Get ready for DMA with GDPR & ePrivacy compliance

Discover how easy data privacy compliance can be with GDPR and ePrivacy compliant user consent collection and signaling.

Start 14-day free trial

Introduction to the Digital Markets Act

The Digital Markets Act, or DMA, was introduced by the European Commission (EC), and enforcement begins on March 6, 2024. The DMA law is meant to protect the data privacy of users online and help ensure fair competition in digital markets among companies doing business in the EU and/or EEA.

Under the Digital Markets Act, the EC has designated six companies that represent some of the largest and most influential big tech corporations as gatekeepers. These companies have specific operational and compliance requirements under the Act. The regulation also affects third-party businesses that use the gatekeepers’ platforms and services, e.g. for advertising purposes.

Learn more: DMA: The European Digital Markets Act explained

To which companies does the Digital Markets Act (DMA) apply?

Five of the currently designated gatekeepers are US-based companies, and one is Chinese. They are all influential, with massive user bases, and have significant impacts on consumers as well as digital businesses.

The six gatekeepers are:

  • Alphabet (parent company of Google and Android)
  • Amazon
  • Apple
  • ByteDance (parent company of TikTok)
  • Meta (parent company of Facebook, Instagram and WhatsApp)
  • Microsoft (parent company of LinkedIn)

The European Commission goes further in the DMA, identifying what they refer to as core platform services (CPS) that are provided by these gatekeepers. The CPS are:

  • 6 intermediary platforms (Amazon Marketplace, Google Maps, Google Play, Google Shopping, iOS App Store, Meta Marketplace)
  • 4 social networks (Facebook, Instagram, LinkedIn, TikTok)
  • 3 online advertising services (Amazon, Google, and Meta)
  • 3 most popular operating systems (Google Android, iOS, Windows PC OS)
  • 2 web browsers (Chrome and Safari)
  • 2 large communication services (Facebook Messenger and WhatsApp, both owned by Meta)
  • 1 video sharing platform (YouTube)
  • 1 search engine (Google)

Several other companies and a number of additional platforms and services are being considered as additions to the CPS list, and so these may change in the future.

You can get ready for the DMA now by implementing Cookiebot CMP on your business website. Start your free 14-day trial and see how easy it is to achieve and maintain compliance with the most important privacy regulations.

Get started

What responsibilities do gatekeepers have under the DMA?

One of the main goals of the Digital Markets Act is to improve smaller third companies’ ability to compete with gatekeepers, and to level the playing field, business-wise.

The biggest requirements of gatekeepers to achieve those aims relate to:

  • interoperability
  • nondiscrimination
  • data access
  • data portability
  • transparency
  • profiling

Read the EC’s list of “do’s and don’ts” for gatekeepers: The Digital Markets Act: ensuring fair and open digital markets

Broadly, gatekeepers must ensure greater openness on their platforms, enabling third parties to have equal access to audiences and data produced on the platforms. Gatekeepers can’t show preference in rankings or access to their products and services over others’, and must make it easy for users to port their data away from their platforms to other services.

Gatekeepers must also obtain consent before users’ data is collected or used, and can enforce this requirement of third parties using their platforms. They are also prohibited from using personal data to profile users without consent. Users must also be able to uninstall apps and functions that come pre-installed on gatekeepers’ platforms.

What responsibilities do smaller companies have under the EU Digital Markets Act?

Smaller companies that use the gatekeepers’ services will likely be required to ensure and be able to prove compliance with the DMA. Mainly this will be in the form of obtaining valid user consent prior to any personal data being collected or used via gatekeepers’ platforms or services that third parties are using. These companies will also be required in many cases to signal consent to the gatekeepers to maintain access to their platforms, e.g. via Google Consent Mode.

A consent management platform (CMP) like Cookiebot CMP™ enables easy, seamless notification of users, collection of consent preferences, secure storage of consents, and integrated signaling to gatekeepers that consent has been obtained.

Learn more: Digital Markets Act (DMA) for startups and SMEs: Opportunities and challenges ahead

Benefits of the Digital Markets Act 

The DMA brings potential benefits to a wide number of groups, and is intended to benefit everyone from end users to new and innovative companies.

