The DMA is one of the most intrusive regulations ever imposed on Big Tech. Following the initial months of implementation, what has been the most unexpected reaction from the gatekeepers? Furthermore, what is the primary source of resistance you are currently facing?
The Digital Markets Act (DMA), alongside the DSA, represents the first structural regulatory framework for the digital sector, mirroring the historical developments in other economic sectors such as telecommunications and energy.
The DMA promotes market openness, innovation, and user choice by regulating the conduct of large digital platforms, defined as "gatekeepers", to ensure fairer and more transparent commercial relationships for the benefit of both users and small and medium-sized enterprises (SMEs).
The DMA unlocks new possibilities and options for users and businesses offering online products and services through digital intermediaries, with the aim of reducing dependence on tech giants. It introduces transparency into platform practices, grants users new freedom of choice, and ensures greater protection of rights through direct oversight by the European Commission. The DMA provides fresh safeguards for SMEs that often struggle to compete against digital behemoths, by compelling gatekeepers to adopt fairer terms in their contracts. The ultimate goal is, of course, to allow small and medium-sized enterprises and startups to grow, thrive, and innovate.
We have seen in the past that when legislators introduce a new regulatory framework, there is a period where companies subject to the new sectoral rules do not readily accept the legislative choices or the restrictions on their freedom of movement. Consider telecommunications regulation: it took time and significant effort from regulatory authorities to align the behaviour of former monopolies with the new rules. Similarly, with the DMA, it will likely take some time and ongoing supervision for the system to become fully operational and produce all the effects intended by the legislator.
The DMA (Digital Markets Act) and DSA (Digital Services Act) regulations are now fully in force. Based on the first few months of application, what are the most significant indicators of a genuine shift in the European digital market? What are the initial tangible effects for citizens and businesses?
The Digital Markets and Digital Services Acts have established a new equilibrium between smaller entities and large systemic platforms, while conferring new rights upon the citizens and businesses that use their services.
For instance, the seven gatekeepers regulated by the DMA and the over twenty very large platforms under the European Commission's supervision are now paying much closer attention to the needs of the businesses and citizens active on their platforms. Looking at the DMA, for example, gatekeepers have already implemented a series of ex-ante modifications to their contracts, technologies, and interfaces to remove barriers to innovation, competition, and the growth of their client businesses. Moreover, gatekeepers are becoming more responsive to customer complaints, partly to mitigate the risk of regulatory intervention and the potential for formal investigations.
Regarding the e-commerce sector, the European Commission considers it a priority to activate DSA tools, in coordination with national regulators, to combat the use of large e-commerce platforms for distributing illegal, counterfeit, or dangerous products—often sold at rock-bottom prices. This practice not only threatens the survival of law-abiding European SMEs and consumers but can also cause serious harm to end-users who, trusting the intermediation of large platforms, end up purchasing illegal goods or falling victim to fraud.
Moving into the specifics of the DMA, in what ways is this legislation creating concrete opportunities for European SMEs and digital startups? Could you provide some practical examples of how a business might currently leverage the new rules to compete on a fairer footing?
During the first eighteen months of the DMA’s applicability, we have already observed several improvements. It is worth remembering that, following its entry into force in 2022, the first stage of the DMA’s implementation was the "designation" of gatekeepers, with obligations only becoming applicable to these entities as of March 2024.
Two aspects in particular merit highlighting: on one hand, the opportunities arising from opening the so-called "ecosystems" of gatekeepers to new products and competitors; on the other, the innovations regarding the accessibility of data controlled by gatekeepers.
Regarding the first aspect, consider the new opportunities for innovators within the developer community for apps and connected devices to be integrated into the most widespread mobile platforms—namely Google and Apple. For the first time, developers can distribute their apps outside the traditional channels of these two gatekeepers, through alternative app stores or even directly. On iPhones, these possibilities were previously completely blocked, whereas on Android phones, they were available but made less attractive to users. Examples of existing app stores include AltStore (specialising in retro games), Epic Store (specialising in video games), and Aptoide (more generalist). Furthermore, starting from iOS 26, a series of very important functions will be made available to develop innovative products and services for connected devices like smartwatches, earphones, or virtual reality devices. In e-commerce, NFC functionality can be used not just for in-store payments, but for a much broader range of services.
