[Kartikeya Kothari is a 4^th year B.A., LL.B. (Hons.) student at Maharashtra National Law University, Mumbai]

Introduction

From WeChat, which is widely used in China, to WhatsApp, which dominates the Indian user market, super-apps have become a defining feature of the digital economy. Super-apps are digital platforms that integrate a wide range of services such as messaging, payments, e-commerce, ride-hailing, and more within a single application. Rather than requiring users to download multiple apps for different needs, a super-app offers a unified interface where diverse functions are seamlessly connected. These platforms typically rely on a common payment system, use data collected across services to personalize offerings, and aim to become essential to users’ daily lives by consolidating multiple digital interactions into one ecosystem. While this enhances user convenience and deepens platform engagement, it also raises regulatory concerns over market concentration, closed ecosystems, and exclusionary practices. The EU’s Digital Markets Act, 2022 (“DMA”) and India’s Draft Digital Competition Bill, 2024 (“DCB”) are both ex-ante frameworks designed to regulate large digital platforms.

This article argues that the DCB falls short in regulating the structural dominance exercised by super-apps. Such dominance is not rooted in any one service alone, but in the seamless integration and control across services, enabling these platforms to cross-leverage data, defaults, and user flows in ways that traditional service-specific regulation cannot adequately capture. To assess whether the DCB can address this challenge, the article conducts a comparative analysis with another ex-ante digital regulation which is the DMA. It identifies five key gaps that limit the DCB’s effectiveness in regulating super-apps: fragmented service-level obligations, lack of interoperability mandates, absence of group-level responsibilities, and the exclusion of AI-based user interfaces.

A.    Fragmented Regulation of Super-Apps Under the DMA and DCB Fails to Capture Ecosystem-Level Dominance

Both the EU’s DMA and India’s DCB adopt an ex-ante framework to regulate large digital platforms offering critical services. These frameworks operate by identifying certain “core” digital services that are likely to raise concerns around contestability and fairness. Under Article 2(2) of the DMA, such services are termed core platform services (CPS), while Schedule I of the DCB refers to them as core digital services (CDS). Firms offering these services may be subject to regulation if they meet certain thresholds relating to size, scale, and market influence. The DMA empowers the European Commission to designate firms as “gatekeepers,” while the DCB authorizes the Competition Commission of India (CCI) to designate entities as Systemically Significant Digital Enterprises (“SSDEs”) under Section 3.

However, neither the DMA nor the DCB explicitly defines or regulate super-apps as integrated digital ecosystems. Instead, regulation is service-specific, not architecture-specific. The regulatory focus is limited to individual services such as messaging, digital payments, app stores, or online advertising that qualify as CPS or CDS. This creates a fragmented enforcement model where each service is evaluated in isolation, without accounting for the structural integration that characterizes super-apps.

This is particularly problematic given how super-apps typically combine multiple functionalities wherein some are offered directly by the platform (first-party), others through group entities, and still others through third-party mini-programs. For example, Paytm offers its own wallet, UPI, and recharge services (first-party); incorporates Paytm Money as a subsidiary (group company); and hosts external players like 1mg and Netmeds via its Mini-App Store (third-party). Despite a shared interface, unified wallet, and seamless data flow, regulatory scrutiny under the DMA or DCB would apply only to individual components that cross regulatory thresholds (e.g., Paytm’s payments service), and not to the super-app as an integrated whole.

This blind spot allows firms to leverage dominance in a regulated market through default settings, cross-promotion, or preferential data access to entrench themselves in unregulated verticals. For instance, Paytm, which operates both a digital wallet and hosts third-party services like 1mg within its app can use its control over the wallet interface to influence user behaviour. It might do this by placing 1mg prominently on the homepage, offering exclusive wallet-based discounts for 1mg purchases, or making it the default option for health-related services. In doing so, Paytm leverages its dominance in digital payments to divert users toward 1mg, even if 1mg itself does not qualify for regulatory scrutiny under SSDE thresholds. Although Section 4(2)(e) of the Competition Act, 2002 prohibits leveraging dominance across markets, its application to deeply integrated digital ecosystems remains technically challenging. Neither the DMA nor the DCB adequately addresses this intra-platform leveraging. Although the DCB introduces the concept of Associate Digital Enterprises (ADEs) which have been defined as corporate affiliates of an SSDE that also provide a CDS and are thereby subject to the same ex‑ante obligations under Section 7, these obligations remain entity‑specific and do not impose binding behavioural constraints at the group level, leaving ecosystem‑wide coordination by super‑apps largely unregulated. Both frameworks offer limited tools to regulate the systemic power of super-apps that operate through seamless coordination. In essence, the DMA and DCB regulate individual services within super-apps but fail to address their integrated, cross-leveraging structure. As a result, ecosystem-level dominance escapes scrutiny, enabling anti-competitive conduct across unregulated verticals.

Although ex-ante regulation is often criticised for potential overreach, the regulatory failure with super-apps lies in under-regulation. Their structural power is embedded in design choices and user flow architecture that ex-post enforcement mechanisms are ill-equipped to address in a timely or effective manner.