For technology startups and SMEs:

  • Broader opportunities to innovate and compete in the digital marketplace
  • More fair terms and conditions that don’t limit development, growth or product and service offerings

For businesses that depend on gatekeepers’ platforms:

  • Work in a more fair business environment
  • Better access to data and audiences to facilitate growth and innovation 

For online consumers:

  • Access to more and better services
  • Favorable conditions for accelerated innovation
  • More opportunities to exercise their privacy rights
  • Better protections for their data
  • Improved opportunities to use the platforms and services they want, how they want, at fairer prices

For designated gatekeepers:

  • Maintain everything that they’ve built and the reach that they have acquired
  • Improve operations to ensure data privacy compliance with multiple regulations
  • Opportunity to bolster brand reputation and consumer trust with more open business practices and more transparency about data privacy

How can companies be ready for DMA with Cookiebot CMP?

Cookiebot CMP can help companies meet the user consent requirements of the Digital Markets Act (DMA) and prevent the risk of disruption of their use of gatekeepers’ services, like advertising operations.

Cookiebot CMP uses the latest legal expertise and tech innovation to deliver a consent management solution that is GDPR, ePrivacy and DMA-ready.

Cookiebot CMP features and benefits to get ready for DMA

  • Multiple convenient implementation methods, depending on your tech stack
  • Implementation in minutes with just 3 steps
  • Easy, seamless integrations with popular CMS platforms
  • High quality pre-built consent banner template
  • Option to customize your consent banner via HTML, CSS or JavaScript for brand consistency
  • Geolocation functionality enables flexible configurations to display regulatory messaging and language based on users’ geographic location
  • Support for 47+ languages
  • Patented deep scanning technology that identifies, categorizes and blocks the cookies and trackers in use on your website, until user consent is obtained.
  • Google Consent Mode is used by default for businesses using Google services, to help meet DMA requirements

How to get started with Cookiebot CMP for DMA compliance?

If your business relies on the gatekeepers’ platforms or services, you need to be ready for the DMA. Get started today with Cookiebot’s ready for DMA consent management solution.

Frequently Asked Questions

What is the Digital Markets Act (DMA) from the European Commission?

The Digital Markets Act is a regulation that applies to large tech companies operating in the European Union and/or European Economic Area. The goal of the regulation is to bolster fairness and innovation, and to increase competition. The Digital Markets Act requires an increase in transparency, access to data, and interoperability among platforms. The law also helps to increase user privacy and consumer choice.

The European Commission has designated six companies as gatekeepers under the Digital Markets Act, with specific obligations. Third-party companies that rely on the gatekeepers’ platforms and services for advertising, tracking, and other data-based operations will also need to meet certain compliance requirements to maintain business operations and growth in the gatekeepers’ digital ecosystem in the EU.

When is the Digital Markets Act in effect?

The Digital Markets Act officially came into effect on November 1, 2022. Most of the regulation’s rules were active by May 2023, and the EC designated the gatekeepers on September 6, 2023. By March 6, 2024 the gatekeepers must be in compliance with the DMA

In what regions does the Digital Markets Act apply?

The Digital Markets Act applies to companies doing business in digital markets in the European Union and/or European Economic Area, and to the users and customers that live in those areas.

To what companies does the Digital Markets Act apply?

The Digital Markets Act applies to organizations that operate large online platforms that meet specific criteria. These include:

  • having significant market share, audience, and influence over digital markets
  • acting as intermediaries between businesses and users
  • enjoying a durable position of market power with significant influence over innovation

The companies owning these platforms and services have been designated by the EC as “gatekeepers” and will be subject to enhanced regulatory responsibilities and scrutiny under the Digital Markets Act.

Although the Digital Markets Act applies to these gatekeepers, the smaller companies doing business on their platforms also need to understand the law, as it’ll directly impact how they use the large online platforms and services owned by the gatekeepers. Business owners will be responsible to comply with legal compliance requirements that companies like Google and Amazon impose on third parties.

What areas of business does the Digital Markets Act cover?

