than 500 clients

Calculate your revenue

Requirements of the EU Digital Markets Act

Digital Markets Act status is pretty exclusive – companies can confidently say they’ve made it upon qualifying through the above criteria. But being part of the club isn’t necessarily a good thing. There are tons of rules and regulations to follow, and breaking them can result in some pretty big consequences. Here’s a rundown of the basic expectations EU regulators have for companies under the DMA:

Fair Presentation and Access

First and foremost, online platforms cannot use their position as individuals’ ‘go-to’ service providers to disparage those offered by competing businesses. Content should be presented in a non-biased way, while accounts themselves must be given equal access to all services. Users who wish to begin using another company’s tools have the right to do so without inhibition.

In the real world, this policy essentially forbids big apps like Facebook and Instagram from controlling your feed to their advantage as a business. Pinterest and Snapchat should be able to advertise there as easily as anywhere else on the internet.

Ad Transparency

Most companies on the EU’s list of gatekeepers draw a large part of their profit from advertising services. This is especially true of Meta, which generated a whopping $113 billion in revenue in 2022 alone. Both lawmakers and everyday consumers have become increasingly concerned about the transparency of ad practices, especially in light of allegations of deceptive behavior from companies like Google and Facebook. That’s why the DMA requires major platforms to provide companies with the tools and data they need to independently verify their advertisements. The goal is to make sure that advertisers and publishers are aware of how their ads are being used, how they’re actually performing, and where they’re being shown.

App Removability

Anyone with an Android phone is likely already aware that Google and them are a thing. The two tech giants forged a partnership back in 2005, and since then, virtually all Android phones have shipped with Google’s suite of apps pre-installed. This has enabled Google to become the de facto gatekeeper of the mobile ecosystem.

Recently, however, EU regulators have taken steps to address this issue by introducing mandatory app uninstallation requirements for all major smartphone manufacturers. Under these regulations, phone makers must give users the option to remove pre-installed apps from their devices. This is a critical step towards preventing companies like Google and Apple from exerting too much control over the mobile space, while also giving consumers more choice and freedom when it comes to their digital experiences.

Data Accessibility

Those who are already familiar with the General Data Privacy Regulation (GDPR) know that the right to data accessibility and portability has long been a priority for EU legislators. They’ve gone beyond this broader data privacy law’s rules to order tech platforms to keep any and all data business users generate available upon request. Gatekeepers are further forbidden from preventing users from switching services and must provide their data in a machine-readable format so that it can be imported to work elsewhere.

Limited Tracking Outside of Core Platform Services

The Digital Markets Act defines core platform services as the specific tools and functions users download or sign into an app for. In the case of Google, this would be something like Search or Gmail. As a reminder, only 22 core platform services exist across the DMA’s list of recognized gatekeepers to date. Beyond those, tech companies are expected to limit the personal data they collect, as well as not track users outside their core services for the purpose of targeted advertising. (for example through tracking cookies or other tracking technologies)

Concequences of Non-Compliance to the Digital Markets Act

Major tech companies get zero excuses when it comes to digital consumer protection laws like the DMA. Compliance is mandatory for anyone providing core platform services in the EU, and failure to do so can result in hefty fines. The European Commission clearly states that violators of the Digital Markets Acts can expect a fine of up to 10% of their total annual global turnover, or as much as 20% for repeated infringements.

Systematic infringements, or those that take place over a period of time, can warrant further remediation, both financial and non-financial from the European Commission.

While you might assume that big consequences like those are enough to deter unethical business practices, several major tech companies have already broken rules very similar to the DMA’s. In May of 2023, industry leader Meta was fined a record sum of over $1.3 billion for violating the GDPR. It wasn’t the first time they’ve been caught breaking the rules, and other ‘gatekeeper’ companies Amazon, Google, and Apple have all faced hefty fines over the years as well.

Whether you’re talking about board games or technological innovation, competition is always more productive when everyone plays by the same set of rules. The European Union’s Digital Markets Act is just the latest example of growing efforts to level the field. While fines and big payouts aren’t the goal, they at the very least add an extra layer of accountability to the most powerful players in tech.


Get consent before loading third party tracking scripts

CookieFirst aims to make ePrivacy and GDPR compliance easy and quick to implement. The CookieFirst platform offers third-party script and cookie consent management, statistics, periodic cookie scans, automated cookie policy, cookie banner customization, multiple language options, and more. Avoid large fines and get consent before loading third-party tracking scripts — try CookieFirst!