The EU’s new Digital Markets Act (DMA) promised to rein in the power of Big Tech with bold rules and it is now starting to deliver. Just a few days ago, the European Commission announced the first fines under the DMA: €500 million for Apple, and €200 million for Meta. Both were found to have violated obligations that aim to open up digital markets: Apple by restricting app developers’ communication with users; Meta by tying consent to personalised advertising.

It was a landmark moment for the new regime but it also exposed a curious gap. Unlike in EU antitrust enforcement or GDPR cases, the Commission has not issued any guidelines on how it will calculate fines under the DMA. And that raises real questions about legal certainty, especially when fines of up to 10% of global turnover, or even 20% for repeat infringements, are on the table. At first glance, the absence of guidelines might seem unremarkable. The DMA itself sets clear maximums: 10% (or 20%) of a company’s worldwide revenue. That’s significant enough to catch any tech giant’s attention. And technically, the Commission isn’t obliged to adopt guidelines; it can fine based directly on the Regulation.

But if you look at how the Commission operates in other areas, this silence becomes intriguing. In antitrust, for instance, the 2006 Fining Guidelines set out how fines are calculated; taking into account gravity, duration, and aggravating or mitigating circumstances. Similarly, in data protection, the European Data Protection Board has published guidance on how GDPR fines should be reasoned and scaled. Once published, these guidelines act as soft law: binding on the Commission itself, anchoring its decisions and offering companies predictability.

One of the core principles of EU law is legal certainty. Companies should be able to foresee, with reasonable clarity, the consequences of breaching a rule. It’s not enough for the rules themselves to be clear; the penalties must also be foreseeable. Otherwise, companies cannot properly calibrate their compliance efforts or assess the risks they are taking.

Without fining guidelines, the Commission keeps maximum flexibility. But for gatekeepers, it means being left in the dark about how serious a breach will be judged, and what the financial fallout could be. A fine could be a slap on the wrist or a corporate earthquake with no clear roadmap in between.

And while the first DMA fines are substantial, they are nowhere near the upper end of the scale. Apple’s €500 million fine, for instance, represents only a small fraction of its annual turnover. The Commission seems to be testing the waters carefully; not reaching for the maximum penalties right away, perhaps to build a credible enforcement record without provoking accusations of overreach.

This moderate approach makes sense. The DMA is new, the rules are complex, and regulators want companies to engage seriously rather than immediately fight every decision in court, though appeals are of course expected. At the same time, the absence of fining guidelines could create long-term risks for enforcement.

First, it opens the door to inconsistencies: different companies, or different cases, might be treated differently without a clear framework. Second, it invites challenges: if a company feels it has been fined unfairly, it can argue that the Commission’s discretion was too broad, or exercised arbitrarily. Courts are generally reluctant to second-guess the Commission on fines, but they do expect decisions to be transparent and reasoned.

Finally, and perhaps most importantly, it could undermine the very trust the DMA seeks to build. The DMA is supposed to create a level playing field, where powerful gatekeepers know exactly what is expected of them. Lack of clarity around sanctions pulls in the opposite direction.

Of course, it’s still early days. The Commission may simply be waiting to gather more enforcement experience before codifying its approach. That’s understandable. Publishing fining guidelines too early could backfire if early cases reveal complexities that weren’t anticipated.

But at some point, clear guidance will become not just helpful, but necessary for regulators, companies, and courts alike. Until then, enforcement under the DMA will continue to walk a fine line: ambitious in its aims, but feeling its way in how hard, and how predictably, to punish non-compliance.

Confidentiality rings have become a familiar feature of EU competition proceedings, particularly in cases where sensitive commercial information must be handled without compromising the rights of defence. These mechanisms, once considered exceptional, are now mainstream tools used in both administrative enforcement and litigation before the EU courts. Yet their increased prevalence raises an important question: are confidentiality rings genuine safeguards ensuring fairness and transparency or are they evolving into legal fictions that mask structural imbalances in procedural rights?

The European Commission has made it clear that confidentiality rings serve a pragmatic function: to allow restricted access to otherwise confidential information, typically by external counsel and independent experts, in order to enable effective defence while preserving the integrity of business secrets. Their role is acknowledged in the Commission’s 2015/2018 best practices, and more formally incorporated in judicial proceedings under Article 103 of the General Court’s Rules of Procedure.

However, the growing reliance on confidentiality rings has not gone unchallenged. The key concern is whether this procedural tool is being used to paper over deeper procedural inadequacies, namely, the persistent tension between the right to effective judicial protection and the Commission’s obligation to protect third-party confidential information under Article 339 TFEU. The current framework places confidentiality rings at the centre of a delicate balancing exercise. The case law is clear that the Commission cannot base its decisions on evidence that the accused has no opportunity to access or contest. Yet, the same case law (e.g. Cementos Portland, NKT) accepts that access can be limited to a closed circle of lawyers or experts, often to the exclusion of the undertaking’s own personnel. The result is a procedural arrangement that allows for an adversarial exchange.

Confidentiality rings are a compromise, a way to maintain the secrecy of commercially sensitive information without violating defence rights. But here lies the risk of circular reasoning. The more the Commission relies on confidentiality claims to limit disclosure, the more necessary it becomes to rely on confidentiality rings to restore fairness. Yet this solution may only reinforce the underlying opacity, particularly when the enforcer is judge, evidence-keeper, and facilitator of access.

Moreover, the case-by-case nature of confidentiality rings introduces inconsistencies. The composition of rings, the level of information disclosed, and the conditions of access vary widely. In some cases, the Commission may push for broad access; in others, information providers (often competitors or leniency applicants) may refuse consent, effectively limiting the scope of the ring. There is no clear legal standard determining when a ring is appropriate, who should be admitted, or what safeguards must be in place. As a result, enforcement risks being guided by procedural negotiations rather than legal principle.

The General Court, to its credit, has developed a more structured framework. Under Article 103 RoP, the Court can assess whether confidential information should be disclosed to a party’s legal counsel under protective measures. In doing so, it can impose confidentiality rings ex officio, subject to strict undertakings. This judicial approach arguably provides a more robust model; less reliant on consent, more grounded in the right to adversarial proceedings. Yet even this system is not immune to criticism. The Court’s discretion in balancing confidentiality against defence rights is necessarily subjective, and undertakings often have no clarity ex ante on what level of access they will be granted.

Which leads to the deeper question: have confidentiality rings become too comfortable a solution? Are they now a procedural shortcut that avoids addressing the real problem, namely, the Commission’s dual role as investigator and arbiter of access to evidence? There is a danger that confidentiality rings, rather than narrowing the scope for discretion, actually expand it. They depend on mutual agreement, but also on Commission-managed opaque frameworks. They promise fairness, but often deliver a filtered version of it.

Ultimately, confidentiality rings must be judged not by their frequency of use, but by their contribution to meaningful procedural rights, without shielding flawed enforcement practices from judicial scrutiny. They must be governed by clear criteria, enforceable safeguards, and an unambiguous commitment to equality of arms. Otherwise, they risk becoming just another tool of administrative convenience; one that gives the appearance of procedural fairness while quietly undermining it.