Skip to content
Biscotti CMP
FeaturesPricing๐Ÿ” Cookie Checkโ™ฟ Accessibility๐Ÿ“ฆ DownloadsDocumentationBlog
Login
Homeโ€บBlog

The Digital Markets Act (DMA): What the 2024 EU Regulation Means for Ad Tech

July 7, 2026 ยท 16 min read

Quick Answer: The Digital Markets Act is an EU regulation that took full effect in March 2024, imposing binding obligations on large digital platforms designated as "gatekeepers." For ad tech, it fundamentally restricts how those gatekeepers can use data, self-preference their own advertising services, and limit interoperability with third-party ad networks. Non-compliance carries fines of up to 10% of global annual turnover.

Key Takeaways

  • Six companies, Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft, have been designated as gatekeepers under the DMA as of 2024 [2]
  • The DMA is a competition law instrument, not a privacy law; it operates alongside GDPR rather than replacing it
  • Gatekeepers must allow data portability, prevent self-preferencing, and ensure interoperability with third-party ad tech services [9]
  • On March 25, 2024, the European Commission launched formal non-compliance investigations into Alphabet, Apple, and Meta [1]
  • Fines can reach 10% of global annual turnover for a single violation, and 20% for repeat offenses [3]
  • X (formerly Twitter) was exempted from gatekeeper status in October 2024 [7]
  • The DMA applies to any ad tech company serving EU users through a designated gatekeeper's platform, regardless of where that company is headquartered
  • Smaller ad tech companies are not directly regulated as gatekeepers but must adapt their integrations with platforms that are
  • The UK has passed parallel legislation, the Digital Markets, Competition and Consumers Act 2024, creating a comparable regime outside the EU [5]
  • Consent management and data transparency obligations make tools like Biscotti CMP increasingly relevant for DMA-adjacent compliance workflows

What Is the Digital Markets Act and How Does It Affect Advertising

The Digital Markets Act is an EU regulation (Regulation 2022/1925) designed to ensure fair and contestable digital markets by placing specific obligations on the largest online platforms. For advertising, the DMA directly targets how dominant platforms collect, combine, and monetize user data across their ad ecosystems.

Before the DMA, a gatekeeper like Google could combine data from Search, YouTube, Maps, and third-party sites to build audience profiles for its own advertising products, without offering comparable data access to competing ad networks. The DMA prohibits this kind of data combination without explicit user consent and requires gatekeepers to give advertisers and publishers access to performance data that was previously locked inside proprietary dashboards [3].

Key advertising-specific obligations under the DMA include:

  • Prohibiting gatekeepers from combining personal data across core platform services without consent
  • Requiring access to real-time bidding (RTB) data and campaign performance metrics for third-party advertisers
  • Banning self-preferencing of the gatekeeper's own ad products in search results or app stores
  • Mandating that advertisers can use third-party measurement tools rather than being forced to rely on the gatekeeper's own attribution

DMA EU Regulation 2024 Requirements for Ad Tech Companies

The core compliance requirements that took effect in March 2024 fall into three categories: data obligations, interoperability mandates, and transparency requirements. Gatekeepers had to submit compliance reports by March 2024 detailing how their technical architectures satisfy each obligation [4].

Data obligations:

  • No cross-service data combination for advertising without user consent
  • Data portability: advertisers must be able to export campaign data in machine-readable formats
  • No use of data obtained from third-party services to compete against those third parties in advertising

Interoperability mandates:

  • Third-party ad networks must be able to access inventory on gatekeeper platforms under fair, reasonable, and non-discriminatory (FRAND) terms
  • Messaging interoperability (relevant for Meta's ad-supported messaging products)

Transparency requirements:

  • Gatekeepers must provide advertisers and publishers with daily access to performance, delivery, and pricing data
  • Ad auction mechanisms must be documented and accessible to regulators upon request

Which Ad Tech Platforms Are Affected by the Digital Markets Act

The DMA directly regulates designated gatekeepers, not the broader ad tech ecosystem. However, any DSP, SSP, measurement vendor, or agency that transacts through a gatekeeper's inventory is indirectly affected because the gatekeeper must now offer FRAND access to its systems.

The six designated gatekeepers as of 2024 are Alphabet (Google), Amazon, Apple, ByteDance (TikTok), Meta, and Microsoft [2]. Each operates core platform services (CPS) that are individually designated, for example, Google Search, Google Maps, YouTube, Google Play, Chrome, and Google's advertising services are each separately designated CPSs under Alphabet's umbrella.

