In new research, Sarah Hinck and Jasper van den Boom argue that the European Union’s Digital Markets Act’s (DMA) whistleblower tool does not yet bring enough to the table to effectively incentivize potential informants to report on Big Tech violations.

Prominent whistleblower cases such as those involving Edward Snowden, Francis Haugen, Sarah Wynn-Williams and others who have come forward with sensitive information—often at great personal risk—have sparked debates about how informants should be protected against reprisal. In response, the European Parliament adopted in 2019 the Whistleblower Directive (WBD), formalizing individuals’ rights to come forward anonymously and requiring member states to shield informants from reprisals.

In 2024, the European Commission adapted the WBD to the digital economy and launched the Digital Markets Act (DMA) Whistleblower Tool to help individuals and business users receive guidance and report violations of the EU’s ex ante regulatory regime targeting Big Tech platforms. The tool is meant to bolster effective enforcement to achieve a fair and contestable digital economy. It recognizes the power imbalances between Big Tech and its users, many of whom fear retaliation—such as exclusion from services or algorithmic downgrading— from the Big Tech platforms if they complain openly about their business practices. It allows informers to make submissions anonymously or pseudonymously—a distinction not clearly defined in EU law. The platform offers tips for protecting one’s identity (e.g., not using a work device), and at first glance, appears practical and user-friendly.

But as our recent article in the Journal of Antitrust Enforcement reveals, this tool may look better on paper than it performs in practice. While the regulatory logic behind whistleblower protection to incentivize informants by protecting them from retaliation is clear, the tool’s procedural ambiguity and the broader lack of participation rights for third parties (any party but the Big Tech gatekeepers) under the DMA drifts from the stronger procedural protections of the model WBD and risks undermining its effectiveness. The crux of the argument? Anonymity alone may not be enough. Informants also need clarity, protection, and rights.

Power asymmetries in platform markets

The DMA, introduced in 2022, was designed to address structural concerns in digital markets, particularly the dominance of a few platforms such as Alphabet or Meta that serve both as operators and market participants. These gatekeepers, in DMA terms, wield considerable influence over consumers, business users and competitors. Crucially, third parties often possess the internal knowledge needed to reveal gatekeeper non-compliance, such as self-preferencing, a lack of interoperability or discriminatory access conditions.

Yet these same actors—app developers, advertisers, competing browsers—are economically dependent on the gatekeepers who control access, distribution, and revenue. This leaves them vulnerable to retaliation. Apple’s exclusion of game developer Epic Games from the App Store—after it challenged Apple’s rules—illustrates what’s at stake for those who dare to challenge Big Tech. Epic Games fought Apple’s restrictive App Store rules in various proceedings. In response, the hardware icon retaliated by banning Epic’s app from its App Store. Even milder forms of dissent may provoke subtler reprisals, such as algorithmic demotion, degraded interoperability, or silent contractual exclusion which gatekeepers can deploy without leaving fingerprints.

Is whistleblower protection under the DMA a  regulatory facade?

The DMA itself does not grant third parties noteworthy procedural rights that would be comparable to EU competition law. Regarding the protection of whistleblowers, the DMA formally incorporates the WBD to cover reporting of DMA breaches. But we show in our article that this alignment is more cosmetic than functional. The WBD, while broad in scope, was primarily designed to protect employees disclosing misconduct in their own workplaces, not business users and third parties exposing anticompetitive practices by trillion-dollar platforms.

The DMA does not create standalone protections or significant procedural rights protections for third parties to provide information to trigger DMA non-compliance investigations. Instead, it piggybacks on the WBD without specifying how its principles—such as protection against retaliation or reporting channels—apply in the context of whistleblowing under the DMA. For example:

  • Neither the DMA nor the DMA Whistleblower Tool establish clear follow-up obligations for the European Commission once a report on a potential breach of the DMA is received.
  • It does not offer formal procedural rights to the whistleblower to contribute and shape proceedings, such as the right to be heard, even if enforcement is triggered.
  • It fails to define the threshold—e.g., the level of information required—for the Commission to act on anonymous reports.

This creates a vacuum of legal certainty for potential informants of DMA breaches. They are asked to take the risk of reporting but are offered few guarantees in return.

Contrast the DMA Whistleblower Tool with EU competition law, where whistleblowers, especially in cartel cases, can benefit from leniency programs (e.g., immunity from fines in the scenario where they are complicit in the illegal behavior), procedural rights, and participation in proceedings. Although inspired by competition law, the DMA offers none of these protections.

