DMA review 2026: Commission keeps the law as it is
In short: The European Commission’s first review of the Digital Markets Act, published on 28 April 2026 as COM(2026) 178 final under Article 53 of the Regulation, concludes that the law is working and proposes no legislative amendment. Cloud computing and AI are named as the next enforcement focus. The UK runs a separate regime under the Digital Markets, Competition and Consumers Act 2024 and has gone a different way: firm-by-firm conduct requirements on individual designations, rather than per-se obligations across a designated set.
The European Commission has decided the EU Digital Markets Act needs no legislative change. Two years after the Regulation took full effect, the Commission’s first Article 53 review, published on 28 April 2026, concludes that the law is working and names cloud computing and artificial intelligence as the next enforcement focus. Messaging interoperability regulation will continue as designed but will not extend to social networks at this review. The UK runs a separate regime under the Digital Markets, Competition and Consumers Act 2024 and has gone a different way: firm-by-firm conduct requirements on individual designations, rather than the EU’s per-se obligations across a designated set.
What the Digital Markets Act is
The Digital Markets Act (Regulation (EU) 2022/1925) is the EU’s ex ante competition regime for large digital platforms. It imposes binding obligations directly on designated gatekeepers, currently seven firms across 23 core platform services, without requiring a finding of abuse of dominance in any individual case. Designation rests on a combination of quantitative presumption (turnover, market capitalisation, monthly active users) and qualitative criteria (significant impact on the internal market, important gateway for business users, entrenched and durable position). The Commission enforces the DMA centrally; national competition authorities have no DMA enforcement role.
The obligations sit in Articles 5, 6 and 7. Article 5 is a list of per-se prohibited practices that bind every gatekeeper without further specification: no combining of personal data across services without consent, no most-favoured-nation clauses on business users, no requirement to use the gatekeeper’s own ancillary services. Article 6 is a longer list of adjustable obligations capable of being specified by Commission decision: access to data generated on the platform, interoperability of operating systems with third-party hardware features, prohibitions on self-preferencing in ranking. Article 7 applies only to number-independent interpersonal communications service (NI-ICS) gatekeepers and requires interoperability of basic messaging functionalities, free of charge, with end-to-end encryption preserved.
| Element | What it is | Source |
|---|---|---|
| Designation criteria | Quantitative presumption (€7.5bn EU turnover or €75bn market capitalisation; 45 million EU monthly end users and 10,000 yearly EU business users) plus a qualitative gateway and durability test, rebuttable in either direction | Article 3 DMA |
| Article 5 obligations | Per-se prohibitions binding every gatekeeper without further specification (data combination consent, MFN, tying, ancillary-service self-use) | Article 5 DMA |
| Article 6 obligations | Adjustable obligations capable of being specified by Commission decision (interoperability, ranking, switching, third-party apps, data access) | Article 6 DMA |
| Article 7 obligations | Basic messaging interoperability for designated NI-ICS providers, free of charge, within three months, with end-to-end encryption preserved | Article 7 DMA |
| Enforcement | Commission only; fines up to 10% of worldwide turnover (20% for repeat infringement); periodic penalty payments up to 5% of daily turnover; structural remedies available for systemic non-compliance | Articles 29-30 DMA |
| Review cycle | Commission must evaluate the Regulation every three years and report to the European Parliament, the Council and the European Economic and Social Committee | Article 53 DMA |
DMA review 2026: what the Commission decided
The DMA review report, COM(2026) 178 final, finds that the Regulation is fit for purpose. The Commission records tangible positive impact on contestability and fairness in the two years that Articles 5, 6 and 7 have been operative for the first tranche of gatekeepers (from March 2024): alternative app stores, browsers and messaging providers have entered EU markets; consumers can withhold consent for cross-service data combination, port their data between platforms and uninstall pre-installed apps; advertisers and publishers have new transparency tools. Two non-compliance findings against Apple and Meta on 23 April 2025 produced the first DMA fines under the Article 30 procedure.
Two areas are flagged for further focus. Cloud computing services: three market investigations opened on 18 November 2025 assess whether Microsoft Azure and Amazon Web Services should be designated as gatekeepers, and whether existing DMA obligations adequately address cloud-specific practices. AI services: two specification proceedings opened in January 2026 against Alphabet engage Article 6 interoperability and search-data sharing in the AI context, and the Commission’s regulatory dialogue with gatekeepers continues on default settings, equal access for AI services to operating systems, and the ban on combining personal data for AI model training. Procedural improvements (transparency, regulatory dialogue, compliance reporting templates) are flagged for adjustment but require no amendment.
