Digital Markets Act Deep-Dive

For decades, the European Union relied on its traditional competition law toolkit — Articles 101 and 102 of the Treaty on the Functioning of the European Union (TFEU) — to address anti-competitive conduct in digital markets. Landmark enforcement actions against Google (the Google Shopping case, Case AT.39740, resulting in a EUR 2.42 billion fine in 2017), Intel, and Microsoft demonstrated the European Commission's willingness to intervene. However, a growing consensus emerged that ex post competition enforcement was structurally ill-suited to the speed and dynamics of digital platform markets, where tipping, network effects, and data accumulation can entrench dominance long before a multi-year antitrust investigation concludes.

The Digital Markets Act (Regulation (EU) 2022/1925), which entered into force on 1 November 2022 and became applicable on 2 May 2023, represents a paradigm shift. Rather than waiting for harm to materialise and then investigating whether specific conduct constitutes an abuse of dominance, the DMA imposes ex ante obligations on designated "gatekeepers" — large digital platforms that serve as critical intermediaries between business users and end users. The legislation is designed to ensure contestability (keeping markets open to new entrants and challengers) and fairness (preventing gatekeepers from exploiting their intermediary position to the detriment of business users and consumers).

The DMA sits alongside, but is distinct from, competition law. It does not require a finding of dominance or anti-competitive effect in a specific case. Instead, it relies on structural presumptions: if a platform meets the quantitative thresholds for gatekeeper designation (or is designated following a qualitative assessment), it is subject to a comprehensive set of behavioural obligations regardless of whether its conduct in any particular instance harms competition. This prophylactic approach addresses the acknowledged limitations of competition enforcement in fast-moving digital markets, where remedies imposed years after the infringement often come too late to restore competitive conditions.

This guide provides a comprehensive, article-by-article analysis of the DMA framework. It examines the gatekeeper designation process, the specific obligations imposed under Articles 5, 6, and 7, the enforcement architecture, and the relationship between the DMA and traditional competition law. It also offers a detailed comparison with India's proposed Digital Competition Bill, 2024, which draws on many of the same regulatory principles but adapts them to the Indian market context. For Indian technology companies, platform business users, and legal advisers, understanding the DMA is essential — not only because of its direct applicability to EU operations but also because its regulatory model is shaping digital market regulation globally.

The DMA's origins trace back to the European Commission's 2019 report on "Competition Policy for the Digital Era", authored by Jacques Crémer, Yves-Alexandre de Montjoye, and Heike Schweitzer (the "Crémer Report"). This influential report identified several structural features of digital markets — including extreme economies of scale, network effects, data-driven advantages, and the role of platforms as ecosystems and intermediaries — that make traditional competition law enforcement insufficient to maintain contestable and fair markets. The report recommended considering ex ante regulatory instruments to complement existing competition tools.

Building on these findings, the Commission published its Digital Services Act package proposal on 15 December 2020, comprising two legislative proposals: the Digital Services Act (DSA), addressing content moderation and platform liability, and the Digital Markets Act, addressing the market power of large platforms. The DMA proposal was based on Article 114 TFEU (internal market harmonisation), not on the competition law legal basis of Articles 101-109. This choice was deliberate: it allowed the Commission to frame the DMA as a regulatory instrument for the functioning of the internal market rather than as a competition enforcement mechanism, thereby avoiding some of the procedural and institutional constraints that apply to competition cases.

The legislative process was swift by EU standards. The European Parliament and the Council of the EU reached a political agreement on 24 March 2022, and the regulation was formally adopted on 14 September 2022 as Regulation (EU) 2022/1925 of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act). The regulation entered into force on 1 November 2022 and became applicable on 2 May 2023. Gatekeepers were required to notify themselves to the Commission by 3 July 2023, and compliance with substantive obligations became mandatory from 6 March 2024.

The policy rationale rests on three central premises. First, that a small number of large digital platforms have acquired the status of "gatekeepers" — their services are so widely used by business users and end users that they function as essential access points, and the platforms' decisions about terms of access, data usage, and ranking can make or break the commercial prospects of millions of businesses. Second, that market dynamics in platform ecosystems tend towards concentration and entrenchment: once a platform achieves critical mass, the combination of network effects, data advantages, switching costs, and ecosystem lock-in creates self-reinforcing barriers to entry that are extremely difficult for new entrants or existing competitors to overcome through innovation alone. Third, that ex post competition enforcement — however vigorous — cannot adequately address these structural conditions, because the duration of investigations (typically 3-7 years from opening to final decision), the difficulty of designing effective remedies for fast-moving digital markets, and the limitations of the "abuse" standard under Article 102 mean that competitive harm is often irreversible by the time enforcement concludes.

The DMA thus represents a complementary regulatory layer — not a replacement for competition law, but an additional instrument specifically designed for the structural conditions of digital platform markets. As Recital 10 states, the DMA is without prejudice to the application of Articles 101 and 102 TFEU, national competition rules, and other sector-specific regulations.

The DMA applies only to undertakings designated as "gatekeepers" by the European Commission. The designation process is the jurisdictional gateway to the entire regulatory framework. Article 3 of the DMA sets out both quantitative (presumptive) and qualitative criteria for designation.

Under Article 3(1), an undertaking providing "core platform services" is presumed to be a gatekeeper if it meets three cumulative conditions:

• Significant impact on the internal market: Presumed where the undertaking achieves an annual turnover in the European Economic Area (EEA) of at least EUR 7.5 billion in each of the last three financial years, or where its average market capitalisation or equivalent fair market value amounted to at least EUR 75 billion in the last financial year, and it provides the same core platform service in at least three Member States.
• Important gateway to business users for reaching end users: Presumed where the core platform service has at least 45 million monthly active end users established or located in the EU and at least 10,000 yearly active business users established in the EU, in each of the last three financial years.
• Entrenched and durable position: Presumed where the gateway threshold has been met in each of the last three financial years.

