Competition Market Study of Online Marketplaces in Poland, Latvia and Lithuania

This chapter provides an overview of the legal and regulatory framework applicable to the operations of online marketplaces in Poland, Lithuania and Latvia (see also annex B). It focusses on the legal provisions shaping the behaviour of these platforms and their broader market dynamics, at both the European Union (EU) and national levels. In line with the scope and objectives of this report, this regulatory overview does not cover every applicable law. Instead, the following sections target those rules with a direct influence on competition, market power and marketplace dynamics. Building on the previous chapter’s definition of online marketplaces as multi-sided intermediation services, this overview examines how the current legislative framework intersects with their core operations, ancillary services and broader ecosystems.

Many of the legal domains relevant to the activities of online marketplaces, including competition law, data protection and consumer protection, fall under the exclusive or shared competences of the EU (Articles 3 and 4 of the Treaty on the Functioning of the European Union, TFEU). The EU has legislated extensively in these areas, and, as Member States in the Single Market,1 the three countries of this market study are subject to the principles of primacy and direct effect of EU law.2 This means that European binding legal acts (treaties, regulations, directives and decisions) take precedence over conflicting national laws, and they can be directly invoked before national courts if sufficiently clear, precise and unconditional. Because of this interplay and the high degree of convergence between EU and national laws, the chapter focusses on the European legal framework governing the operations of online marketplaces. However, certain areas may exhibit degrees of divergence, particularly where MS have room for tailored implementation. In such cases, the chapter includes specific references to domestic Polish, Latvian or Lithuanian provisions.

The EU’s legislative efforts in the digital economy have been particularly strong in the past decade (European Parliament, 2024[1]). These efforts fall within a global trend to address the unique characteristics of digital markets and their multi-sided platforms, which can lead to significant market concentration, market tipping and consolidation around few dominant players. The distinctive economic features of these markets3 include economies of scale with zero to minimal marginal costs, direct and indirect network effects that reinforce platform dominance, data-driven feedback loops and conglomerate effects that expand platforms’ influence across connected markets (OECD, 2021[2]).

EU efforts to address these concerns are part of the European Commission’s Digital Single Market (DSM) Strategy, launched in 2015 to eliminate barriers to online transactions, ensure fair competition and maximise the potential benefits of the digital economy.4 Since then, several legal acts with an influence on online marketplaces have been adopted under the DSM umbrella (European Parliament, 2024[1]). Some of the most prominent are the Digital Services Act (DSA),5 the Digital Markets Act (DMA),6 the General Data Protection Regulation (GDPR),7 and the Regulation on promoting fairness and transparency for business users of online intermediation services (P2B Regulation).8 This large and diverse body of legal acts highlights the increasing intersection of competition, consumer protection and data privacy laws in digital markets (Botta and Wiedemann, 2019[3]). Through ex-ante obligations, they aim to address critical market failures such as lack of transparency, information asymmetries, and power imbalances between platforms and their users, ensuring a comprehensive framework to safeguard fairness and contestability, promote competition and protect consumer rights in the digital economy.

Beyond digital-specific legislation, online marketplaces are also governed by traditional regulatory frameworks, particularly competition law provisions established under the TFEU and national laws. The first section of this chapter explores these competition rules. It examines the three core pillars of competition law enforcement: vertical and horizontal agreements, abuse of dominance and merger control. The second section delves into more recent ex-ante competition obligations at the EU level, included in the Digital Markets Act (DMA), which specifically address challenges linked to market power in the digital economy. Finally, the third section analyses non-competition legal frameworks that regulate online marketplaces in their core intermediation services and beyond, extending to ancillary operations and related ecosystems. As these platforms evolve and expand their range of services, they interact with an increasingly complex legal landscape. As previously noted, consumer and data protection laws are among the most significant legal domains for online marketplaces. This section focusses on these and other regulatory areas, such as financial regulations, that have the greatest impact on marketplaces’ functioning and competitive behaviour.

The regulatory review of this chapter centres on binding and codified legal provisions, as these directly influence the behaviour of online marketplaces and affect market dynamics. However, given the complexity and relative novelty of the ex-ante and digital regulations mentioned above, the chapter also includes references to relevant EU and national guidelines, interpretative notices and case law, to provide additional context.

