On 15 December the European Commission announced far-reaching proposals for regulation of the digital sector in the form of a Digital Services Act (DSA) and a Digital Markets Act (DMA).

In summary

  • the DSA contains new rules including on illegal content and transparency. It applies to all online platforms, with additional rules for “very large platforms”
  • the DMA contains ex-ante rules that “gatekeeper” platforms must follow to prevent them “imposing unfair conditions on businesses and consumers and at ensuring the openness of important digital services

These are legislative proposals – they now pass to the European Council and European Parliament for debate, amendment and adoption into law. The Commission does not expect them to come into force until the end of 2022.

Culmination of reports and consultations

These proposals are part of the Commission’s policy to make “A Europe fit for the Digital Age”, one of the six priorities for Ursula von der Leyen’s Commission which runs from 2019 to 2024. They follow in particular policy papers and consultations in the spring and summer this year under the headings of a Digital Services Act package (here and here) and a New Competition Tool (see our blogs here and here).

They also reflect debates and reports over a number of years, including the 2019 report for the Commission “Competition Policy for the digital era” and various resolutions from the European Parliament (in particular here, here and here). The Digital Markets Act builds in particular on the Platform to Business Regulation (which has only just come into force), on the findings of the EU Observatory on the Online Platform Economy, and on Commission’s experience enforcing competition law in the digital sector.

Digital Services Act

The Commission notes that the DSA “[Builds] on the key principles set out in the e-Commerce Directive, which remain valid today” and “seeks to ensure the best conditions for the provision of innovative digital services in the internal market, to contribute to online safety and the protection of fundamental rights, and to set a robust and durable governance structure for the effective supervision of providers of intermediary services.”

We have posted on the DSA separately here.

Digital Markets Act

The DMA is concerned with “economic imbalances, unfair business practices by gatekeepers and their negative consequences, such as weakened contestability of platform markets”.

As proposed, it applies to “gatekeepers” providing “core platform services” – it does not apply to all digital services.

Gatekeepers will be designated by the Commission, and must comply with a list of “do’s” and don’ts”.

What is a “core platform service”

This is defined as: (a) online intermediation services; (b) online search engines; (c) online social networking services; (d) video-sharing platform services; (e) number-independent interpersonal communication services; (f) operating systems; (g) cloud computing services; and (h) advertising services, including any advertising networks, advertising exchanges and any other advertising intermediation services, provided by a provider of any of the core platform services listed in points (a) to (g).

Other digital services are therefore currently outside the scope of the DMA. However, following a market investigation, the Commission can propose that the DMA be amended to include additional services in the digital sector.

What is a “gatekeeper”?

The Commission considers that gatekeepers “play a particularly important role in the internal market because of their size and their importance as gateways for business users to reach their customers”.

The legal test differs from tests used in competition law: there is no requirement, for example, that a company holds a dominant position or market power.

Criteria for designation

The Commission shall designate a platform as gatekeeper if it:

  • has significant impact on the internal market.
  • operates a core platform service which serves as an important gateway for business users to reach end users.
  • enjoys an entrenched and durable position in its operations or it is foreseeable that it will enjoy such a position in the near future.

Rebuttable presumption based on thresholds

If a company meets certain quantitative thresholds, there is a rebuttable presumption that it is a gatekeeper (designation by the Commission is still required). Corresponding to the three criteria, these are:

  • significant impact is presumed if it (a) has annual turnover in the EEA > € 6.5 billion in the last three years, or market capitalisation/ equivalent fair market value >65 billion in the last year, and (b) provides a core platform service in at least three Member States
  • important gateway is presumed if it has >45 million monthly active users in the EU and >100,000 yearly active business users in the EU in the last year; and
  • entrenched and durable position is presumed if the user and business user thresholds are met in each of the last three financial years.

Companies can present evidence seeking to rebut the presumption that they should be designated as a gatekeeper.

Companies must inform the Commission within three months of meeting the thresholds (if they already meet them, it appears they have three months from the DMA entering into force). The Commission then has up to 60 days to designate the company as a gatekeeper. Where the company presents sufficiently substantiated arguments to rebut the presumption that they should be designated as a gatekeeper, the Commission will open a market investigation to consider the designation under qualitative factors.

Designation following a market investigation

Even if the quantitative thresholds are not met, the Commission can still designate a company as a gatekeeper if it concludes following a market investigation that the criteria for designation are met.

In this assessment it will take account of qualitative factors, namely: (a) the size, including turnover and market capitalisation, operations and position of the provider of core platform services; (b) the number of business users depending on the core platform service to reach end users and the number of end users; (c) entry barriers derived from network effects and data driven advantages, in particular in relation to the provider’s access to and collection of personal and non-personal data or analytics capabilities; (d) scale and scope effects the provider benefits from, including with regard to data; (e) business user or end user lock-in; (f) other structural market characteristics.

