The EU Digital Markets Act (DMA): A Guide to Mandatory Interoperability, Anti-Steering Rules, and the Gatekeeper Compliance Deadline
The European Union's Digital Markets Act fundamentally rewrites the rules of the internet by forcing dominant tech gatekeepers to open their walled ecosystems. With strict mandates on interoperability, anti-steering, and data consent, the law shifts power from monopolies back to consumers and independent developers.
By Factlen Editorial Team
- European Regulators
- Argues that strict ex ante regulation is necessary to dismantle digital monopolies and ensure market fairness.
- Tech Industry Advocates
- Contends that forced interoperability and sideloading compromise user security, privacy, and platform innovation.
- App Developers & Merchants
- Welcomes the legislation for lowering platform fees, enabling alternative payments, and ending anti-steering rules.
- Enterprise Cloud Customers
- Seeks seamless data portability and technical interoperability across dominant cloud infrastructure providers.
- Legal & Policy Analysts
- Focuses on the broader geopolitical impact, enforcement challenges, and the global spread of the Brussels Effect.
What's not represented
- · Small European Tech Startups
- · End-User Privacy Advocates
Why this matters
The Digital Markets Act fundamentally rewrites the rules of the global internet, shifting power away from tech monopolies and back to consumers and independent developers. For everyday users, it means more choices for apps, cheaper digital payments, and unprecedented control over how personal data is shared across platforms.
Key points
- The DMA forces designated tech 'gatekeepers' to open their ecosystems to competition.
- Anti-steering rules allow developers to direct users to cheaper payments outside official app stores.
- Dominant messaging apps must build technical interoperability with third-party services.
- Gatekeepers cannot combine user data across different services without explicit consent.
- Violators face massive fines of up to 20% of their total global turnover.
The digital economy has long been dominated by a handful of technology giants whose sprawling ecosystems act as impenetrable walled gardens. For years, consumers and independent software developers had little choice but to accept the non-negotiable terms, mandatory fees, and restrictive data policies dictated by these platforms. Operating as the ultimate arbiters of digital commerce, these companies controlled the primary gateways to the internet, stifling competition, extracting massive rents, and locking users into proprietary hardware and software loops that were nearly impossible to escape.[9]
The European Union’s Digital Markets Act (DMA) represents a fundamental paradigm shift in how the global internet is regulated. Rather than waiting for antitrust harms to occur and fighting years-long battles in court, the DMA imposes a proactive, ex ante regulatory framework. It establishes a strict, non-negotiable list of "dos and don'ts" designed specifically to pry open these walled gardens, ensuring that digital markets remain fair, contestable, and open to new entrants.[3][9]
At the heart of this sweeping legislation is the legal concept of the "gatekeeper." The European Commission designates specific multinational corporations as gatekeepers if they operate "core platform services"—such as search engines, mobile operating systems, app stores, web browsers, or social networks—that serve as critical, unavoidable bottlenecks between business users and everyday consumers. To qualify, a company must also meet massive financial thresholds and demonstrate an entrenched, durable position in the European market, ensuring the law targets only the most powerful monopolies.[1][3]
The initial wave of gatekeepers, formally designated in late 2023, included Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft. These companies were given a strict six-month transition period, ending in March 2024, to bring their core platform services into full compliance. This deadline marked the beginning of a new era, fundamentally altering how these tech behemoths handle user data, app distribution, and digital payments across the European continent.[2][3]

One of the DMA’s most consequential and fiercely debated pillars is the "anti-steering" prohibition. Historically, platform operators like Apple and Google strictly restricted third-party app developers from informing users about cheaper subscription rates or alternative payment options available outside of their proprietary app stores. This forced developers to process all transactions through the platform's native billing systems, subjecting them to mandatory commission fees of up to 30 percent and preventing them from establishing direct financial relationships with their own customer base.[7]