Article 7 will not extend to online social networking services at this review. The Commission cites greater technical complexity (social-network interoperability is harder than messaging interoperability) and limited demand. The decision is staged rather than principled; the next Article 53 review will revisit the question.
The review is a Commission report under Article 53, not a legislative proposal. The European Parliament and the Council receive the report; neither institution can amend the DMA without a fresh Commission proposal under ordinary legislative procedure. The Commission has expressly declined to bring such a proposal. No trilogue applies; no inter-institutional negotiation has started.
UK’s divergent approach
The UK’s parallel framework sits in Part 1 of the Digital Markets, Competition and Consumers Act 2024, in force from 1 January 2025 by SI 2024/1226. Section 2 enables the CMA to designate an undertaking as having strategic market status (SMS) in respect of a digital activity linked to the UK where the undertaking has substantial and entrenched market power and a position of strategic significance, on a forward-looking assessment of at least five years. Conduct requirements follow designation under the Act and are specific to the firm and the activity, rather than imposed uniformly across a category of firms.
The CMA designated Apple and Google in mobile platforms on 22 October 2025, the first SMS designations under the Act. Apple’s mobile platform covers iOS, iPadOS, the App Store and Safari with WebKit. Google’s covers Android, Google Play Store, and Chrome with Blink. Conduct-requirement consultations have been running into 2026 on app review processes, steering out of app stores, interoperable access to Apple functionality, and digital wallet restrictions. The earlier First DMCCA 2024 commitments post on bratby.law covers the conduct framework in detail.
The cloud route diverged on outcome. Ofcom’s referral of public cloud infrastructure to the CMA on 5 October 2023 identified egress fees, technical interoperability and committed-spend discounts as the principal barriers to switching and multi-cloud. The CMA closed the resulting market investigation on 31 March 2026 by accepting voluntary commitments from AWS and Microsoft on egress fees and interoperability, and opened a separate SMS investigation into Microsoft’s business software (notably Windows Server and SQL Server licensing on rival clouds) starting May 2026. AWS was not designated. Where the EU has opened formal market investigations into cloud designation, the UK has settled the cloud infrastructure question through enforceable commitments and is taking a tailored software-licensing track on Microsoft.
The architectural difference is real. The DMA applies a uniform set of per-se obligations across designated gatekeepers identified primarily by quantitative presumption. The UK regime designates firm-by-firm on a forward-looking market-power assessment and tailors conduct requirements to the designated firm and digital activity. The instruments deal with the same conduct (self-preferencing, switching, data combination, interoperability, default communications) but reach it differently.
| Feature | EU (DMA) | UK (DMCCA Part 1) |
|---|---|---|
| Instrument | Regulation (EU) 2022/1925, directly applicable in EU member states | Digital Markets, Competition and Consumers Act 2024, Part 1, in force from 1 January 2025 |
| Designation test | Quantitative presumption on EU turnover, market capitalisation and active EU users plus qualitative gateway and durability criteria, both rebuttable | Substantial and entrenched market power plus position of strategic significance, on a forward-looking five-year market-power assessment |
| Obligation design | Per-se obligations under Articles 5, 6 and 7 applying uniformly across the designated set | Bespoke conduct requirements imposed firm-by-firm on each SMS-designated digital activity |
| Enforcement | European Commission only; no national competition authority DMA-enforcement role | CMA only; sectoral regulators (Ofcom, ICO, FCA, PSR) provide input under concurrency arrangements |
| Designations to date | Seven gatekeepers across 23 core platform services (from September 2023) | Apple and Google in mobile platforms (22 October 2025); Microsoft business software SMS investigation starts May 2026; AWS not designated |
| Review cycle | Mandatory Commission review every three years under Article 53 DMA; first review on 28 April 2026 concluded the law is fit for purpose | No equivalent statutory review cycle; CMA produces periodic strategy and conduct-requirement consultations |
DMA review 2026: settled ground and open questions
Settled: the DMA framework. Seven gatekeepers, 23 core platform services, Articles 5-7 substantive obligations, Commission-only enforcement, and the High-Level Group of EU digital regulators (BEREC, EDPB, EDPS, ECN, CPC, the Media Board) that coordinates DMA implementation with sectoral regimes. No legislative amendment is in prospect. The next Article 53 review is due 2029 unless the Commission brings a fresh proposal earlier.