Platforms NOT currently designated:

  • X (formerly Twitter), exempted in October 2024 after the Commission found it did not meet the quantitative thresholds [7]
  • Spotify, Booking.com, and other large platforms that contested designation or fell below thresholds

DMA Gatekeepers List: Who Has to Comply

A company qualifies as a gatekeeper if it meets quantitative thresholds (at least 45 million monthly active end users in the EU and 10,000 annual active business users) AND provides a core platform service that serves as an important gateway for business users to reach end users. The Commission can also designate companies that do not meet the quantitative thresholds if qualitative criteria are satisfied [4].

Gatekeeper Key Designated Core Platform Services
Alphabet Google Search, YouTube, Google Play, Chrome, Google Maps, Google Shopping, Google Ads
Amazon Amazon Marketplace, Amazon Advertising
Apple App Store, Safari, iOS
ByteDance TikTok
Meta Facebook, Instagram, WhatsApp, Meta Marketplace
Microsoft LinkedIn, Windows PC OS, Microsoft Advertising

How Is the DMA Different from GDPR for Advertisers

The DMA is a competition regulation; GDPR is a data protection regulation. They operate on different legal bases and impose different obligations, but they interact directly in ad tech contexts.

GDPR governs how any company collects, processes, and stores personal data, requiring lawful bases like consent or legitimate interest. The DMA governs how dominant platforms structure their markets, requiring them to open access, prevent self-preferencing, and ensure interoperability. A gatekeeper must comply with both simultaneously, and the obligations can conflict: for example, a gatekeeper required by the DMA to share data with third parties must still ensure that sharing is GDPR-compliant.

Practical differences for ad tech teams:

  • GDPR applies to all companies processing EU personal data, regardless of size
  • DMA obligations apply only to designated gatekeepers and their designated CPSs
  • GDPR enforcement sits with national Data Protection Authorities; DMA enforcement sits exclusively with the European Commission
  • GDPR fines are capped at 4% of global turnover; DMA fines reach 10% (or 20% for repeat violations)

For publishers and advertisers managing consent across both frameworks, a consent management platform that handles the technical requirements of GDPR consent signals, such as Biscotti CMP, remains a foundational compliance layer even as DMA obligations add new structural requirements above it.


What Are the Penalties for Not Complying with the DMA

Non-compliance with the DMA carries some of the steepest regulatory fines in EU law. The European Commission can impose fines of up to 10% of a company's total worldwide annual turnover for a single infringement, rising to 20% for repeated violations [3]. For companies like Alphabet or Meta, 10% of global turnover represents tens of billions of euros.

Beyond financial penalties, the Commission can impose behavioral or structural remedies, including requiring a gatekeeper to divest business units if systemic non-compliance is found after three violations within eight years.

The March 2024 non-compliance investigations into Alphabet, Apple, and Meta focused on app store practices, browser choice screens, and consent mechanisms for data combination in advertising [1]. These investigations signal that the Commission is willing to move quickly from designation to enforcement.


DMA Interoperability Requirements for Ad Networks Explained

Interoperability under the DMA means gatekeepers must allow third-party services to connect with and function alongside their own core platform services. In ad tech, this translates to obligations around open auction access, data sharing APIs, and measurement interoperability [9].

Concretely, a gatekeeper running a walled-garden ad exchange cannot refuse to allow a third-party demand-side platform to bid on its inventory on discriminatory terms. It also cannot withhold post-campaign measurement data that would allow advertisers to independently verify delivery and performance.

What interoperability means in practice:

  • Third-party DSPs gain access to inventory on gatekeeper exchanges under FRAND terms
  • Advertisers can use independent measurement vendors instead of being locked into the gatekeeper's attribution tools
  • Publishers on gatekeeper platforms can share their first-party data with non-gatekeeper ad networks without penalty

How Does the DMA Impact Programmatic Advertising

The DMA reshapes programmatic advertising by dismantling the informational advantages that gatekeeper ad exchanges held over independent competitors. Gatekeepers can no longer use data from their own publisher network to give their buy-side products an unfair advantage in real-time bidding auctions.

For programmatic buyers, this creates new opportunities: independent DSPs should, in theory, gain access to inventory and data signals previously unavailable. For publishers, it means greater ability to monetize through multiple competing demand sources without gatekeeper interference.

The prohibition on self-preferencing is particularly significant for Google, whose vertical integration across ad server (Google Ad Manager), exchange (AdX), and buy-side (DV360/Google Ads) has been the subject of regulatory scrutiny across multiple jurisdictions.


Can Small Ad Tech Companies Get Exemptions from DMA Rules

Small ad tech companies are not subject to DMA gatekeeper obligations because they do not meet the designation thresholds. The DMA does not regulate small or mid-sized ad tech vendors directly, it regulates the gatekeepers those vendors transact through.