The DMA explicitly bans this restrictive practice, mandating that developers must be allowed to freely "steer" their customers to external offers and process payments without platform interference. The enforcement of this rule has been remarkably swift and severe; in April 2025, the European Commission levied a historic €500 million fine against Apple for systematically violating these anti-steering obligations.[1][2]
Regulators determined that Apple’s revised contractual terms still prevented developers from fully and freely communicating alternative purchasing options, thereby denying consumers access to potentially better deals and stifling price competition. Alphabet has faced similar regulatory scrutiny, with the Commission issuing preliminary findings in early 2025 regarding persistent steering restrictions within the Google Play ecosystem. Regulators are also investigating Alphabet for alleged self-preferencing in Google Search, demonstrating the broad, multi-front approach the EU is taking to enforce market fairness.[2]

Beyond the economics of app stores, the DMA mandates unprecedented levels of technical interoperability. The legislation requires dominant messaging platforms, such as Meta’s WhatsApp and Messenger, to allow third-party messaging services to seamlessly interoperate with their networks upon request. This breaks down the artificial barriers that keep users locked into a single application, ensuring that the utility of a communication tool is based on its features and privacy standards rather than merely the sheer size of its captive user base.[3]
This interoperability mandate directly neutralizes the power of network effects, which have historically insulated dominant platforms from meaningful competition. Under the DMA, a user on a smaller, privacy-focused European messaging app can theoretically send a secure text message or image to a WhatsApp user without ever needing to download Meta’s software or agree to its overarching terms of service. This forces legacy platforms to compete on product quality and data protection rather than relying on the inertia of their existing networks.[9]
This interoperability mandate directly neutralizes the power of network effects, which have historically insulated dominant platforms from meaningful competition.
The push for open digital infrastructure is now expanding rapidly into enterprise technology and backend systems. In late 2025, the European Commission opened formal market investigations to determine whether Amazon Web Services (AWS) and Microsoft Azure should be officially designated as gatekeepers for the foundational cloud computing sector. This move recognizes that cloud infrastructure has become the ultimate control plane for modern software, artificial intelligence development, and public-sector resilience, requiring the same regulatory oversight as consumer-facing app stores.[4][6]
If designated, AWS and Azure would face strict, legally binding requirements to ensure technical interoperability between competing cloud services and to facilitate seamless data portability for enterprise customers. Stakeholder roundtables, scheduled for July 2026, are currently assessing the complex technical feasibility of these cloud interoperability mandates. Regulators are particularly focused on eliminating exorbitant egress fees and restrictive software licensing practices that currently make it economically punishing for businesses to migrate their data to competing cloud providers.[6]
Another critical component of the DMA is its severe restriction on internal data combination. Gatekeepers are strictly prohibited from combining personal data collected across their various distinct services—such as merging a user's Instagram engagement data with their Facebook profile, or linking WhatsApp metadata to broader advertising profiles—without obtaining explicit, uncoerced user consent. This vital provision prevents tech giants from leveraging their dominance in one sector to automatically conquer another through insurmountable, opaque data advantages. It fundamentally changes the economics of digital surveillance.[4][5]
This rule directly challenges the highly lucrative targeted advertising models that rely on vast, cross-platform data pooling. In April 2025, Meta was fined €200 million for failing to offer users a genuinely equivalent service that uses less personal data, highlighting the Commission’s uncompromising interpretation of what constitutes valid, freely given consent under the new law. The ruling established that users cannot be penalized with degraded service simply for refusing to surrender their cross-platform behavioral data. This sets a powerful precedent for digital privacy rights.[1][4]

The DMA also strictly prohibits the practice of "self-preferencing," ensuring a level playing field for independent businesses. Gatekeepers can no longer rank their own proprietary products or services higher than those of third-party competitors on their platforms. For instance, Google is barred from automatically placing its own shopping aggregator, flight tracker, or local business reviews at the top of its search results ahead of rival platforms that may offer better or more relevant information to the consumer. This ensures that merit, rather than platform ownership, determines market success.[3][5]