The ten categories of core platform services listed in Article 2(2) are: online intermediation services (including marketplaces and app stores), online search engines, online social networking services, video-sharing platform services, number-independent interpersonal communications services, operating systems, web browsers, virtual assistants, cloud computing services, and online advertising services (including advertising intermediation).

On 6 September 2023, the Commission designated six undertakings as gatekeepers in respect of 22 core platform services:

Gatekeeper	Designated Core Platform Services
Alphabet (Google)	Google Search, Google Maps, Google Play, Google Shopping, YouTube, Google Android, Google Chrome, Google Ads
Amazon	Amazon Marketplace, Amazon Ads
Apple	iOS, Safari, App Store
ByteDance	TikTok
Meta	Facebook, Instagram, WhatsApp, Messenger, Meta Marketplace, Meta Ads
Microsoft	Windows, LinkedIn

Importantly, the Commission may also designate a gatekeeper through a qualitative assessment under Article 3(8), even where the quantitative thresholds are not met, if it concludes — based on a market investigation — that the undertaking's core platform service satisfies the three qualitative criteria. This discretionary power prevents undertakings from structuring their operations to fall just below the quantitative thresholds while still exercising gatekeeper functions. Conversely, under Article 3(5), an undertaking that meets the quantitative thresholds may rebut the presumption by presenting sufficiently substantiated arguments demonstrating that, in the circumstances, it does not satisfy the qualitative criteria. However, to date, no undertaking has successfully rebutted the presumption.

The designation process is ongoing. Additional undertakings may be designated as they cross the quantitative thresholds or following qualitative market investigations. The Commission has opened market investigations into services such as Apple's iPadOS (subsequently designated in April 2024) and has considered the status of platforms including Booking.com and X (formerly Twitter). The dynamic nature of the designation process means that the list of gatekeepers and their designated core platform services will evolve over time.

The core of the DMA is the comprehensive set of behavioural obligations imposed on designated gatekeepers in respect of their designated core platform services. These obligations are set out in Articles 5, 6, and 7 and apply automatically upon designation — no additional finding of harm, market definition, or abuse is required. This is the fundamental distinction between the DMA and traditional competition law.

Article 5 — Self-executing obligations: These are "per se" rules that apply uniformly to all gatekeepers without scope for proportionality-based adjustment or regulatory dialogue. They include:

• Article 5(2): Prohibition on combining personal data from the core platform service with data from other services of the gatekeeper or third-party services without the end user's effective consent under GDPR. This directly addresses the "data advantage" concern — gatekeepers cannot leverage their presence across multiple services to aggregate user profiles in ways that smaller competitors cannot replicate.
• Article 5(3): Prohibition on restricting business users from offering the same products or services to end users through third-party online intermediation services or their own direct online sales channels at different prices or conditions (the anti-parity/anti-MFN rule).
• Article 5(4): Obligation to allow business users to communicate and promote offers to end users acquired via the gatekeeper's platform, and to conclude contracts with those end users, using the business user's own or a third-party intermediation service (the anti-steering prohibition).
• Article 5(5): Prohibition on requiring business users to use, offer, or interoperate with the gatekeeper's own identification service, web browser engine, or payment service as a condition for using the core platform service (the anti-tying rule).
• Article 5(6): Prohibition on requiring end users to subscribe to or register with any other core platform service of the gatekeeper as a condition for using the designated service.
• Article 5(7): Obligation on gatekeepers providing online advertising services to provide advertisers and publishers, upon request, with information on the prices paid and the remuneration received for advertising services.
• Article 5(8): Obligation on gatekeepers providing online advertising services to provide advertisers and publishers with free-of-charge, effective, high-quality, continuous, and real-time access to performance-measuring tools.

Article 6 — Obligations susceptible of being further specified: These obligations are more complex and context-dependent, and the Commission may engage in a "regulatory dialogue" with the gatekeeper to specify how the obligations should be complied with in practice. Key obligations include:

• Article 6(2): Prohibition on using, in competition with business users, any non-publicly available data generated through the activities of business users on the gatekeeper's platform. This is the core anti-self-preferencing data rule — a gatekeeper marketplace cannot use sellers' transaction data to optimise its own competing retail offers.
• Article 6(3): Obligation to allow and technically enable end users to easily uninstall any pre-installed software applications on the gatekeeper's operating system, and to change default settings, including the default search engine, virtual assistant, and web browser.
• Article 6(4): Obligation to allow and technically enable the installation and effective use of third-party software applications or app stores using or interoperating with the gatekeeper's operating system — the sideloading obligation.
• Article 6(5): Prohibition on treating the gatekeeper's own products or services more favourably in ranking than similar third-party products or services, and obligation to apply transparent, fair, and non-discriminatory conditions to such ranking — the anti-self-preferencing ranking rule.
• Article 6(7): Obligation to provide advertisers and publishers, free of charge, with access to the gatekeeper's performance-measuring tools and the data necessary to carry out their own independent verification of advertising inventory.
• Article 6(9): Obligation to provide end users with effective data portability — the right to port their data in real time, free of charge, in a commonly used and machine-readable format.
• Article 6(10): Obligation to provide business users and third parties, free of charge, with effective, high-quality, continuous, and real-time access to and use of aggregated and non-aggregated data generated on the platform by the business users' activities.
• Article 6(12): Obligation to apply fair, reasonable, and non-discriminatory (FRAND) general conditions for business users' access to the gatekeeper's app stores, search engines, and social networking services.

