Digital Markets Act (DMA) and AI: Impact on Platform Operators

By Eckhart Mehler for CISOsCISO — a perspective on cybersecurity leadership, governance and the decisions that determine whether organizations retain control.

The Digital Markets Act (DMA) represents a pivotal development in the European Union’s regulatory landscape, aiming to foster fair competition within the digital market. While its primary focus is on curbing monopolistic practices of large digital “gatekeepers,” the DMA’s implications for Artificial Intelligence (AI) platform operators are profound and multifaceted. This article delves into the intricate relationship between the DMA and AI, elucidating the compliance obligations for AI platforms and the broader impact on competition and innovation in the AI sector.

A Brief Overview

Enacted by the European Parliament in 2023, the Digital Markets Act seeks to promote fair competition and ensure a level playing field within the EU’s digital economy. The DMA targets large online platforms—designated as “gatekeepers”—that wield significant influence over the internal market. These gatekeepers are subject to a set of obligations and prohibitions designed to prevent anti-competitive practices.

Criteria for Gatekeeper Status:

1. Significant Impact: An annual EU turnover equal to or exceeding €7.5 billion in the last three financial years, or a market valuation of at least €75 billion.
2. Large User Base: At least 45 million monthly active end users and 10,000 yearly active business users within the EU.
3. Entrenched Position: A stable and durable position in the market, typically presumed if the other criteria have been met for the past three years.

Platforms meeting these thresholds are obligated to comply with the DMA’s stringent requirements to foster competition and innovation.

🤖 AI Platforms as Gatekeepers: Applicability of the DMA

The rapid integration of AI into various digital services raises pertinent questions about the DMA’s applicability to AI platforms. Notably, AI-driven services such as search engines, virtual assistants, and recommendation systems often meet the DMA’s gatekeeper criteria due to their extensive user bases and market influence.

Case Study: AI-Powered Search Engines

Consider AI-powered search engines that utilize advanced algorithms to deliver personalized search results. These platforms process vast amounts of data and serve millions of users daily, positioning them as central intermediaries in the digital ecosystem. Given their significant market impact and user reach, such AI-driven search engines are likely to be classified as gatekeepers under the DMA.

Implications for AI Startups and SMEs

While the DMA primarily targets large platforms, AI startups and small to medium-sized enterprises (SMEs) should remain vigilant. Rapid scalability is inherent in AI technologies; a startup could quickly amass a substantial user base, potentially crossing the DMA’s thresholds. Therefore, understanding and preparing for DMA compliance is crucial, even for emerging AI entities.

⚖️ Compliance Obligations for AI Gatekeepers

AI platforms designated as gatekeepers under the DMA must adhere to specific obligations designed to promote fairness and competition. Key requirements include:

1. Prohibition of Self-Preferencing

Gatekeepers are forbidden from favoring their own AI services over those of third parties. For instance, an AI-driven app store must not unfairly prioritize its proprietary applications in search rankings or recommendations.

Example: If an AI platform operates a marketplace for machine learning models, it cannot unduly highlight its models over those offered by third-party developers.

2. Data Sharing and Interoperability

Gatekeepers must facilitate data access and interoperability to ensure third-party developers can integrate and compete effectively. This includes providing access to data generated by users on the platform, with user consent and in compliance with privacy regulations.

Example: An AI-powered social media platform may be required to offer APIs that allow third-party applications to access user-generated content, enabling enhanced functionalities and services.

3. Transparency in Advertising

AI platforms that engage in digital advertising must disclose pricing information and performance metrics to advertisers and publishers. This transparency aims to prevent information asymmetry and promote fair competition in the ad tech industry.

Example: An AI-driven advertising network should provide advertisers with clear data on how ads are targeted, delivered, and priced, ensuring informed decision-making.

4. Restrictions on Combining Personal Data

Without explicit user consent, gatekeepers are prohibited from combining personal data sourced from their core platform services with data from other services. This measure safeguards user privacy and prevents the undue consolidation of data across services.

Example: An AI platform offering both email services and e-commerce should not merge user data from these services to create detailed user profiles without obtaining explicit consent.

🌐 Intersection of the DMA and the AI Act

The European Union’s regulatory framework for AI is further reinforced by the proposed Artificial Intelligence Act (AI Act), which focuses on the development and deployment of AI systems. While the DMA addresses market dynamics, the AI Act emphasizes ethical considerations, risk management, and accountability in AI applications.

Key Areas of Intersection:

• Risk Management and Compliance

AI gatekeepers must implement robust risk management systems as mandated by the AI Act. This includes conducting impact assessments and ensuring transparency in AI operations. Compliance with both the DMA and AI Act necessitates a comprehensive approach to governance, balancing competition law with ethical AI practices.

• Algorithmic Transparency

Both regulations underscore the importance of transparency. The DMA requires gatekeepers to disclose ranking and recommendation parameters, while the AI Act mandates explainability in AI decision-making processes. AI platforms must, therefore, develop mechanisms to elucidate how their algorithms function and impact users.

🛠️ Strategic Recommendations for AI Platform Operators

To navigate the complex regulatory environment shaped by the DMA and AI Act, AI platform operators should consider the following strategies:

1. Comprehensive Regulatory Assessment

Conduct thorough analyses to determine whether the platform meets the DMA’s gatekeeper criteria and assess the applicability of the AI Act based on the nature of AI systems deployed.

2. Implementation of Compliance Frameworks

🔥 Conclusion: DMA as a Game-Changer for AI Platforms

The Digital Markets Act (DMA) is a regulatory milestone, fundamentally altering how AI-driven platforms operate in the EU.

📌 Key Takeaways:

• The AI providers must comply with DMA’s anti-monopoly and data-sharing provisions.
• Interoperability, transparency, and fair competition are now legal imperatives for AI platforms.
• The DMA and AI Act together form a complex regulatory landscape, requiring AI companies to rethink governance strategies.

AI businesses must act now to integrate DMA requirements into their compliance frameworks, ensuring long-term competitiveness and regulatory alignment.

Publication Note & Disclaimer
This article was originally published on LinkedIn on February 22, 2025 and may have been edited or updated for publication on this site.

It reflects my personal professional perspective and does not represent the official policy or position of my employer. Drafting and editorial refinement may have been supported by commercially available AI-assisted tools. The analysis, conclusions and final curation are entirely my own.

For information regarding image credits, copyrights, trademarks and other intellectual property rights, please refer to the Imprint.