To enforce these sweeping structural changes, the European Commission has been armed with unprecedented punitive powers that command the attention of corporate boardrooms. Gatekeepers found in violation of the DMA can face staggering financial penalties of up to 10 percent of their total worldwide annual turnover. For a company like Apple or Alphabet, this translates to tens of billions of dollars. Furthermore, that penalty ceiling rises to a massive 20 percent for repeated, systemic infringements of the law.[9]
In extreme cases of persistent non-compliance, the Commission possesses the ultimate authority to impose structural remedies upon the offending corporations. This means regulators could theoretically force a tech giant to divest entire divisions or sell off specific core platform services to restore market balance. This existential threat of being broken up has prompted massive, albeit reluctant, compliance efforts across Silicon Valley, forcing companies to fundamentally re-engineer products that were previously considered untouchable. The era of unregulated digital expansion has definitively ended.[9]
Critics of the DMA, including several of the designated gatekeepers and industry lobbying groups, argue that the strict interoperability and sideloading mandates inherently compromise user security and data privacy. They contend that vetting apps and maintaining tightly controlled, closed ecosystems is the only reliable way to protect consumers from malware, financial scams, and catastrophic data breaches. These companies warn that forcing platforms to open their architecture introduces vulnerabilities that malicious actors will inevitably exploit. This debate between open competition and closed-system security remains highly contentious.[3]

However, the European Commission’s comprehensive April 2026 review of the legislation concluded that the DMA remains entirely "fit for purpose" and resilient against these industry critiques. The regulatory report found that the law is successfully opening up digital markets to smaller developers and competitors, while simultaneously giving users unprecedented, granular control over their digital lives and personal data. Regulators maintain that security can be achieved through open standards rather than monopolistic control. The Commission views these early results as a validation of their ex ante approach.[8]
The ultimate impact of the Digital Markets Act extends far beyond Europe’s geographic borders. Through a phenomenon known as the "Brussels Effect," global technology companies are increasingly applying these strict European compliance standards worldwide. Because maintaining fundamentally different technical infrastructures and business models for different regions is often economically and logistically impractical, the EU's regulations effectively become the default global standard, granting users in North America and Asia the same digital rights. This dynamic cements Europe's role as the world's leading technology regulator.[3][8]
As the DMA transitions from its initial compliance phase into an era of rigorous, uncompromising enforcement in late 2026, it serves as the definitive global blueprint for digital regulation. By proactively dismantling entrenched monopolies and mandating interoperability, the framework is fundamentally rewriting the rules of the internet. It shifts power away from centralized gatekeepers and back to consumers and independent creators, ensuring that the next generation of technology prioritizes fairness, choice, and open competition.[9]
How we got here
July 2022
The European Parliament formally adopts the Digital Markets Act.
September 2023
The European Commission designates the first six tech giants as official gatekeepers.
March 2024
The primary compliance deadline passes, requiring gatekeepers to adhere to all DMA obligations.
April 2025
The Commission issues its first major non-compliance fines, penalizing Apple and Meta.
November 2025
Regulators open market investigations into AWS and Azure regarding cloud computing dominance.
April 2026
The first comprehensive review of the DMA concludes the framework is fit for purpose.
Viewpoints in depth
European Regulators' View
Emphasizes fairness, contestability, and the need to break open entrenched digital monopolies.
European regulators view the DMA as a necessary corrective measure to a digital economy that has become overly centralized. They argue that traditional antitrust enforcement is too slow to address the rapid monopolization of digital markets. By imposing an ex ante framework, regulators believe they can proactively foster innovation, ensure a level playing field for smaller European startups, and grant consumers genuine choice over their digital services and data.
Tech Gatekeepers' View
Highlights concerns over user security, privacy risks of sideloading, and the stifling of product innovation.