Article 7 — Interoperability for messaging services: Number-independent interpersonal communications services designated as core platform services must provide, upon request, interoperability with third-party providers. The obligation is phased: basic one-to-one text and image messaging interoperability was required from 6 March 2024, with group messaging and voice/video calls to follow in subsequent phases (2025 and 2027). This obligation currently applies to WhatsApp and Messenger (Meta's designated messaging services).

The prohibition on self-preferencing is among the DMA's most commercially significant obligations and has already generated substantial enforcement activity. The concept addresses a structural conflict of interest inherent in vertically integrated platform ecosystems: a gatekeeper that operates both a platform (e.g., a marketplace, operating system, or search engine) and competing downstream services has the incentive and ability to favour its own services at the expense of third-party competitors that depend on the platform for market access.

The EU's experience with the Google Shopping case (Case AT.39740) was formative. The Commission found in 2017 that Google had abused its dominant position by systematically favouring its own comparison shopping service in Google Search results, positioning its Shopping unit in a prominent box at the top of search results while demoting competing comparison shopping services through algorithmic penalties. The CJEU upheld the decision on appeal in November 2021 (Case C-48/22 P). However, the case took seven years from the statement of objections (2015) to the General Court judgment (2021), and critics argued that the remedy — requiring Google to provide "equal treatment" to competing comparison shopping services — was insufficient to restore competitive conditions in a market that had already tipped.

The DMA's approach is fundamentally different. Article 6(5) imposes a blanket obligation on gatekeepers not to treat their own products or services more favourably in ranking than similar third-party products or services, applying transparent, fair, and non-discriminatory conditions. This obligation is structural and prophylactic — it does not require proof that specific self-preferencing conduct has caused competitive harm in a particular case. The obligation extends beyond search rankings to encompass any form of differentiated treatment in the visibility, presentation, or technical functioning of the gatekeeper's own services relative to those of competitors.

The anti-self-preferencing data rule under Article 6(2) complements the ranking obligation by prohibiting gatekeepers from using non-publicly available data generated by business users' activities on the platform to compete against those business users. This addresses the concern — prominently raised in the context of Amazon Marketplace — that a gatekeeper marketplace operator can observe which products sell well, at what prices, and with what demand patterns, and then use this proprietary intelligence to launch competing private-label products. Under the DMA, this conduct is prohibited irrespective of whether it would constitute an abuse of dominance under Article 102.

On interoperability, the DMA goes beyond anything previously attempted in EU competition or regulatory law. Article 7's requirement for messaging interoperability reflects the Commission's assessment that the network effects enjoyed by dominant messaging services (particularly WhatsApp, with over 2 billion users globally) create barriers to entry that cannot realistically be overcome through market forces alone. The interoperability obligation is designed to allow users of smaller messaging services to communicate with users on the gatekeeper's platform, thereby reducing the lock-in effect and lowering the barriers to switching or multi-homing.

The implementation of messaging interoperability presents formidable technical challenges. Meta has raised concerns about maintaining end-to-end encryption in interoperable messaging, arguing that enabling third-party access to its Signal Protocol implementation could compromise security guarantees. The Commission has indicated that the obligation must be implemented in a manner consistent with security and privacy standards, but it has not accepted that encryption concerns justify non-compliance with the interoperability obligation. The phased implementation timeline — text and images from March 2024, group messaging from 2025, voice and video calls from 2027 — reflects the Commission's recognition that full interoperability requires significant technical development.

The DMA significantly enhances the data rights of both end users and business users beyond what is already provided under the General Data Protection Regulation (GDPR). While Article 20 GDPR grants individuals a right to data portability in respect of personal data they have "provided" to a controller, the DMA extends portability obligations in three critical respects: it applies to data generated through the use of the platform (not merely data "provided" by the user), it requires real-time and continuous portability (not merely one-off data exports), and it includes obligations to provide data access to business users in respect of data generated by their activities on the platform.

Article 6(9) requires gatekeepers to provide end users with effective portability of data provided by the end user or generated through the end user's activity on the core platform service. The data must be provided free of charge, in a commonly used and machine-readable format, and — critically — on a continuous and real-time basis. This goes well beyond the "download your data" functionality that most platforms currently offer. Real-time, continuous portability envisages technical mechanisms (such as APIs) through which users or authorised third-party services can access and transfer data on an ongoing basis, enabling seamless switching or multi-homing between competing services.

Article 6(10) imposes parallel obligations in respect of business user data. Gatekeepers must provide business users and authorised third parties with free-of-charge, effective, high-quality, continuous, and real-time access to aggregated and non-aggregated data generated through the business users' activities on the platform. This is particularly significant for marketplace sellers, app developers, and advertisers, who depend on platform data to optimise their commercial strategies but are frequently restricted by gatekeepers from accessing or exporting the data that their own activities generate.

The end-user choice architecture obligations under Article 6(3) address a different but related concern: the use of defaults and pre-installation to steer users towards the gatekeeper's own services. Gatekeepers operating operating systems must allow users to easily uninstall pre-installed applications (with limited exceptions for applications essential to the functioning of the operating system), change default settings for web browsers, search engines, and virtual assistants, and be presented with a choice screen enabling them to select their preferred default services. Alphabet's implementation of a choice screen for default search engines on Android devices in the EU — following both the DMA and the earlier Google Android remedy (Case AT.40099) — has been a significant practical development, with early evidence suggesting measurable shifts in default search engine selections.

The interaction between DMA data portability obligations and GDPR is complex. The Commission has clarified that DMA portability obligations must be implemented in compliance with GDPR, including in respect of lawful bases for processing, data minimisation, and security measures. However, there is an inherent tension: the DMA's expansive portability requirements may, in some cases, involve the transfer of data that includes personal data of third parties (for example, in messaging or social networking contexts), raising data protection concerns that must be reconciled with the DMA's pro-competition objectives.

