06.07.2022 | KPMG Law Insights

Regulation of online platforms: EU Parliament adopts Digital Services Act and Digital Markets Act

After intensive negotiations, the European Parliament approved a landmark legislative package on Tuesday, 05.07.2022, which creates significant new regulations for the digital space with the Digital Service Act (“DSA“) and the Digital Markets Act (“DMA“).

The DSA is primarily intended to strengthen the rights of users of digital platforms and to ensure that what is already prohibited in the analog world will no longer be permitted in the digital world in the future. This primarily involves issues such as hate speech, the presentation of illegal content or targeted misinformation. In order to better assess the risks associated with the use of online platforms, the platforms must also disclose the key parameters of their algorithms in the future.

The DMA, on the other hand, serves in the creation of fair competition in the digital world. It is aimed primarily at the Internet giants and is intended to prevent them from abusing their dominant market position. To this end, certain anti-competitive behaviors of these so-called “gatekeepers” are prohibited. They will also be required to open their services to the use of third-party applications.


Digital Services Act

The adoption of the legislative package is intended to set a legal framework that ensures that the legal regulations can keep pace with the advancing pace of innovation by technology corporations and that the largest and strongest corporations do not set their own rules. Thus, the responsible executive vice president Margrethe Vestager already stated that the law would “help create a safe and responsible online environment.” That’s why platforms should be transparent about content moderation and prevent dangerous disinformation from spreading virally.

The DSA contains binding obligations for all digital service providers that convey goods, services, or content to consumers, establishes new procedures for the rapid removal of illegal content, and also ensures the protection of users’ fundamental rights online.

The law covers so-called online intermediary services such as Internet access providers, hosting services, online platforms for buying and selling goods such as online marketplaces, app stores, and search engines. The strictest regulations affect platforms with more than 45 million users in the Union. These are referred to as “very large online platforms” (“VLOP“).


Strengthening user rights

In particular, obligated parties must take measures to combat illegal goods, services or content on the Internet. Among other things, a mechanism with so-called “trusted whistleblowers” and an obligation to trace commercial users on online marketplaces are to be established.

The rights of users are to be strengthened by the fact that it will be possible in future to appeal against moderation decisions made by the platforms. In addition, the use of so-called dark patterns, i.e. interface designs that are intended to induce users to behave in a certain way unnoticed, such as giving consent, will be prohibited. VLOPs must also allow accredited researchers and nongovernmental organizations access to their data and provide insight into their algorithms in the future.


Strict rules for VLOPs, search engines and co.

VLOPs and search engines will be required to take risk-based measures to prevent misuse of their systems in the future. For example, minors are to be excluded from the use of their personal data to create personalized advertising.

Member states must appoint their own authorities as coordinators for digital services, which are responsible for monitoring and enforcing the regulation. In the future, these will join forces in the “European Panel for Digital Services” as an independent advisory group. In the case of VLOPs, the Commission itself also has the authority to initiate proceedings under certain circumstances.


Avoiding manipulation on the Internet

In response to Russia’s war in Ukraine, a crisis mechanism was also added, which should make it possible to limit the spread of manipulative content on the network in the event of an emergency, such as a war or pandemic.


Interoperability and data access

In addition to enhanced user rights and stronger consumer protections, users will also benefit from the DMA’s new interoperability regulations. In the future, for example, operators of large messaging services such as WhatsApp will have to allow users to receive messages from other applications as well. In the future, users must also be able to access their own data on the platform and transfer it to other platforms. This is intended to strengthen competition between the platforms and weaken lock-in effects in favor of the existing market leaders.


