The internet you use every day is largely shaped by a handful of enormous technology companies. They control the platforms where you search, shop, message, and scroll. For years, regulators struggled to keep pace with how much power these companies accumulated. The EU Digital Markets Act (DMA) is one of the most ambitious attempts yet to change that — and its effects reach well beyond Europe's borders.
The Digital Markets Act is a regulation passed by the European Union that came into full effect in March 2024. Its core purpose is to make digital markets fairer and more contestable — meaning smaller companies should have a genuine chance to compete, and users should have more meaningful choices.
It does this by identifying the largest, most powerful tech platforms and placing specific legal obligations on them. Think of it as a set of ground rules that the biggest players must follow, regardless of whether they want to.
This is distinct from traditional competition law, which typically responds to harmful behavior after it happens. The DMA works proactively — setting rules in advance to prevent certain behaviors from occurring at all.
The DMA's rules don't apply to every tech company. They target companies the European Commission designates as gatekeepers — platforms so large and entrenched that they effectively control access to entire digital markets.
To qualify as a gatekeeper, a company generally needs to:
Companies that have been designated as gatekeepers under the DMA include major platforms from Google, Apple, Meta, Amazon, Microsoft, and ByteDance. The list can be updated as markets evolve.
The DMA draws a clear line between things gatekeepers must do and things they are forbidden from doing.
| Obligation | What It Means in Practice |
|---|---|
| Interoperability | Messaging services must, to some degree, allow users on different platforms to communicate with each other |
| Data portability | Users must be able to take their data and move it to a competing service |
| Fair access for third parties | App developers and business users must have access to the gatekeeper's platform on fair terms |
| Transparency in advertising | Advertisers and publishers must receive information about how their ads perform |
| Default choice screens | Users must be shown genuine choices for browsers, search engines, and similar services — not steered toward the gatekeeper's own products by default |
| Prohibition | What It Prevents |
|---|---|
| Self-preferencing | A gatekeeper cannot rank its own products or services more favorably than competitors in its results |
| Forced bundling | Users cannot be required to use one gatekeeper service in order to access another |
| Combining personal data without consent | Data collected from different services cannot be merged for profiling purposes without explicit user permission |
| Preventing users from uninstalling pre-installed apps | Users must be able to remove software that came with a device |
| Anti-steering | App developers cannot be prevented from telling users about better prices or offers available outside the gatekeeper's platform |
The DMA has a meaningful privacy dimension, even though the EU has a separate, dedicated privacy law — the General Data Protection Regulation (GDPR). The two laws work alongside each other.
The most direct privacy-relevant DMA rule is the restriction on combining personal data across services without explicit consent. In practice, this means a company that runs a social network, a messaging app, and an advertising network cannot automatically pool everything it knows about you across all three — unless you affirmatively agree.
For everyday users, this matters because cross-platform data combination is a primary engine of detailed behavioral profiling. When the same company knows your search history, your social activity, your messages, and your purchases, it can build an unusually precise picture of who you are. The DMA targets exactly this kind of consolidation.
That said, how thoroughly these rules translate into real-world privacy gains depends on enforcement, technical implementation, and how consent mechanisms are designed — which remains an active and contested area.
People often conflate these two laws. They're related but distinct.
| GDPR | Digital Markets Act | |
|---|---|---|
| Primary focus | Individual privacy rights and data protection | Market fairness and competition |
| Who it targets | Any organization that processes personal data | Only designated gatekeeper platforms |
| What it governs | How data is collected, stored, and used | How platforms treat users, rivals, and business customers |
| Enforcement body | National data protection authorities | European Commission |
| User rights | Access, erasure, portability, objection | Choice, interoperability, non-discrimination |
Both laws can apply to the same company and the same situation — they simply address different aspects of it.
The DMA is EU law, but its effects are not confined to EU residents. Because major tech platforms operate globally, many have made changes to their products and policies that apply more broadly — or at least that affect how their systems function overall.
This phenomenon, sometimes called the "Brussels Effect," reflects how large companies often find it more practical to apply stricter standards across their entire operation than to maintain entirely separate versions of their products for different regions.
That said, the extent to which DMA-driven changes affect users in any specific non-EU country varies. Some changes are regional. Others are global. The picture is still developing as platforms implement — and sometimes resist — their obligations.
The European Commission has significant enforcement powers under the DMA. Non-compliance can lead to substantial financial penalties, calculated as a percentage of a company's global annual revenue. For repeated or serious violations, the Commission can impose structural remedies — in extreme cases, even requiring a company to divest parts of its business.
Several investigations into gatekeeper compliance were already underway in the period following the DMA's implementation, signaling that enforcement is active rather than theoretical.
The DMA is still playing out. The rules exist, but implementation, compliance, and enforcement are ongoing. A few areas worth following:
Whether these changes substantially shift your experience as a user depends on which platforms you use, where you are located, and how aggressively the rules are enforced. The landscape is complex — but understanding the framework helps you recognize what's changing and why.