B.    Service-Specific Obligations Apply Post Designation as Gatekeeper or SSDE

Although neither the DMA nor the DCB treats super-apps as unified platforms, once a company is designated as a gatekeeper or SSDE, each service within the super-app such as messaging, payments, or advertising, is individually subject to specific obligations. For instance, Article 5(1) of the DMA states that gatekeepers “shall comply … with respect to each of its core platform services listed in the designation decision,” demonstrating that conduct duties apply service by service and not to the super-app ecosystem as a whole. The following obligations illustrate how existing provisions can partially regulate super-app functionalities, despite the absence of ecosystem-wide oversight.

For instance, Article 6(5) of the DMA and Section 11 of the DCB prohibit gatekeepers or SSDEs from engaging in self-preferencing. In the super-app context, this could restrict in-app bias favouring the enterprise’s own payment tool over third-party options in rankings or default settings. Similarly, Article 6(2) DMA and Section 12(1) DCB prohibit use of non-public business user data for competing purposes curbing scenarios where a super-app operator may leverage transaction-level insights from third-party merchants to promote its own competing service. Anti-steering protections under Article 5(4) DMA and Section 14 DCB ensure that business users retain the freedom to redirect consumers to their own sales channels, countering any attempt by super-apps to lock consumers into internal purchasing flows. Further, Article 5(5) DMA and Section 15 DCB restrict bundling of services, thereby preventing a super-app from making access to its marketplace conditional on the use of its in-house payment solution. Finally, data portability mandates under Article 6(9) DMA and Section 12(3) DCB are particularly relevant for super-app environments, ensuring users can transfer their usage history and contacts to alternative platforms thus reducing exit barriers created by ecosystem lock-in.

C.    Does the Law Require Super-Apps to Interoperate with Rivals?

One of the most notable differences between the two frameworks lies in their treatment of interoperability. Article 7 of the DMA imposes a phased obligation on gatekeepers providing number-independent interpersonal communication services (NIICS), such as WhatsApp, to ensure interoperability with competing messaging services. This means that a user of an alternative app (e.g., Signal) must be able to send a message to a WhatsApp user even without having a WhatsApp account provided both users opt in. This is made technically feasible by requiring WhatsApp to open up its communication protocols (such as APIs) so that other apps can connect and exchange messages. The DMA phases this in over time, starting with one-to-one messaging and file sharing, and later extending to group chats and voice/video calling.

The relevance of interoperability becomes clearer when examined in the context of super-apps that integrate messaging with payments, search, AI, and other services. Without interoperability, these super-apps operate as closed ecosystems where users are locked into one platform for multiple essential services. This can result in reduced consumer choice and diminished market contestability.

In contrast, the DCB does not contain any equivalent obligation. It does not require SSDEs to ensure interoperability with competing services, either for messaging or other core digital functionalities. For example, if a business accepts customer service queries only via WhatsApp, users must also be on WhatsApp, regardless of preference. The absence of interoperability requirements in the DCB is thus a critical limitation in regulating integrated digital ecosystems. This regulatory gap allows Indian super-apps to remain fully closed, increasing lock-in and making it difficult for users and businesses to switch or engage across competing ecosystems. As a result, the absence of interoperability in the DCB undermines its objective of promoting user choice and contestable digital markets.

Closely related to this broader issue of user lock-in is another emerging regulatory blind spot - AI assistants and plugin-based architectures.  Neither the DMA nor the DCB explicitly includes AI assistants or plugin-based architectures within their respective definitions of CPS or CDS. This is significant because super-apps are increasingly incorporating AI functionalities that act as entry points to a variety of in-app services such as chatbots that handle queries, process payments, or navigate users to services like shopping or bookings. For example, Meta's integration of Meta AI into WhatsApp enables users to interact with the platform through an AI layer that can influence their navigation across other services within the app. This AI-driven user interface is not currently treated as a standalone CPS or CDS, thereby placing them beyond the reach of most conduct-related regulatory controls despite their growing influence on user navigation and choice. This exclusion creates a regulatory lacuna, permitting novel digital interfaces that exert substantial influence over user behavior to operate outside the perimeter of ex-ante controls.

Conclusion

The DCB represents a major step forward in India’s approach to platform regulation, particularly in adopting an ex-ante framework for entities with systemic digital power. However, the current architecture of the Bill is not designed to capture the structural dominance exercised by super-apps. Such dominance is not rooted in any single service, but in the ability to control data flows, interface defaults, and user attention across interconnected services. By regulating only individual services that meet standalone thresholds, the DCB fails to recognise this ecosystem-level power as a unit of analysis

This article argues that effective regulation of super-apps must begin with their legal recognition. This could take the form of a statutory definition, or a structural test that identifies platforms with tightly integrated services, shared infrastructure, and coordinated control over user experience. Once recognised, the law must then empower the regulator to impose architecture-level obligations on such platforms that going beyond individual conduct remedies. These should include interoperability mandates to prevent ecosystem lock-in, interface neutrality rules to curb self-preferencing, and data-sharing requirements to ensure fair competition across embedded services. Crucially, AI-based user interfaces and plugin ecosystems which now serve as gatekeeping layers must also be brought within the regulatory perimeter.

It is true that ex-ante digital regulation has invited criticism for potential overreach. But in the case of super-apps, the real risk lies in under-regulation. Traditional ex-post enforcement cannot respond quickly or structurally enough to prevent the consolidation of power through closed design, seamless defaults, and behavioural nudges. Recognising super-apps as a distinct regulatory challenge is not regulatory excess but a necessary evolution in competition law to match the complexity of the digital economy.