However, smaller companies are indirectly affected because they must adapt their technical integrations to comply with the new data-sharing and interoperability requirements that gatekeepers must implement. A small SSP, for example, may need to update its API connections to take advantage of newly mandated data access from a gatekeeper exchange.

There is no formal exemption process for small companies because they are not the regulated entities. The relevant question for smaller ad tech firms is not "how do we get exempt?" but "how do we update our integrations to benefit from the access the DMA now requires gatekeepers to provide?"


DMA Compliance Timeline: What Ad Tech Companies Need to Do Now

The core DMA obligations for gatekeepers became enforceable in March 2024, following a six-month implementation period after gatekeeper designation. Compliance reports were due from gatekeepers by March 2024 [4].

For gatekeeper ad tech teams (2026 priorities):

  1. Audit all cross-service data combination practices against the consent requirements
  2. Ensure third-party advertisers have API access to campaign performance data on a daily basis
  3. Document auction mechanics and maintain records available for Commission review
  4. Review any self-preferencing practices in ad serving, ranking, or default settings
  5. Engage legal counsel on the ongoing non-compliance investigations affecting your designated CPSs

For non-gatekeeper ad tech companies:

  1. Update API integrations with gatekeeper platforms to utilize newly mandated data access
  2. Review contracts with gatekeeper platforms to ensure FRAND terms are reflected
  3. Implement consent management infrastructure that aligns with both GDPR and DMA-adjacent data obligations, platforms like Biscotti CMP can support the consent signal architecture needed across these overlapping frameworks
  4. Monitor Commission enforcement decisions for guidance on how obligations are being interpreted

Does the DMA Apply to US Ad Tech Companies or Only European Ones

The DMA applies based on where users are located, not where companies are headquartered. Any ad tech company that operates through a designated gatekeeper's platform to reach EU users is subject to the indirect effects of the DMA, regardless of whether it is based in the United States, the UK, or anywhere else.

US-headquartered gatekeepers, Alphabet, Amazon, Apple, Meta, and Microsoft, are all designated and must comply fully. US-based ad tech vendors that buy inventory through Google's or Meta's platforms in the EU benefit from (and must adapt to) the interoperability and data-sharing obligations those gatekeepers now carry.

The UK has enacted its own parallel framework through the Digital Markets, Competition and Consumers Act 2024, administered by the Competition and Markets Authority (CMA), which announced its initial enforcement plans for 2025 [5][6]. US companies with EU and UK exposure therefore face two distinct but structurally similar regulatory regimes.


Common Mistakes Companies Make with DMA Compliance

The most common compliance failure is treating the DMA as an extension of GDPR rather than a separate competition law instrument with distinct obligations and enforcement mechanisms.

Frequent mistakes:

  • Conflating DMA and GDPR obligations: Teams trained on GDPR consent workflows may not recognize that the DMA's data combination prohibition requires a separate legal analysis
  • Ignoring indirect obligations: Non-gatekeeper companies assume the DMA does not affect them and fail to update integrations or contracts
  • Underestimating the consent interaction: The DMA requires that data combination across services only occurs with user consent, but the standard for that consent must still meet GDPR requirements, creating a compound obligation
  • Delaying compliance report preparation: Gatekeepers that submitted incomplete or inadequate compliance reports in March 2024 are now facing scrutiny [1]
  • Assuming exemption is permanent: X's exemption in October 2024 was based on current thresholds [7]; companies that grow may be redesignated

Conclusion: Preparing Your Ad Tech Platform for DMA Requirements

The Digital Markets Act represents the most significant structural intervention in digital advertising markets since GDPR reshaped data collection practices. For gatekeeper platforms, the obligations are immediate, enforceable, and backed by fines that make non-compliance financially catastrophic. For the broader ad tech ecosystem, the DMA creates new access rights and data availability that independent vendors should be actively engineering toward.

Actionable next steps for 2026:

  • If you operate within a gatekeeper's ad ecosystem, audit your data combination practices and ensure your consent architecture satisfies both GDPR and DMA requirements
  • If you are an independent DSP, SSP, or measurement vendor, engage your gatekeeper platform partners about API access and FRAND terms that the DMA now mandates
  • Implement a robust consent management solution, Biscotti CMP provides the technical infrastructure to manage consent signals across the overlapping requirements of GDPR and DMA-adjacent obligations
  • Monitor the European Commission's ongoing investigations into Alphabet, Apple, and Meta for interpretive guidance on how obligations are being applied in practice
  • Assess UK exposure under the Digital Markets, Competition and Consumers Act 2024 as a parallel compliance workstream

The companies that move now, updating integrations, documenting auction mechanics, and building consent infrastructure, will be positioned to compete in a more open market. Those that wait for enforcement decisions to force their hand will find the cost of remediation far exceeds the cost of proactive compliance.


