The Digital Market Act (DMA) was published in the Official Journal of the European Union on 12 October, and it will enter into force on 1 November. Large digital platforms that offer core platform services as "gatekeepers" will thus be subject to far-reaching regulatory measures by the European Commission.
The DMA is the flagship project of the European Commission's digital strategy and its entry into force is a great success for the EU. There have been calls for stricter rules for large digital platforms for years now, and respective legislative proposals are being discussed in various jurisdictions. However, the European legislator has succeeded in guiding the DMA through the legislative process at record speed. The European Commission presented its legislative proposal in December 2020. On 24 March 2022, the co-legislators, the European Council and European Parliament, were already able to announce a political agreement. As stated, the law will enter into force on 1 November 2022 and the main provisions will apply six months later (i.e. on 2 May 2023).
Unlike many legislative procedures, the Commission's draft, which was already ambitious, was made even stricter by legislators. The result is a comprehensive regulatory approach for large digital companies that can make the EU the pacesetter for digital regulation worldwide. It is safe to say that the DMA will also have an impact beyond the borders of the EU.
Dma with rules for the most important digital gatekeepers
The aim of the DMA is to ensure a functioning internal market through rules for contestability and fairness in digital sector markets. To this end, the DMA is aimed at large digital platforms that offer "core platform services", have a significant impact on the digital economy and have an "entrenched and durable" position on the market. It definitely applies to major US digital companies, and some major European digital players may also fall within its scope. The centrepiece of the DMA are the obligations for these digital gatekeepers in the form of dos and don'ts concerning the core platform services. The specific directly applicable (i.e. self-executing) provisions establish rules of "fair play" for large digital companies. They reflect the Commission's experience in applying antitrust law to digital markets. Even though the DMA, unlike antitrust law, focuses on regulation rather than ex post monitoring, many of the practices regulated in the DMA have been the subject of Commission antitrust proceedings. However, antitrust supervision for abusive conduct remains in place alongside the DMA and is still applicable.
Core platform services: the regulated services in the dma
The DMA regulates certain online services that serve as important interfaces between large numbers of users and businesses. These "core platform services" are characterised in particular by pronounced scale effects, strong network effects, lock-in effects, data-based advantages, lack of multi-homing and vertical integration.
The core platform services are listed in the DMA. This list is decisive, as it defines the scope of the DMA. Only providers of core platform services can be gatekeepers and the obligations of the DMA only apply to core platform services. The core platform services include:
- online intermediation services;
- online search engines;
- social networks;
- video sharing platform services;
- messenger services (number-independent interpersonal communication services);
- operating systems;
- web browsers;
- virtual assistants;
- cloud computing services;
- online advertising services.
Gatekeepers: the addressees of the dma
In digital markets, the services of a few large companies can be unavoidable gateways for undertakings (i.e. business users) to gain access to end users. The providers of such services can also exploit their advantages from one area of activity (e.g. data-driven advantages) in other areas. These gatekeepers are the addressees of the rules of the DMA.
Whether or not a digital company has a gatekeeper role is determined on the basis of a number of cumulative criteria, including the size of the company and the number of end customers and business customers using the company's core platform services in the EU:
- EU-wide turnover of EUR 7.5 billion in each of the last three financial years or fair market value valuation of EUR 75 billion, AND
- provides the same core platform service in three EU member states
- core platform service with at least 45 million monthly active end users AND
- at least 10,000 yearly active business users
- The gateway criterion has been met in each of the last three financial years
An Annex to the DMA explains how to identify active end users and active business users for each core platform service. Undertakings that meet the criteria are required to notify the gatekeeper position to the Commission within two months and provide the Commission with the necessary information to verify the gatekeeper conditions. The Commission is working on an implementing regulation that will include a form for such notification. Undertakings that currently meet the gatekeeper criteria must submit their notification to the Commission by July 2023 (i.e. two months after the relevant rules in the DMA apply on 2 May 2023). The Commission then adopts decisions designating undertakings as gatekeepers within 45 working days.
Gatekeeper obligations: dos and don'ts for core platform services
For each of their core platform services identified in the relevant designation decision, gatekeepers must comply with the obligations under Art. 5, 6 and 7 DMA.
The rules list business practices that the EU legislators found problematic (i.e. the don'ts) when used by gatekeepers with regard to their core platform services (CPS) or by which they wanted to require gatekeepers to behave in certain ways (i.e. dos). Art. 5 DMA contains requirements that are applicable without further specification, while the obligations under Art. 6 DMA are also directly applicable, but can be further specified by the Commission for the individual gatekeeper. Art. 7 DMA includes far-reaching interoperability obligations for messenger services.