The DMA's app store provisions represent one of the most commercially consequential aspects of the regulation, directly challenging the "walled garden" business models that Apple and, to a lesser extent, Google have built around their mobile operating systems. Two categories of obligations are relevant: the obligation to allow sideloading (installation of third-party app stores and apps outside the gatekeeper's app store) and the anti-steering provisions (allowing developers to direct users to alternative purchasing channels).

Article 6(4) requires gatekeepers to allow and technically enable the installation and effective use of third-party software applications or app stores that use or interoperate with the gatekeeper's operating system. This obligation strikes at the heart of Apple's iOS ecosystem, which has historically prohibited sideloading entirely, requiring all app distribution to go through the App Store and subjecting all in-app purchases to Apple's commission (historically 30%, reduced to 15% for small developers under the Small Business Programme). Under the DMA, Apple must permit alternative app stores on iOS in the EU and must provide the technical interfaces necessary for those app stores to function effectively.

Apple's implementation of the sideloading obligation has been controversial. In January 2024, Apple announced new business terms for the EU that included a "Core Technology Fee" (CTF) of EUR 0.50 per first annual install for apps distributed through alternative app stores, applicable once the app exceeds one million first annual installs. Critics — including Epic Games, Spotify, and the European Commission — argued that this fee structure was designed to make alternative distribution economically unviable for most developers, thereby undermining the DMA's objective of enabling genuine app store competition. The Commission opened non-compliance proceedings against Apple in March 2024 in respect of both the anti-steering provisions and the app store obligations, and in June 2024 issued preliminary findings that Apple's terms did not comply with the DMA.

The anti-steering provisions under Article 5(4) are equally significant. These require gatekeepers to allow app developers to inform users within the app about alternative purchasing options (such as the developer's own website) and to direct users to those options for completing transactions. Prior to the DMA, both Apple and Google restricted developers from including links or references to external purchasing options within their apps — the so-called "anti-steering rules" that were central to the Epic Games v Apple litigation in the United States and the Spotify antitrust complaint in the EU (Case AT.40437). Under the DMA, these restrictions are prohibited.

Google's compliance posture has differed from Apple's. Android has historically permitted sideloading (users can install APK files from sources other than Google Play, albeit with security warnings), but Google has faced criticism for friction-laden sideloading processes and for contractual arrangements with device manufacturers that gave Google Play preferential positioning. Under the DMA, Google must ensure that sideloading and alternative app stores can function without unreasonable technical barriers or deterrent security warnings that go beyond what is necessary for legitimate safety and security purposes.

The broader implications for the app economy are substantial. If the DMA succeeds in enabling genuine competition in app distribution and in-app payment processing, it could fundamentally alter the economics of mobile software — reducing the commission rates that developers pay to platform operators, creating new distribution channels, and potentially enabling business models that were previously unviable under the 30% commission structure. However, legitimate concerns about security, privacy, and quality control remain. Apple has argued that its App Store review process and closed ecosystem are essential for user security, and that sideloading exposes users to malware, privacy violations, and substandard applications. The DMA permits gatekeepers to impose proportionate security measures (Article 6(4) allows "strictly necessary and proportionate" measures to protect the integrity of the operating system), but the boundary between legitimate security measures and pretextual barriers to compliance is a central area of regulatory contestation.

Online advertising is the economic engine of the platform economy, generating the vast majority of revenue for Alphabet (Google) and Meta (Facebook/Instagram). The DMA imposes specific transparency and data-use obligations on gatekeepers providing online advertising services, addressing concerns about opacity in programmatic advertising and the competitive advantages derived from cross-service data combination.

Article 5(7) requires gatekeepers providing online advertising services to provide advertisers and publishers, upon request, with information concerning the price paid by the advertiser and the remuneration received by the publisher for each of the relevant advertising services provided by the gatekeeper. This obligation addresses the well-documented lack of transparency in the programmatic advertising supply chain, where advertisers frequently do not know what portion of their spend reaches the publisher and intermediaries (including the gatekeeper itself, when it operates on multiple sides of the advertising transaction) capture undisclosed margins. The "ad tech tax" — the share of advertiser spending absorbed by intermediaries — has been estimated at 30-50% of total programmatic advertising expenditure, but advertisers have historically had no means of verifying these figures.

Article 5(8) further requires gatekeepers to provide advertisers and publishers with free-of-charge, effective, high-quality, continuous, and real-time access to the gatekeeper's performance-measuring tools and the information necessary for advertisers and publishers to carry out their own independent verification of the ad inventory. This obligation is designed to break the informational asymmetry that allows gatekeepers to act as both seller and measurer of advertising services, creating conflicts of interest and limiting advertisers' ability to assess the true value of their advertising spend.

The data combination prohibition under Article 5(2) is perhaps the most structurally significant advertising-related obligation. It prohibits gatekeepers from combining personal data sourced from the core platform service with personal data from any other services offered by the gatekeeper or from third-party services, and from cross-using personal data from the core platform service in other services provided separately by the gatekeeper, unless the end user has been presented with a specific choice and has provided consent in the sense of Article 4(13) GDPR.

This obligation directly targets the cross-service data advantage that distinguishes the largest gatekeepers. Meta, for instance, can combine data from Facebook, Instagram, WhatsApp, and Messenger — together with data from third-party websites and apps that use Meta's tracking pixels and SDKs — to build comprehensive user profiles that enable highly targeted advertising. The DMA's consent requirement means that users must be given a genuine, specific choice about whether to allow this data combination, with a clear alternative that does not involve cross-service data use. The German Federal Cartel Office (Bundeskartellamt) had already pursued a similar approach under national competition law in its landmark Facebook decision (2019), which the Federal Court of Justice upheld — the DMA now harmonises this principle across the EU.

