The final text of the Digital Markets Act (DMA)

Article 31, Periodic penalty payments

1. The Commission may adopt a decision imposing on undertakings, including gatekeepers where applicable, and associations of undertakings periodic penalty payments not exceeding 5 % of the average daily worldwide turnover in the preceding financial year per day, calculated from the date set by that decision, in order to compel them:

(a) to comply with the measures specified by the Commission in a decision adopted pursuant to Article 8(2);

(b) to comply with the decision pursuant to Article 18(1);

(c) to supply correct and complete information within the time limit required by a request for information made by decision pursuant to Article 21;

(d) to ensure access to data, algorithms and information about testing in response to a request made pursuant to Article 21(3) and to supply explanations on those as required by a decision pursuant to Article 21;

(e) to submit to an inspection which was ordered by a decision taken pursuant to Article 23;

(f) to comply with a decision ordering interim measures taken pursuant to Article 24;

(g) to comply with commitments made legally binding by a decision pursuant to Article 25(1);

(h) to comply with a decision pursuant to Article 29(1).

2. Where the undertakings, or associations of undertakings, have satisfied the obligation which the periodic penalty payment was intended to enforce, the Commission may adopt an implementing act, setting the definitive amount of the periodic penalty payment at a figure lower than that which would arise under the original decision. That implementing act shall be adopted in accordance with the advisory procedure referred to in Article 50(2).

Contact us

Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60


We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.

Understanding Cybersecurity in the European Union.

1. The NIS 2 Directive

2. The European Cyber Resilience Act

3. The Digital Operational Resilience Act (DORA)

4. The Critical Entities Resilience Directive (CER)

5. The Digital Services Act (DSA)

6. The Digital Markets Act (DMA)

7. The European Health Data Space (EHDS)

8. The European Chips Act

9. The European Data Act

10. European Data Governance Act (DGA)

11. The Artificial Intelligence Act

12. The European ePrivacy Regulation

13. The European Cyber Defence Policy

14. The Strategic Compass of the European Union

15. The EU Cyber Diplomacy Toolbox