FAQ

What is the Digital Markets Act in simple terms? The DMA is an EU law that forces the largest digital platforms to compete fairly. It prevents them from using their dominant position to disadvantage competitors in advertising, app distribution, and data access.

When did the DMA come into force for ad tech? Core DMA obligations became enforceable in March 2024, after a six-month implementation period following gatekeeper designation.

Who enforces the DMA? The European Commission has exclusive enforcement authority over the DMA. National competition authorities can support investigations but cannot enforce the DMA independently.

Does the DMA replace GDPR? No. The DMA and GDPR are separate regulations with different purposes. GDPR governs data protection for all companies; the DMA governs market competition for designated gatekeepers. Both apply simultaneously.

Is TikTok subject to the DMA? Yes. ByteDance, TikTok's parent company, is a designated gatekeeper, and TikTok is a designated core platform service under the DMA [2].

What is a "core platform service" under the DMA? A core platform service is a category of digital service, such as a search engine, social network, app store, or online advertising service, that the Commission has designated as a gateway between business users and consumers.

Can the Commission require a gatekeeper to break up its business? Yes. For systemic non-compliance, defined as three violations within eight years, the Commission can impose structural remedies, including divestiture of business units.

How does the DMA affect real-time bidding? Gatekeepers must offer third-party DSPs access to their RTB inventory under fair, reasonable, and non-discriminatory terms, and must share post-auction data that was previously withheld [9].

Does the DMA apply to B2B advertising platforms? The DMA focuses on platforms that intermediate between business users and consumers. Pure B2B platforms are less likely to be designated, but advertising services that reach consumers through B2B platforms may still fall within scope.

What should a small publisher do about the DMA? Small publishers are not directly regulated but should ensure they understand the new data access rights and interoperability obligations that gatekeepers now owe them, and update their platform agreements accordingly.


Interactive DMA Compliance Checker


References

[1] Commission Opens Non-Compliance Investigations Against Alphabet, Apple and Meta Under Digital Markets Act - https://digital-markets-act.ec.europa.eu/commission-opens-non-compliance-investigations-against-alphabet-apple-and-meta-under-digital-markets-2024-03-25_en

[2] Europe's DMA Rules for Big Tech Explained - https://techcrunch.com/2024/03/07/europes-dma-rules-for-big-tech-explained/

[3] Digital Advertising and AdTech Under the EU Digital Markets Act and Digital Services Act - https://www.dentons.com/en/insights/articles/2024/february/1/digital-advertising-and-adtech-under-the-eu-digital-markets-act-and-digital-services-act

[4] Digital Markets Act Guide - https://ksandk.com/competition-review/guides/digital-markets-act/

[5] Digital Markets, Competition and Consumers Act 2024 - https://en.wikipedia.org/wiki/Digital_Markets%2C_Competition_and_Consumers_Act_2024

[6] CMA Sets Out Initial Plans as New Digital Markets Competition Regime Comes Into Force - https://www.gov.uk/government/news/cma-sets-out-initial-plans-as-new-digital-markets-competition-regime-comes-into-force

[7] Digital Markets Act Roundup October 2024 - https://www.techpolicy.press/digital-markets-act-roundup-october-2024/

[8] Digital Services Act Starts Applying to All Online Platforms in the EU - https://digital-strategy.ec.europa.eu/en/news/digital-services-act-starts-applying-all-online-platforms-eu

[9] Digital Markets Act Mandatory Compliance - https://www.goodwinlaw.com/en/insights/publications/2024/03/insights-technology-digital-markets-act-mandatory-compliance

โ† Back to blog
Biscotti CMP

Consent Management and Legal Text Generator by Campcruisers GmbH (Falkensee). Can support your website compliance.

Product

๐Ÿข About UsFeaturesPricingDocumentation๐Ÿ” Cookie Check๐Ÿ“ฆ Downloads๐Ÿ“š Privacy & Consent Knowledge Base๐Ÿ“ Blog๐Ÿ“– Cookie Consent & Privacy Glossary๐ŸŒ Jurisdictionsโ™ฟ WCAG 2.2 Accessible Consent Banner

Legal

ImprintPrivacy PolicyTerms of ServiceRight of WithdrawalDPACookie Policy

Contact

Contact
ยฉ 2026 Biscotti โ€“ A service of Campcruisers GmbH๐Ÿช Change cookie settings