As undertakings9 operating in the EU Single Market, online marketplaces in Latvia, Lithuania and Poland must comply with traditional competition law provisions. Traditional competition law in the EU rests on three distinct but complementary pillars: (i) the control of anticompetitive agreements under Article 101 TFEU, (ii) the control of unilateral conduct by dominant undertakings under Article 102 TFEU and (iii) merger control under Regulation No 139/200410 (merger control). Member States have competition law frameworks largely modelled after these provisions and most require that domestic laws are interpreted accordingly with EU rules. As a result, the enforcement of EU and national competition rules usually leads to consistent outcomes (Whish and Bailey, 2024[4]).

Under Regulation 1/200311 and its parallel enforcement system, the European Commission and Member States share powers to apply Articles 101 and 102 TFEU. This shared enforcement framework governs the first two pillars of competition law, namely the prohibition of anticompetitive agreements (Article 101 TFEU) and the prohibition of abuses of dominance (Article 102 TFEU). The allocation of these powers depends on the geographical scope of the investigated agreement or conduct, its effect on trade between Member States, the financial interests of the EU and its significance for EU competition policy.12 National competition authorities (NCAs) retain exclusive powers to enforce domestic competition rules for agreements and conducts confined to their jurisdictions. The European Commission and NCAs have traditionally employed an ex-post methodology when assessing anticompetitive practices through the lens of Articles 101 and 102 TFEU. Lastly, enforcement of the third pillar of competition law (merger control) is similarly divided between NCAs and the European Commission, depending on whether the concentration meets the criteria for a “Union dimension” (Whish and Bailey, 2024[4]).

The principles, prohibitions and presumptions of competition law in Poland, Lithuania and Latvia are largely harmonised with EU rules. However, some variation exists in enforcement due to differences in investigative powers of national authorities, distinct institutional settings, broader legal systems and varying national priorities. Building on this alignment, this section provides an overview of EU competition law rules applicable to online marketplaces in the three jurisdictions, with references to domestic equivalents where relevant.

Online marketplaces must ensure that their commercial activities and interactions with other players in the market comply with Article 101 TFEU, which targets anticompetitive co‑ordination between independent undertakings. Article 101 TFEU prohibits agreements, decisions and concerted practices between undertakings that prevent, restrict, or distort competition, whether at the same or different levels of the supply chain. Its scope is horizontal and vertical, covering both collusion between competitors and restrictive arrangements along the supply chain. This provision thus applies to interactions with direct competitors, but also to interactions upstream with manufacturers or suppliers and downstream with independent sellers. At the national level, Poland, Lithuania and Latvia have similar provisions in place. In Poland, Article 6 of the Competition Act establishes a general prohibition of anticompetitive agreements, while Articles 7 and 8 outline the applicable exemptions.13 Similarly, in Lithuania, Article 5 of the Law on Competition prohibits anticompetitive agreements, with Article 6 specifying the conditions under which exemptions may apply. In Latvia, Article 11 of the Competition Law addresses both the prohibition and exemptions for such agreements. There is no major divergence between these domestic provisions, as they are all closely aligned with EU rules.

Article 102 TFEU is relevant to online marketplaces with a dominant position, focussing on the unilateral conduct of undertakings with substantial market power. Online marketplaces that hold a dominant position must avoid exploitative and exclusionary abuses of their market power. Dominance is a legal notion that has been extensively developed in case law14 and can be equated to the economic concept of substantial market power15 (Whish and Bailey, 2024[4]). While Article 101 TFEU applies to all anticompetitive agreements by online marketplaces, Article 102 TFEU only applies exclusively to unilateral conducts and only where dominance is established. However, both rely on ex-post enforcement, meaning they address anticompetitive agreements and conducts after they have occurred.

It is important to stress that this TFEU provision is applied to new conducts and business practices as markets evolve (Whish and Bailey, 2024[4]). This is particularly relevant for online marketplaces and the digital markets in which they operate. Factors such as network effects, data-driven advantages and economies of scope16 often complicate the evaluation of market power, especially when traditional indicators like market shares fail to capture the dynamics of digital markets and platforms (OECD, 2022[5]). For this reason, the European Commission has for years been working on new theories of harm to substantiate its abuse of dominance decisions in evolving contexts, often leading to complaints of legal uncertainty and unpredictability (Whish and Bailey, 2024[4]).

Because of the particularities explained above, underenforcement or delayed enforcement is particularly concerning for digital markets, which are often shaped by winner-takes-all dynamics and they can rapidly tip, leading to entrenched consolidation. As following sections will explain in detail, this is partly the rationale behind recent ex-ante regulatory regimes, which aim to complement pre‑existing TFEU and national ex-post provisions (OECD, 2021[2]). Lastly, Poland, Lithuania and Latvia have each introduced national equivalents of Article 102 TFEU, which are enforceable through their respective competition authorities.17 Under Regulation 1/2003, Member States can adopt and enforce unilateral conduct provisions stricter than their TFEU equivalent.