Not settled: the cloud question. Three EU market investigations are live and designation of Microsoft Azure or Amazon Web Services would follow if the evidence supports it. The Commission has deferred the Article 7 extension to social networks. Joint EDPB-Commission guidelines on the DMA-GDPR interplay are in preparation but not yet adopted. Non-compliance proceedings continue against several gatekeepers, with periodic penalty payments available under Article 30 where a gatekeeper has not complied.
The UK side has its own open questions. Conduct requirements for Apple and Google are still in consultation. Microsoft’s business software SMS investigation runs into 2027 at the earliest. Whether the CMA will use SMS powers to address cloud infrastructure (beyond the AWS-Microsoft commitments) or messaging (beyond the existing mobile-platform conduct requirements) is not yet on the public roadmap.
Viewpoint
The political dispute about whether the DMA is tough enough or too tough now sits outside the Regulation. The Commission has made its call. Enforcement, specification and market investigations under the existing framework are the next two-year story. Where the EU has chosen uniformity and speed (per-se obligations on a designated set), the UK has chosen tailoring and sequencing (firm-by-firm conduct requirements on individual SMS designations). Both architectures work in the same substantive territory: self-preferencing, data combination, interoperability, switching frictions, default communications. Neither has yet been tested in court at scale. The Article 7 messaging interoperability rollout, with the first commercial third-party connections live in November 2025 between WhatsApp and the European messaging providers BirdyChat and Haiket, shows what a per-se obligation can deliver on a defined operational surface. Whether the same can be delivered on cloud computing, where technical and commercial complexity are higher, is the open question for both regimes.
For cross-border platform clients, two different compliance methodologies now run side by side. EU operations are governed by uniform obligations announced in advance; UK operations are governed by bespoke conduct requirements that follow designation. The substantive overlap is high, but the documentation, consultation engagement and reporting are not interchangeable. Either regime can be the binding constraint depending on the firm and the activity. Regulatory due diligence on hyperscaler and platform exposure is now a discrete workstream on M&A and infrastructure transactions in this space.
Frequently asked questions
What does the DMA review 2026 conclude?
The European Commission’s first review of the Digital Markets Act under Article 53 of the Regulation, published as COM(2026) 178 final on 28 April 2026, concludes that the DMA is fit for purpose and that no legislative amendment is needed. The Commission names cloud computing services and artificial intelligence as the next enforcement focus. Messaging interoperability under Article 7 remains in place and will not extend to social networks at this review.
Does the DMA review need approval from the European Parliament or Council?
No. The review is a Commission report under Article 53 DMA, not a legislative proposal. The European Parliament and the Council receive the report; neither institution can amend the DMA without a fresh Commission proposal under ordinary legislative procedure. The Commission has declined to bring such a proposal at this review. No trilogue applies and no inter-institutional negotiation has started.
When will the DMA next be reviewed?
The next Article 53 review is due three years from the first, in 2029. The Commission may bring a fresh legislative proposal at any point in the meantime if circumstances warrant, but has expressly declined to do so at this review. Enforcement, specification proceedings and market investigations continue under the existing framework in the interim.
How does the UK digital markets regime differ from the DMA?
The UK regime under Part 1 of the Digital Markets, Competition and Consumers Act 2024 designates firms one at a time as having strategic market status (SMS) and imposes conduct requirements tailored to each firm and digital activity. The DMA imposes a uniform set of per-se obligations on designated gatekeepers identified primarily by quantitative presumption. The UK regime is firm-by-firm and bespoke; the DMA is category-wide and uniform.
When was the CMA’s first SMS designation under the DMCC Act 2024?
22 October 2025. The CMA designated Apple and Google as having strategic market status in their respective mobile platforms, covering iOS, iPadOS, the App Store and Safari with WebKit for Apple, and Android, Google Play Store, and Chrome with Blink for Google. Conduct-requirement consultations have been running into 2026 on app review processes, app-store steering, interoperability and digital wallet restrictions.
For advice on Digital Markets Act compliance, UK SMS designation consultation responses, or cross-border digital regulation strategy, contact Rob Bratby at Bratby Law.