We note that the DMA lacks:

  • A formal complaint mechanism akin to Regulation 1/2003, applicable to EU competition law.
  • A decentralized enforcement structure. Only the Commission enforces the DMA, unlike the network of national competition authorities (NCAs) in antitrust cases, which may reduce trust among potential informants more connected at the national level.
  • A structured incentive system, comparable to leniency fine reductions, that would motivate insiders to report violations.

The main resemblance to competition law is superficial: an online reporting portal, without the procedural clarity or enforcement infrastructure that makes such tools effective.

To some extent, the choice to limit third-party participation is understandable. The DMA is meant to operate quickly. Allowing strong, formalized third-party involvement could complicate timelines and raise expectations about the Commission’s priorities. Preserving discretion helps to keep enforcement agile. But it also raises a key question: what incentive do whistleblowers have to come forward? They take risks with little assurance of protection or impact, and it remains unclear how the Commission will use the information received.

Toward a functional whistleblower framework

We offer several concrete policy recommendations for fixing this gap. Each reflects a broader principle: information asymmetries cannot be corrected without rebalancing.

  1. Increase procedural transparency. Whistleblowers need to know what happens once they submit a report: What is the threshold for action by the Commission? When will they be contacted? How will their identity be safeguarded throughout the investigations? Will they ever learn of the outcome? Currently, the tool functions like a black hole.
  2. Involvement of national competition authorities. While the EU legislator opted for a decentralized enforcement system of the DMA, NCAs could play a vital role as initial contact points, particularly in member states where relationships with local regulators are stronger. This would also reduce the administrative load on the Commission and improve whistleblower trust.
  3. Mandate internal reporting channels.A requirement of the WBD is that companies of a certain size have to establish internal reporting channels through which informants can provide information on misconduct. In a similar fashion, gatekeepers should be required to provide internal mechanisms where insiders including business users are (optionally) able to share concerns about DMA compliance, subject to WBD standards and Commission oversight. Currently, Article 6(11) and 6(12) of the DMA envision alternative dispute resolution for certain disputes – but not a robust reporting infrastructure. Such a requirement would be consistent with the self-executing compliance character of the DMA.
  4. Grant procedural rights to third parties. Informants should be able to formally participate in DMA proceedings or at least receive status updates, similar to complainants in antitrust investigations. Without these rights, the cost-benefit ratio of whistleblowing remains heavily skewed.

Some of these suggestions can be implemented within the current framework, others might require a review of the legal basis of the DMA Whistleblower Tool. However, these suggestions—alone or combined—are capable of strengthening incentives for informants to come forward and contribute to effective DMA enforcement.

Conclusion: The hidden cost of silence

The failure to protect and empower whistleblowers reflects a broader issue: the DMA is still grappling with its enforcement model. While it promises ex ante obligations for gatekeepers, the actual mechanisms for surfacing violations remain thin. Unlike antitrust, where conduct must be investigated and proven, the DMA’s rules are meant to be self-executing. But early experiences show that gatekeepers will test the boundaries, exploit ambiguities, and often adopt formalistic compliance strategies.

Insiders and business users are crucial to exposing these gaps, but only if they are incentivized and protected. Therefore, we conclude that effective enforcement of the DMA depends not just on the Commission’s resolve, but on the willingness of vulnerable insiders to speak up. If they don’t trust the system to protect them—or see no upside to taking the risk—they will stay silent. And without their input, many violations will remain invisible.

In that sense, the DMA Whistleblower Tool is not just a portal, it is a test of the DMA’s institutional credibility. The DMA was designed to curb digital gatekeepers. But unless its enforcement tools are recalibrated to address the very power asymmetries it seeks to dismantle also from a procedural standpoint, the law may falter, not from lack of ambition, but from lack of information.

Authors’ Disclosures: The authors report no conflicts of interest. You can read our disclosure policy here.

Articles represent the opinions of their writers, not necessarily those of the University of Chicago, the Booth School of Business, or its faculty.

Subscribe here for ProMarket’s weekly newsletter, Special Interest, to stay up to date on ProMarket’s coverage of the political economy and other content from the Stigler Center.

Related posts:

  1. Can Middleware Save Social Media From Big Tech?
  2. Does Domestic Competition Help EU Firms Compete Abroad?
  3. A Better Way To Use Ecosystems in Antitrust Analysis
  4. EU and US Antitrust Is Converging on Anti-Monopoly