What the DMA Review Found — and What It Opened
The Digital Markets Act became legally applicable in March 2024. The Commission’s first formal review, legally required by May 3, 2026, assessed whether the law needed revision after two years of enforcement. The headline finding, published April 28, 2026: the DMA “remains fit for purpose” and no legislative changes are needed at this stage. The Commission’s review press release cited concrete consumer wins: EU iPhone users can now set rival browsers and payment apps as defaults, cross-platform messaging is live (BirdyChat users can message WhatsApp contacts), and third-party app stores have launched on iOS. The DMA Review Q&A published by the Commission confirms the review found positive results across interoperability, data portability, and choice screen implementations.
But the review’s real news is not what it concluded about the past — it is what it opened for the future. The Commission identified five AI-specific concerns that will drive DMA enforcement through at least 2028:
- Equal access to operating systems for AI services
- Self-preferencing of gatekeepers’ own AI tools over rivals
- Access to data for developing competing AI services
- Cloud infrastructure dependencies for model training
- Need for cross-regulatory cooperation between AI Act and DMA authorities
The Commission has taken an interpretive position with significant market implications: AI systems capable of retrieving, synthesizing, and presenting information in response to user queries are now considered to compete with search engines in substance. This means Google’s obligations under Article 6 of the DMA — non-discrimination, interoperability, data access — now extend to how Google governs access to its AI features, not just its traditional search product.
The Enforcement Record Before the Review
The review did not occur in an enforcement vacuum. By April 2026, the Commission had already demonstrated willingness to impose meaningful penalties:
Apple: €500 million (April 2025) for violating anti-steering rules that prevented App Store developers from directing users to cheaper external purchase options. Apple has appealed. The fine established that the Commission will use penalty authority, not just regulatory dialogue, against non-compliant gatekeepers.
Meta: €200 million for its “consent-or-pay” advertising model, which the Commission found did not offer genuine user alternatives. Meta also appealed. Meta is additionally under investigation for integrating AI into WhatsApp without providing an opt-out option — precisely the kind of AI integration concern the review flagged as a new enforcement priority.
Alphabet/Google: Two specification proceedings opened in January 2026, both addressing AI-related obligations: one on interoperability requirements, one on access to search data for third-party AI services. The Commission’s January 2026 announcement confirms these proceedings specifically address how Google governs AI rivals’ access to the same platform features available to Google’s own AI products. These proceedings are the direct precursors to formal non-compliance findings and potential fines.
Amazon and Microsoft: Cloud computing investigations launched November 2025, examining whether bundling AI services with cloud infrastructure (Amazon Bedrock on AWS, Azure OpenAI on Azure) constitutes DMA-prohibited self-preferencing.
Data from Reuters tracked by Euronews shows EU users are already shifting away from default browsers like Chrome and Safari following DMA choice screen implementations — concrete behavioral evidence that the interoperability requirements are producing market effects, not just compliance theater.
Advertisement
What Gatekeeper AI Obligations Mean for the Broader Market
Signal 1: AI Feature Access Is Now a DMA Compliance Question
The Commission’s determination that AI information-retrieval systems compete with search engines collapses a distinction that Google and others had relied upon: that their AI products (Gemini, Copilot, Siri Intelligence) were distinct from their DMA-designated “core platform services.” Under the new enforcement framing, the same access obligations that prevent Google from self-preferencing Google Shopping in search results now apply to how Google governs third-party AI access to Android, Google Search data, and Google Cloud infrastructure. Any AI company that needs equal access to mobile operating system APIs, search data, or cloud platform features to compete effectively should be monitoring the January 2026 specification proceedings closely.
Signal 2: Cloud Bundling Is Under Active Scrutiny
The November 2025 investigations into Amazon and Microsoft’s cloud AI bundling are the most significant DMA enforcement actions for enterprise technology buyers. If the Commission finds that bundling Azure OpenAI with Azure cloud infrastructure constitutes DMA-prohibited self-preferencing, the remedies could include structural unbundling, interoperability mandates between cloud platforms, or access pricing requirements for AI model deployment. Enterprise IT teams that have consolidated AI workloads on a single cloud provider’s native AI stack should assess their exposure if these investigations produce separation requirements.
Signal 3: The “Fit for Purpose” Finding Is Not a Pass — It Is a Baseline
The review’s conclusion that no legislative revision is needed can be misread as an endorsement of the status quo. It is not. “Fit for purpose” means the legal architecture is sound; it says nothing about whether gatekeepers are in full compliance. The review explicitly noted that “gatekeepers have deployed measures to sidestep obligations” and that stronger enforcement and greater transparency are needed. The three-year review cycle means the next formal assessment will occur in 2029 — but enforcement actions between now and then will be continuous.