Digital Markets Act: Strengthening competition in favor of smaller companies

The DMA is intended to strengthen competition in particular by ensuring that especially large corporations are no longer allowed to give preferential treatment to their products over those of their competitors. Also, in the future, gatekeepers will no longer be allowed to combine data from different sources into data sets without the explicit consent of users, or to encourage users to share data from other platforms with them. It will also no longer be possible for them to prevent users from uninstalling pre-installed applications. It is also noteworthy that the burden of proof for compliance with the requirements of the DMA is placed on the obligated companies. The new compliance obligations for gatekeepers are expected to benefit smaller companies in the largely midsize data economy in particular. This should strengthen the innovative power of the entire industry.



Violations of the DSA are subject to fines of up to 6% of annual global sales and penalty payments of 5% of daily sales. For this purpose, there is the possibility of a prohibition to operate commercially in the EU.

Violations of the DMA can even be punished with a fine of a maximum of 10% of the total turnover of the last fiscal year. In the event of non-compliance, there is also the possibility here of imposing daily penalty payments up to a maximum amount of 5% of the average daily turnover in the last financial year.



Now the DMA and DSA still have to be formally adopted by the EU Council. Thereafter, they are published in the Official Journal of the EU and enter into force 20 days thereafter. According to current information, the DSA will apply 15 months after its entry into force, starting 01.01.2024 at the earliest. For very large online platforms and search engines, it is to apply as early as four months after they have been classified as gatekeepers by the Commission. The DMA is expected to become effective six months after its enactment. Gatekeepers will not have to comply with the new obligations until six months after they are classified as such.

Since DSA and DMA are regulations, they have direct effect in the EU member states.

Explore #more

17.05.2024 | KPMG Law Insights

Podcast series “KPMG Law on air”: When the family business is to be sold

Around 38,000 family businesses are currently handed over each year. In most cases, the change of ownership takes place within the family. But more and…

03.05.2024 | KPMG Law Insights

Doubts about inability to work? What employers can do

The certificate of incapacity for work (AU certificate) serves as proof of incapacity for work due to illness. However, only if the certificate meets certain…

29.04.2024 | KPMG Law Insights

Agreement on ecodesign regulation: products to become more sustainable

After lengthy negotiations, the Council and Parliament of the European Union reached a provisional agreement on the Ecodesign Regulation on the night of December 5,…

27.03.2024 | KPMG Law Insights

EU Buildings Directive: life cycle greenhouse potential becomes relevant

On March 12, 2024, the EU Parliament approved the amendment to the EU Buildings Directive. The directive obliges member states and, indirectly, building owners and…

19.03.2024 | Business Performance & Resilience, KPMG Law Insights

CSDDD: Provisional agreement on the EU Supply Chain Directive

The EU member states agreed on the CSDDD, the EU Supply Chain Directive, on March 15, 2024. Germany abstained from the vote. Negotiators from the…

19.03.2024 | KPMG Law Insights

The AI Act is coming: EU wants to get a grip on AI risks

For many people, artificial intelligence (AI) is the great hope for business, healthcare and science. But there are also plenty of critics who fear the…

21.02.2024 | KPMG Law Insights, KPMG Law Insights

The Digital Services Act – what does it mean for companies?

The Digital Services Act (DSA) is a key component of the EU’s digital strategy and came into force on November 16, 2022. As a regulation,…

15.02.2024 | KPMG Law Insights

Data compliance management: How to implement it in practice

Part 3 of the article series “Professional tips for data compliance management”   The third part of this series of articles deals with data compliance

14.02.2024 | Business Performance & Resilience, PR Publications

Guest article in ZURe: Monitoring the implementation of the LkSG

The current issue of ZURe (p. 20 ff.) contains a guest article by KPMG Law Partner Thomas Uhlig (Head of General Business and Commercial Law),…

09.02.2024 | KPMG Law Insights

Podcast series “KPMG Law on air”: The employment law function

In almost all German companies, the employment law function is located in the HR department and not in the legal department. One of the reasons…


Francois Heynike, LL.M. (Stellenbosch)

Head of Technology Law

THE SQUAIRE Am Flughafen
60549 Frankfurt am Main

tel: +49-69-951195770

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.