The third pillar of traditional competition law is merger control.18 Regulation 139/2004 (“the Merger Regulation’’) applies to all concentrations with a “Community dimension”, which is based on turnover thresholds.19 The Merger Regulation defines “concentrations’’, as business transactions leading to a change in the control of an undertaking, and they include mergers, asset and share acquisitions and the creation of joint ventures.20 The European Commission adopts an ex-ante approach to their control, assessing potential impacts on competition before the concentration is implemented. For this purpose, concentrations must be notified when they meet the “Community dimension’’.

This compulsory notification system is complemented by a voluntary referral mechanism (OECD, 2020[6]). Under this mechanism, NCAs may refer21 concentrations to the EC for review, even if they do not meet the EU dimension thresholds (but still satisfy national review criteria). For this reason, concentrations by online marketplaces in Poland, Lithuania and Latvia might be reviewed by the European Commission even when they do not meet the thresholds of the Merger Regulation.

Merger review in digital markets presents unique challenges and risks of under-enforcement, for two main reasons. First, the digital sector is prone to acquisitions of startups with low revenue and little monetisation of their services, usually referred to as “nascent” or “killer” acquisitions22 (OECD, 2020[6]). These concentrations often fall below the turnover notification thresholds in the EU Merger Regulation (OECD, 2020[6]), allowing potentially anticompetitive mergers to go unnoticed or unremedied (OECD, 2020[6]). Second, substantive merger assessment can become challenging in digital markets,23 as theories of harm based on price increases or market shares may fail to address non-price central dimensions of competition, including innovation, data aggregation and quality degradation (OECD, 2023[7]). To strengthen the review of acquisitions by large platforms, the recent ex-ante competition regulation introduced by the DMA obliges designated platforms to inform the Commission about their mergers which concern core platform services, other services in the digital sector or which enable the collection of data irrespective of whether they meet national or EU notification thresholds.24 This regime is explained in detail in the following section.

Lastly, concentrations by online marketplaces in Poland, Lithuania and Latvia that do not meet EU thresholds might still be scrutinised by the competent NCAs if they meet national thresholds (unless they are voluntarily referred to the European Commission25). While each country sets distinct merger notification thresholds,26 their merger review frameworks align closely with the EU Merger Regulation and adopt similar criteria for assessing transactions, particularly regarding the concept of a change of control.

As introduced above, the specific features of digital markets bring significant challenges to traditional competition law enforcement. The main regulatory response at the EU level has been the DMA,27 aiming to ensure effective and timely enforcement (OECD, 2021[2]). This ex-ante regulatory framework complements Articles 101 and 102 TFEU and the Merger Regulation, in order to fully capture the potential accumulation and abuse of market power by digital platforms (OECD, 2021[2]). As of January 2026, among the online marketplaces operating in Poland, Lithuania and Latvia (and thus covered in this market study), only Amazon28 is subject to the DMA.29 For this reason, the pre‑emptive obligations described below do not currently apply to most online marketplaces in the three countries. Platforms should, however, remain vigilant as they grow their userbase, revenue and geographical scope of operations. Any online marketplace that reaches the quantitative thresholds outlined below is obliged to notify the EC no later than two months after doing so.30

While traditional competition law addresses an anticompetitive conduct after it has occurred (except in the case of merger control), the DMA imposes pre‑emptive obligations on designated undertakings to ensure contestability and in the digital sector. Concretely, the DMA applies only to those platforms acting as “gatekeepers” (OECD, 2023[9]). This notion is based on a platform’s role as a gateway that connects business users to end users and it is not explicitly linked to market power (OECD, 2022[5]). The concept of gatekeeper is based on factors such as the intermediatory role of platforms, the significant impact they have on the internal market, and the entrenched and durable position they have in the market (OECD, 2023[9]).

Formal gatekeeper designation relies on three main criteria, listed under Article 3(1): (i) having a significant impact on the internal market; (ii) acting as an important gateway for business users to reach end users through its core platform service; and (iii) holding an entrenched and durable position in its operations, or the foreseeability of achieving such a position in the near future. Building on this framework, Article 3(2) introduces a presumption that an undertaking meeting three cumulative quantitative thresholds will likely fulfil these criteria.31 In addition, Article 3(8) lays down that if the quantitative thresholds are not met, the Commission should assess the gatekeeping role of an undertaking based on other elements, such as the size, operations and position of that undertaking, the number of business and end users, network effects and data driven advantages, scale and scope effects, business user or end user lock-in, conglomerate corporate structure or vertical integration and other structural business or service characteristics.

