The Digital Markets Act (DMA) is a ground-breaking piece of EU regulation, imposing rules on platforms acting as “gatekeepers” in the digital sector, and aiming to ensure fairness and contestability in digital markets. It will enter into force on 1 November 2022, setting the clock running for gatekeepers to comply.
In summary, it introduces ex ante regulation of gatekeepers’ practices, mandating a set of prohibitions and obligations largely influenced by existing EU competition law infringement decisions and investigations. However it will operate alongside, and not replace, existing EU competition rules.
The rules will be of interest not just to those companies likely to be designated as digital gatekeepers, but also to those using their services. Further, companies and advisors not active in the EU should still be aware of this key development as it is likely to influence competition authorities and legislators outside the EU as they look at how they can best regulate large digital platforms.
The DMA is a key part of a range of new EU regulations for the digital ecosystem – a key policy for the current Commission. Another of particular significance is the Digital Services Act (DSA), also expected to come into force in the coming weeks. Our post on the DSA is here.
In light of the imminent entry into force of the DMA, in this post we outline the key aspects of the DMA at a high level. If you would like to discuss any of these in more detail, do not hesitate to get in touch.
Who will be a gatekeeper?
Not all large digital companies are in scope, and not even all those that are ‘dominant’ under EU competition law.
The DMA catches only those companies which provide a “core platform service” (CPS)1 and satisfy the following criteria: (i) have a significant impact on the internal market; (ii) provide a CPS which is an important gateway for business users to reach end users; and (iii) enjoy an entrenched and durable position (or it is foreseeable that they will do so in the near future)2.
To determine if these criteria are met, the DMA sets out rebuttable presumptions, in the form of quantitative thresholds3. A provider of a CPS will be presumed to:
- have a significant impact on the internal market if it provides the same CPS in at least three EU Member States, and achieves at least EUR 7.5 billion (US$ 8.3 billion) turnover in the EU in each of the last three years or has a market capitalisation of EUR 75 billion (US$ 83 billion) in the last year; and
- provide a CPS which is an important gateway for business users to reach end users, and to hold an entrenched and durable position in the market, if it had, in each of the last three years, at least 45 million monthly active end users and 10,000 yearly active business users in the EU4.
The criteria may also be met by qualitative elements. These include size, including turnover and market capitalisation, operations and position; number of business users using the CPS to reach end users and the number of end users; network effects and data driven advantages; any scale and scope effects from which the undertaking benefits; business user and end user lock-in; conglomerate corporate structure or vertical integration, or other structural or service characteristics5.
While it remains to be seen which companies will be designated as gatekeepers, the Commission anticipates that around 10 to 15 companies may fall within scope.
It is notable that the criteria do not relate to ‘market power’, and whilst many of the obligations and prohibitions in the DMA are modelled on competition law abuses of dominance, it is not necessary that a gatekeeper holds a dominant position, and a company in a dominant position will not necessarily be a gatekeeper.
Gatekeeper status is not automatic – designation by the European Commission is required.
Where a company satisfies the quantitative thresholds, it must inform the Commission without delay and in any event within two months after the thresholds are met6. Following receipt of the necessary information, the Commission will without undue delay and at the latest within 45 days designate the company as a gatekeeper and list the gatekeeper’s CPSs subject to the relevant prohibitions and obligations.
Companies can seek to rebut the presumption of designation “in exceptional circumstances“. If the Commission decides that the potential gatekeeper has presented sufficiently substantiated arguments that manifestly call into question the presumption, it will open a market investigation and conclude within 5 months whether to designate the gatekeeper7.
The Commission may also designate as a gatekeeper a company not satisfying the quantitative thresholds if it considers that the criteria are met under the qualitative elements (see above). In this case, the Commission must conduct a market investigation and reach a decision within 12 months8.
If a company does not hold an “entrenched and durable position” but is expected to do so in the near future, then it may fall under the category of an emerging gatekeeper. If so designated by the Commission the emerging gatekeeper would have to comply with a more limited set of obligations considered necessary to ensure that it does not achieve a gatekeeper position in an unfair manner9.
The substance of the DMA: what behaviour is prohibited or obliged?