In conducting its assessment, the Commission would take into account foreseeable developments of these elements.

Emerging gatekeepers

Where the third criterion is not met, i.e. the company does not yet enjoy an entrenched and durable position, but it is foreseeable that it will in the near future, then a subset of obligations will apply, if proportionate in each case. This is to ensure that the company does not achieve an entrenched and durable position by unfair means.

“Do’s” and “don’ts”

The Commission states that gatekeepers “will carry an extra responsibility to conduct themselves in a way that ensures an open online environment that is fair for businesses and consumers, and open to innovation by all, by complying with specific obligations”. A gatekeeper must comply with the obligations six months after it is designated as a gatekeeper.

The proposed obligations cover:

  • MFNs: must allow business users to offer the same products/services to end users through third party platforms at prices/conditions different from those on the gatekeeper platform
  • Steering: must allow business users to promote their offers and conclude contracts with customers outside the platform
  • Self-preferencing: cannot preference own search rankings or products, and must apply fair and non-discriminatory conditions to such ranking
  • Bundling/leveraging: must allow un-installation of pre-installed software/apps; cannot require business/end users to use one core platform service as a condition to access another; cannot technically restrict the ability of end users to switch between and subscribe to different apps/services to be accessed using the gatekeeper’s operating system
  • Access/interoperability: must allow third parties to interoperate with a gatekeeper’s services on equal terms; allow business users and providers of ancillary services access to and interoperability with the platform’s operating system, hardware or software features by the gatekeeper in provision of any ancillary services; and apply fair and non-discriminatory general conditions of access for business users to app stores
  • Data access/portability for users: must give business/end users effective and immediate access to data they have provided or is generated by their activities on the platform, including data inferred from their use of the platform
  • Collection and aggregation of data: cannot require business users to include any identification service provided by the gatekeeper as part of the business user’s services to their end users; and cannot combine personal data from different sources, unless user was given choice and consented
  • Use of data in dual role: cannot use data provided/generated by business users on their platform to compete with those businesses
  • Access to search data: search engines must provide competitors with access to ranking, query, click and view data, on FRAND terms
  • Transparency for advertisers and publishers: must provide data on price paid by/to advertiser/publisher for the publishing of a given advert, for each different advertising service provided by the gatekeeper; and access to performance measuring tools and information necessary for advertisers and publishers to verify the effectiveness of their ads
  • Freedom to complain: cannot stop business users raising issues with any relevant public authority relating to any practice of gatekeepers

The Commission can sanction gatekeepers for breach of all these obligations. However, a subset are “susceptible of being further specified”. For these, the Commission would be able to specify measures the gatekeeper must take to comply with the obligation. There is little detail in the proposal as to what this may comprise, but the Commission suggests this is a “framework for a possible dialogue between the designated gatekeeper and the Commission in relation to measures that the gatekeeper implements or intends to implement in order to comply with the obligations”.

The obligations can be suspended in exceptional circumstances, or an exemption granted on grounds of public interest.

However, there is not a mechanism to take into account efficiencies or an objective justification.

Following a market investigation the Commission may update the list by a delegated act.

As noted above a limited set of obligations applies to gatekeepers without an entrenched position, if appropriate in the circumstances. The relevant obligations are those relating to MFNs; not technically restricting switching apps/services; allowing access to/interoperability of a platform’s operating system, hardware or software features in certain circumstances; and data portability/access.


Gatekeepers must inform the Commission of all intended concentrations (within the meaning of the EU Merger Regulation (EUMR)) of businesses providing any services in the digital sector, regardless of whether they meet the EUMR thresholds.

This is an information measure, it does not grant the Commission new jurisdiction under the EUMR.

Audits on techniques for profiling of consumers

The Commission requires gatekeepers submit to the Commission an independently audited description of any techniques for profiling of consumers that it applies to or across its core platform services. It should at least provide a description of the basis upon which profiling is performed, including whether personal data and data derived from user activity is relied on, the processing applied, the purpose for which the profile is prepared and eventually used, the impact of such profiling on the gatekeeper’s services, and the steps taken to enable end users to be aware of the relevant use of such profiling, as well as to seek their consent.

This obligation is based on the Commission’s view that an adequate level of transparency of profiling practices facilitates contestability of core platform services, by putting external pressure on gatekeepers to prevent making deep consumer profiling the industry standard, given that potential entrants or start-up providers cannot access data to the same extent and depth, and at a similar scale. It considers this should also allow competitors to differentiate themselves better through the use of superior privacy guaranteeing facilities.