For advertisers and publishers, particularly those based in India and other non-EU jurisdictions that advertise to EU audiences, the DMA's advertising transparency obligations create valuable new informational rights. The ability to verify pricing, margins, and performance independently should enable more efficient allocation of advertising budgets and reduce dependence on gatekeeper-provided metrics. However, the practical utility of these obligations depends critically on the quality, granularity, and timeliness of the data that gatekeepers provide, and early compliance reports suggest significant variation in implementation quality across designated gatekeepers.

The relationship between the DMA and traditional EU competition law — particularly Article 102 TFEU (abuse of dominant position) — is one of the most intellectually complex and practically significant questions in the new regulatory architecture. The DMA is explicitly conceived as a complement to, not a replacement for, competition law. Recital 10 of the DMA states that the regulation is "without prejudice to" the application of Articles 101 and 102 TFEU, national competition rules, merger control, and the enforcement powers of the Commission and National Competition Authorities (NCAs).

This means that parallel enforcement is possible: the same conduct by a gatekeeper could simultaneously constitute a DMA violation (triggering fines under Article 30 DMA) and an abuse of dominance under Article 102 TFEU (triggering fines under Regulation 1/2003). However, the ne bis in idem principle (the prohibition on double punishment for the same offence) and the principle of proportionality will constrain the Commission's ability to impose cumulative sanctions for identical conduct. The Commission has indicated that it will coordinate DMA and competition law enforcement to avoid duplication, but the precise boundaries remain to be defined through practice and, potentially, through judicial interpretation by the Court of Justice.

There are important structural differences between the two frameworks that affect their respective scopes of application:

• No dominance requirement: The DMA applies to designated gatekeepers based on quantitative thresholds and qualitative criteria related to their intermediary function. It does not require a finding that the gatekeeper holds a dominant position in a relevant market within the meaning of Article 102. This is significant because some gatekeepers may not be dominant in traditionally defined antitrust markets — for example, a social networking service might not be dominant in a "social media market" if that market is broadly defined — but may still exercise gatekeeper power in the DMA sense.
• No effects analysis: DMA obligations apply per se. Unlike Article 102, which requires a showing that the dominant undertaking's conduct is "abusive" (typically assessed through an effects-based analysis), DMA obligations are triggered by the conduct itself, without any need to demonstrate competitive harm in a specific case. There is no efficiency defence or objective justification under the DMA obligations (though some Article 6 obligations permit proportionate security measures).
• No market definition: DMA proceedings do not require the Commission to define relevant product and geographic markets — a process that is frequently contested and time-consuming in competition cases. The DMA operates through the concept of "core platform services", which are defined by regulatory classification rather than competitive analysis.
• Different enforcement timelines: DMA non-compliance proceedings are designed to be faster than competition law investigations. The Commission must adopt preliminary findings within 12 months of opening proceedings and can impose interim measures. By contrast, Article 102 investigations have historically taken 3-7 years.

For practitioners, the coexistence of the DMA and competition law creates both opportunities and complexities. A business user harmed by gatekeeper conduct may have multiple enforcement avenues: filing a complaint under the DMA (alleging non-compliance with specific obligations), filing a competition law complaint under Article 102 (alleging abuse of dominance), bringing a private damages action in national courts (under the Damages Directive), or a combination of these. The choice of enforcement avenue will depend on the nature of the conduct, the availability of evidence, the desired remedy, and strategic considerations about timing and procedural efficiency.

The Article 102 case law developed in digital markets remains relevant under the DMA, both as interpretive guidance and as an independent enforcement tool for conduct that falls outside the specific DMA obligations. The Commission's Google Shopping decision, the Google Android decision (Case AT.40099, EUR 4.34 billion fine for tying Google Search and Chrome on Android devices), and the Google AdSense decision (Case AT.40411, EUR 1.49 billion fine for exclusivity clauses in online search advertising) address conduct patterns that overlap with DMA obligations but were analysed under the distinct legal framework of Article 102.

The DMA establishes a centralised enforcement architecture with the European Commission as the sole enforcer. Unlike competition law, where enforcement is shared between the Commission and NCAs through the European Competition Network, DMA enforcement is exclusively a Commission competence. This centralisation reflects the transnational nature of gatekeeper services and the desire for consistent application of the regulation across the internal market. However, Member States may confer powers on their NCAs to investigate and enforce in respect of non-compliance with DMA obligations, and several Member States (including Germany and France) have considered or adopted national legislation to this effect.

The Commission's investigative powers under Articles 21-23 DMA are extensive and mirror those available under Regulation 1/2003 for competition law investigations. They include:

• Requests for information (Article 21): The Commission can require any undertaking to provide information necessary for the implementation and enforcement of the DMA, subject to fines for supplying incorrect, incomplete, or misleading information.
• Interviews (Article 22): The Commission can conduct interviews with any natural or legal person who consents to be interviewed.
• Inspections (Article 23): The Commission can conduct on-site inspections ("dawn raids") at business premises, examining books and records, taking copies, sealing premises, and asking for explanations. These powers are equivalent to the Commission's competition law inspection powers.

