The use of digital services is growing by the day, as more companies are looking to have a bigger footprint in the digital world. It is estimated that digital transformation spending will touch $2.49 trillion by 2027.
The EU Digital Markets Act (DMA) was enacted to make the markets in the digital sector a fair playing field for all players and end-users. Its primary role is to reduce the dominance of large tech platforms, often referred to as gatekeepers, so every company has equal and fair access to the markets.
What does this Act mean for companies from a compliance perspective? Let’s find out.
What is the EU Digital Markets Act?
The DMA establishes clear rules for large companies deemed to be gatekeepers (those that dominate specific digital sectors). These companies provide core services like social media platforms, search engines, online marketplaces, app stores, and more. By controlling these essential services, gatekeepers can influence market dynamics, including how smaller businesses access markets and how consumers interact online.
To qualify as a gatekeeper under the DMA, a company must meet these criteria:
- The company must have a market capitalization of at least €75 billion or annual EU revenue of €7.5 billion.
- The platform must have at least 45 million monthly active EU users and over 10,000 yearly business users.
- The company must have a stable and entrenched market position over at least three years.
With these criteria, tech giants like Google, Apple, Amazon, and Meta come under DMA’s scrutiny.
Key Provisions and Their Compliance Impact
The DMA lays out a series of obligations and restrictions that gatekeepers must follow. Compliance teams have to thoroughly understand these provisions and adapt their operations accordingly.
No Self-Preferencing of Products and Services
Gatekeepers are prohibited from favoring their own products and services over those of competitors on their platforms. For example, a marketplace operator cannot give its own goods priority placement over those of independent sellers. This rule targets practices that may give gatekeepers an unfair advantage in online markets.
Compliance officers must assess existing algorithms, ranking systems, and search functionalities to ensure impartiality. For many companies, this will require extensive auditing and retooling of their systems to prevent self-preferencing, potentially involving algorithm transparency and oversight.
Data Access for Business Users
Another key aspect is data access. Gatekeepers must allow business users of their platforms to access data generated through their interactions with consumers. This means that sellers or app developers can gain better insights into how users engage with their offerings.
For compliance teams, data access comes with challenges in balancing transparency and privacy. Companies must establish clear processes for sharing data while complying with existing data protection regulations like the GDPR. Compliance mechanisms should also ensure that data is shared securely, with privacy safeguards in place, and in formats that are genuinely useful to business users.
Interoperability of Messaging Services
The DMA requires gatekeepers to provide interoperability between their messaging services and those of smaller providers. This provision means users can communicate across different messaging platforms seamlessly. This mandate for interoperability is complex from a technical standpoint. Compliance and tech teams will have to collaborate to create systems that enable cross-platform communication, while still maintaining strong security and user data protections. The compliance oversight must focus on ensuring that this interoperability is implemented transparently and equitably.
Restrictions on Combining Data Across Services
Gatekeepers must not combine personal data from different services without obtaining explicit user consent. This prevents companies from merging user data collected across separate services, such as social media and e-commerce platforms, unless users explicitly agree.
This is a key provision, as it brings up the need for robust consent management systems. Compliance practices must prioritize obtaining and documenting clear, informed consent from users. This includes improving transparency around data usage, developing easy-to-understand privacy policies, and ensuring compliance with GDPR standards for user rights and data protection.
Fair Treatment of App Developers
Companies that operate app stores must not impose unfair conditions on app developers, such as forcing them to use a specific payment system or banning promotions of better deals outside the platform.
Compliance teams must evaluate and possibly revise existing app store policies to align with these fairness requirements. Also, regular monitoring of contractual relationships with developers can avoid anti-competitive lawsuits. Regular reviews and updates to policies, as well as open lines of communication with developers, will help mitigate these risks.
Equal Access to Platform Features
Every gatekeeper must provide competitors with fair access to certain core functionalities on their platforms. This is mandatory to eliminate discriminatory practices that could block competition. Sometimes, adhering to this provision may require companies to disclose or open up certain APIs, platform tools, or technical information to competitors. Compliance teams must oversee how this access is structured to avoid unfair conditions or hidden barriers to entry. It’s a balancing act between openness and safeguarding proprietary assets.
Now that we know these key provisions, let’s turn to what companies can do to adhere to these regulations.
Compliance Practices for the DMA
The DMA introduces many obligations that require companies to rethink their compliance strategies. Let’s look at some major shifts compliance teams should anticipate:
Ongoing Monitoring and Reporting Obligations
Gatekeepers must generate detailed compliance reports to the European Commission, documenting how they are meeting DMA obligations. These reports require accurate data tracking, proof of compliance, and transparency regarding their operations. To achieve this transparency in reporting, compliance officers must establish robust monitoring tools, conduct internal audits, and ensure reports are comprehensive.
Expanded Risk Management
The rules around data handling, algorithmic transparency, and platform neutrality increase operational risks. Compliance teams must regularly perform risk assessments, particularly related to algorithm bias, data misuse, or practices that might be perceived as unfair. Risk management practices should be dynamic and capable of changing as new challenges arise.
Increased Collaboration Across Departments
Meeting DMA requirements is a company-wide effort. Legal teams, data protection experts, software developers, and business managers must work together to ensure all aspects of the DMA are addressed. Collaboration is essential to build systems that comply with the law and enhance operational practices.
Greater Focus on User Transparency
Transparency is a core theme of the DMA. Compliance teams must develop user-centric processes that clearly communicate how data is used, ensure consent is freely given, and address any grievances quickly. This focus not only supports regulatory compliance but also builds user trust.
As you can see, the above adjustments are not easy and can require prolonged and extensive effort from the entire organization. Nevertheless, they are necessary to avoid costly fines.
Impact on Smaller Businesses
While the primary targets of the DMA are large gatekeepers, smaller businesses will also be affected. Many of these businesses rely on gatekeeper platforms for their operations, so any compliance changes can trickle down and require adjustments on their end too. This means that smaller companies may need to align their own compliance practices with new data-sharing rules and service access requirements.
Final Thoughts
To conclude, The EU Digital Markets Act is a bold step towards fairer digital markets, as it imposes stricter rules on dominant tech companies. For compliance teams, it’s a call to action to develop new processes, enhance transparency, and build collaboration across business functions. Navigating these changes won’t be without challenges, but with a proactive approach, companies can turn compliance into a strength, eventually benefiting consumers, competitors, and the broader market.