The final text of the Digital Markets Act (DMA)

Article 18, Market investigation into systematic non-compliance

1. The Commission may conduct a market investigation for the purpose of examining whether a gatekeeper has engaged in systematic non-compliance. The Commission shall conclude that market investigation within 12 months from the date referred to in Article 16(3), point (a).

Where the market investigation shows that a gatekeeper has systematically infringed one or more of the obligations laid down in Article 5, 6 or 7 and has maintained, strengthened or extended its gatekeeper position in relation to the requirements set out in Article 3(1), the Commission may adopt an implementing act imposing on such gatekeeper any behavioural or structural remedies which are proportionate and necessary to ensure effective compliance with this Regulation. That implementing act shall be adopted in accordance with the advisory procedure referred to in Article 50(2).

2. The remedy imposed in accordance with paragraph 1 of this Article may include, to the extent that such remedy is proportionate and necessary in order to maintain or restore fairness and contestability as affected by the systematic non-compliance, the prohibition, during a limited period, for the gatekeeper to enter into a concentration within the meaning of Article 3 of Regulation (EC) No 139/2004 regarding the core platform services or the other services provided in the digital sector or enabling the collection of data that are affected by the systematic non-compliance.

3. A gatekeeper shall be deemed to have engaged in systematic non-compliance with the obligations laid down in Articles 5, 6 and 7, where the Commission has issued at least three non-compliance decisions pursuant to Article 29 against a gatekeeper in relation to any of its core platform services within a period of 8 years prior to the adoption of the decision opening a market investigation in view of the possible adoption of a decision pursuant to this Article.

4. The Commission shall communicate its preliminary findings to the gatekeeper concerned within 6 months from the date referred to in Article 16(3), point (a). In its preliminary findings, the Commission shall explain whether it preliminarily considers that the conditions of paragraph 1 of this Article are met and which remedy or remedies it preliminarily considers necessary and proportionate.

5. In order to enable interested third parties to effectively provide comments, the Commission shall, at the same time as communicating its preliminary findings to the gatekeeper pursuant to paragraph 4 or as soon as possible thereafter, publish a non-confidential summary of the case and the remedies that it is considering imposing. The Commission shall specify a reasonable timeframe within which such comments are to be provided.

6. Where the Commission intends to adopt a decision pursuant to paragraph 1 of this Article by making commitments offered by the gatekeeper pursuant to Article 25 binding, it shall publish a non-confidential summary of the case and the main content of the commitments. Interested third parties may submit their comments within a reasonable timeframe which shall be set by the Commission.

7. In the course of the market investigation, the Commission may extend its duration where such extension is justified on objective grounds and proportionate. The extension may apply to the deadline by which the Commission has to issue its preliminary findings, or to the deadline for adoption of the final decision. The total duration of any extension or extensions pursuant to this paragraph shall not exceed 6 months.

8. In order to ensure effective compliance by the gatekeeper with its obligations laid down in Articles 5, 6 and 7, the Commission shall regularly review the remedies that it imposes in accordance with paragraphs 1 and 2 of this Article. The Commission shall be entitled to modify those remedies if, following a new market investigation, it finds that they are not effective.

Contact us

Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60


We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.

Understanding Cybersecurity in the European Union.

1. The NIS 2 Directive

2. The European Cyber Resilience Act

3. The Digital Operational Resilience Act (DORA)

4. The Critical Entities Resilience Directive (CER)

5. The Digital Services Act (DSA)

6. The Digital Markets Act (DMA)

7. The European Health Data Space (EHDS)

8. The European Chips Act

9. The European Data Act

10. European Data Governance Act (DGA)

11. The Artificial Intelligence Act

12. The European ePrivacy Regulation

13. The European Cyber Defence Policy

14. The Strategic Compass of the European Union

15. The EU Cyber Diplomacy Toolbox