First fines issued under the EU Digital Markets Act

The question 

 How have obligations under the Digital Markets Act (DMA) been enforced recently and what are the ramifications for a lack of compliance? 

The key takeaway

The European Commission (Commission) has begun robustly applying the DMA to 'Gatekeepers' (selected large digital platforms that provide a pre-defined set of digital services), imposing sizeable fines for breaches of obligations. Each obligation under the DMA should be continually reviewed by Gatekeepers to avoid financial sanctions as the Commission's enforcement of the DMA evolves.

The background 

The DMA became applicable to Gatekeepers from May 2023, aiming to make the markets in the digital sector fairer and more contestable. Since its inception, overseen by the Commission, investigations have been taking place to assess whether Gatekeepers are complying with obligations under the DMA. No conclusive findings had been announced until 23 April 2025. In these findings, several Gatekeepers have been fined, including a €500m fine on Apple and a €200m fine on Meta.

The development

 The Commission imposed a €500m fine on Apple for having insufficient anti-steering mechanisms for consumers under Article 5(4) DMA. Article 5(4) requires Gatekeepers to allow business users to provide offers to consumers which may be concluded on another platform or service free of charge. Apple was found to have prevented the provision of alternative offerings to consumers and alternative channels for businesses. This included preventing app developers from informing users of cheaper offers available outside of the App Store. Apple has filed an appeal with the General Court of the CJEU. 

Further, a fine of €200m was imposed on Meta based on breaches of Article 5(2) DMA. This states that Gatekeepers must seek specific user consent for combining their personal data across other platforms or services offered by a Gatekeeper, or with third parties. Further, Gatekeepers must provide an alternative and equivalent offering where consent is not received. This decision was made in respect of Meta's "consent or pay" model, under which users had the choice between either consenting to their personal data being combined across platforms for personalised advertising or paying a monthly subscription for an ad-free version of the platform. The Commission found that Meta's consent or pay model did not provide consumers with the option to genuinely consent to the combination of their personal data across Meta's platforms. Meta has been in dialogue with the Commission on deploying alternative models.  

These fines have been imposed based on a period between the inception of the DMA, and the introduction of DMA compliant mechanisms by Gatekeepers. In light of the fines amounting to several hundred million Euros, the Commission are making their enforcement priorities clear.  The Commission has several outstanding investigations relating to breaches of the DMA; further findings should be closely monitored by Gatekeepers as the investigations progress.

Why is this important?

As the first fines have now been imposed under the DMA, Gatekeepers should keep a close eye on the Commission's interpretation of the DMA, to ensure ongoing compliance and avoid both investigations and fines. 

Any practical tips?

Businesses should ensure that they swiftly and comprehensively comply with the Commission during investigations, as well as contribute to, and monitor, the output of consultations. For example, the Commission held several workshops based on recent investigations, a list of which can be found here.