The Digital Markets Act

Background

Online platforms have been a significant focus of recent antitrust enforcement. Tech giants have been the subject of competition law investigations relating to a range of conduct including self-preferencing in the ranking of search results, the bundling of apps (and other alleged anti-competitive leveraging strategies), the collection, usage and sharing of data, and the setting of access conditions to mobile ecosystems and app stores.

The duration and complexity of these investigations (some of which remain ongoing) has been met with concerns that competition authorities are not sufficiently well equipped to protect competition in fast-moving digital markets. These concerns have been amplified by the growth in size and importance of online platforms, their significant economies of scale and network effects, and the risk that market power in digital markets can become quickly entrenched.

The Digital Market Act (DMA) was adopted in response to these concerns to establish a uniform ex-ante regulatory regime to make digital markets fairer and more competitive, and to prevent a fragmentation of the EU’s internal market.

The entry into force of the DMA on 1 November therefore has important practical consequences for businesses in many different markets. It constitutes an important development in the regulation of the digital economy by giving the European Commission significantly more powers to control the behaviour of large online platforms and intervene in the functioning of digital markets.

The scope of application of the DMA

The DMA applies to online platforms that are gatekeepers in the provision of the following “core platform services” (CPS):

• online intermediation services;
• search engines;
• social networking sites;
• video-sharing platforms;
• instant messaging services;
• mobile operating systems;
• browsers;
• virtual assistants;
• cloud computing services; and
• certain online advertising services.

A gatekeeper is defined as an online platform that has a strong economic position, a significant impact on the EU’s internal market, and a strong intermediation position (i.e. it is an important gateway between a large number of users and businesses) in relation to one or more CPS. The platform must also have (or be about to acquire) an entrenched and durable market position.

As a shortcut for identifying online platforms that meet these cumulative conditions, the DMA uses a series of quantitative thresholds based on a platform’s geographic reach, revenues or market valuation, number of active users and the durability of its market position.¹ A platform that meets the thresholds for one or more CPS is presumed to be a gatekeeper and must notify the Commission which will then designate the platform as a gatekeeper for each relevant CPS. 

The presumption attached to the quantitative thresholds can be rebutted if a platform can demonstrate that despite meeting the thresholds, it does not fulfil the requirements for designation as a gatekeeper.  This possibility, which exists to avoid situations of potential regulatory overreach, is however likely to be relevant only in exceptional cases.  

Precisely what evidence will need to be presented to the Commission to rebut the presumption has not been fully articulated, though evidence seeking to demonstrate that efficiencies arise from a specific type of conduct will not be accepted. The same applies to any evidence (or arguments) relating to market definition. This is consistent with the fact that a platform can be a gatekeeper without a dominant position on any given market since the regulatory scope of the DMA extends beyond established EU competition law principles.  

If a platform falls below the quantitative thresholds, despite having substantial market power, the Commission can still designate that platform as a gatekeeper after having undertaken a market investigation, it concludes that it should be so designated. Similarly, even if it has not yet acquired an established and durable market position, an online platform can be designated as an “emerging gatekeeper” for one or more CPS, if the Commission concludes that it has a significant impact on the internal market and has already become an important gateway between businesses and end users.  

Finally, the Commission also has the power to conduct market investigations to review the state and evolution of digital markets and verify if new platform services have emerged which should be added to the list of CPS and/or if additional business practices should be prohibited by the DMA.² If the Commission finds that such services and/or practices exist, it can (through the adoption of delegated legislation) expand the scope and regulatory reach of the DMA.

It remains to be seen if these mechanisms will be flexible enough to future proof the DMA and allow the Commission to stay ahead of developments in the digital economy and adapt its regulatory powers accordingly.

The obligations imposed by the DMA on online platforms: a summary of the dos and don'ts

The DMA creates a mandatory set of rules for online platforms which are designated as gatekeepers for one or more CPS. The rules are intended to stop gatekeepers from imposing unfair terms and conditions on businesses and end users and ensure effective competition within and between different digital ecosystems.  

The rules reflect, and are largely modelled on, the enforcement experience acquired by the Commission in previous digital antitrust cases and comprise the following (overlapping) categories of obligations.

Obligations to prevent the leveraging of market power across different digital markets

• A gatekeeper must ensure that end users can easily unsubscribe or uninstall pre-installed core platform services or change the default settings of the operating system, web browser, and/or virtual assistant.
• Similarly, app developers cannot be forced to use a gatekeeper’s identification services, web browser engines or in-app payment systems to gain access to its app store.
• The DMA also prohibits self-preferencing to prevent gatekeepers from discriminating and treating their own goods and services more favourably than those of third parties.

Obligations to overcome barriers to entry or expansion and facilitate switching and multi-homing

• These include obligations to give fair, reasonable, and non-discriminatory (FRAND) access to app stores, search engines and social networking services. There is also an obligation imposed on a gatekeeper to share with rival search engines on FRAND terms anonymised ranking, query, click and viewing data for free and paid search generated by end users on its online search engine
• Interoperability is another important feature of the DMA. End users must, for example, be able to install third party apps or app stores (e.g. through so called “side loading”) that can interoperate with a gatekeeper’s operating system. A platform must also enable interoperability for third party messaging services if it has been designated as a gatekeeper for such services.  A gatekeeper can, however, take strictly necessary and proportionate measures to ensure that interoperability does not compromise the integrity of its ecosystem.
• Gatekeepers for online intermediation services must allow business users to offer their products/services on better terms on other platforms or their own website (i.e. both wide and narrow MFNs are prohibited). Furthermore, to prevent market foreclosure, there is a prohibition of so-called “anti-steering provisions” to ensure that app developers can contract with end users outside the gatekeeper’s app store.