The penalty framework under the DMA is graduated and designed to be dissuasive for the world's largest technology companies:

• Non-compliance fines (Article 30): Up to 10% of total worldwide annual turnover for infringements of Articles 5, 6, or 7 obligations. For context, 10% of Alphabet's 2023 worldwide revenue (~USD 307 billion) would be approximately USD 30.7 billion — a figure that dwarfs even the largest competition law fines.
• Systematic non-compliance (Article 30(2)): Up to 20% of worldwide annual turnover in cases of systematic non-compliance — defined as conduct that the gatekeeper has engaged in despite a prior non-compliance decision.
• Periodic penalty payments (Article 31): Up to 5% of average daily worldwide turnover for each day of continued non-compliance following a non-compliance decision.
• Procedural fines (Article 30(3)): Up to 1% of worldwide annual turnover for supplying incorrect or misleading information, failing to notify a concentration, or failing to comply with interim measures.

In cases of systematic non-compliance — where a gatekeeper has been found to have infringed its obligations in at least three non-compliance decisions within an eight-year period — the Commission may, following a market investigation under Article 18, impose behavioural or structural remedies (Article 18(1)). Structural remedies could include requiring the gatekeeper to divest a business or part of a business, prohibit acquisitions in specific areas, or require the structural separation of certain business units. The power to impose structural remedies represents the most far-reaching enforcement tool in the DMA arsenal and has no direct equivalent in the Commission's standard competition law toolkit (where structural remedies are theoretically available but have never been imposed in an abuse of dominance case).

Enforcement activity under the DMA has been rapid. By mid-2024, the Commission had opened non-compliance proceedings against Alphabet (in respect of self-preferencing in Google Search results and anti-steering in Google Play), Apple (in respect of anti-steering and app store obligations), and Meta (in respect of its "pay or consent" advertising model under Article 5(2)). These proceedings signal the Commission's intention to enforce the DMA vigorously from its earliest implementation phase, in contrast to the slower ramp-up that characterised the early years of GDPR enforcement.

India's regulatory response to digital market power has followed a trajectory parallel to the EU's, albeit with a significant time lag. The Competition Commission of India (CCI) has pursued several high-profile investigations into digital platform conduct under Sections 3 and 4 of the Competition Act, 2002, including cases involving Google (search bias and Android bundling), Amazon and Flipkart (marketplace practices and preferential treatment of certain sellers), and WhatsApp (privacy policy and data sharing). However, like the European Commission before it, the CCI has confronted the limitations of ex post competition enforcement in addressing the structural features of digital platform markets.

In February 2023, the Ministry of Corporate Affairs constituted the Committee on Digital Competition Law (CDCL), chaired by Manoj Govil (Secretary, MCA), to examine whether India's existing competition law framework was adequate for digital markets and, if not, to recommend legislative changes. The CDCL submitted its report in March 2024, recommending the enactment of a separate ex ante regulatory framework for digital markets, modelled substantially on the EU's DMA but adapted to Indian conditions. The resulting Digital Competition Bill, 2024 was introduced in Parliament in July 2024 and is currently under consideration.

The structural architecture of the proposed Bill closely mirrors the DMA in several respects:

Feature	EU DMA (Regulation 2022/1925)	India Digital Competition Bill, 2024
Regulator	European Commission (DG CONNECT / DG Competition)	Competition Commission of India (CCI)
Designated entity	Gatekeeper	Systemically Significant Digital Enterprise (SSDE)
Designation basis	Quantitative thresholds (turnover/market cap/users) + qualitative assessment	Quantitative thresholds (turnover/gross merchandise value/users) + qualitative assessment
Covered services	10 categories of core platform services	Core Digital Services (online search, social networking, video sharing, OS, browser, messaging, advertising, marketplace, app store, cloud)
Obligations type	Ex ante behavioural (Articles 5, 6, 7)	Ex ante behavioural (Associate Digital Enterprises + SSDE obligations)
Self-preferencing	Prohibited (Article 6(2), 6(5))	Prohibited
Data combination	Prohibited without consent (Article 5(2))	Prohibited without consent
Sideloading	Required (Article 6(4))	Required
Anti-steering	Prohibited (Article 5(4))	Prohibited
Penalties	Up to 10% worldwide turnover (20% for systematic)	Up to 10% of turnover in India (proposed)

However, several significant differences distinguish the Indian approach:

• Institutional architecture: The EU's DMA enforcement is centralised in the Commission, which has dedicated resources and decades of experience in competition enforcement. The Indian Bill assigns enforcement to the CCI, which is already stretched with its existing competition law mandate and may require significant capacity expansion to effectively enforce an additional ex ante regulatory framework. The CDCL recommended the creation of a Digital Markets and Data Unit (DMDU) within the CCI to specialise in digital market regulation.
• Two-tier designation: The Indian Bill introduces a concept of Associate Digital Enterprise (ADE) alongside the SSDE, creating a two-tier system where entities meeting lower thresholds are subject to a lighter set of obligations, while SSDEs face the full complement. The DMA does not have this two-tier structure — it applies only to designated gatekeepers.
• Penalty basis: The DMA calculates fines as a percentage of worldwide annual turnover, which can result in enormous penalties for global technology companies. The Indian Bill proposes fines based on turnover in India, which would be significantly lower in absolute terms for companies that derive only a fraction of their global revenue from the Indian market.
• Interoperability: The Indian Bill does not currently include an equivalent of the DMA's Article 7 messaging interoperability obligation, though the CDCL report discussed the concept. This may reflect India's different market dynamics, where WhatsApp's near-monopoly in messaging is even more pronounced than in the EU.
• Regulatory maturity: The DMA benefits from the EU's established institutional infrastructure, extensive digital markets case law (Google Shopping, Google Android, Google AdSense, Amazon Marketplace, Apple App Store), and the Commission's deep technical expertise. India is building this capacity from a lower base, although the CCI's recent digital markets investigations have generated valuable institutional learning.