What Businesses and Developers Should Do Now
1. Assess Whether Your Business Depends on Gatekeeper-Controlled AI Access
If your product relies on equal access to Google’s search data, Apple’s iOS APIs, Amazon’s marketplace data, or Microsoft’s cloud AI infrastructure to function competitively, the specification proceedings against these gatekeepers are directly relevant to your business. Follow the proceedings through the Commission’s DMA portal; when specification decisions are issued (typically 6-12 months after proceedings open), they create binding obligations that you can use as the legal basis for access requests. Do not wait for gatekeepers to proactively offer equal access — the DMA requires that you formally request it.
2. Evaluate Your AI Integration Against the NCII and DMA Interoperability Obligations
For any platform or AI tool operating in the EU, two regulatory changes now run in parallel: the AI Act Omnibus NCII prohibition (effective December 2026) and the DMA’s expanded AI access obligations. Products that integrate AI features — particularly those accessing platform data, operating system APIs, or messaging infrastructure — face compliance requirements under both regimes. Map your product’s data flows and integrations against both frameworks before your next product release cycle.
3. Use the DMA’s Complaint Mechanism If You Are Being Denied Equal Access
The DMA includes a formal mechanism for third parties to file complaints with the Commission about gatekeeper non-compliance. If a gatekeeper is refusing interoperability, denying equal access to AI features, or conditioning access on terms not offered to its own products, this is grounds for a complaint. Several companies have already used this mechanism successfully. The Commission’s enforcement record shows it is receptive to well-documented complaints that provide specific evidence of DMA obligation breaches.
The Regulatory Question
The DMA review’s AI framing signals that European digital regulation is entering a period where AI governance and competition law enforcement are convergent, not parallel. The Commission has explicitly flagged the need for “cross-regulatory cooperation” between DMA enforcement (on AI access and interoperability) and AI Act enforcement (on risk classification and prohibited uses). This means a single product — say, an AI feature embedded in a mobile operating system — may simultaneously need to comply with DMA interoperability rules, AI Act transparency requirements, and GDPR data processing constraints.
The companies best positioned for this environment are those that have built legal and compliance architectures that treat these frameworks as a unified system, not three separate checklists. The coming enforcement actions against Google’s AI access practices will produce the first binding interpretations of how DMA and AI Act obligations interact — and those interpretations will set the compliance baseline for every AI company operating in Europe for the next decade.
Frequently Asked Questions
Which companies are designated as “gatekeepers” under the DMA?
As of the April 2026 review, seven companies are designated as DMA gatekeepers: Apple, Google (Alphabet), Meta, Amazon, Microsoft, ByteDance, and Samsung. Designation means their core platform services — search, social networks, operating systems, cloud platforms, messaging — are subject to the DMA’s full set of interoperability, access, and non-discrimination obligations.
What did the DMA review actually conclude about the need for legislative change?
The Commission concluded that the DMA “remains fit for purpose” and that no legislative revision is premature at this stage. The law’s architecture was judged sound and achieving positive results in areas like choice screens and messaging interoperability. The Commission did mandate continued monitoring of AI-specific issues and cloud computing competition, with the next formal review due in three years.
How does the DMA’s AI enforcement stance affect companies outside the EU?
Any company providing an AI system or digital platform to EU users — regardless of where it is incorporated — is subject to DMA obligations if it meets the gatekeeper thresholds. For smaller companies below gatekeeper thresholds, the DMA’s AI access enforcement creates commercial opportunities: as gatekeepers are required to provide equal access to third-party AI providers, those third parties (including non-EU startups) gain enforceable access rights they previously lacked.
Sources & Further Reading
- DMA Review Highlights: Fit for Purpose — European Commission
- DMA Review Q&A — European Commission
- How the DMA Changed EU Citizens’ Lives — Euronews
- EU DMA Two-Year Review: AI and Cloud Priority — ComplianceHub.Wiki
- Commission Opens Proceedings to Assist Google on AI Interoperability — European Commission
- What the EU’s First DMA Review Actually Changes — TechPolicy.Press
🔗 Related Intelligence
EU AI Antitrust 2026: Meta, Google Face Competition Probes Over AI Market Power
EU Digital Omnibus: How Europe Hit Pause on Its Own AI Rules
EU AI Act Omnibus: 7 Changes From the May 2026 Deal Every Product Team Must Know
The EU Digital Omnibus: Rewriting GDPR, AI Act, and Cybersecurity Rules in One Package
