§ Digital Markets Act · Article 28
DMA Article 28: Obligations, Deadlines & Penalties
At a glance
Article 28 of the DMA imposes 15 obligations on Compliance officers, Gatekeeper, Head of the compliance function and 1 other entity type(s). At least one obligation carries an explicit compliance deadline.
§ Obligations
All obligations under Article 28
Obligation 1
Gatekeepers shall introduce a compliance function that is independent from operational functions and composed of one or more compliance officers, including a head of the compliance function.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Gatekeeper
- Action required
-
introduce
- Deadline
-
—
- Penalty
-
—
Obligation 2
Gatekeepers shall ensure that the compliance function has sufficient authority, stature, resources, and access to the management body to monitor compliance with the Regulation.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Gatekeeper
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
Obligation 3
The management body of the gatekeeper shall ensure that compliance officers have the necessary professional qualifications, knowledge, experience, and ability to fulfil their tasks.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Management body of the gatekeeper
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
Obligation 4
The management body of the gatekeeper shall ensure that the head of the compliance function is an independent senior manager with distinct responsibility for the compliance function.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Management body of the gatekeeper
- Action required
-
ensure
- Deadline
-
—
- Penalty
-
—
Obligation 5
The head of the compliance function shall report directly to the management body and may raise concerns or warn that body where risks of non-compliance arise.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Head of the compliance function
- Action required
-
report
- Deadline
-
—
- Penalty
-
—
Obligation 6
The head of the compliance function shall not be removed without prior approval of the management body of the gatekeeper.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Gatekeeper
- Action required
-
obtain approval
- Deadline
-
—
- Penalty
-
—
Obligation 7
Compliance officers shall organise, monitor, and supervise the measures and activities of the gatekeepers that aim to ensure compliance with the Regulation.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Compliance officers
- Action required
-
organise
- Deadline
-
—
- Penalty
-
—
Obligation 8
Compliance officers shall inform and advise the management and employees of the gatekeeper on compliance with the Regulation.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Compliance officers
- Action required
-
inform
- Deadline
-
—
- Penalty
-
—
Obligation 9
Compliance officers shall, where applicable, monitor compliance with commitments made binding pursuant to Article 25.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Compliance officers
- Action required
-
monitor
- Deadline
-
—
- Penalty
-
—
Obligation 10
Compliance officers shall cooperate with the Commission for the purpose of the Regulation.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Compliance officers
- Action required
-
cooperate
- Deadline
-
—
- Penalty
-
—
Obligation 11
Gatekeepers shall communicate the name and contact details of the head of the compliance function to the Commission.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Gatekeeper
- Action required
-
communicate
- Deadline
-
—
- Penalty
-
—
Obligation 12
The management body of the gatekeeper shall define, oversee, and be accountable for the implementation of governance arrangements that ensure the independence of the compliance function.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Management body of the gatekeeper
- Action required
-
define
- Deadline
-
—
- Penalty
-
—
Obligation 13
The management body shall approve and review periodically, at least once a year, the strategies and policies for taking up, managing, and monitoring compliance with the Regulation.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Management body of the gatekeeper
- Action required
-
approve
- Deadline
-
at least once a year
- Penalty
-
—
Obligation 14
The management body shall devote sufficient time to the management and monitoring of compliance with the Regulation.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Management body of the gatekeeper
- Action required
-
devote time
- Deadline
-
—
- Penalty
-
—
Obligation 15
The management body shall actively participate in decisions relating to the management and enforcement of the Regulation and ensure that adequate resources are allocated to it.
Regulation (EU) 2022/1925, Article 28, Article 28
- Obligated entity
-
Management body of the gatekeeper
- Action required
-
participate
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 28
Who must comply with Article 28 of the DMA?
+
Compliance officers, Gatekeeper, Head of the compliance function, Management body of the gatekeeper.
What does Article 28 of the DMA require?
+
introduce ensure report
What is the compliance deadline for DMA Article 28?
+
at least once a year