Key Points:

1. Apple and Meta were fined by the EU Commission for violating the DMA—Apple was fined €500 million, and Meta was fined €200 million

   
   

2. The DMA is an EU regulation that aims to ensure fair competition in the EU digital economy

   
   

3. Noncompliance of the DMA carries serious consequences in the form of fines, penalties, and additional fines in the case of continued noncompliance

On April 22, 2025, the EU Commission announced that Apple breached its anti-steering obligation under the DMA, and that Meta breached the DMA obligation to give consumers the choice of a service that uses less of their personal data. As a result, the Commission fined Apple and Meta with €500 million and €200 million respectively.

But what is the DMA? What were these obligations that Apple and Meta violated? Why were the fines so high? Does this affect businesses in Canada or the United States? This article answers these questions.

What is the DMA?

The DMA is an EU regulation that aims to ensure fair competition in the EU digital economy. The main goal is to regulate large online platforms, called gatekeepers (big companies like Apple, Meta, or Google), so that these large companies do not abuse their market power.

Essentially, the purpose of the DMA is to make the markets in the digital sector fairer and more contestable (a contestable market is one that is fairly easy for new companies to enter). In other words, the market is more competitive thanks to the DMA.

More specifically, gatekeepers have to comply with the do’s (i.e. obligations) and don’ts (i.e. prohibitions) listed in the DMA. For example, gatekeepers have to: allow third parties to inter-operate with the gatekeeper’s own services in certain specific situations; allow their business users to access the data that they generate in their use of the gatekeeper’s platform; provide companies advertising on their platform with the tools and information necessary for advertisers and publishers to carry out their own independent verification of their advertisements hosted by the gatekeeper; and allow their business users to promote their offer and conclude contracts with their customers outside the gatekeeper’s platform.

Also, gatekeepers must not: treat services and products offered by the gatekeeper itself more favourably in ranking than similar services or products offered by third parties on the gatekeeper's platform; prevent consumers from linking up to businesses outside their platforms; prevent users from uninstalling any pre-installed software or app if they wish so; and track end users outside of the gatekeepers' core platform service for the purpose of targeted advertising, without effective consent having been granted.

As a result of the DMA, consumers have more choice of digital services and can install preferred apps (with choice screens), gain more control over their personal data (users decide whether the companies can use their data), can port their data easily to the platform of their choice, have streamlined access, and have unbiased search results.

As we have just seen, the consequences of noncompliance can be quite costly. In particular, there can be fines of up to 10 percent of the company’s total worldwide annual turnover, or up to 20 percent in the event of repeated infringements. Moreover, there could be periodic penalty payments of up to five percent of the average daily turnover. Furthermore, in the case of  systematic infringements by gatekeepers, additional remedies may be imposed on the gatekeepers after a market investigation (these remedies have to be proportionate to the offence committed). And if necessary as a last resort option, non-financial remedies can be imposed, including behavioural and structural remedies like divestiture of (parts of) a business.

In Canada, we have the Competition Act; similarly, the United States has antitrust laws such as the Sherman Antitrust Act. For example, in Canada, there was a recent court action brought by the Competition Bureau against Google for abusing a monopoly with search. Likewise, there was an antitrust action brought against Meta by the Antitrust Division of the Department of Justice in the United States regarding its acquisition of Instagram and WhatsApp.

I’d be remiss not to mention that Canadian and American businesses could be subject to the DMA in certain circumstances. This is because the DMA applies to core platform services provided or offered by gatekeepers to business users established in the EU or end users established or located in the EU, irrespective of the place of establishment or residence of the gatekeepers and irrespective of the law otherwise applicable to the provision of service. What this means is, regardless of location or residence of gatekeepers, if they offer their services to users in the EU, they are subject to the DMA. This requirement can be found in Article 1 of the DMA.

Why was Apple fined €500 million?

Under the DMA, app developers distributing their apps on Apple's App Store should be able to inform customers (free of charge) of alternative offers outside the App Store, steer them to those offers, and allow them to make purchases.

