By Professor Giuseppe Colangelo, Jean Monnet Professor of European Innovation Policy and Associate Professor of Law and
Economics, University of Basilicata
The revival of regulation has sparked debate over its effectiveness compared to traditional antitrust enforcement. Critics warn of overregulation’s unintended consequences, including risks to platform integrity and security under the Digital Markets Act (DMA). Indeed, the DMA aims to promote fair access by requiring gatekeepers to open their ecosystems, particularly app stores, through measures like sideloading, interoperability, and lifting anti-steering restrictions.
To navigate this complex landscape and avoid polarization, policymakers must recognize that regulation involves trade-offs. Binary choices and appeals to a singular ‘greater good’ are ineffective. Policymaking is the art of balancing conflicting yet relevant interests. Striking a balance between competition and security is crucial as favoring one at the expense of the other would be counterproductive.
How policymakers strike this balance depends on the weight regulatory interventions assign to each of the interests involved. To this end, it is essential to distinguish between the primary rationales driving a policy intervention and the safeguards that constrain its scope. The DMA’s primary goal is to foster competition, but security must also be safeguarded. Accordingly, gatekeepers are not prohibited from adopting necessary and proportionate measures that ensure the integrity of their services and end users’ security.
🚨 The Digital Markets Act (DMA) aims to promote competition, but there’s a growing concern: could it also weaken platform security?
Here's a thread on @istbrunoleoni's @GiuColangelo new policy briefing on the DMA's trade-offs, challenges, and potential solutions. 🧵👇
— EPICENTER – European Policy Information Center (@epicenterEU) March 11, 2025
In this context, policymakers must seek solutions that achieve a constrained optimum, which safeguards against potential risks, rather than an unconstrained optimum. This means that, as a first guiding principle, when assessing the solutions proposed by gatekeepers for DMA compliance, the European Commission should not aim for the highest possible level of competition in absolute terms. Instead, it must seek the highest achievable level of competition while also ensuring an appropriate degree of security.
This also requires considering differences in gatekeepers’ business models. Despite the DMA’s business model–agnostic approach, assessing compliance measures in context will help ensure they achieve the intended balance. Apple and Google, for example, have emphasized security concerns in their compliance reports, highlighting the role of trust in their ecosystems. However, the balance between competition and security cannot be the same in a closed ecosystem as it is in an open one. The challenge is particularly pronounced in Apple’s tightly controlled “walled garden,” where security and competition trade-offs differ from those in open ecosystems.
Competition or security should not be the question
Finally, it is important to emphasise that a balance between competition and security cannot be achieved without the contribution of gatekeepers. Achieving DMA compliance is a shared responsibility. Due to information asymmetry, effective solutions require cooperation between regulators and gatekeepers. In line with the initial warning against binary choices, it would not be possible to have a productive discussion if security risks are over-prioritized vis-à-vis competition and used to completely neutralise the effects of DMA obligations. This would distort the balance between the DMA’s primary goal and its safeguards. Therefore, it is the responsibility of gatekeepers to develop technical solutions that reconcile the dual need for competition and user security. In turn, the Commission must remain open-minded and be willing to consider the specific features of each proposed solution.
Against this background, the European Open Banking experience shows that competition and security can coexist. By mandating secure third-party access to financial data, Open Banking empowered consumers while implementing safeguards like strong authentication to prevent fraud. While not directly comparable to the DMA, this example demonstrates that technical solutions can be designed to enhance competition without compromising security. Therefore, implementing the DMA should not be seen as a Hamlet-like dilemma between competition and security.
Disclaimer: www.BrusselsReport.eu will under no circumstance be held legally responsible or liable for the content of any article appearing on the website, as only the author of an article is legally responsible for that, also in accordance with the terms of use.