As for data access, following the obligations imposed by the DMA, designated gatekeepers have provided businesses with new APIs to grant continuous, real-time data access. These APIs also allow end-users to authorise the direct transfer of their data to third-party companies to develop and offer innovative services. For example, one company came up with the idea of using these APIs to offer users a service that consolidates the data and preferences they have expressed across Google and Meta platforms. These users will thus have a personal profile under their exclusive control, which they can share with companies of their choice to obtain personalised services without gatekeeper intermediation. Regarding data access more broadly, thanks to the DMA, advertisers and publishers using Google, Meta, and Amazon’s online advertising services now have the right to obtain detailed information on the advertising services purchased—including prices, commissions, and performance metrics—to understand the real value of the services, which until now had been managed opaquely.
Turning our attention to the DSA, while large platforms face stringent obligations, how can we ensure that small and medium-sized digital enterprises (for instance, an emerging Italian e-commerce business) understand and comply with their duties without being stifled by administrative burdens?
The need to create a digital space that encourages emerging small businesses was central to the European legislator's thinking from the outset when defining the DSA’s architecture.
In fact, the vast majority of DSA rules do not apply to micro and small enterprises (those with fewer than 50 employees and an annual turnover under €10 million), specifically to lighten the regulatory burden on emerging firms and startups. In these cases, only basic rules apply to ensure a minimum level of transparency and accessibility, such as publishing information to facilitate contact with the platform, publishing the general terms of service, and—for hosting services and platforms—maintaining a system to notify the presence of illegal content, including reporting serious crimes against the person to law enforcement. Reassuring users and making them feel safe when shopping online is fundamental to the development of e-commerce. In short, the European legislator was particularly careful to balance the burden on small businesses on one hand with the need to protect users from illegality, fraud, and abuse on the other.
Larger platforms, conversely, expose users to greater risks, necessitating responsiveness regarding illegal content and the protection of fundamental rights, with a particular focus on minors. In the case of e-commerce platforms, this obviously applies to buyers. For these platforms, the law includes obligations aimed at ensuring the possibility of contesting content removal decisions, facilitating the management of notifications from entities specialised in identifying illegal content, and making recommendation systems and advertising more transparent. One crucial obligation for these platforms is to design interfaces in such a way that users (specifically traders active on the platforms) are able to provide all the information necessary to conclude contracts with consumers in compliance with applicable European law. For platforms accessible to minors, specific measures are obviously required to ensure a high level of security and privacy.
Finally, only platforms categorised as "Very Large Online Platforms" (with more than 45 million users in Europe) are subject to prudential supervision by the European Commission, somewhat like banks. Platforms with a European systemic dimension are subject to the most stringent obligations for risk assessment and mitigation, as well as the associated transparency and internal monitoring duties.
In this rapidly evolving landscape, what role do you envision for Chambers of Commerce and other business support organisations?
Chambers of Commerce, incubators, and other business support organisations are doing excellent work on the ground. For businesses, digital transformation has become indispensable, but the path to digitalisation is not always smooth, particularly for smaller companies and even more so in the face of complex regulations like those concerning digital services.
Chambers of Commerce and other support bodies play an incredibly important role. On one hand, they represent the interests of sector businesses to the competent authorities and highlight the difficulties encountered; on the other—and perhaps even more importantly—they help disseminate information and knowledge among sector businesses regarding the opportunities offered by European regulation, in terms of funding but also, and crucially, regarding the opening of new markets and growth potential. Consider the examples mentioned earlier, of which only a limited number of SMEs are aware or have managed to leverage.
Another possibility to explore is the full utilisation of tools and support available at the European level. For example, to assist businesses in their digital transformation and help them understand European digital policies, there is a European network of so-called "European Digital Innovation Hubs" (EDIHs). These are present in every country—there are over 30 in Italia—and they provide consultancy services, skill development, funding advice, and the opportunity to "test before invest" in technological solutions.
With the advent of Artificial Intelligence, these Hubs will focus particularly on the adoption of this technology among businesses. Think of the nascent AI Factories (for those needing computing resources), testing and experimentation facilities (for those needing to test solutions in real-world conditions), or regulatory sandboxes to verify the compliance of proposed solutions with digital legislation.