For Indian technology companies and platform business users, the convergence between the DMA and the proposed Indian Bill has significant implications. Companies that develop compliance frameworks for the DMA can leverage much of that work for Indian compliance, given the structural similarities. Conversely, the differences — particularly in penalty calculation, institutional enforcement capacity, and the two-tier designation structure — mean that a mechanical transposition of DMA compliance strategies to the Indian context would be inadequate. The CCI's enforcement priorities and interpretive approach may differ materially from the Commission's, and Indian companies should engage proactively in the legislative and regulatory process to shape the Bill's final form and implementation.

The DMA's immediate impact falls on the six designated gatekeepers — Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft — but its ripple effects extend across the global technology ecosystem. Each designated gatekeeper has been required to file compliance reports detailing how it has implemented its DMA obligations across each designated core platform service. These compliance reports, submitted for the first time in March 2024, provide the first concrete evidence of how the DMA is reshaping platform business models, technical architectures, and commercial relationships.

Alphabet (Google) faces the broadest DMA exposure, with eight designated core platform services spanning search, maps, mobile operating systems, browsers, app stores, online advertising, and video sharing. Alphabet's compliance strategy has centred on providing choice screens (for search engine and browser defaults on Android), modifying search results display to reduce self-preferencing, and enhancing data portability tools. However, the Commission's non-compliance proceedings (opened in March 2024) indicate that the Commission considers Alphabet's initial compliance measures insufficient, particularly in respect of self-preferencing in Google Search results and steering restrictions in Google Play.

Apple faces arguably the most commercially disruptive DMA obligations, given its longstanding "walled garden" approach to iOS. The sideloading obligation (Article 6(4)) requires Apple to permit third-party app stores on iOS for the first time, fundamentally challenging the App Store's monopoly on app distribution and in-app payment processing. Apple's response — including the Core Technology Fee, new business terms, and notarisation requirements for sideloaded apps — has been criticised as "malicious compliance" designed to preserve the economic effect of App Store exclusivity while technically complying with the letter of the regulation. The Commission's preliminary findings in June 2024 supported this assessment, concluding that Apple's anti-steering rules in the App Store did not comply with Article 5(4) DMA.

Meta faces distinct challenges around data combination (Article 5(2)) and messaging interoperability (Article 7). Meta's initial compliance approach for Article 5(2) was to offer EU users a binary choice between a paid ad-free subscription (approximately EUR 9.99/month) and a free service with personalised advertising based on cross-service data combination. The Commission opened non-compliance proceedings in March 2024, questioning whether this "pay or consent" model provided a genuine choice as required by Article 5(2). The case raises fundamental questions about the business model sustainability of ad-funded platforms under the DMA's consent requirements.

Amazon, ByteDance, and Microsoft face narrower obligations, with fewer designated services and, in some cases, less fundamental challenges to their existing business models. Amazon must address self-preferencing and data use on its marketplace (ensuring that non-publicly available seller data is not used to compete with third-party sellers). ByteDance's obligations relate primarily to TikTok, focusing on data portability, advertising transparency, and profiling consent. Microsoft must address interoperability and default settings on Windows and ensure fair treatment of competing services on LinkedIn.

The global spillover effects of the DMA are already evident. Japan, South Korea, the United Kingdom, and Brazil are all developing or have enacted platform regulation frameworks influenced by the DMA model. The prospect of regulatory fragmentation — where platforms must comply with different but overlapping regimes in multiple jurisdictions — creates strong incentives for global technology companies to implement DMA-level compliance standards worldwide, rather than maintaining separate compliance architectures for each jurisdiction. This "Brussels effect" — the tendency of EU regulations to set global standards due to the size of the EU market and the costs of maintaining differentiated compliance — may prove to be the DMA's most significant long-term impact.

The DMA creates compliance obligations and strategic opportunities for two distinct categories of stakeholders: designated gatekeepers (who must comply with the substantive obligations) and business users (who can leverage the DMA to improve their competitive position on gatekeeper platforms). Effective compliance strategies differ significantly between these two groups.

For designated gatekeepers, the compliance challenge is unprecedented in scale and complexity. Each gatekeeper must implement technical, organisational, and commercial changes across multiple designated core platform services, many of which involve deeply embedded business practices and technical architectures. Key elements of a gatekeeper compliance strategy include:

• Obligation mapping: Systematically identifying which obligations under Articles 5, 6, and 7 apply to each designated core platform service, noting that the scope of obligations varies by service category (e.g., Article 7 interoperability applies only to messaging services, while Article 6(4) sideloading applies only to operating systems).
• Compliance-by-design: Integrating DMA requirements into product development processes from the outset, rather than retrofitting compliance onto existing products. This includes embedding choice architecture, data access mechanisms, and interoperability interfaces into the technical infrastructure of each designated service.
• Regulatory dialogue: Engaging proactively with the Commission on the implementation of Article 6 obligations, which are "susceptible of being further specified" through regulatory dialogue. Early and transparent engagement with the Commission on compliance approaches can reduce the risk of non-compliance findings.
• Compliance reporting: Preparing and submitting annual compliance reports (Article 11) that detail, for each obligation, the specific measures taken to ensure compliance, the technical and organisational changes implemented, and any outstanding compliance challenges. These reports are reviewed by the Commission and can form the basis for non-compliance proceedings if they reveal inadequate implementation.
• Internal governance: Establishing dedicated DMA compliance functions with clear reporting lines to senior management, including the compliance function required under Article 28 (which must be independent and have adequate resources and authority).