Provision | Content
Art. 5 (2) DMA | Prohibition of data combination
Art. 5 (3) DMA | Prohibition of the use of most-favoured nation clauses
Art. 5 (4) DMA | Obligation to allow communication to end users
Art. 5 (5) DMA | Obligation to allow end-users access to services etc. of business users
Art. 5 (6) DMA | Prohibition of restricting users' legal remedies
Art. 5 (7) DMA | Prohibition of tying
Art. 5 (8) DMA | Prohibition of requiring subscriptions with other CPSs
Art. 5 (9) DMA | Obligation to provide advertising customers (i.e. advertisers) with information on advertising prices
Art. 5 (10) DMA | Obligation to provide publishers with information on advertising prices
Art. 6 (2) DMA | Prohibition of data use in competition
Art. 6 (3) DMA | Obligation to allow uninstallation of pre-installed software and to change default settings
Art. 6 (4) DMA | Obligation to allow installation of apps (i.e. side loading)
Art. 6 (5) DMA | Prohibition of self-preferencing in ranking, indexing and crawling
Art. 6 (6) DMA | Prohibition of restricting possibility to switch
Art. 6 (7) DMA | Obligation regarding interoperability
Art. 6 (8) DMA | Obligation to provide advertisers and publishers with access to performance measurement tools
Art. 6 (9) DMA | Obligation to grant end-users access to CPS data
Art. 6 (10) DMA | Obligation to grant business users and authorised third parties access to CPS data
Art. 6 (11) DMA | Obligation to provide search engine operators access to search data on FRAND terms
Art. 6 (12) DMA | Obligation to provide access to app stores, online search engines and online social networks on FRAND terms
Art. 6 (13) DMA | Prohibition of disproportionate conditions to terminate CPSs
Art. 7 DMA | Obligation on interoperability of messenger services
The obligations apply to the respective gatekeeper six months after a gatekeeper designation decision has been issued. The designation decision also sets out the CPS for which the respective gatekeeper must observe the dos and don'ts of the DMA. The exact delineation of the gatekeeper's services and their assignment to the individual CPSs will be the major challenge for the designation process.
Assuming that the notifications are made in July 2023 and, accordingly, the gatekeeper designations in autumn 2023, the dos and don'ts will likely apply in March 2024.
Implementing the dma through monitoring and sanctions
The gatekeeper obligations of the DMA are in principle "self-executing". Gatekeepers are required to implement their dos and don'ts by themselves. To ensure compliance with the DMA they must, among other things, establish a compliance function, and they are subject to audit and reporting obligations that place the burden of proof on them for compliance with the DMA.
Monitoring compliance with the DMA is the responsibility of the Commission, which has at its disposal the arsenal of investigative measures from antitrust law, ranging from requests for information and witness interviews to dawn raids. In the event of infringements, gatekeepers face fines of up to 10% of the group's worldwide turnover. In the event of repeated violations, the fines can amount to 20% of the group's worldwide turnover.
Within the Commission, implementation of the DMA is under the Directorates-General – DG COMP (Competition) and DG CNECT (Communications Networks, Content and Technologies). The allocation of tasks will be thematic, so that, for example, the more technical interoperability issues can be dealt with by DG CNECT while the self-preferencing issues stemming from competition law will be handled by DG COMP. Mixed teams are also a possibility.
Despite the Commission's responsibility for enforcing the DMA, member state authorities can also play an important role. In particular, the DMA allows them to initiate investigations into compliance with the DMA obligations and to report their findings to the Commission. The German legislator is currently planning to create the legal prerequisites for this in Germany, in the 11th amendment to the German Act against Restraints of Competition (GWB).
The role of third party businesses, consumers and private enforcement
The DMA offers various options to third party businesses or consumers who are protected by the DMA's regulations. In the event of possible infringements, they can complain to the Commission or the competent national authorities (in Germany, this will probably be the German Federal Cartel Office). The DMA also includes various transparency provisions on the publication of non-confidential versions of reports on the implementation of the gatekeeper obligations. The Commission has also made it clear that it has no interest in negotiating the implementation of the DMA with gatekeepers behind closed doors. Instead, it relies on input from the market. For example, there is talk of holding workshops with industry representatives.
In addition to supporting regulatory monitoring, third parties will also be able to enforce the new gatekeeper obligations themselves through private enforcement in the civil courts. The changes in German law planned with the 11th Amendment to the German Act against Restraints of Competition (GWB), which would facilitate such private enforcement in Germany, could become extremely important in this context.
What are the next steps?
The DMA was published in the Official Journal of the EU on 12 October 2022 and thus enters into force on 1 November 2022. The DMA will apply from 2 May 2023, at which point undertakings meeting the criteria for gatekeepers will have two months to notify the Commission. Once they are designated as gatekeepers by the Commission, they must adhere to the DMA's dos and don'ts after a period of six months. This will be the case from around March 2024.
The Commission is currently working on a draft implementation regulation, which is expected to go into public consolidation early next year. At the same time, the Commission is setting up its internal structures. The first teams are in the process of being set up and Alberto Bacchiega, an experienced Commission official, has been mentioned as a possible leader. It also seems that DG COMP will create a new directorate for the enforcement of the DMA, which underlines the emphasis the Commission puts on its new powers in the field of digital regulation.
Dr. Björn Herbers M.B.L. Partner, Brussels EU Law Office, Rechtsanwalt
Dr. Fiona Savary Senior Associate, Munich, Rechtsanwältin (Schweiz)