European digital law - what are DSA and DMA?

The European Union has fundamentally transformed digital oversight with two groundbreaking pieces of legislation. Responding to growing concerns about tech giant dominance and the proliferation of harmful online content, EU lawmakers have enacted the Digital Services Act (DSA) and the Digital Markets Act (DMA). Together, these regulations establish a comprehensive framework promoting both security and fair competition across the European single market.

Why new digital regulations became necessary

The internet landscape has changed dramatically in recent years. As businesses have migrated substantial operations online and remote work has become commonplace, emerging technologies like artificial intelligence have created both opportunities and challenges. Previous regulatory frameworks simply couldn't keep pace with these rapid developments.

To address these challenges, the EU developed a comprehensive digital services package as part of its broader digital strategy. The DSA fully came into effect on February 17, 2024, while the DMA became fully operational on March 6, 2024. Although introduced together, these are distinct laws with separate purposes and applications.

The DSA: Creating a safer, more transparent internet

The Digital Services Act aims to establish a more secure and transparent digital environment. It places new obligations on online platforms including social media networks, e-commerce sites, and search engines.

At its core, the DSA protects users from illegal content and misinformation while ensuring platform transparency and strengthening content oversight—all while safeguarding fundamental user rights.

Implementation follows a phased approach. Since August 2023, the regulations have applied to Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) with at least 45 million monthly active EU users. Since February 2024, the rules have expanded to cover all internet intermediaries, with smaller services required to publish their first transparency reports by February 2025.

The DMA: Curbing big tech's market power

The Digital Markets Act represents the second pillar of Europe's digital reform agenda, directly targeting anti-competitive practices by dominant tech companies.

The European Commission has designated seven major firms as "gatekeepers":

• Alphabet (Google)

• Amazon

• Apple

• Booking.com

• ByteDance (TikTok)

• Meta (Facebook)

• Microsoft

The DMA imposes significant obligations on these gatekeepers. They must ensure their messaging services can interoperate with competitors and allow vendors to promote offers and finalize contracts outside their platforms. Additionally, they must inform the European Commission about any acquisitions or mergers and ensure users can easily remove pre-installed applications.

Notably, Booking.com received its gatekeeper designation later than others, in May 2024, and was granted a six-month adaptation period to meet the new requirements.

How the DSA and DMA differ

While both regulations target the digital market, they take distinctly different approaches. The DSA covers a broad spectrum of online services, particularly focusing on very large platforms, whereas the DMA specifically addresses major tech companies classified as gatekeepers.

In terms of objectives, the DSA prioritizes user safety and content transparency, while the DMA focuses on ensuring fair competition and limiting market dominance. Their regulatory philosophies also differ significantly—the DMA takes a preventative (ex-ante) approach by imposing obligations before harm occurs, while the DSA generally adopts a more reactive (ex-post) stance toward platform operations.

Working alongside the GDPR: A unified protection framework

These new regulations don't exist in isolation—they work in concert with the existing General Data Protection Regulation (GDPR).

The DMA and GDPR have complementary objectives: the DMA focuses on market competition while the GDPR protects personal data. They share important principles regarding data portability and consent. For instance, the DMA requires explicit user consent for data sharing between gatekeepers and business users. Gatekeepers cannot use personal information for targeted advertising without clear permission, aligning perfectly with the GDPR's stringent requirements.

Meanwhile, the DSA enhances transparency through mandatory reporting and user notifications about significant service changes. Platforms must implement appropriate privacy, security, and protection measures, especially for minors—further reinforcing the data protections established under the GDPR.

What this means for businesses and consumers

These regulations bring sweeping changes for both digital businesses and their users.

For consumers, the benefits include substantially greater control over personal data and digital experiences. Users will find it easier to remove pre-installed apps, cancel subscriptions, and protect their privacy. Furthermore, the online environment will become safer through more effective measures against illegal content, hate speech, and misinformation, along with improved reporting mechanisms for problematic material.

Transparency will improve significantly, as:

• Sponsored content must be clearly labeled

• Users will receive explanations about content recommendation systems

• People can opt out of profiling practices

For businesses, particularly large digital platforms, compliance requires substantial adaptation. Companies must assess whether they fall under DSA and/or DMA jurisdiction and thoroughly document their analyses. They'll need to update contracts, terms, policies, and procedures while implementing robust reporting mechanisms. This transition demands significant investment in technology, personnel, and legal resources.

The stakes are high—failure to comply can result in severe financial penalties, creating a powerful incentive for businesses to adapt quickly.

The future of European digital regulation

The DSA and DMA represent just the beginning of a broader transformation in digital regulation. The European Union is increasingly asserting its role in shaping global standards for technology and internet governance.

A critical challenge moving forward will be striking the right balance between regulation and innovation. Critics argue that excessive regulatory requirements could hinder European digital companies' global competitiveness. Conversely, supporters maintain that clear, fair rules actually promote competition and drive long-term innovation.

How organizations should prepare

Organizations should immediately evaluate whether they fall within the scope of the DSA and/or DMA and thoroughly document their assessment. A comprehensive gap analysis to identify specific compliance requirements is also strongly recommended.

Entities subject to these regulations must implement several key changes:

• Adapt core business practices

• Update all documentation (contracts, terms, policies, and procedures)

• Implement appropriate reporting mechanisms

• Revise websites to reflect compliance measures

This transition requires a holistic approach involving multiple organizational departments, from legal and IT to marketing and customer service.

A new chapter in digital governance

The DSA and DMA represent Europe's comprehensive response to today's digital challenges. These regulations carefully balance user protection and fair competition with the need to foster innovation and economic growth.

Companies operating in the European market must thoroughly understand these regulations and adapt their operations accordingly to avoid potential penalties. At the same time, consumers gain powerful new protections in the digital realm, contributing to a more transparent and secure online environment.

Europe has established pioneering standards for digital regulation that will likely influence approaches worldwide. Whether the European model becomes a global standard remains to be seen, but one thing is certain: both companies and users must adapt to this new regulatory landscape.