The European Union Digital market act (DMA) said that the objective is to complete the European Union competition rules to guarantee questionable and fair markets in the digital sector by imposing specific obligations on “guards”. Guardians are appointed large platforms providing basic platform services (CPS), such as online search engines, social networks, operating systems, markets or online advertising services.
AI is not currently considered a CPS under the DMA. The European Commission may propose that the EU Legislative Assembly adds an AI to the CP list following a market survey. The Commission seems to hesitate to do so due to the lack of clarity concerning what the exact designation should be and what entities would be considered as a goalkeeper, especially since AI is frequently integrated into wider services. It remains to be seen whether the Commission will more explicitly address the problems linked to AI in the future. It seems that it can happen when the DMA underwent a first review in 2026.
Meanwhile, the Commission takes the position that AI can be covered by the DMA when it is integrated into the CPS of a goalkeeper, such as a search engine or a virtual assistant using AI.
This blog post provides a brief overview of the DMA provisions which can be relevant to AI.
Combination and reducing data
The DMA assumes that the guards can take advantage of the large volumes of data circulating in their CPS to increase obstacles to the entrance. We could argue that this hypothesis also applies to guards using data that crosses their CPS to (further) train and develop AI models, motors that stimulate the functionality of AI systems (such as chatbots).
If a CPS already includes an AI system, such as a search engine using a generative AI function, the European Commission can affirm that the goalkeeper can also use the data obtained via such a system to strengthen its position on the market to the detriment of small AI players.
There may also be a risk that DMA can be interpreted as restricting guards for the use of combined and interrupted personal data collected via AI systems to train or improve their AI models, pulling by pulling their competitive advantage provided by the AI systems they offer. However, this would assume that AI models can be considered a CPS, which is not clear at the moment.
- Personal data. Guardians cannot combine personal data from individuals from a CPS with personal data from some of their other services or third party. Likewise, guards cannot use personal data from a CPS in their separate services and vice versa (article 5 (2) DMA). These restrictions do not apply if the persons concerned have agreed to the processing of their personal data for such purposes. However, obtaining a valid consent under the GDPR is extremely difficult, largely due to the restrictive and controversial interpretation of the European data protection authorities and the European Commission.
- Commercial data. Guardians cannot use in competition with professional data users who are not accessible to the public and which are generated or provided by professional users in the context of their use of the CPS or the services provided with, or in support of the CPS, including the data generated or provided by the customers of these professional users. For example, a goalkeeper offering market services and selling its own products on the same market may not use professional user sales data on the market to train its own AI sales functions. The exemption from consent mentioned above does not apply here (article 6 (2) DMA).
Self-préferison (article 6 (5) DMA)
We could argue that the guards must ensure that the AI systems used for classification purposes are in accordance with the DMA. The DMA prohibits guards from promoting their own services and products compared to third parties in third parties in the classification, indexing and ramp. The guards must apply transparent, fair and not discriminatory conditions to such a classification.
Access to data
Some players may try to argue that they can use DMA data access rights to obtain the data they need to develop their own AI models.
- Professional users. The DMA requires the guards to provide professional users, on request, with free, high quality and real -time access to the data provided or generated in the context of the use of the CPS or the services provided with, or in support of the CPS, including the data generated or provided by the customers of these commercial users (article 6 (10) DMA).
- Online search engines suppliers. Guardians must provide suppliers of online search engines, on request, with access to fair, reasonable and non -discriminatory terms (FRAND) in the classification, question, click and display data related to free and paid research generated by end users on the goalkeeper’s search engine (article 6 (11) DMA).
To solve data protection problems, appropriate guarantees must be implemented when the data to be shared include personal data. User consent is necessary for requests for access to professional users. Anonymization is required when processing requests for access to data from online search suppliers.
Strengthen transactions (article 14 DMA)
The guards are required to inform the European Commission of any concentration provided before its implementation when the merger entities or the objective provide a CPS or any other service in the digital sectors or allow the collection of data, whether informed under the EU or the national merger rules. A significant proportion of these notifications Until now, the acquisitions of AI companies by guards (see our previous blog article on AI and mergers for more details).
Application
The European Commission can adopt non-compliance decisions and order the guards to stop and refrain from non-compliance (article 29 DMA).
The European Commission can also refine companies not in accordance with 10% of their world annual turnover and impose daily sanctions up to 5% of average daily turnover (article 30 DMA). In March 2025, two guards were sentenced to a fine of 500 million euros and 200 million euros for having violated DMA obligations. These decisions were challenged before the EU courts.
The authors would like to thank Ioannis Dellis for his help in the preparation of this alert.
