Gatekeepers, Directors and the Digital Markets Act: Corporate Law at a Crossroads

Gatekeepers, Directors and the Digital Markets Act: Corporate Law at a Crossroads

Introduction

In recent weeks, enforcement activity under the European Union’s Digital Markets Act (DMA) has accelerated, with the Commission issuing several high‑profile compliance notices and opening investigations into designated “gatekeepers” for alleged breaches of interoperability, app distribution and default settings obligations. These developments have immediate significance for corporate governance: multinational technology companies — many incorporated in or governed by UK and other neighbouring jurisdictions — now face concurrent regulatory regimes imposing operational constraints and heavy administrative duties. The legal importance is twofold. First, directors must reconcile statutory and common law duties (including s.172 Companies Act 2006 obligations to promote the company’s success) with binding EU regulatory prescriptions that may affect commercial strategy and shareholder value. Second, the DMA’s extraterritorial reach and steep sanctions raise novel questions about directors’ exposure, liability insurance and fiduciary decision‑making in cross‑border enforcement landscapes.

Legal background

The Digital Markets Act (adopted in 2022) establishes a list of obligations for designated “gatekeepers” to ensure contestable and fair digital markets. Non‑compliance attracts periodic penalty payments and structural remedies. At the domestic level, directors’ duties under the UK Companies Act 2006 — notably s.172 — require directors to act in good faith to promote the company’s success for the benefit of members while having regard to wider stakeholder interests. Foundational corporate doctrines remain salient: the separate legal personality principle (Salomon v A Salomon & Co Ltd [1897] AC 22) and the rule in Foss v Harbottle (1843) 2 Hare 461 constrain the mechanisms by which shareholders can challenge board action. Prest v Petrodel Resources Ltd [2013] UKSC 34 remains the controlling authority on the limited circumstances where the corporate veil will be pierced. European supremacy of EU regulatory law in its field means the DMA can bind entities operating in the internal market even where they are subject to differing national corporate law regimes, producing potential tension when a company’s fiduciary strategy is affected by externally imposed conduct obligations.

Critical analysis

Applying these legal principles to the recent DMA enforcement actions exposes a number of conflicts and compliance challenges. Directors face a classic duty conflict: aggressive compliance with DMA obligations (for example, enabling third‑party app stores or removing anti‑steering clauses) may reduce short‑term revenues or bargaining leverage, potentially disadvantaging shareholders. Conversely, passive resistance to compliance risks substantial fines and reputational harm. Under s.172, directors are required to balance the interests of the company and its members against long‑term prospects and legal compliance; prudent directors will therefore document decision‑making that privileges regulatory compliance where non‑compliance threatens the company’s viability. This approach maps onto common law expectations that directors should have regard to legal risk as part of their duty to promote success.

Enforcement also poses procedural issues. The DMA authorises fines and behavioural remedies that are supervisory and prospective — a marked departure from classic shareholder remedies (derivative actions under the Companies Act or minority oppression claims). Shareholders may seek to use derivative proceedings to compel compliance or to recover damages where mismanagement contributed to regulatory breaches. But the Foss v Harbottle rule and judicial reluctance to pierce the corporate veil (Prest) mean that internal governance remedies and regulatory channels will often be the more effective routes. There is, moreover, a practical contagion risk: boards of group companies may face cross‑jurisdictional obligations, and enforcement against a group member could expose directors to scrutiny under domestic corporate governance codes (e.g., the UK Corporate Governance Code) or trigger fiduciary duty claims in other jurisdictions.

Another legal fault line is jurisdictional reach and the treatment of EU law post‑Brexit. UK incorporated firms that operate in the EU market remain susceptible to DMA obligations in respect of their EU operations. Directors of UK companies must therefore account for EU regulatory impact when making strategic choices domestically. Insurers and indemnifiers will need to revisit D&O (directors and officers) cover wording to address regulatory fines and compliance costs arising under supranational regimes — although many D&O policies exclude fines and penalties.

Opinion and outlook

Professional judgement suggests a three‑pronged response by boards. First, adopt an explicit risk allocation and documentation protocol: board minutes should record how DMA obligations were considered under s.172 criteria, emphasising long‑term shareholder value preservation through regulatory compliance. Second, restructure compliance and legal teams to ensure EU regulatory expertise informs product and commercial decisions early in the lifecycle, reducing the risk of retrofitting remedies. Third, review corporate structures and insurance: group reorganisations that segregate EU‑facing activities may reduce exposure, subject to insolvency and anti‑avoidance rules; D&O policies should be renegotiated to the extent possible to cover defence costs and regulatory investigations.

From a policy standpoint, the DMA’s enforcement trajectory may catalyse a broader convergence between competition/regulatory law and corporate governance norms. Courts and regulators may expect directors to be proactively regulatory‑literate; derivative litigation could evolve to challenge failures of oversight where boards ignored clear regulatory mandates. Legislatures may follow with statutory clarifications that reconcile directors’ duties with compliance obligations in major regulatory regimes.

Conclusion

Recent DMA enforcement actions highlight a shifting corporate law landscape in which regulatory compliance is central to the boardroom’s duty calculus. Directors must reconcile s.172 duties and traditional corporate doctrines with binding supranational obligations that affect strategy and shareholder value. The prudent response combines documented decision‑making, enhanced compliance integration and careful financial and structural risk management. As enforcement intensifies, we should expect corporate governance practice and litigation strategies to adapt accordingly.