The Digital Markets Act has several areas of focus, including improved fairness and competition, more transparency, and greater competition in digital markets, in addition to enhancing consumers’ data privacy. The Act should help smaller players to grow and innovate to compete with the big tech platforms, and works to prevent gatekeepers from using their dominant position to stifle growth and competition.

What companies have been designated gatekeepers under the Digital Markets Act?

To date, the European Commission has designated the following companies as gatekeepers, though the list may grow or change in the future:

  • Alphabet (owner of Google and Android)
  • Amazon
  • Apple
  • ByteDance (owner of TikTok)
  • Meta (owner of Facebook, Instagram, WhatsApp, and others)
  • Microsoft
What are the gatekeepers’ core platform services (CPS)?

These platforms, services, operating systems, etc. are owned and run by the gatekeepers, and have been deemed integral to digital business operations. They also have massive user bases, generate huge amounts of data, and possess significant influence over user activity, market function, social and political events, and more. The CPS include online search engines, operating systems, web browsers, voice assistants, online social networks, video sharing platforms, and more. To date 22 core platform services (CPS) have been identified under the DMA, though the list may grow or change in the future:

  • 6 intermediary platforms (Amazon Marketplace, Google Maps, Google Play, Google Shopping, iOS App Store, Meta Marketplace)
  • 4 social networks (Facebook, Instagram, LinkedIn, TikTok)
  • 3 online advertising services (Amazon, Google, and Meta)
  • 3 most popular operating systems (Google Android, iOS, Windows PC OS)
  • 2 large communication services (Facebook Messenger and WhatsApp)
  • 2 web browsers (Chrome and Safari)
  • 1 search engine (Google)
  • 1 video sharing platform (YouTube)
What are the regulatory obligations for companies under the Digital Markets Act?

The main obligations that gatekeepers have under the Digital Markets Act are to:

  • eliminate anti-competitive or other unfair or biased practices
  • provide access to third parties for data generated or collected on their platforms
  • ensure interoperability and portability
  • prevent favor for their own or specific partners’ products or services
What impact may the Digital Markets Act have on businesses?

To comply with the Digital Markets Act, gatekeepers will likely need to consider and implement substantial changes to business models and operations, given their new obligations. Gatekeepers and third-party companies that rely on their platforms will likely need to make investments in technology, staffing, and legal resources, which could increase operating costs.

The Digital Markets Act’s provision for imposing fines and other penalties on noncompliant platforms adds to possible financial burden for gatekeepers, and, downstream, to third parties. Loss of access to gatekeepers’ platforms for noncompliant third parties presents a significant potential financial risk.

Over time the DMA should help foster innovation and growth among smaller companies as the business playing field is leveled. This would help to recoup investment costs as companies grow and expand their user bases.

What impact could the Digital Markets Act have on consumers?

Consumers can look forward to more competitive pricing and increased innovation in tech platforms and services. Consumers in the EU will be able to switch providers more easily and take their data with them. They will have more control over the apps and services they use, and how they customize their user experiences. Consumers will also get enhanced data privacy and choices regarding use of their personal data.

Does using a consent management platform help with Digital Markets Act compliance?

Third parties that use gatekeepers’ platforms and services will need to obtain valid user consent and signal that to the gatekeepers, e.g. via Google Consent Mode for Google’s platforms. Businesses operating in the EU that collect and process consumers’ personal data likely already need to comply with the GDPR. A consent management platform like Cookiebot CMP enables companies to obtain prior consent (opt in) for cookie and tracker usage that accesses personal data. It also securely stores the information and can signal it to gatekeepers, per new requirements. The consent data is then also available to data protection authorities in the event of an audit.

    Stay informed

    Join our growing community of data privacy enthusiasts now. Subscribe to the Cookiebot™ newsletter and get all the latest updates right in your inbox.

    By clicking on “Subscribe” I confirm that I want to subscribe to the Cookiebot™ newsletter. I can easily cancel my Cookiebot™ newsletter subscription and revoke consent to use my data by clicking the unsubscribe link or I can write to [email protected] to make the request. Privacy policy.