Advertising-related transparency obligations

• Gatekeepers providing online advertising services will need to give business users free access to their performance measuring tools and to all the necessary information concerning the price, fees and performance of their advertisements. This is designed to reduce the opacity which can characterise online advertising and give advertisers and publishers more information and knowledge about the conditions of the online advertising services they purchase. The main objective behind such greater transparency is to facilitate switching between online advertising services providers whose performance advertisers and publishers will be able to compare more easily.

Obligations related to the exploitation and sharing of business and user data

• The DMA prohibits a gatekeeper from combining, without user consent, personal data collected through its CPS with data sourced from other services. A gatekeeper will also be required to facilitate free and effective data portability for data generated through its core platform and business users will be entitled to have access to the data generated by their activities.
• Another important data-related provision aimed at avoiding unfair distortions of competition is the prohibition which prevents gatekeepers from using non-publicly available data generated or provided on their CPS by business users (or their customers) to compete against those same business users.

Obligation to report planned transactions to the Commission

Gatekeepers must report all planned acquisitions to assist the Commission in monitoring market developments and potentially problematic transactions (including so-called “killer acquisitions”) falling below the thresholds of EU and/or national merger control regimes. The Commission can invite EU Member States to refer such transactions to it for review (pursuant to the Article 22 referral mechanism under the EU merger regulation), even if they do not trigger any national merger control thresholds, as was recently confirmed by the General Court in the Illumina/Grail judgment (though an appeal is pending to the European Court of Justice).

What's next?

From 2 May 2023, online platforms that meet the DMA’s quantitative thresholds will have two months to notify the Commission. In turn, the Commission will have 45 days to adopt a designation decision (subject to review by the EU courts) and once designated, gatekeepers will have six months to comply with their obligations and report back to the Commission.

Public enforcement of the DMA is centralised and lies in the hands of the Commission which has extensive powers of investigation. Only the Commission can designate platforms as gatekeepers and impose fines if a platform breaches its obligations. These fines can be significant, up to 10% of worldwide turnover and 20% in cases of recidivism.³ The Commission also has the power to adopt interim measures, accept binding commitments, and impose behavioural as well as ultimately structural remedies in case of systematic non-compliance.

The Commission will issue guidance in the first quarter of 2023 on how gatekeepers can comply with their obligations but the interpretation and application of the DMA will not always be straightforward.  

The Commission will, for example, have to determine if access conditions imposed by gatekeepers are fair, reasonable, and non-discriminatory. It will also have to examine the justification and proportionality of measures taken by online platforms to protect the privacy, security and/or online safety of their ecosystem particularly if such measures could reduce interoperability for third parties. It will be necessary to strike a balance between the legitimate interests these measures are designed to safeguard and the preservation of effective competition. This is likely to lead to difficult technical and legal questions which the Commission will need to address, especially since large online platforms can be expected to defend their conduct where important commercial and/or strategic interests are at stake.

There is a question around whether the Commission will have sufficient resources to enforce the DMA, including enough technology experts, engineers, and computer and data scientists. This may prove to be a challenge, at least initially, given the amount of work the DMA will produce for the Commission.  

National competition authorities, whilst lacking the power to enforce the DMA, will be able to assist the Commission but the extent to which those authorities will be prepared to do so remains to be seen. In addition, national authorities have been at the forefront of antitrust investigations against online platforms and it is not clear if they will continue to do so in the future, particularly if the same matters can be addressed under the DMA. It is possible that some authorities will actively continue to pursue antitrust cases against online platforms whilst others shift their enforcement focus elsewhere.

Another important question relates to the interaction between public and private enforcement since the obligations imposed by the DMA on designated gatekeepers are directly applicable and self-executing, enabling businesses harmed by breaches of those obligations to seek to enforce their rights (and where relevant claim damages) directly before national courts in addition to or instead of complaining to the Commission.

These different issues will all need to be worked through in practice and will have important consequences for the future shape and enforcement of the DMA. It is therefore too early to say whether the DMA will deliver on its objectives to introduce more competition and fairness into digital markets.  

However, there is little doubt that the DMA has potentially significant implications for the business models as well as the technological configuration of large online platforms and that it could become a gamechanger not only for those who operate such platforms but also for the many businesses that rely on them in their day-to-day commercial activities.

¹A platform is presumed to be a gatekeeper when (i) it offers services in at least three member states, (ii) has revenues of at least €7.5bn within the EU or a market valuation of at least €75bn in the last financial year and (iii) has more than 45m monthly active end users in the EU and at least 10,000 yearly active business users established in the EU, in each of the last three financial years.

² The Commission must endeavour to complete its market investigation within five months from the opening of the investigation, with preliminary findings to be communicated within three months.

³ Recidivism will arise if a breach has already been committed in relation to the same CPS in the previous eight years.