Breaking Down The EU’s Two New Digital Acts—And What They Mean For Business Leaders

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

CEO & Editor-in-Chief of 6Pages.


The EU’s Digital Markets Act (DMA) and Digital Services Act (DSA) were both recently adopted by the European Parliament and now just have to be formally adopted by the Council of the European Union. Given that the political agreements already took place back in March-April 2022, the Council’s adoption is expected, and it’s looking like we’ll soon see them both go into effect.

Why is this a big deal? Together, the two acts present a new approach to regulating big tech firms. Both carry big fines for non-compliance—up to 20% of worldwide sales for violating the DMA and up to 6% for violating the DSA. Infringing companies could be banned from acquisitions for a period, required to divest businesses or barred from operating in the EU altogether.

While both of the acts crack down on big tech firms, there are key differences. I think the best way to think about the two acts is to remember the Digital Markets Act focuses on market power and competition, while the Digital Services Act focuses on content, advertising and e-commerce.

What’s in the Digital Markets Act?

Specifically, the Digital Markets Act governs “gatekeepers”—large companies that provide “core platform services” such as marketplaces, social media, search engines, advertising, operating systems and more, which have a market cap of at least €75 billion or annual turnover of at least €7.5 billion, as well as 45 million-plus monthly end users and 10,000 annual business users in Europe. In short, big tech firms.

Under the DMA, these firms face a multitude of new requirements. Some of the more noteworthy ones include requiring platform interoperability (e.g., among messaging services such as Apple iMessage and WhatsApp), letting users move between platforms without losing their data and contacts, enabling the installation of third-party app stores and allowing apps to use third-party payment systems and login services.

Users must be able to access digital content purchased elsewhere, be prompted to choose their default services (e.g., browser, search, assistant) and be able to uninstall any preinstalled software. Gatekeepers need explicit user consent to combine personal data from different services (e.g., for targeted advertising) and must provide an equivalent alternative to users that opt out.

With respect to business users, gatekeepers can’t require that business users use, offer or include any of their other services. Business users must be free to communicate with customers through any channel and conclude any transactions off-platform. Gatekeepers are furthermore barred from using sensitive data provided by business users for advertising or any other purpose. Gatekeepers are also barred from imposing “unfair” pricing on business users, “self-preferencing” their own products and services and “unduly tying or bundling services.”

What’s in the Digital Services Act?

The Digital Services Act, on the other hand, sets out obligations for “online intermediaries” providing services in the EU—whether or not they have a physical presence there. (Micro/small enterprises are exempt from some requirements.) These online intermediaries include internet providers and domain registrars; hosting and cloud computing services; platforms such as marketplaces, app stores, “collaborative economy” platforms and social media; and “very large” platforms and search engines, defined as those that reach 10% or more of the EU’s 450 million consumers.

The DSA allows any user to flag illegal goods, services and content for “swift removal,” challenge content decisions and seek redress for damages or losses. Platforms must also provide reports on their content moderation practices. Ads are required to be more transparent (e.g., who the ad was placed on behalf of and how the recipient was determined). Targeted ads to children are barred, as well as ads based on sensitive personal data (e.g., race/ethnicity, political views, religion, sexual orientation). Companies are also required to know who their business customers are that are promoting messages or offering products for sale on their platform—which may involve verifying identity information (e.g., bank accounts/statements, company certificates).

What does this mean for leaders in tech?

As with the DMA, the DSA places an extra burden on the largest tech firms. Big tech platforms must allow users to pick the algorithmic recommender system that dictates their feeds. They also have to make themselves available to external independent audits, conduct annual assessments of their systemic risks and provide data access to authorities and vetted researchers, among other requirements.

In my view, some of these requirements present more of an inconvenience than a real threat to big tech. For instance, interoperability could help the leading incumbents by eroding the business models of smaller players. Certainly, the costs associated with regulation often favor the players that can afford it. In some cases, the big tech firms have already seen the writing on the wall and have been moving in the given direction anyway—e.g., toward user consent.

Other terms directly target the advantages enjoyed by big tech firms and present serious technological and business-model challenges. Allowing users to pick the algorithm for their feed, for instance, isn’t trivial. The DSA’s content-related requirements will likely mean hiring and implementing highly labor-intensive processes. Allowing apps to use third-party payment systems targets app stores’ lucrative business models. Getting explicit user consent to combine even owned first-party data will be painful for the advertising giants. The list goes on and on.

While questions exist as to how the DMA and DSA will be practically enforced, the sweeping scale of the DSA and DMA—and the size of their potential fines—must have some big tech firms asking whether the European market is worth it. But there’s no guarantee that, even if they pulled out, they wouldn’t face the same dynamics in other geographies. The push against big tech and for consumer privacy and consent is not a Europe-only phenomenon, and European laws often become global standards.

The DMA and DSA may be ushering in a new era where the power of big tech firms is held in check—not just in Europe but around the world.

Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?