EU Faces Defining DMA Review as Brussels Weighs AI and Cloud Expansion Amid Escalating US Tariff Threats
The European Commission must deliver its first mandatory review of the Digital Markets Act by May 3, weighing calls to expand the law into AI and cloud services while fending off Trump administration tariff threats over $7 billion in cumulative tech fines.
Overview
The European Commission is approaching what may be the most consequential moment in the short history of the Digital Markets Act. By May 3, 2026, the Commission is legally required to deliver its first triennial review of the DMA to the European Parliament, the Council of the European Union, and the European Economic and Social Committee, according to the Commission’s own review timeline. The review arrives at a moment of acute tension: EU tech fines against American companies have surpassed $7 billion in two years, according to CNBC, and the Trump administration is threatening tariff retaliation that could reshape transatlantic trade.
The stakes extend well beyond the existing enforcement actions against Apple, Google, and Meta. Over 450 stakeholders who contributed to the Commission’s public consultation have pushed to expand the DMA’s scope into artificial intelligence and cloud computing, potentially subjecting entirely new categories of services to gatekeeper obligations. If the Commission acts on those recommendations, it would mark the most significant expansion of EU platform regulation since the DMA took effect in May 2023.
What We Know
The DMA’s Enforcement Record So Far
In its first two years of active enforcement, the DMA has produced a series of escalating penalties. Apple was fined EUR 500 million in April 2025 for violating anti-steering obligations that require the company to let app developers inform users about alternative purchasing options outside the App Store, according to the European Commission. Meta received a EUR 200 million fine the same month after the Commission found that its “consent or pay” advertising model, which forced users to either accept personalized advertising or pay a monthly subscription, did not comply with DMA requirements for meaningful consumer choice.
Google faces its own reckoning. The company received a EUR 2.95 billion antitrust fine in September 2025 for distorting competition in advertising technology, and preliminary findings issued in March 2025 suggested additional DMA-specific fines are forthcoming, as CSIS noted in its analysis. Elon Musk’s X platform was fined EUR 120 million in December 2025 for Digital Services Act transparency violations.
The seven designated gatekeepers under the DMA now include five American companies (Alphabet, Amazon, Apple, Meta, and Microsoft), one Chinese company (ByteDance), and one Dutch company (Booking), as CSIS documented. Companies qualify if they meet thresholds of EUR 7.5 billion in annual EU turnover, 45 million monthly active users, and 10,000 annual active business users across three or more member states.
The Expansion Debate: AI and Cloud
The Commission’s public consultation, which ran from July through September 2025 and drew more than 450 responses, revealed broad support for extending the DMA’s reach. Contributions “generally show respondents’ broad support for the DMA’s objectives and indicate that the regulation has already brought benefits,” the Commission stated when publishing its summary in January 2026.
The most significant debate centers on whether AI services should be brought under the DMA’s gatekeeper framework. Some stakeholders, including small and medium-sized enterprises and civil society organizations, argued that AI functionalities already fit within existing core platform service categories such as search engines, virtual assistants, and operating systems. Others called for the creation of an entirely new AI-specific core platform service category aligned with the EU AI Act, which becomes fully enforceable in August 2026.
Cloud computing is the other frontier. The European Commission has already initiated competition probes into Amazon and Microsoft’s cloud operations, and several consultation respondents advocated for formal DMA designation of major cloud platforms. If adopted, this would bring cloud infrastructure under the same interoperability and data portability requirements that currently apply to messaging, social networking, and app distribution.
The gatekeepers themselves pushed back. Platform operators raised objections about the “impact on user experience” and “concerns about proportionality,” according to the Commission’s summary, cautioning that premature expansion could stifle innovation and impose unsustainable compliance costs.
The Transatlantic Collision
The DMA review arrives amid the most serious US-EU confrontation over technology regulation in recent memory. The Trump administration has characterized EU tech enforcement as “lawfare” against American companies and threatened to deploy “every tool at its disposal” in retaliation, according to Fortune.
