Digital Markets Act: New Obligations & Prohibitions for the Major Digital Platforms


In approximately one month, the two regulations by which the European Commission (the “Commission” or the “EC”) has intended to reform the digital landscape will become fully applicable (i.e., 17 February 2024 for the DSA and 7 March 2024 for the DMA).

This is the second part of our take on the DMA, where we will explore the dos and don’ts of major digital platforms under the DMA, examine the penalties they encounter for non-compliance, delve into the role of the European Commission, and assess the tools accessible to users.

To get a full picture, don’t forget to check out the first part of this article, where we explained the purpose and impact of the DMA, provided a chronological overview of events within the past year, and described the criteria to acquire a gatekeeper status, also specifying the core platform services.

Stay tuned for our third and last part of this article, in which we shall unveil the main beneficiaries of the DMA and explore the interconnections between DMA, DSA, and other European legislative acts.

Dos and Don’ts for Gatekeepers

As mentioned before in the first part of our article, the DMA aims to redress the balance in digital markets by imposing a series of prohibitions and obligations on major providers of core platform services (“CPS”) that have exercised significant influence online over the last 10 years, acting as digital “gatekeepers” to the single market.

One of the obligations imposed on gatekeepers is laid down in Article 15 of the DMA which requires them to report on their consumer profiling activities. Such an obligation reveals the Commission’s commitment to protect natural persons with regard to the processing of their personal data. The gatekeepers designated on 6 September 2023 must fulfil this obligation by 7 March 2024. In this regard, the Commission published on 12 December 2023 the template for reporting on consumer profiling techniques and the independent audit of such reports. Additionally, gatekeepers will also be required to make publicly available an overview of the audit, as well as update the description of any techniques for profiling of consumers at least annually.

Most importantly, Articles 5 and 6 of the DMA set forth a series of dos and don’ts for gatekeepers. On the one hand, they will have to actively adopt specific conducts aimed at fostering greater openness and competitiveness within the market. On the other hand, gatekeepers must abstain from participating in certain unfair practices, considering the accumulated market insights, especially those derived from past competition cases.

Below are a few examples of dos applicable to gatekeepers:

Promotion: allow business users, free of charge, to communicate and promote offers to end users and to conclude contracts with those end users outside the gatekeeper’s platform;

Information Access: provide advertisers and publishers, upon their request and free of charge, with access to the performance measuring tools of the gatekeeper and the data necessary for advertisers and publishers to carry out their own independent verification of the advertisements inventory, including aggregated and non-aggregated data;

Transparency on Prices Paid for Online Advertising: provide advertisers and publishers with information on a daily basis free of charge, concerning each advertisement placed by the advertiser/displayed on the publisher’s inventory (g., price and fees paid by the advertiser, remuneration received by the publisher, the metrics on which each of the prices and remunerations are calculated);

Easy Uninstallation: allow end users to easily uninstall pre-installed applications or stop the installation of applications by default and provide for choice;

Empowering Users: allow end users to install third party apps or app stores that use or interoperate with the operating system of the gatekeeper;

Access to Business Data: provide business users, at their request, free of charge, with effective, high-quality, continuous and real-time access to, and use of, aggregated and non-aggregated data (including personal data), that is provided for or generated by their activities on the gatekeeper’s platform;

Effortless Unsubscribing: enable end users to seamlessly switch between, and unsubscribe to, different apps and services that are accessed using the gatekeeper’s CPSs (including choosing different Internet access services);

Interoperability: allow service and hardware providers to easily connect and work with the same features available on the gatekeepers’ own services. Additionally, gatekeepers need to grant business users and alternative service providers free access and interoperability with the operating system, hardware and software features used by the gatekeepers, regardless of whether these features are part of the operating system.

There are also several instances of don’ts, enforced upon gatekeepers, encompassing the following:

No Data Merging: unless the end users have been given a clear choice and have given consent within the meaning of Regulation (EU) 2016/679 (the “GDPR”)[1], gatekeepers are not allowed to:

1. process the personal data of end users using third-party services, in order to provide online advertising services;

2. combine personal data from the CPS with data from other services provided by the gatekeeper or from third-party services;

3. share personal data from the CPS in other services provided separately by the gatekeeper (including other CPSs), and vice versa;

4. sign in end users to other services of the gatekeeper in order to combine personal data;

No Parity Clause: gatekeepers shall not restrict business users from offering the same products or services to their customers at different prices/conditions on other platforms or their websites;

No Binding: gatekeepers shall not require business users or end users to subscribe to, or register with, any further CPSs belonging to the gatekeeper as a condition for providing the service;

Non-Compete Rule: gatekeepers shall not use, in competition with business users, any data of business users that are not publicly available (including data generated or provided by the customers of those business users), in order to prevent gatekeepers from unfairly benefitting from their dual role, e., (a) an undertaking providing CPSs, and (b) a fellow competitor to other business users that provide similar services/products to the same end users;

No Self-Preferencing: gatekeepers shall not treat more favourably, in ranking and related indexing and crawling, services and products offered by the gatekeeper itself than similar services/products of a third party.


The Commission is the sole enforcer of the DMA, contrary to the EU competition law framework which is generally overseen by the national competition authorities in each Member State. Thus, the Commission is the entity designated to monitor the effective implementation and compliance of gatekeepers with all these obligations. In this regard, the DMA provides that a gatekeeper should retain all documents deemed to be relevant to assess the implementation of, and compliance with, those obligations and the Commission’s decisions.

