The Big Four of technology—Google, Amazon, Facebook, and Apple—have become integral to our daily lives, influencing everything from simple online searches to the handling of our personal data. With their growing dominance and impact, these internet giants wield a level of power that has placed them firmly in the European Union’s regulatory spotlight.

It is within this framework that the DSA and DMA regulatory acts were created. These two pieces of legislation aim to establish clear standards for digital services and promote fair competition in the digital market while protecting users' rights. In this analysis, we will examine the objectives, implications, and challenges posed by these European regulations.

What are DSA and DMA?

KYC/CDD et menaces potentielles
The DSA and DMA stem from a legislative proposal introduced by the European Commission in December 2020. The aim of this proposed European law is to update the existing directive, which is the Directive 2000/31/EC which establishes the overarching principles for all digital services within the EU on electronic commerce. The DSA stands for "digital service act" while the DMA stands for "digital market acts".


What are the objectives of the DSA and DMA?

Objectives of the DSA and DMA


What are the obligations of these regulatory acts?

To make it easier to remember them, let's create an acronym: M.I.P.R.T.

M: Make the terms and conditions accessible to all.
I : Inform all consumers about changes to the general terms and conditions.
P : Publish transparency reports on their internal mechanisms for handling requests and censorship activities concerning content.
R : Remove users who post illegal content.
T : Take appropriate measures to maintain an adequate level of security with regard to privacy, reliability and the protection of minors.

Who is responsible for enforcing the "Digital Service Act" and "Digital Market Act" regulations"?

All companies providing digital services within the EU are required to appoint a legal representative in at least one EU country. This representative must comply with any request from a Member State to remove content or a product that is illegal or poses a danger to users.
Recherches manuelles de nouvelles négatives

In certain situations, a "digital services coordinator" within each state also has the power to investigate, to take legal action if irregularities are observed, and even to sanction a company directly. While the Member States must supervise the smaller platforms themselves, the Commission has exclusive powers to supervise the larger online platforms and search engines. This new responsibility will be funded by the platforms themselves, based on the size of their service and up to a maximum of 0.05% of their annual worldwide net revenue. This fee, the rules of which were specified on 2 March 2023, was collected for the first time in autumn 2023.

Several provisions of the DSA aim to balance content control measures while ensuring respect for freedom of expression. For example, the author of content deemed illegal must be informed before it is removed. In addition, they have the possibility of contesting this decision free of charge with the platform, as well as having access to legal remedies. They may also request financial compensation from the company if it fails to comply with the stipulations of the text.


Which companies and sectors are affected by these regulations? 

Informations négatives et sources médiatiques


How can companies get started with DSA and DMA?

Nouvelles et statistiques négatives
Following the implementation of the Digital Market Act, the Commission will first determine whether companies that provide essential platform services qualify as gatekeepers within the meaning of the Digital Market Act regulation on digital markets.

In order to identify the gatekeepers, companies will have to confirm that they meet the quantitative standards specified in the Digital Markets Act. After conducting a market survey and/or evaluating the information provided by companies (subject to a possible reasoned rebuttal), the Commission will designate as "gatekeepers" those companies that meet the thresholds set by the DMA (sales of at least 7.5 billion or a stock market listing of 75 billion and an active user base of 45 million). When a company is designated as a gatekeeper, it must adhere to the "do's" and "don'ts" within six months.

A company must comply with the DMA rules within six months of being designated as a gatekeeper. Only those responsibilities necessary and appropriate to ensure that the company does not gain such a strong and lasting position in its business through unfair means apply to gatekeepers who do not yet hold such a position but are expected to do so in the near future.

What are the consequences if a gatekeeper ignores the rules?

To ensure that the new regulations are effective, non-compliance with the obligations and bans may be penalised. The Commission is empowered to impose on a gatekeeper a fine of up to 10% of the company's total annual worldwide turnover in the event of non-compliance, 20% in the event of repeated breaches and 5% of the company's total worldwide daily turnover in the event of recurrent penalty payments.
Recherches manuelles de nouvelles négatives
Additional corrective measures may be imposed by the European Commission in the event of persistent breaches. Equally effective measures can be taken when they are necessary to ensure compliance with the rules and no other option is available. Such measures may include structural remedies, such as requiring a custodian to sell a business or part of it (i.e. sell units, assets, intellectual property rights or brands), or prohibiting a custodian from purchasing any business that offers services in the digital sector or services that enable the collection of affected data.

The Commission will have the power to carry out market studies to ensure that the new regulations on access control keep pace with the rapid evolution of digital markets. The market review has three objectives:

Identify gatekeepers who do not meet the quantitative standards of the Digital Markets Act or who do, but who have presented a substantiated argument rebutting the presumption based on these thresholds. But also, to determine whether new practices are emerging that are likely to have the same negative effects as those already covered, or whether other services in the digital sector should be added to the list of basic platform services covered by the Regulation. In addition, to create new remedies for cases where a gatekeeper has regularly breached the Digital Markets Regulation.

Can anyone suffering wrongdoing by a gatekeeper claim private damages?

Nouvelles et statistiques négatives
The DMA is a regulation which lays down specific obligations and restrictions for gatekeepers and which can be enforced immediately by national courts. This will make it easier for people who have suffered damage as a result of the actions of non-compliant gatekeepers to take legal action to obtain damages.


Are small businesses also subject to European DSA and DMA regulations?

Yes, but in order not to impose disproportionate constraints, small companies (i.e. with 50 employees and a turnover of less than €10 million) and micro-enterprises (with fewer than 10 employees and a turnover of less than €2 million) do not have to apply various measures (transparency reports, internal complaints handling system, etc.).
The DSA and DMA bring significant challenges for businesses, but with the right guidance, you can navigate these complexities successfully. Our expert consulting services are designed to help you understand and comply with these regulations. Contact us today to find out how we can help you stay ahead of the curve !
Manon Rase - Pideeco Network Partner
Manon Rase Junior Consultant
0 comments
Add your comment

Related articles

What is BMR and how is it changing benchmarks? Learn about the end of LIBOR and Eonia, and explore the new benchmarks th...

Thu 20 February 2020

What is the Payment Services Directive (PSD2)? Discover the opinion published by the EBA in 2019 on strong customer aut...

Financial Institutions Tue 10 September 2019

What does the future hold for AML professionals? Learn how AI, Internet of Things, invisible banking, and quantum comput...

Digital Mon 29 November 2021

What is Regulatory Technology or RegTech? Learn the difference with FinTech and how RegTech compliance helps organisatio...

Financial Institutions Mon 01 April 2019
Experts in risk management and regulatory compliance

Pideeco is a consultancy firm providing legal services, business solutions, operational assistance and educational material for professionals in the financial industry.

We are based in Brussels and we specialize in regulatory risk compliance services covering the Eurozone.

Pideeco combines professional Regulatory knowledge and technical expertise to safeguard your business’ reputational and operational risk. Our unique customer-centric approach helps us build strategical and legitimate cost-efficient remedies.

Working with us means reaching out to complementary people, allowing for original thinking and innovative vision.

Our Network Learn more about us