Designated gatekeepers and their industry advocates argue that the DMA's strict mandates fundamentally compromise the integrity of their products. They contend that closed ecosystems—such as Apple's App Store—are designed to protect users from malware, fraud, and catastrophic data breaches. From this perspective, forced interoperability and sideloading introduce severe security vulnerabilities, while strict data combination rules hinder the development of seamless, personalized user experiences.
App Developers' View
Focuses on the economic liberation from mandatory platform fees and the ability to communicate directly with customers.
Independent software developers and digital merchants overwhelmingly support the DMA, viewing it as an economic liberation from the 'app store tax.' For years, developers have argued that mandatory 30 percent commission fees and anti-steering rules stifled their ability to grow and compete. They see the DMA as a crucial tool that allows them to establish direct financial relationships with their users, offer competitive pricing, and innovate without seeking permission from platform owners.
What we don't know
- Whether the European Commission will ultimately designate AWS and Azure as gatekeepers following the July 2026 roundtables.
- How tech giants will technically implement seamless interoperability without compromising end-to-end encryption.
- If the Commission will ever utilize its ultimate power to impose structural remedies and break up a non-compliant gatekeeper.
Key terms
- Core Platform Service (CPS)
- A critical digital service, such as a search engine, social network, or app store, that serves as an important gateway for business users to reach consumers.
- Interoperability
- The technical ability of different software systems, such as competing messaging apps or cloud networks, to seamlessly communicate and exchange data with one another.
- Self-Preferencing
- The practice where a platform ranks its own products or services higher than those of its competitors in search results or marketplaces.
- Sideloading
- The installation of software applications on a device without using the device's official, pre-approved app store.
- Brussels Effect
- The phenomenon where the European Union's regulatory standards are adopted globally by multinational corporations to avoid maintaining different systems for different regions.
Frequently asked
What is a 'gatekeeper' under the DMA?
A gatekeeper is a large digital platform that provides a 'core platform service' (like an app store or search engine) and acts as an unavoidable gateway between businesses and consumers.
What does 'anti-steering' mean?
Anti-steering refers to platform rules that prevent app developers from directing users to cheaper payment options or subscriptions outside the platform's official app store. The DMA explicitly bans this practice.
How does the DMA affect messaging apps?
The law requires dominant messaging services, such as WhatsApp, to build technical interoperability so users on smaller, third-party apps can send messages to them without downloading the gatekeeper's software.
Are cloud services like AWS and Azure regulated by the DMA?
As of mid-2026, the European Commission is conducting formal market investigations to determine if Amazon Web Services and Microsoft Azure should be officially designated as gatekeepers.
Sources
[1]European CommissionEuropean Regulators
Commission fines Apple and Meta for DMA breaches
Read on European Commission →[2]Slaughter and MayLegal & Policy Analysts
The EU Digital Markets Act: Enforcement intensifies
Read on Slaughter and May →[3]German Marshall FundTech Industry Advocates
The Digital Markets Act: An Explainer for Transatlantic Policy
Read on German Marshall Fund →[4]AshurstLegal & Policy Analysts
EU Digital Regulation Tracker 2026
Read on Ashurst →[5]DigidayApp Developers & Merchants
WTF is the DMA?
Read on Digiday →[6]Windows ForumEnterprise Cloud Customers
EU is considering new rules for cloud and AI under the Digital Markets Act
Read on Windows Forum →[7]VoltApp Developers & Merchants
How the Digital Markets Act will unshackle merchants
Read on Volt →[8]EU DMA ObservatoryEuropean Regulators
The European Commission's first review of the Digital Markets Act
Read on EU DMA Observatory →[9]Factlen Editorial TeamLegal & Policy Analysts
Synthesis by Factlen editorial team
Read on Factlen Editorial Team →
Every angle. Every day.
Get guides stories with full source coverage and perspective breakdowns delivered to your inbox.









