John Lennon wrote that “life is what happens to you while you’re busy making other plans.” This is the story of many companies’ European Union (EU) digital compliance policies. Just as firms were getting used to GDPR, the EU passed both the Digital Markets Act and Digital Services Act. The Digital Markets Act (DMA) in particular imposes a number of requirements on large platforms that are considered “gatekeepers.” These include requiring platforms to grant access to third parties, giving business users access to data generated from their use of the platforms, and allowing business users to conclude transactions off-platform.
Below, I discuss which businesses are affected by the DMA, what they need to know, and how the DMA may be impacted by the ongoing US-EU trade negotiations.
Key Issues
The DMA was passed on November 1, 2022, and went into effect on May 2, 2023. The purpose of the DMA was to “ensur[e] fair and open digital markets” by “defin[ing] objective criteria to qualify a large online platform as a ‘gatekeeper’ and ensur[ing] that they behave in a fair way online and leave room for contestability.” It was designed to be the centerpiece of the EU’s digital strategy.
Who is affected?
The key to the DMA is being designated as a core platform service, or gatekeeper. Core platforms can include the following:
- Online intermediation services (e.g., Google Maps, Amazon Marketplace).
- Online search engines (e.g., Google Search).
- Online social networking services (e.g., TikTok by ByteDance, Facebook and Instagram by Meta, LinkedIn by Microsoft).
- Video-sharing platform services (e.g., YouTube by Alphabet).
- Number-independent interpersonal communications services (e.g., WhatsApp and Messenger by Meta).
- Web browsers (e.g., Chrome by Alphabet and Safari by Apple).
The designation process has been piecemeal. On September 8, 2023, the EU designated six gatekeepers–Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft. This list was later revised and now includes 23 core platform services, 21 of which are American-owned. Notably, large language models (LLMs) are not currently included in the list of core platform services.
What is required of gatekeepers?
Designated gatekeepers are subject to increased merger reviews under the EC Merger Regulation, even for mergers that wouldn’t ordinarily trigger review. They also must comply with a set of “do’s” and “don’ts”.
Do:
- allow third parties to inter-operate with the gatekeeper’s own services in some cases;
- allow their business users to access the data that they generate on-platform;
- provide advertisers with tools and data for independent ad verification.
- Allow business users to promote and contract off-platform.
Don’t:
- self-preference their own products in rankings over third-party offerings.
- prevent consumers from linking up to businesses outside their platforms
- prevent users from un-installing any pre-installed software or app;
- track users off-platform for targeted ads without proper consent.
Several companies have already been subject to fines under the DMA. Apple was fined €500 million on April 23, 2025, for violating the DMA’s anti-steering rule by forcing users to complete transactions within the App Store. Meta was fined €200 million for its “pay or consent” advertising model. Companies that are designated—or may be designated—are core platform providers should be aware of the risk of serious penalties for non-compliance.
What’s next for the DMA?
Since Liberation Day on April 2, 2025, the DMA become a factor in trade negotiations between the EU and the United States. The Trump Administration has argued that the DMA unfairly penalizes American companies. There have been some reports that the US is seeking revisions to EU digital regulations—including the DMA—is part of a broader trade deal. There has, however, been some pushback, with some commentators arguing that the EU should not trade away its digital sovereignty.
As the DMA remains in full effect for now and the August 1 tariff deadline fast approaching, companies will need to stay fully compliant, but continue to monitor the situation.
Disclaimer: This blog is for informational purposes only and does not constitute legal advice. Reading or interacting with this content does not create an attorney–client relationship. You should consult a qualified attorney for advice regarding your specific situation. Mehaffy PLLC disclaims all liability for actions taken or not taken based on this blog.