Under the DMA, the Commission has powers similar to those of a national competition authority under local competition legal provisions, such as the power to open a market investigation, to request information, the power to carry out interviews and take statements, the power to conduct inspections, order interim measures in case of urgency due to the risk of serious and irreparable damage for business users or end users of gatekeepers, and to impose fines and penalties. The Commission also has the obligation to submit to the European Parliament and to the Council of the EU an annual report on the implementation of the DMA and the progress made towards achieving its objectives.

The Commission may open a market investigation for the following purposes:

(i) to identify gatekeepers;

(ii) to identify whether other services in the digital sector should be added to the list of CPSs falling within the scope of the DMA, or whether new practices with similar harmful effects emerge;

(iii) to examine whether a gatekeeper systematically breaches its obligations under the DMA.

Should gatekeepers fail to adhere to the DMA accordingly, they may be subject to fines amounting to a maximum of 10% of their annual worldwide turnover, and up to 20% for repeated violations. Furthermore, the EC also has the power to institute periodic penalty payments not exceeding 5% of the average daily worldwide turnover in the preceding financial year per day and impose remedies for systematic non-compliance, such as behavioural or structural remedies. For example, the Commission may prohibit the gatekeeper from entering into a concentration regarding the respective CPSs for a limited time-period.

The powers of the Commission to apply fines or periodic penalty payments shall be subject to a 5-year limitation period.

Finally, last year, the Commission adopted a regulation which implements the DMA[2], that details the rules for the conduct of certain procedures by the Commission.

Cooperation between the Commission and the Romanian Competition Council

The DMA outlines the significant role of the cooperation and coordination between the Commission and the national competition authorities in order to ensure a consistent and effective application of the DMA rules. For example, the DMA states that the Member States have the possibility to empower their national competition authorities to conduct investigations into possible non-compliance by gatekeepers with certain obligations under the DMA.

Therefore, in Romania, the Competition Law No 21/1996 (the “Competition Law”) has been recently modified through the Government Emergency Ordinance No 108/2023[3], which entered into force on 6 December 2023 and the Romanian Competition Council (the “RCC”) acquired more responsibilities, such as the power to conduct an investigation for possible infringements, on Romanian territory, of Articles 5-7 of the DMA, and to report the findings of the investigation to the Commission, in order to support the Commission in its role as the single enforcement authority. Additionally, the recently amended Romanian Competition Law provides that the RCC has the possibility to launch an investigation, ex officio, with prior information to the Commission, into the possible infringement of Articles 5-7 of the DMA by a gatekeeper in Romania.

Private Damages & Class Actions

Even if there is no express reference to private enforcement within the DMA, it results from the principles and objectives it pursues that the business users and the end users have the possibility to file actions for damages or for injunctive reliefs before the national courts in order to seek compensation for the violation of their rights implicitly recognised within Articles 5-7 of the DMA. The Commission has confirmed such an interpretation, specifying that the DMA “can be enforced directly in national courts[4].

However, we do not currently have a regulated legal framework in this respect, as the DMA makes no reference to the Directive 2014/104/EU known as the Damages Directive[5]. Currently, in Romania, the Damages Directive was transposed through the Government Emergency Ordinance 170/2020[6], which at this point has not been amended in order to be applicable for users who seek compensation before the national courts for the illegal conduct of a gatekeeper. This means that, for now, the user who was harmed through the illegal conduct of a gatekeeper may file an action for damages under the general civil legislation. However, it remains to be seen how the national legislator will further regulate this situation.

The DMA also provides that the consumers are entitled to enforce their rights in relation to the obligations imposed on gatekeepers through representative actions according to the Representative Actions Directive (EU) 2020/1828[7]. This European directive was recently transposed into the national legislation through Law No 414/2023 on the conduct of representative actions for the protection of consumers’ collective interests, which entered into force on 23 December 2023 (“Law 414/2023”)[8]. The Annex of Law 414/2023, which contains a list of regulations that may entitle consumers to file a class action before the national courts, also includes the DMA. Class actions have, for the first time, a specific regulatory framework in Romania, Law 414/2023 largely incorporating the mechanisms proposed by Directive (EU) 2020/1828.

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

[2] Commission Implementing Regulation (EU) 2023/814 of 14 April 2023 on detailed arrangements for the conduct of certain proceedings by the Commission pursuant to Regulation (EU) 2022/1925 of the European Parliament and of the Council.

[3] Emergency Ordinance No 108/2023 amending and supplementing Competition Law No 21/1996 and other legislation, published in the Official Gazette of Romania, Part I, No 1100, 6 December 2023.

[4] Questions and Answers: Digital Markets Act: Ensuring fair and open digital markets (

[5] Directive 2014/104/EU of the European Parliament and of the Council of 26 November 2014 on certain rules governing actions for damages under national law for infringements of the competition law provisions of the Member States and of the European Union.

[6] Emergency Ordinance No 170/2020 on actions for damages in cases of infringement of the provisions of competition law and for amending and supplementing Competition Law No 21/1996, published in the Official Gazette of Romania, Part I, No 952, 16 October 2020.

[7] Directive (EU) 2020/1828 of the European Parliament and of the Council of 25 November 2020 on representative actions for the protection of the collective interests of consumers and repealing Directive 2009/22/EC.

[8] Law No 414/2023 on the conduct of representative actions for the protection of consumers’ collective interests, published in the Official Gazette of Romania, Part I, No 1158, 20 December 2023.

Cookie Settings