Online marketplaces, though not explicitly listed among the eight core platform services, can qualify as intermediation services32 (see Chapter 2), making them subject to DMA designation if they meet the quantitative thresholds.33 However, it is important to note that the criteria mentioned above are designed to capture the largest online platforms, who have the potential to cause the greatest competitive harm in the EU Single Market (Cabral et al., 2021[10]).

The core DMA provisions applying to designated gatekeepers are contained in Article 5 (quasi‑automatic obligations) and Article 6 (obligations that need further specification), which include both behavioural restrictions and ex-ante obligations (Cabral et al., 2021[10]). These impositions are wide‑reaching, and include areas such as self-preferencing, interoperability of core services, data accessibility and transparency of advertising. It is important to note that the exhaustive list of do’s and don’ts contained in the DMA is based on per se prohibitions and obligations, meaning that gatekeepers cannot justify their conduct (OECD, 2021[2]). For reasons of scope, this section focusses on those obligations and prohibitions that are most relevant for online marketplaces,34 due to their nature and business model, as described in the previous chapter.

Regarding data use and processing, Article 5(2) prohibits designated online marketplaces from combining personal data obtained through their intermediation services with data from other services, unless explicit consent is provided by the end user. This restriction extends to the processing of third-party data for advertising purposes without consent. In the case of designated hybrid marketplaces, Article 6(5) requires that their own products and services are not treated more favourably in ranking compared to similar products and services of third-party sellers (i.e. business users of the platform). For designated online marketplaces that also offer advertising services, Articles 5(9) and 5(10) mandate transparency in advertising metrics and costs. In this case, gatekeepers must provide business users and advertisers with detailed information about the performance and pricing of advertisements, including the fees paid and the remuneration received by publishers.

According to Articles 5(3), 5(7) and 5(8), gatekeepers cannot force business users or consumers to exclusively use their core platform services. For instance, a designated marketplace cannot mandate that sellers use its payment processing system or logistics services as a prerequisite for listing their products. Similarly, consumers must be free to choose alternative delivery or payment options. Lastly, Articles 6(9) and 6(10) impose data portability obligations, which allow both business and end users to access and transfer data generated through the platform. For designated online marketplaces, this means sellers can retrieve data about their transactions, customer interactions and product performance.

Furthermore, and in response to concerns raised by digital mergers (explained in previous sections), the DMA introduced a new obligation under Article 14(1), requiring gatekeepers to inform the EC of all transactions or “intended concentrations” which concern core platform services, other services in the digital sector or enable the collection of data, regardless of their size. This means that designated online marketplaces must inform the European Commission of every planned concentration, even when it falls below the notification thresholds contained in the Merger Regulation and national laws.35

Ultimately, this rules-based ex-ante regime does not replace traditional competition enforcement. Articles 1(5) to 1(7) DMA clarify the relationship between the DMA and pre‑existing EU and national competition law frameworks. In particular, Article 1(6) states that the DMA does not exclude the application of Articles 101 and 102 TFEU, the EU Merger Regulation, or national competition laws to the same conduct, even where that conduct is subject to obligations under the DMA. For this reason, Articles 101 TFEU, Article 102 TFEU and the Merger Regulation remain fully applicable to all online marketplaces operating in Poland, Lithuania and Latvia, irrespective of whether they are designated as gatekeepers. Online marketplaces designated as gatekeepers are therefore subject to a cumulative system of enforcement, combining DMA obligations with traditional ex-post competition rules.

At the same time, Article 1(5) DMA limits the ability of Member States to impose additional obligations on gatekeepers for the purpose of ensuring contestability and fairness, unless such measures pursue other legitimate public interests and comply with EU law.36 This provision constrains the scope for national ex-ante competition regimes targeting digital platforms, while preserving the role of national authorities in enforcing competition law ex post. Accordingly, none of the three countries covered by this market study has adopted a national ex-ante competition regulation specifically targeting digital platforms.

Nevertheless, national competition authorities retain an important role under the DMA enforcement architecture. Under Article 38(7) DMA, NCAs are empowered to investigate infringements of Articles 5, 6 and 7 by gatekeepers on their territory, provided that national law grants them this competence and the European Commission is informed prior to the investigation.37 This mechanism reinforces the continued involvement of NCAs in the enforcement of competition-related rules in digital markets, while preserving the European Commission’s central co‑ordinating role under the DMA.

