TikTok’s EU Gatekeeper Fight Shows How Far Europe’s Big Tech Rules Now Reach

TikTok’s fight with the European Union is not just about one app escaping a regulatory label. It is an early test of whether the EU can use the Digital Markets Act to regulate large digital platforms before they become impossible to dislodge — including platforms that present themselves as challengers to older Big Tech companies.

What TikTok challenged

The European Commission designated ByteDance as a Digital Markets Act “gatekeeper” for TikTok’s online social networking service on 5 September 2023 ^[47]. ByteDance then brought an action seeking to annul that designation ^[3].

TikTok’s central argument was that it should not be treated like the platforms the DMA was mainly designed to constrain. It framed itself as a newer, fast-growing rival to incumbents such as Meta, Alphabet/YouTube and other large platforms, rather than as a company with an entrenched and durable position ^[10]. ByteDance also argued that applying the gatekeeper label to TikTok could undermine the DMA’s pro-competition goal by protecting established platforms from a newer competitor ^[7][9].

That argument did not persuade the EU General Court. On 17 July 2024, the court dismissed ByteDance’s action in Case T-1077/23 and ordered ByteDance to pay the costs, including those linked to the interim-measures proceedings ^[37].

Why the court ruling matters

The ruling matters because it was one of the first substantive judicial tests of the DMA’s gatekeeper-designation system. The General Court upheld the Commission’s approach after ByteDance had met the DMA’s quantitative thresholds and had failed to rebut the gatekeeper presumption ^[33][50].

That gives the Commission stronger footing for a preventive regulatory model. Instead of waiting for years of traditional antitrust litigation, the DMA lets the EU impose obligations on designated gatekeepers once the legal criteria are met ^[47][50].

The case also shows that the DMA is not only a tool aimed at US technology companies. TikTok owner ByteDance was included in the first wave of designated gatekeepers alongside companies such as Alphabet, Amazon, Apple, Meta and Microsoft ^[5].

TikTok’s “challenger” argument versus the DMA’s scale logic

TikTok’s position was politically and commercially intuitive: if the app is disrupting older social networks and video platforms, why regulate it like an incumbent? The court’s answer, in effect, was that scale can be enough to justify DMA scrutiny when the statutory criteria are met ^[33][50].

That distinction is important. The DMA is not only concerned with whether a company once displaced others. It is concerned with whether a platform now operates as a key gateway between users, businesses and markets. Once a service reaches that level of importance, the EU can impose conduct rules designed to keep the market contestable ^[47][53].

How Germany and “European ownership” fit in

Calls for more European control or ownership of TikTok belong to a broader digital-sovereignty debate, not to the DMA gatekeeper case itself. The DMA designation does not create a general legal requirement that TikTok become European-owned.

The political concern is wider: TikTok is ultimately owned by China-based ByteDance, and European policymakers have repeatedly examined risks around foreign influence, security, and access to user data ^[1]. Those concerns overlap with the gatekeeper debate, but they are not the same legal issue. The DMA is mainly a market-contestability law; ownership and national-security concerns sit more naturally in data-protection, cybersecurity, foreign-influence and platform-risk debates ^[1][47].

Data-transfer concerns are a separate pressure point

European scrutiny of TikTok is not limited to competition. The European Parliament research service has identified recurring concerns about Chinese affiliates’ access to user data and broader national-security risks ^[1].

That is why the TikTok debate often jumps between legal regimes. The DMA asks whether TikTok is a gatekeeper in digital markets. Other EU frameworks and policy debates focus on privacy, cybersecurity, systemic platform risk, child protection and foreign influence ^[1].

What Project Clover is supposed to solve

Project Clover is TikTok’s European data-security programme. TikTok announced the initiative under pressure from lawmakers, saying it would begin storing European user data locally, reduce transfers outside the region and reduce employee access to user data ^[17].

TikTok says its European user data is stored by default in a dedicated European data enclave hosted across data centres in Norway, Ireland and the United States. It also says NCC Group has been engaged to independently oversee, check and verify data controls, protections and flows ^[18].

Project Clover is therefore TikTok’s main answer to European data-sovereignty concerns. But it does not remove the DMA designation, and it does not by itself settle whether regulators will view TikTok’s safeguards as sufficient ^[1][18].

Addictive-design and youth-safety scrutiny add to the pressure

TikTok also faces scrutiny over allegedly addictive features and risks to minors. European Parliament research links the platform to wider concerns about addictive design, youth protection and multiple EU laws that can apply to social media services ^[1].

This is mostly separate from the DMA. Addictive-design and child-safety questions fit more closely with platform-risk and consumer-protection frameworks than with the DMA’s gatekeeper test. Still, the political effect is cumulative: TikTok is being treated in Europe not merely as a popular entertainment app, but as a systemic platform whose design, data practices and ownership structure can raise public-interest concerns ^[1].

What penalties are at stake

The immediate consequence of the ruling is that ByteDance must comply with DMA obligations for TikTok as a designated gatekeeper ^[9][37]. DMA coverage can bring significant enforcement risk if a gatekeeper breaches its duties, including financial penalties and behavioural obligations ^[7][53].

TikTok’s broader European risk is cumulative rather than single-track. A DMA problem would sit alongside possible scrutiny under data-protection, platform-safety, consumer-protection and digital-sovereignty frameworks ^[1]. That is why Project Clover, data-transfer concerns, addictive-design scrutiny and ownership debates all matter even though they are not the same as the DMA appeal.

The bottom line

TikTok tried to cast itself as the competitive outsider that the DMA should protect. The EU court instead accepted the Commission’s view that TikTok’s scale and role in the market were enough to keep ByteDance inside the gatekeeper regime ^[33][37].

That makes the case bigger than TikTok. It confirms that Europe’s platform rules can reach fast-growing challengers, non-US companies and services whose risks span more than market power. In Europe, TikTok’s regulatory problem is now a bundle: competition duties under the DMA, data-sovereignty questions, child-safety scrutiny, foreign-influence concerns and the continuing burden of proving that its European safeguards work.