US Trade Representative Jamieson Greer has argued that American firms provide “substantial free services to EU citizens” and support “millions of jobs and more than $100 billion in direct investment in Europe,” Fortune reported. The administration is preparing a Section 301 investigation under the Trade Act of 1974, the same mechanism previously deployed against China, that could authorize punitive tariffs on European goods.
Specific European companies reportedly under consideration for retaliatory targeting include Spotify, DHL, Siemens, SAP, and Mistral AI, according to Fortune. The administration also imposed visa bans on former EU Commissioner Thierry Breton and four other officials, accusing them of participation in a “global censorship-industrial complex.”
Brussels has shown no sign of retreat. EU Competition Chief Teresa Ribera stated that “there have been moments that we have needed to stand up and say: sorry, but we’re not going to undo our regulation just because you don’t like it,” The Irish Times reported. European officials have described 2026 as the year enforcement becomes the priority, even if it triggers a trade confrontation with Washington.
What We Don’t Know
The Commission’s May 3 review report will signal the direction of EU platform regulation for the next several years, but critical questions remain unanswered.
First, it is unclear whether the Commission will formally recommend expanding the DMA’s scope to AI and cloud services in this review cycle, or whether it will defer action pending the full implementation of the EU AI Act in August 2026. The political calculus is complicated: expanding the DMA simultaneously with the AI Act taking effect could create overlapping compliance obligations that even the Commission’s own supporters have flagged as problematic.
Second, the financial exposure for designated gatekeepers remains uncertain. While individual fines to date have ranged from EUR 120 million to EUR 2.95 billion, the DMA allows penalties of up to 10 percent of global annual turnover for non-compliance and 20 percent for repeat offenders. For a company like Alphabet, with roughly $350 billion in annual revenue, the theoretical maximum penalty exceeds $35 billion.
Third, it remains unknown whether the Trump administration’s Section 301 investigation will proceed to formal action or serve primarily as a negotiating tactic. A full-scale tariff war over technology regulation would be unprecedented between the US and EU, and both sides have incentives to find a diplomatic resolution.
Finally, the interplay between US and EU antitrust enforcement is creating a paradox. The US Department of Justice secured its own remedies against Google on April 11, 2026, prohibiting exclusive distribution contracts and mandating data sharing with competitors. Washington is simultaneously breaking up the same companies it accuses Brussels of unfairly targeting, raising questions about whether the transatlantic dispute is genuinely about regulatory philosophy or primarily about who controls the penalties and remedies.
Analysis
The DMA review represents a fork in the road for European technology regulation. The cautious path would preserve the current scope while strengthening enforcement of existing obligations. The ambitious path would bring AI and cloud services under the gatekeeper framework, creating the world’s most comprehensive ex ante platform regulation regime.
The political dynamics favor expansion. The Commission has invested enormous institutional capital in the DMA and faces domestic pressure to demonstrate results. The consultation feedback provides political cover for broadening the scope, and the simultaneous arrival of the AI Act creates a natural opportunity to harmonize the two regulatory frameworks.
But expansion carries real risks. Each new category of regulated service adds compliance complexity that could slow innovation in the European market, precisely the outcome the DMA was designed to prevent. The gatekeeper designation process is already under strain, as demonstrated by the contested designation of Booking.com, and adding AI and cloud categories would multiply the number of enforcement proceedings the Commission must manage simultaneously.
The transatlantic dimension adds another layer of unpredictability. A DMA expansion into AI would inevitably collide with the Trump administration’s stated goal of preserving American dominance in artificial intelligence. The Section 301 threat is not idle: the Trade Act mechanism requires a formal investigation timeline, and the administration has already demonstrated its willingness to impose tariffs on allies over policy disagreements.
The Commission’s May 3 report will not, by itself, change the law. Legislative amendments to the DMA would require approval from both the European Parliament and the Council, a process that typically takes 18 to 24 months. But the report will frame the debate and signal the Commission’s enforcement priorities for the rest of its mandate, making it a pivotal document for every technology company operating in Europe.