For business users — including app developers, marketplace sellers, advertisers, publishers, and other enterprises that depend on gatekeeper platforms for market access — the DMA creates actionable rights and opportunities:

• Data access rights: Business users should proactively exercise their rights under Article 6(10) to access aggregated and non-aggregated data generated by their activities on the platform. This data can be used to optimise commercial strategies, develop competing services, and reduce dependence on gatekeeper-provided analytics.
• Alternative distribution channels: The sideloading obligation (Article 6(4)) and anti-steering provisions (Article 5(4)) create opportunities for developers to establish direct customer relationships and alternative distribution channels. Developers should assess whether distributing through third-party app stores or directing users to web-based purchasing options can improve margins and reduce platform dependency.
• Complaint mechanisms: Business users that believe a gatekeeper is not complying with its DMA obligations can file complaints with the Commission, triggering an obligation on the Commission to assess the complaint and, where appropriate, open an investigation. Business users should document instances of suspected non-compliance and consider engaging with industry associations or coalitions to amplify their concerns.
• Fair ranking monitoring: Business users should monitor whether the gatekeeper's ranking algorithms treat their products and services fairly relative to the gatekeeper's own offerings (Article 6(5)). The DMA requires transparent, fair, and non-discriminatory ranking conditions, and business users can challenge ranking practices that appear to favour the gatekeeper's own services.
• Multi-homing: The DMA's anti-parity and anti-MFN rules (Article 5(3)) enable business users to offer different prices and conditions on different platforms and through their own direct channels. Business users should actively explore multi-homing strategies to reduce dependence on any single gatekeeper platform.

For Indian companies that are business users of designated gatekeeper platforms in the EU, the DMA creates a particularly valuable set of rights. Indian app developers distributing through the App Store or Google Play can now explore alternative distribution channels and direct purchasing options. Indian e-commerce sellers on Amazon Marketplace can exercise data access rights to obtain the data generated by their selling activities. Indian advertisers can demand pricing transparency and independent performance measurement tools from gatekeeper advertising platforms. These rights are enforceable under EU law and apply regardless of the business user's country of incorporation.

The DMA is not a static instrument. The regulation contains several mechanisms for evolution, including provisions for market investigations to update the list of core platform services, delegated acts to further specify obligations, and a mandatory review clause (Article 53) requiring the Commission to evaluate the regulation's functioning and, if necessary, propose amendments by 3 November 2027. The trajectory of DMA enforcement and the broader global regulatory landscape suggest several likely developments.

Expansion of core platform services: The current list of ten categories of core platform services will likely expand. Cloud computing services (designated for Amazon Web Services, though enforcement has been limited) may receive greater attention as cloud infrastructure becomes increasingly critical to business operations. Generative AI services — particularly large language models and AI assistants integrated into operating systems and search engines — are strong candidates for inclusion in a future revision. The European Parliament has already called for the Commission to assess whether AI assistants (such as Google Assistant, Siri, Alexa, and Copilot) should be separately designated as core platform services, given their growing role as intermediaries between users and information.

Enforcement maturation: The non-compliance proceedings opened in 2024 against Alphabet, Apple, and Meta will produce the first substantive DMA enforcement decisions, which will be subject to judicial review by the General Court and, on points of law, the Court of Justice. These decisions will establish critical precedents on the interpretation of key concepts — including the scope of "effective" compliance, the boundary between legitimate security measures and pretextual barriers, and the meaning of "genuine choice" in the context of consent under Article 5(2). The development of a body of DMA case law will provide greater certainty for gatekeepers and business users and will shape the direction of future enforcement.

Global regulatory convergence: The DMA has catalysed a wave of platform regulation globally. Japan enacted the Transparency Act on Specified Digital Platforms (2020) and is developing more comprehensive regulation. South Korea amended its Telecommunications Business Act in 2021 to prohibit app store operators from requiring specific payment systems and enacted the Platform Competition Promotion Act. The United Kingdom's Digital Markets, Competition and Consumers Act 2024 grants the Competition and Markets Authority (CMA) powers to designate firms with "Strategic Market Status" (SMS) and impose tailored conduct requirements. Brazil is considering its own digital markets legislation. India's Digital Competition Bill, as discussed above, draws heavily on the DMA model.

This proliferation of national and regional platform regulation frameworks creates both risks and opportunities. The risk of regulatory fragmentation — where platforms face inconsistent and potentially conflicting obligations across jurisdictions — is real and could increase compliance costs, create legal uncertainty, and potentially harm innovation. However, the structural similarities between the DMA, the UK's DMCC Act, and India's proposed Bill suggest a degree of convergence around core regulatory principles: ex ante designation based on structural criteria, behavioural obligations targeting self-preferencing, data combination, interoperability, and app store practices, and significant financial penalties for non-compliance. International coordination mechanisms — such as the Commission's bilateral discussions with the CMA, the Japan Fair Trade Commission, and the Korean Fair Trade Commission — may over time produce greater alignment and mutual recognition arrangements.

The evolution of compliance norms: As DMA enforcement matures, there is likely to be a convergence towards industry-wide compliance standards and best practices for specific obligation categories. Technical standards for interoperability (particularly messaging interoperability under Article 7), data portability formats, and advertising transparency disclosures may be developed through multi-stakeholder processes, potentially facilitated by the Commission or European standardisation bodies. For gatekeepers, investing in compliance infrastructure that is adaptable and scalable across jurisdictions will be more cost-effective than building jurisdiction-specific solutions.

For legal practitioners and compliance professionals, the DMA represents a fundamental expansion of the regulatory toolkit for digital markets. Understanding the DMA — its provisions, enforcement architecture, relationship with competition law, and global influence — is now essential for any practice that advises technology companies, platform business users, or investors in the digital economy. The regulation's first three years of enforcement (2024-2027) will be critical in determining whether the ex ante model achieves its objectives of contestability and fairness, or whether it requires further calibration in the DMA 2.0 review.