In this context, it is worth noticing that the EU digital regulation applicable to online marketplaces is characterised by a differentiated scope of application. As mentioned, the DMA establishes a set of ex ante obligations that apply only to undertakings designated as gatekeepers. As a result, not all online marketplaces operating in Member States are subject to the DMA. Large multinational platforms active across several Member States may fall within the scope of the Regulation, while leading national platforms operating primarily within a single Member State may remain outside its direct application. This reflects the targeted and proportionate design of the DMA, which is intended to address systemic risks associated with entrenched gatekeeper positions at EU level.

In the online marketplace sector, this means that certain platforms active in Poland, Lithuania and Latvia are subject to the DMA’s ex ante obligations, while others are regulated primarily through general EU competition law and national competition and consumer protection frameworks. For example, Amazon, which has been designated as a gatekeeper at EU level, is subject to the DMA’s requirements concerning, inter alia, data use, self-preferencing and certain contractual practices. By contrast, leading national marketplaces such as Allegro are not designated as gatekeepers and therefore continue to operate only under the standard competition law regime applicable at national level.

At this stage of the report, these distinctions are presented solely to describe the applicable regulatory framework. The structure, business models and competitive interactions of the main online marketplaces active in the countries covered by this study are examined in detail in subsequent chapters.

Beyond competition law, several legal domains at both European and national levels play a critical role in shaping the operations of online marketplaces. Key areas of legislation influencing these platforms include online sales of goods, consumer protection, advertising, data protection and privacy, as well as rules on geo-blocking. Together, these laws define the broader regulatory framework within which online marketplaces operate, addressing similar concerns and market failures (Botta and Wiedemann, 2019[3]). However, their interaction remains complex due to differing conceptual frameworks, procedures and enforcement mechanisms (OECD, 2024[11]). For this reason, it is important for online marketplaces to be aware of all legislations applicable to their operations, as compliance with one regulatory domain does not guarantee compliance with others and enforcement may lack co‑ordination or consistency.

Businesses selling goods via online channels (including both third-party sellers and hybrid marketplaces), must ensure that they meet EU regulatory requirements for fairness and transparency. In this regard, in 2000 the European Parliament introduced the “Directive on electronic commerce”.38 The Directive was designed to create a common framework and remove obstacles to cross-border online transactions for marketplaces and other digital platforms selling goods within the EU Single Market. It has been transposed in each jurisdiction to include specific enforcement procedures and local terms.39

In the EU, the Platform-to-Business (P2B) Regulation40 plays a key role in shaping platform-to-business relations by promoting transparency, fairness and effective dispute resolution. Applicable since July 2020, it represents one of the first horizontal instruments to govern the relationship between online intermediation services and the business users relying on them. The Regulation aims to address structural imbalances in bargaining power between platforms and business users, ensuring that commercial users of platforms are treated fairly and have access to redress mechanisms.

While its scope is limited to platform-to-business relationships, the P2B Regulation laid the groundwork for many of the principles later consolidated and expanded under the DMA, in particular obligations on transparency41 (P2B Article 5, DMA Articles 5 and 6), fair treatment and on unilateral conduct by large platforms.

For online marketplaces, the P2B Regulation establishes concrete obligations regarding the communication of changes to terms and conditions, the disclosure of ranking parameters and the availability of internal complaint-handling systems and mediation options. These provisions are designed to mitigate asymmetries in contractual relationships and promote greater predictability and fairness in online intermediation services. The P2B Regulation is complemented by similar laws at the national level.42

Platforms selling goods online must also comply with EU legislation that prohibits unjustified discrimination based on geographic location within the EU Single Market. The Geo-Blocking Regulation,43 prevents online marketplaces from restricting access or refusing transactions based on a consumer’s nationality or place of residence. This includes prohibiting the use of technological measures, such as website redirection or blocking, to deny access to products or services available in other Member States. Specifically, the regulation identifies practices such as refusing sales when delivery is not offered or applying discriminatory terms as unjustified barriers to the EU Single Market. The Geo-Blocking Regulation directly applies to online marketplaces operating in Poland, Lithuania and Latvia by ensuring that consumers from any EU Member State have equal access to goods and services offered on these platforms.

The EU has established a comprehensive framework of policies and legal provisions to empower and protect consumers within the EU Single Market that businesses must comply with. While consumer protection and competition law share the common goal of enhancing consumer welfare, they address it through complementary but distinct approaches. Competition law indirectly safeguards consumer interests by fostering efficient and competitive markets, promoting innovation and ensuring better-quality goods and services at competitive prices. Consumer protection laws, on the other hand, directly shield consumers by recognising their weaker bargaining position and granting them specific rights in their dealings with businesses (Nigussie, 2021[12]). While the EU’s consumer protection legal framework is extensive and addresses a wide range of consumer behaviour, only specific regulations are directly relevant to digital markets. These are outlined below.