Market investigation tool

To ensure that the DMA stays up with the fast pace of digital markets, the Commission will have the power to carry out market investigations. The purpose of market investigations is three-fold:

  • Designating gatekeepers that are not captured by the quantitative thresholds, or which have presented rebuttal evidence
  • Identifying whether other services within the digital sector should be added to the list of core platform services falling within the scope of the DMA; or whether new practices should be added to the list of do’s and don’ts. This is intended to ensure that the DMA keeps up with the fast pace of digital markets
  • Designing behavioural or structural remedies where a gatekeeper has systematically infringed the DMA

This part of the DMA is a significantly watered down version of the “New Competition Tool” the Commission floated earlier this year. It had consulted on a tool more akin to the UK’s market investigation regime, not limited to digital and with wide power to impose remedies.

Enforcement and sanctions

The Commission will enforce the DMA, not Member State authorities. The DMA contains various powers to enable it to conduct investigations, including to request or require information, conduct interviews and make on-site inspections. These resemble its existing powers under competition legislation.

Following an investigation, it may impose sanctions for non-compliance. These include fines of up to 10% of the gatekeeper’s total worldwide annual turnover, and periodic penalty payments per day of up to 5% of its daily turnover.

For systematic infringements, defined as at least three instances of non-compliance or fines in five years, the Commission can impose “any behavioural or structural remedies which are proportionate to the infringement committed and necessary to ensure compliance”. The Commission can also impose interim measures.

The Commission also flags that the DMA can be enforced directly in national courts, and that this will “facilitate direct actions for damages by those harmed by the conduct of non-complying gatekeepers”.

Enforcement under existing competition tools to continue

The Commission will continue with its vigorous enforcement of existing competition laws (under Articles 101 and 102 TFEU) and the EU Merger Regulation (EUMR).

It has ongoing cases in the digital sector including into Facebook, Apple (here and here), and Amazon, and there are previous decisions under appeal (e.g. Google Shopping). Some of the theories of harm in those cases appear to overlap directly with the proposed list of do’s and don’ts. It will be interesting to see how the DMA proposals progress in parallel with the cases and any subsequent Court challenges.

The Commission is looking to speed up its competition law procedures, including increasing its use of interim measures (as in Broadcom), and to change its policy on merger control referrals to review cases below the EUMR thresholds.

It is also updating a number of its block exemptions and guidance notices, inter alia to take account of digital developments. It has or will, for example, propose updates to its market definition notice (see our latest post), horizontal agreements block exemptions and guidelines, vertical agreements block exemption and guidelines. The various proposals are summarised by the Commission in a useful timeline here. It also has an ongoing market investigation into the Internet of Things.

Next steps: over to the legislators

Given the proposed legal basis (Art. 114 TFEU), the “ordinary legislative procedure” applies, with the European Council and European Parliament as co-legislators. They will debate the proposals, amend, and ultimately adopt (or not) a final text. The Commission is involved in the process, but is not a co-legislator. Adoption does not require unanimity among Member States.

The proposals are likely to be heavily debated by these bodies and stakeholders. By way of example, the Commission received over 3,000 submissions in response to its consultations on the what are now the DSA and DMA earlier this year.

In terms of timing, Commission Executive Vice President Margrethe Vestager commented that “I still think that fast is, give or take, a year and a half and then another six months for the regulation to take effect.” Thus the process may take around two years; but it may be longer. In addition, gatekeepers would not be designated or be subject to the do’s and don’ts immediately when the DMA enters into force.

Final thoughts

Whether and how to regulate digital markets has been a hot topic for a number of years. With its proposals the Commission has increased the temperature further.

They will be watched closely, including by regulators outside the EU. As we posted last week, the UK’s CMA announced its proposals for the design and implementation of a new pro-competition regime for digital markets, including the establishment of a “Digital Markets Unit” and a new competition regime for digital firms with ‘Strategic Market Status’ (SMS).

Given the prevalence digital services the range of companies touched by these proposals will be wide, whether they will be subject to new obligations or benefit from their protections.

Please don’t hesitate to contact one of the HSF competition team for more information. This will remain a key area to watch in 2021 and beyond!


Kyriakos Fountoukakos
Kyriakos Fountoukakos
Managing Partner, Brussels
+32 2 518 1840
Stephen Wisking
Stephen Wisking
Global Head of Practice, London
+44 20 7466 2825
Peter Rowland
Peter Rowland
Of Counsel, Brussels
+32 2 518 1847
Camille Puech
Camille Puech
Senior Associate, Brussels
+32 2 518 1823