The final text of the Digital Markets Act (DMA)

Article 10, Exemption for grounds of public health and public security

1. The Commission may, acting on a reasoned request by a gatekeeper or on its own initiative, adopt an implementing act setting out its decision, to exempt that gatekeeper, in whole or in part, from a specific obligation laid down in Article 5, 6 or 7 in relation to a core platform service listed in the designation decision pursuant to Article 3(9), where such exemption is justified on the grounds set out in paragraph 3 of this Article (‘the exemption decision’). The Commission shall adopt the exemption decision within 3 months after receiving a complete reasoned request and shall provide a reasoned statement explaining the grounds for the exemption. That implementing act shall be adopted in accordance with the advisory procedure referred to in Article 50(2).

2. Where an exemption is granted pursuant to paragraph 1, the Commission shall review its exemption decision if the ground for the exemption no longer exists or at least every year. Following such a review, the Commission shall either wholly or partially lift the exemption, or decide that the conditions of paragraph 1 continue to be met.

3. An exemption pursuant to paragraph 1 may only be granted on grounds of public health or public security.

4. In cases of urgency, the Commission may, acting on a reasoned request by a gatekeeper or on its own initiative, provisionally suspend the application of a specific obligation referred to in paragraph 1 to one or more individual core platform services already prior to the decision pursuant to that paragraph. Such a request may be made and granted at any time pending the assessment of the Commission pursuant to paragraph 1.

5. In assessing the request referred to in paragraphs 1 and 4, the Commission shall take into account, in particular, the impact of the compliance with the specific obligation on the grounds in paragraph 3, as well as the effects on the gatekeeper concerned and on third parties. The Commission may subject the suspension to conditions and obligations in order to ensure a fair balance between the goals pursued by the grounds in paragraph 3 and the objectives of this Regulation.

Contact us

Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60


We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.

Understanding Cybersecurity in the European Union.

1. The NIS 2 Directive

2. The European Cyber Resilience Act

3. The Digital Operational Resilience Act (DORA)

4. The Critical Entities Resilience Directive (CER)

5. The Digital Services Act (DSA)

6. The Digital Markets Act (DMA)

7. The European Health Data Space (EHDS)

8. The European Chips Act

9. The European Data Act

10. European Data Governance Act (DGA)

11. The Artificial Intelligence Act

12. The European ePrivacy Regulation

13. The European Cyber Defence Policy

14. The Strategic Compass of the European Union

15. The EU Cyber Diplomacy Toolbox