In 2020, the EU introduced the “New Consumer Agenda”,44 a consumer policy strategy aimed at enhancing fairness both online and offline through strengthened legislation and new measures. In the context of this agenda, online marketplaces are required to comply with several key EU rules. These include the Unfair Commercial Practices Directive,45 which prohibits misleading and aggressive practices; the Consumer Rights Directive,46 which ensures transparency in contracts and strengthens withdrawal rights; the Price Indication Directive,47 which standardises the display of prices; and the Unfair Contract Terms Directive,48 which protects consumers from unfair terms in standard contracts. Together, these directives establish a robust framework for consumer protection in digital markets.

The recent “Omnibus Directive”,49 also known as the “Better Enforcement and Modernisation Directive,” was introduced to modernise EU consumer protection laws and address challenges arising from the increasing prominence of digital platforms. Adopted on 7 January 2020, the Directive strengthens consumer protection by enhancing price transparency, requiring platforms to disclose if prices are personalised through algorithms. It also ensures the authenticity of consumer reviews and mandates that online marketplaces clarify whether sellers are traders or private individuals. Additionally, the directive introduces stricter penalties for infringements,50 with fines of up to 4% of annual turnover, and establishes clear rules for communicating price reductions and reference prices.

Lastly, since December 2024, online marketplaces must also comply with the EU General Product Safety Regulation (GPSR).51 Unlike its predecessor (the General Product Safety Directive), the GPSR explicitly recognises the role of online marketplaces as key intermediaries in product distribution52 and subjects them to a set of due diligence obligations.53 Among others, they must display essential product information on their interfaces (e.g. name of manufacturer, identification details and safety warnings), suspend business users that repeatedly offer non-compliant or dangerous products, notify users of product recalls and designate a single contact point to facilitate communication with national market surveillance authorities.

Consumer protection laws in three Member States of this market study have been largely harmonised through the EU legislative framework, particularly the Omnibus Directive. However, each country maintains unique distinctions in the implementation and enforcement of these laws. In Poland, the Office of Competition and Consumer Protection (UOKiK) oversees breaches in both competition and consumer law.54 In contrast, Lithuania and Latvia have separate agencies dedicated to consumer protection, operating independently from competition authorities In Lithuania, the State Consumer Rights Protection Authority (Valstybinė vartotojų teisių apsaugos tarnyba) is an agency under the Ministry of Justice prosecuting breaches of consumer law. And in Latvia, the Consumer Rights Protection Centre (Patērētāju tiesību aizsardzības centrs) enforces both consumer rights and advertising laws.55

Advertising plays a central role in the business models of online marketplaces, funding consumer-facing interfaces and driving platform profitability. The online advertising market involves multiple layers of interaction between advertisers, platforms and consumers, with sophisticated mechanisms for targeting and delivering ads. This complexity underscores the importance of understanding the underlying dynamics and legal provisions governing such systems to ensure transparency, fairness and compliance across all participants. In this regard, the Directive on Misleading and Comparative Advertising56 provides a cornerstone of consumer protection in the digital advertising ecosystem, prohibiting misleading advertising and ensuring fairness across the EU. The P2B Regulation57 and the DMA58 have also introduced obligations with a similar purpose.59

Beyond advertising and publishing, online marketplaces must also comply with transparency provisions regarding cross-border parcel delivery. The Regulation on Cross-Border Parcel Delivery Services60 requires parcel delivery providers to disclose pricing information, enabling national regulatory authorities to monitor and assess cross-border tariffs effectively. Online marketplaces, particularly those facilitating cross-border transactions, must ensure that consumers receive clear and comparable pricing information for parcel delivery services.61

Access to vast amounts of consumer and transactional data is a key driver of competitive advantage in digital markets, enabling firms to enhance their market position through deep insights into consumer behaviour and market operations (OECD, 2024[11]). While using data to innovate and maintain a competitive edge in the fast-evolving digital landscape, platforms must carefully adhere to data and privacy laws, ensuring compliance of their operations.

