Apple and Meta Fined Under the Digital Markets Act

The Digital Markets Act is an EU regulation designed to create fairer digital markets by limiting the power of dominant online platforms, called “gatekeepers.” These are companies with a strong economic position, significant influence, and a large user base in multiple EU countries.

Key obligations for gatekeepers include:

• Allowing users to uninstall pre-installed apps
• Avoiding self-preferencing in rankings
• Making key data available to business users who rely on their platforms
• Transparency in advertising
• Prohibiting locking users into one platform or ecosystem

The European Commission has designated seven companies as gatekeepers so far: Alphabet (Google), Amazon, Apple, ByteDance (TikTok), Meta (Facebook and Instagram), Microsoft, and booking.com.

While the DMA is aimed at these large platforms, the regulation sets a precedent for the broader ecosystem: transparency, user choice, and data access will become baseline expectations across digital markets.

On March 7, 2024, the DMA officially came into effect. Just over a year later, the European Commission has already taken action. In April 2025, it announced that Apple and Meta had breached the rules and would face formal investigations and potential fines.

Apple’s Case

Apple was flagged for several practices that limit user choice:

• It restricted developers from directing users to cheaper offers outside its App Store
• It made it difficult for users to delete pre-installed apps or set non-Apple apps (such as the internet browser) as defaults
• It imposed technical and contractual barriers that prevented fair access to its platform, especially for alternative app stores and third-party browsers

The Commission argues that these actions violate the DMA’s core goals - user freedom and fair competition.

These restrictions are not new concerns. Regulators and developers have long criticized Apple for its “walled garden” model. But under the DMA, these issues now carry legal consequences.

As a result of the investigation, Apple was fined €500 million (approximately $540 million). The Commission stated that the amount reflects the seriousness and duration of the infringement.

Meta’s Case

Meta, the parent company of Facebook and Instagram, was fined for violating the DMA through its “pay or consent” model. Under this system, European users must either accept personalized advertising (and the associated tracking) or pay a subscription fee to use the platforms without ads.

The European Commission ruled that this model does not give users a real or free choice. Tying access to services to consent for data processing, especially when linked to payment, undermines the DMA’s requirement for fair user choice and transparency.

The European Commission found that this approach did not offer a real or free choice. It ruled that the model fails to provide users with a specific choice to opt for a version of the service that collects less personal data but is otherwise functionally equivalent to the ad-funded option.

This violates the DMA’s requirement for genuine and fair user choice.

This issue builds on earlier GDPR enforcement against Meta over its handling of consent and data processing. But under the DMA, the concern shifts from privacy alone to how platform design can distort competition and user autonomy.

The Commission fined Meta €200 million (around $224 million) for breaching its obligations. The ruling reinforces the EU’s stance that dominant platforms must not use their market power to pressure users into giving up control over their data.

Why these fines matter

These fines mark the first major enforcement actions under the Digital Markets Act, setting a clear precedent.

For years, the EU has criticized dominant tech platforms for limiting competition and restricting user choice. The DMA provides new tools and the Commission has now shown it is willing to use them.

The fines are significant in scale: €500 million for Apple and €250 million for Meta. While both fall well below the DMA’s maximum penalty threshold of 10% of a company’s global turnover (which can rise to 20% for repeat violations), they are a public signal that the EU intends to hold Big Tech accountable.

Both Apple and Meta have the right to appeal these decisions to the EU courts. That process could take months or even years, but the message is clear: the Commission is serious about enforcing the DMA.

The Apple fine and the Meta fine are not yet final, but they signal serious enforcement. Both companies face potential penalties of up to 10 percent of their global turnover. If the violations continue, that figure could rise to 20 percent.

Even more important than the money is the signal these actions send. The EU is moving quickly to apply the DMA—and it is doing so in a way that sets precedent for future cases.

Summary: Both Apple and Meta have 60 days to comply with the Commission’s decisions or risk additional periodic penalty payments.

Penalties: Non-compliance can lead to fines of up to 10% of global turnover (20% for repeat violations).

Ongoing oversight: The Commission continues to monitor both companies for further violations.

Legal action: Both companies have announced their intent to appeal the decisions

The Digital Markets Act is no longer just a set of rules. It’s being enforced—publicly, forcefully, and with consequences.

The DMA is part of a broader trend in European regulation.

From GDPR to the Digital Services Act (DSA) to the AI Act, the EU is building a network of laws to shape digital activity.

This time, enforcement is not slow or cautious. Regulators are acting early and publicly. The European Commission launched formal investigations less than a year after the DMA took effect.

That shows a new phase: the rules are no longer theoretical. Businesses must adjust how they operate in digital markets. Not just on paper, but in practice.

The Commission has also created a centralized enforcement structure with the power to investigate, fine, and demand changes. It is backed by national authorities and technical experts. This means follow-through is likely, and compliance checks will become more common.

Most companies in Europe are not gatekeepers. You may not operate an app store or run a major ad platform. But these new enforcement actions are still relevant.

The principles behind the DMA, such as user control, transparency, and fair access, are becoming the norm in EU digital policy. These are not just rules for Big Tech. They reflect a growing expectation for how all digital services should behave.

If you run a SaaS company, sell digital products, or manage user data, you are already covered by the GDPR.

And now, the broader regulatory environment is evolving in a similar direction. Regulators will expect clear, fair, and user-respecting systems, whether you have ten users or ten million.

What’s more, your customers and partners are paying attention. Businesses increasingly ask whether their vendors are compliant. Being prepared is not only about avoiding risk but also about building trust.

The GDPR was the first major digital law to affect companies of all sizes in the EU. Many organizations spent years adapting to its requirements. But compliance is not a one-time event.

The DMA, DSA, and AI Act show that Europe’s digital rulebook is expanding. The focus is shifting from privacy alone to market behavior, data use, and user rights.

For smaller businesses, the best strategy is to treat GDPR compliance as a baseline. That means:

• Keeping accurate data maps and processing records
• Reviewing how consent is collected and stored
• Ensuring data is shared only with approved vendors
• Making sure policies and procedures are kept up to date

Tools such as heyData's All-In-One Compliance help manage this process in a simple and structured way. Preparing now means you won’t need to rush when new laws take effect or when customers start asking for evidence of compliance.

The fines against Apple and Meta are only the beginning. The DMA is not just about punishing bad actors—it’s about reshaping the digital economy in Europe.

Companies that take compliance seriously today will build trust and resilience for tomorrow. Those who wait may face not only legal risk but also a loss of credibility in the eyes of users and partners.

Q: What is the Digital Markets Act (DMA)?
A: The DMA is an EU regulation that imposes strict rules on large online platforms (“gatekeepers”) to ensure fair competition and user choice.

Q: Who is affected by the DMA?
A: Directly, only large “gatekeeper” companies like Apple, Meta, Google, Amazon, Microsoft, ByteDance, and Booking.com. Indirectly, the new standards affect all digital businesses in the EU.

Q: What were Apple and Meta fined for?
A: Apple was fined for restricting user and developer choice in its App Store. Meta was fined for its “pay or consent” advertising model, which did not offer users a genuine alternative.

Q: What are the maximum penalties under the DMA?
A: Up to 10% of global turnover for first-time violations, and up to 20% for repeat violations.

Q: What should other businesses do?
A: Prepare for stricter compliance, keep data and consent records up to date, and ensure transparency in user agreements and data practices.