However, Apple does not do this. Due to a number of restrictions imposed by Apple, app developers cannot fully benefit from the advantages of alternative distribution channels outside the App Store. Similarly, consumers cannot fully benefit from alternative and cheaper offers since Apple prevents app developers from directly informing consumers about such offers. The company has failed to demonstrate that these restrictions are objectively necessary and proportionate.

Therefore, the Commission has ordered Apple to remove the technical and commercial restrictions on steering, and to refrain from perpetuating the non-compliant conduct in the future, which includes adopting conduct with an equivalent object or effect.

When imposing the €500 million fine, the Commission has taken into account the gravity and duration of the non-compliance. At this point,  the Commission has closed the investigation on Apple's user choice obligations, thanks to early and proactive engagement by Apple on a compliance solution.

And why was Meta fined €200 million?

Under the DMA, gatekeepers must seek users' consent for combining their personal data between services. The users who do not consent must have access to a less personalised but equivalent alternative.

But Meta did not do this. Instead, it introduced a binary ‘Consent or Pay' advertising model. Under this model, EU users of Facebook and Instagram had a choice between consenting to personal data combination for personalised advertising, or paying a monthly subscription for an ad-free service.

As a result, the Commission found that Meta’s model was not compliant with the DMA, because it did not give users the required specific choice to opt for a service that used less of their personal data but was otherwise equivalent to the ‘personalised ads' service. Meta's model also did not allow users to exercise their right to freely consent to the combination of their personal data.

Subsequently (after numerous exchanges with the Commission), Meta introduced another version of the free personalised ads model, offering a new option that allegedly used less personal data to display advertisements. The Commission is currently assessing this new option and continues its dialogue with Meta. The Commission is requesting that the company provide evidence of the impact that this new ads model has in practice.

To that end, the decision that found non-compliance involves the time period during which users in the EU were only offered the binary ‘Consent or Pay' option between March 2024 (when the DMA obligations became legally binding) and November 2024 (when Meta's new ads model was introduced).

When imposing the fines, the Commission took into account the gravity and duration of the non-compliance.

What’s more, the Commission also found that Meta's online intermediation service, Facebook Marketplace, should no longer be designated under the DMA, mostly because Marketplace had less than 10,000 business users in 2024. Meta therefore no longer met the threshold giving rise to a presumption that Marketplace was an important gateway for business users to reach end users.

What can we take from this development?

It is important to note that these decisions made against Apple and Meta are the first noncompliance decisions adopted under the DMA. Both Apple and Meta are required to comply with the Commission's decisions within 60 days, or else they risk periodic penalty payments.

It is clear that the DMA is a serious regulation—businesses that offer products and services to consumers in the EU need to be aware of this and act accordingly if they want to avoid serious fines and penalties. In like manner, businesses that are encapsulated under the DMA will need to be aware that fines and penalties continue and worsen over time if the noncompliance continues.

For businesses that are subject to domestic competition/antitrust legislation in Canada and the United States are recommended to note that the consequences, albeit less severe than the DMA, are also grave in the case where businesses are abusing their monopoly power and ignoring regulators. Why is competition so important? The goal of these laws is to protect the competitiveness of the markets and to protect consumers by ensuring that they have choice and are not subject to pressure by companies who abuse monopoly power. Take a look at an article that I wrote about antitrust woes here.

Indeed, some companies are watching what is happening to Apple and Meta, and are responding in a positive, proactive, and cooperative manner—for instance, Microsoft President Brad Smith has announced a landmark set of digital commitments aimed at strengthening the company’s relationship with Europe, expanding its cloud and AI infrastructure, and reinforcing its respect for European laws and values. Likely attempting to learn from past antitrust mistakes (think about the antitrust case back in the late 90s), Brad Smith stated:

“We respect European values, comply with European laws, and actively defend Europe’s cybersecurity. Our support for Europe has always been–and always will be–steadfast”