At the EU level, the most relevant of these is the General Data Protection Regulation (GDPR),62 which entered into force in 2016. The GDPR aims to protect the personal data of individuals within the EU by regulating its collection, storage and processing, ensuring that platforms handle data responsibly and transparently. It imposes significant obligations on e‑commerce marketplaces, including obtaining explicit consent for data processing, adhering to data minimisation principles and implementing robust data security measures. Marketplaces must provide clear and accessible privacy policies, allow consumers to exercise rights such as access, rectification and erasure of their data, and ensure that any data shared with third-party vendors complies with GDPR requirements. Additionally, GDPR compliance extends to cross-border data transfers, requiring marketplaces to implement safeguards like Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) when transferring data outside the EU.

The scope of obligations will be soon expanded by the ePrivacy Regulation,63 currently pending adoption. This regulation is intended to complement the GDPR by imposing additional obligations on firms managing electronic communications, including those related to online marketplaces. It will regulate the use of cookies, tracking technologies and metadata handling, introducing stricter consent requirements for data collection and processing. This regulation aims to address gaps in light of technological advances. For online marketplaces, compliance will involve transparency in user behaviour tracking and ensuring robust safeguards for the confidentiality of communications.

Another relevant data-related regulation recently entered into force is the European Data Act. It entered into application on 12 September 2025, establishing harmonised rules to facilitate fair access to and use of data across the EU.64 The regulation is designed to empower users – both consumers and businesses – by granting them greater control over the data generated by connected devices and digital services, including those related to cars, smart appliances and industrial machinery.

For online marketplaces, the Data Act introduces obligations to design products and services to ensure data accessibility and interoperability and mandates that data be made available under fair, reasonable, and non-discriminatory terms. More broadly, it enhances consumer choice by allowing users to access and share data with alternative service providers, enables business users to obtain data on the performance of industrial equipment to improve efficiency and facilitates switching between cloud providers. The Data Act also prohibits unfair contractual terms that could restrict data sharing, thereby fostering innovation and supporting competition throughout the digital economy.

As previously noted, the DMA also imposes specific data-related obligations on designated gatekeepers.65 These include ensuring effective data portability, granting access to data generated by business users on their platforms, and removing restrictions on interoperability of services to foster competition and reduce barriers for businesses and consumers. Regarding portability and access, Articles 6(9) and 6(10) require gatekeepers to provide end users and their authorised third parties with free, effective and real-time data portability tools, as well as ensure that business users and their authorised third parties can access and use both aggregated and non-aggregated data, including personal data, generated through their interactions on the platform. However, access to personal data is subject to user consent and is limited to data directly connected with the business user’s services.

Lastly, the data protection and privacy regulations in Poland, Lithuania and Latvia have been largely harmonised with the GDPR and the broader EU legal framework. However, there are national-specific provisions in each country.66

One last important piece of legislation for digital markets and online marketplaces is the DSA,67 covering many of the legal domains mentioned above. The DSA is the DMA’s companion within the EU’s Digital Services Act package.68 While both aim to address the challenges of the digital economy, they operate with distinct scopes and objectives. As explained, the DMA focusses on regulating large gatekeeper platforms that control critical digital services, with a view to ensuring contestability and fairness of digital markets. Meanwhile, the DSA focusses on online platforms’ responsibilities concerning content moderation, transparency and consumer protection. It addresses risks like illegal content, harmful products and disinformation.

Similar to the DMA, the DSA applies asymmetric obligations based on platform size and impact.69 Platforms designated as Very Large Online Platforms (VLOPs) or Very Large Online Search Engines (VLOSEs)70 face stricter requirements, such as systemic risk assessments, algorithm transparency and independent audits. This designation relies on quantitative criteria, based on the number of “average monthly active recipients of the service”. Smaller platforms (defined according to their intermediation role), while still subject to baseline obligations, benefit from proportionate requirements that reduce compliance burdens.

Online marketplaces, as intermediaries facilitating transactions between businesses and consumers, are classified as platforms and may fall under the VLOP category if they meet the quantitative threshold. Currently, among the marketplaces operating in Poland, Lithuania and Latvia, Amazon, AliExpress, Temu, Shein and Zalando have been designated as a VLOPs under the DSA.71 Other marketplaces in these countries, while not subject to the enhanced obligations imposed on VLOPs, must still adhere to the baseline obligations applicable to all online platforms under the DSA. These include:72 content moderation transparency (Articles 14 and 1573), trader verification (Article 3074), advertising and recommender systems transparency (Articles 24 and 2775), prohibition of dark patterns and manipulative practices (Article 2576) and the protection of minors (Article 2877).

