Digital Rulebook Enforced: What the EU’s Crackdown on Big Tech Means for You

Introduction

On April 23, 2025, the European Commission imposed landmark fines on Apple (€500 million) and Meta Platforms (€200 million), marking the first enforcement actions under the EU’s new Digital Markets Act (DMA).

Apple: €500 Million Fine for Restricting Choice

The Commission determined that Apple restricted app developers from directing users to alternative purchasing options outside the App Store without incurring additional fees. This practice was found to hinder competition and limit consumer choice. ​

The Commission has ordered Apple to remove the technical and commercial restrictions on steering and to refrain from perpetuating the non-compliant conduct in the future. The European Commission has stated the fine imposed has taken into account the severity and duration of the non-compliance demonstrated.

The Commission closed another investigation on Apple’s user choice obligations under the Digital Markets Act that was resolved due to Apple’s proactive engagement on a compliance solutions. More information on this is available here: https://ec.europa.eu/commission/presscorner/detail/en/ip_25_1086

Meta: €200 Million Fine for "Consent or Pay" Model

Meta's "consent or pay" model, which required users to consent to data sharing for personalized ads or pay for an ad-free experience, was found to violate the DMA's requirements which states that users who do not consent must have access to a less personalised but equivalent alternative.

The Commission did note that Meta engaged in conversations with the Commission and introduced another version of the free personalised ads model in November 2024 that allegedly uses less personal data to display advertisements. The Commission is currently assessing this new option and continues its dialogues with Meta requesting evidence that this new ads model is in practice.

The decision on the fine yesterday was with regards to non-compliance during the time period of March 2024 (when the DMA obligations became legally binding) and November 2024 when Meta’s new ads model was introduced.

Commission's Statement: A Level Playing Field

Speaking on the decision, Teresa Ribera, Executive Vice-President for Clean, Just and Competitive Transition at the European Commission had this to say:

"The Digital Markets Act is a crucial instrument to unlock potential, choice and growth by ensuring digital players can operate in contestable and fair markets. It protects European consumers and levels the playing field. Apple and Meta have fallen short of compliance with the DMA by implementing measures that reinforce the dependence of business users and consumers on their platforms. As a result, we have taken firm but balanced enforcement action against both companies, based on clear and predictable rules. All companies operating in the EU must follow our laws and respect European values."

Company Responses: Apple and Meta Push Back

The company responses from both Meta and Apple have been strong and both companies have stated they plan to appeal the decision made by the European Commission. Speaking on the matter, Meta Chief Global Affairs Officer Joel Kaplan said in a statement:

"The European Commission is attempting to handicap successful American businesses while allowing Chinese and European companies to operate under different standards."

He continued to say that the Commission was forcing Meta to change their business model and by doing so was effectively imposing a multi-billion dollar tariff on Meta.

Apple spokesperson Emma Wilson said in a statement that the company intends to appeal the Commission’s decision while continuing discussions on compliance. The EU executive’s decisions are “yet another example of the European Commission unfairly targeting Apple,” said Wilson. “Despite countless meetings, the Commission continues to move the goal posts every step of the way,” she said.

What is the Digital Markets Act (DMA)?

The Digital Markets Act is the EU’s law to make the markets in the digital sector fairer and more contestable. To do this, the DMA establishes a set of clearly defined objective criteria to identify ‘gatekeepers’.

Who Are the Gatekeepers & What Must They Do?

Gatekeepers are large digital platforms providing services such as online search engines, app stores, messenger services etc.

Gatekeepers therefore need to comply with the following:

• allow third parties to inter-operate with the gatekeeper’s own services in certain specific situations;

• allow their business users to access the data that they generate in their use of the gatekeeper’s platform;

• provide companies advertising on their platform with the tools and information necessary for advertisers and publishers to carry out their own independent verification of their advertisements hosted by the gatekeeper;

• allow their business users to promote their offer and conclude contracts with their customers outside the gatekeeper’s platform.

• 
  

Gatekeepers will no longer:

• treat services and products offered by the gatekeeper itself more favourably in ranking than similar services or products offered by third parties on the gatekeeper's platform;

• prevent consumers from linking up to businesses outside their platforms;

• prevent users from un-installing any pre-installed software or app if they wish so;

• track end users outside of the gatekeepers' core platform service for the purpose of targeted advertising, without effective consent having been granted.

To ensure that companies are complying with these new obligations, the Commission will continue to carry out market investigations. As we have seen with this latest decision, huge fines of up to 10% of the company’s total worldwide annual turnover, or up to 20% in the event of repeated infringements could be implemented.

Wider Regulatory Landscape

Beyond the DMA, there are other regulatory considerations for companies operating in the EU.

The Digital Operational Resilience Act (DORA) for example came into effect as of the 17th January. This act aims to improve operational resilience in regulated financial service providers. The International Financial Services Centre (IFSC) in Dublin pointed out that financial entities that fail to report major ICT related incidents or significant cyber threats may face fines. Third party ICT service providers designated as critical by ESAs may face fines of up to €5million according to the IFSC.

The EU AI Act came into effect on August 1st 2024 and will become enforceable as of August 2nd 2025. This act establishes rules for the development, deployment, and use of artificial intelligence within the EU, categorizing AI systems based on risk and imposing corresponding obligations. Companies developing or using AI in Ireland and Europe need to understand these classifications and prepare for compliance. Certain prohibited AI practices are expected to be enforced earlier, potentially in February 2025. Codes of practice for General Purpose AI are expected by May 2025, applying from August 2025.

Similarly, the latest of the Capital Requirements Directive (CRD V6) was passed in July 2024. CRD VI is part of a broader package of EU regulations that sets the rules for banks and credit institutions within the European Union. A key change within this regulation is the introduction of a new licencing regime for "core banking activities" performed by non-EU banks in the EU, requiring them to establish branches in the EU and obtain authorization. The majority of changes are intended to apply from 11 January 2026 so now is the time to prepare.

How Johnson Hana Can Help

Regulatory Compliance and updates can be a minefield for stretched legal teams. At Johnson Hana, we help organisations prepare using tech-enabled contract review tools, a risk-led approach and a team of experienced professionals. With flexible teams of professionals and a range of support options from resource augmentation to full end to end handling, we can deliver whatever your organisation's needs.