The European Union’s Digital Markets Act (DMA) was published in the Official Journal of the EU on 12 October 2022. The legislation, which regulates large technology platforms, enters into force on 1 November 2022 (20 days after publication) and the notification and review process by which the European Commission (EC) will designate companies as ‘gatekeepers’ starts six months later, on 1 May 2023.
From that date, companies that meet the financial and user thresholds that give rise to a presumption of gatekeeper status have two months to report that, and make any submissions as to why gatekeeper status is not merited (a rebuttal submission). The EC must decide on gatekeeper status within 45 working days of receiving a company’s submission, and designated gatekeeper companies must comply with the applicable DMA obligations within six months of the EC designation decision.
The EC will soon launch a public consultation on the DMA’s implementing regulation, which will include a draft form for designation as a market gatekeeper as well as other procedural rules. The European commissioner for competition, Margrethe Vestager, has also suggested that the EC will organize workshops to collate the views of users, consumers and third parties regarding DMA compliance by large platforms.
The DMA sets out rules defining and prohibiting perceived unfair business practices by large online platforms designated as important gatekeepers between European businesses and consumers. The law will apply in parallel with EU and national competition law rules.
Unless a company submits substantiated arguments to demonstrate the contrary, a company is presumed to have gatekeeper status and fall under the scope of the DMA if it meets the following three criteria:
- It provides a core platform service that serves as an important gateway for business users to reach end users. ‘Core platform service’ includes any of the following: online intermediation services, online search engines, online social networking services, video-sharing platform services, number-independent interpersonal communications services, operating systems, web browsers, virtual assistants, cloud computing services and online advertising services (including any advertising networks, advertising exchanges and any other advertising intermediation services).
- It has a significant impact on the internal EU market. The company has annual turnover of at least €7.5 billion within the EU in each of the past three financial years or an average market valuation of at least €75 billion in the past financial year, and it provides the same core platform service in at least three member states.
- It enjoys an (established or expected) entrenched and durable position. The company has on average a minimum of 45 million monthly end users established or located in the EU and at least 10,000 yearly business users established in the EU in each of the previous three financial years.
The DMA provides that companies self-assess whether they meet the gatekeeper criteria and inform the EC of their status within two months of those thresholds being met. The DMA requires gatekeeper companies to comply with a set of obligations and prohibitions within six months of their designation as gatekeepers.
The DMA prohibits gatekeeper companies from:
- processing end users’ personal data collected from third-party services for the purpose of providing online advertising services without prior consent (Art. 5 (2)(a));
- reusing personal data collected during a service for the purposes of another service without prior consent (Art. 5 (2)(b)-(c));
- preventing business users from offering their products and services under different prices and conditions on their own sales sites, as well as on third-party platforms (i.e., wide and narrow parity clauses) (Art. 5 (3));
- preventing users from making complaints to public authorities (Art. 5 (6));
- requiring users to use certain platform services (e.g., payment systems, identification services, web browser engines or technical services) (Art. 5 (7));
- requiring users to register/subscribe to other core platform services as a condition to use any of the core platform services (Art. 5 (8));
- using business users’ nonpublic data to compete against them (Art. 6(2));
- ranking own products or services higher than those of others (Art. 6(5));
- restricting end users from switching between different apps and services (Art. 6(6)); and
- establishing disproportionate termination conditions for business users; (Art. 6(13))
The DMA requires gatekeeper companies to:
- allow communication and content access between business users and end users (Art. 5(4)(5));
- ensure price and fee transparency in ad intermediation services (Art. 5(9)-(10));
- ensure users can access their marketing or advertising performance data on the platform (Art. 6(8));
- allow end users to easily change default settings and/or uninstall any software apps on an operating system (OS), unless essential for the good functioning of the OS (Art. 6(3));
- allow the installation and use of third-party apps or app stores that do not endanger the integrity of the device or OS (Art. 6(4));
- allow effective interoperability with an OS, hardware or software applications (Art. 6(7));
- ensure the interoperability of instant messaging services’ basic functionalities with those of other platforms (Art. 7);
- ensure the portability of end users’ data to other systems or applications (Art. 6(9));
- provide business users real-time access to their data generated on the platform (Art. 6(10));
- provide other online search engines with fair, reasonable and nondiscriminatory (FRAND) access to ranking, query, click and view data generated by end users on its online search engines (Art. 6(11));
- apply FRAND conditions of access to business users to its software app stores, online search engines and online social networking services (Art. 6(12)); and
- inform the EC of any acquisitions involving core platform services, data collection or the digital sector, irrespective of whether it is notifiable to the EC under the EU Merger Regulation (Art. 14).
The EC will have discretionary power to update the list of obligations and prohibitions through ‘delegated acts’ (i.e., supplementary legislative acts stemming from the DMA), on grounds of fairness or to remove barriers to competition.
Within six months of their designation as gatekeepers, companies will also be required to submit annually to the EC and to publish, in summary form, an independently audited description of any techniques for profiling consumers that the gatekeepers apply to, or across, their core platform services.
Supplementary compliance obligations include: appointment of a compliance monitor role within the organisation; annual reporting and publication of the steps taken by the gatekeeper to comply with the conduct obligations; and an obligation on management to review compliance at least annually.
Enforcement and Sanctions
The EC will be the sole enforcer of the DMA, in close cooperation with the authorities in the EU member states, which will be able to initiate national investigations and bring evidence to the attention of the EC to consider enforcement action. Also, the EC will be able to impose penalties and fines of up to 10% of a company’s worldwide annual turnover and up to 20% of such turnover in the event of repeated infringements.
In the case of systematic infringements of the rules (i.e., at least three violations in eight years), the EC may also impose behavioral or structural remedies on a company to ensure the effectiveness of the DMA’s obligations, including a ban on acquisitions relevant to the infringement. Gatekeepers can also face collective actions from individuals and companies in national courts in cases of noncompliance with DMA obligations.
The DMA will apply in parallel with EU and national competition law rules.