On the other hand, the enhanced obligations for designated VLOPs impose additional responsibilities. Marketplaces designated as VLOPs must conduct regular risk assessments of their services, addressing potential harms such as illegal content dissemination, societal disinformation and algorithmic biases. Furthermore, they must establish independent compliance programmes and undergo annual audits (which are publicly disclosed) to verify adherence to DSA requirements. And regarding their use of algorithms, designated marketplaces must provide regulators with access to information on their algorithmic systems, including their design, logic and performance testing.

By addressing multiple dimensions of platform behaviour (from content moderation to algorithmic transparency) the DSA complements and strengthens the broader legislative framework governing online marketplaces.

Finally, there are two relevant directives that may apply to the payment systems and/or financial regulation of online marketplaces within the EU. First, the Payment Services Directive78 introduces comprehensive requirements for payment service providers (PSPs), including marketplaces facilitating transactions between buyers and sellers. Marketplaces engaging in payment-related activities, such as receiving buyers’ payments on behalf of sellers, must either obtain a payment services license or partner with licensed PSPs. The Directive aims to strengthen consumer protection, increase competition and ensure payment security through measures such as strong customer authentication and enhanced transparency. It also narrows the scope of the “commercial agent exemption,” requiring platforms to act exclusively on behalf of either the buyer or the seller to avoid licensing obligations.

Second, the longstanding VAT Directive79 outlines fiscal compliance requirements for online marketplaces, especially those facilitating cross-border transactions. Since July 2021, marketplaces have been responsible for VAT collection on behalf of sellers in specific scenarios, such as low-value consignments from outside the EU. These rules simplify tax compliance for sellers while ensuring VAT collection aligns with the EU Single Market’s principles. Upcoming changes under the VAT in the Digital Age (ViDA) initiative80 are expected to expand marketplace VAT responsibilities further, focussing on smaller sellers and streamlining digital commerce regulations.

[3] Botta, M. and K. Wiedemann (2019), “The Interaction of EU Competition, Consumer, and Data Protection Law in the Digital Economy: The Regulatory Dilemma in the FacebookOdyssey”, The Antitrust Bulletin, Vol. 64/3, pp. 428-446, https://doi.org/10.1177/0003603X19863590.

[10] Cabral, L. et al. (2021), The EU Digital Markets Act: A Report from a Panel of Economic Experts, https://doi.org/10.2760/139337.

[13] Cunningham, C., F. Ederer and S. Ma (2018), “Killer Acquisitions”, SSRN Electronic Journal, https://doi.org/10.2139/ssrn.3241707.

[1] European Parliament (2024), Fact Sheets on the European Union: The Ubiquitious Digital Single Market, https://www.europarl.europa.eu/erpl-app-public/factsheets/pdf/en/FTU_2.1.7.pdf.

[4] Ltd., B. (ed.) (2024), The Relationship between EU and National Competition Laws, Oxford University Press.

[12] Nigussie, T. (2021), “Competition Law and Consumer Protection: Conflict and Complementarity”, https://ssrn.com/abstract=4114668.

[11] OECD (2024), “The intersection between competition and data privacy”, OECD Roundtables on Competition Policy Papers, No. 310, OECD Publishing, Paris, https://doi.org/10.1787/0dd065a3-en.

[9] OECD (2023), G7 inventory of new rules for digital markets: Analytical note, https://www.oecd.org/competition/analytical-note-on-the-G7-inventory-of-new-rules-for-digital-markets-2023.pdf.

[7] OECD (2023), “Theories of Harm for Digital Mergers”, OECD Roundtables on Competition Policy Papers, No. 293, OECD Publishing, Paris, https://doi.org/10.1787/0099737e-en.

[5] OECD (2022), “The Evolving Concept of Market Power in the Digital Economy”, OECD Roundtables on Competition Policy Papers, No. 278, OECD Publishing, Paris, https://doi.org/10.1787/2cfcb4a8-en.

[2] OECD (2021), “Ex Ante Regulation and Competition in Digital Markets”, OECD Roundtables on Competition Policy Papers, No. 272, OECD Publishing, Paris, https://doi.org/10.1787/c83e178d-en.

[6] OECD (2020), “Start-ups, Killer Acquisitions and Merger Control”, OECD Roundtables on Competition Policy Papers, No. 248, OECD Publishing, Paris, https://doi.org/10.1787/dac52a99-en.

[8] Polish Office of Competition and Consumer Protection (2022), Decision No. DOK‑3/2022, https://decyzje.uokik.gov.pl/bp/dec_prez.nsf/0/769F5864B29603FDC1258B0100424EEE/$file/Allegro_wersja%20jawna%20decyzji.pdf.