Following designation, a gatekeeper will have six months to comply with the prohibitions and obligations set out in Articles 5, 6, and 7 of the DMA10. In summary, these “do’s and don’ts” include the following:
- Use of personal data: a gatekeeper must not process (for providing online advertising services), combine or cross use personal data of end users obtained via its CPS unless the user grants a valid consent11
- Use of business data: a gatekeeper must not use, in competition with business users, any data not publicly available generated or provided by business users in the context of their use of its CPS12
- MFNs: a gatekeeper must not impose wide or narrow MFN clauses, i.e. it must allow business users to offer the same products/services to end users through third party platforms, or their own platforms, at prices/conditions different from those on the gatekeeper’s platform13
- Interoperability: a gatekeeper must allow providers of services and hardware with interoperability with hardware and software features accessed or controlled via its operating system or virtual assistant (where designated as a CPS)14, and must ensure interoperability for number-independent interpersonal communications services to its designated service15
- Access: a gatekeeper must allow, and technically enable, the installation and use of, and access to, competing third-party apps or app stores on its operating system16. It must also not restrict the ability of end users to switch between, or subscribe to, different apps and services accessed using its CPS17
- Anti-steering provisions: a gatekeeper must allow business users to promote their offers and conclude contracts with customers outside its CPS18
- On-platform use: a gatekeeper must allow an end user to access and use, through its CPS, content, subscriptions, features or other items in a business user’s app, including where these items have been acquired from the business user without using its CPS19
- Tying: a gatekeeper must not require business users or end users to use, offer, or interoperate with a gatekeeper’s identification service, web browser engine or payment service in the context of the business users’ services offered through the CPS, and must not require users to subscribe to, or register with, any of the gatekeeper’s other CPSs listed in its designation decision or meeting the quantitative criteria as a condition for being able to access its CPS20
- Configuration choice: a gatekeeper must allow and technically enable end users to (i) easily un-install software applications on its operating system, (ii) easily change default settings on its operating system, virtual assistant and web browser that direct or steer end users to products or services provided by the gatekeeper, and (iii) provide end users choice of online search engine, virtual assistant or web browser to be used by default21
- Access to data: A gatekeeper must give business and end users effective and immediate access to data they have provided or which is generated by their activities on its CPS22. Search engines must provide competitors with access on FRAND terms to ranking, query, click and view data23
- Data portability: a gatekeeper must provide end users, upon their request and free of charge, with effective portability of data provided by the end user or generated through the end user’s activity on its CPS24
- Self-preferencing: a gatekeeper must not treat more favourably in ranking, and related indexing and crawling, its own services and products compared to similar services or products offered by third parties on its platform, and must apply transparent, fair and non-discriminatory conditions to rankings and related indexing and crawling25
- Transparency: a gatekeeper must provide its advertisers and publishers with detailed information on the use of its advertising services and payments from publishers and advertisers26
- Notification of mergers: a gatekeeper must inform the Commission of all intended concentrations (within the meaning of the EU Merger Regulation (EUMR)) where the target provides a CPS or any other digital or data collection services. The obligation applies regardless of whether the concentration meets the EUMR or any national merger control thresholds27. This does not automatically trigger a merger control review, but we expect the Commission to use this provision to alert it to transactions it may seek to review under its new approach to Article 22 EUMR (see our briefing here).
A note of caution is warranted here: the above summary is not exhaustive and does not catch the nuances in some of the prohibitions/obligations. In addition, while gatekeepers must comply with the prohibitions/obligations, they may request guidance from the Commission as to measures they should implement to ensure effective compliance with some of the prohibitions/obligations28.
Who will enforce the DMA?
The Commission, not national authorities. Within the Commission enforcement is expected to be by DG COMP and DG CONNECT.
How does the DMA affect existing competition law?
The DMA is without prejudice to EU and national competition law, meaning that both the Commission and the national competition authorities remain free to conduct separate competition law investigations.
There is an overlap between some of the DMA prohibitions/obligations and existing EU and national competition law. The Commission (and private litigants) may find it easier to bring some cases under the DMA than existing competition law, and therefore the DMA may become the favoured route to address some behaviour by gatekeepers.
Sanctions/ interim measures
For breaches of the prohibitions/obligations in the DMA, the Commission may impose fines of up to 10% of the gatekeeper’s annual worldwide turnover for the first infringement, and up to 20% for repeated infringements29. Additionally, the Commission may impose periodic penalty payments per day of up to 5% of the gatekeeper’s daily turnover30.
The Commission can also adopt interim measures, if it proves serious and irreparable damage31.
Can the Commission impose remedies?
Only if the gatekeeper has engaged in systematic non-compliance. If the Commission identifies three infringements in eight years, it can open an investigation following which, if it finds systematic non-compliance, then it can impose “any behavioural or structural remedies which are proportionate and necessary to ensure effective compliance“. This could include a ban on M&A activity or even a break-up32.
Investigatory powers and rights of defence
The DMA gives the Commission an array of investigatory powers. These are similar in most cases to those of the Commission under existing competition law, although we note that the Commission has not yet published the proposed Implementing Regulation for the DMA and the Implementing Regulation for competition law (Regulation 1/2003) is currently under review.
Key investigatory powers include:
- Requests for the provision of necessary information from companies; as well as conducting interviews with personnel of the companies (where the person consents)33
- Inspections, similar to the dawn raids conducted in competition law cases. The Commission can enter and/or seal the premises, examine books and records, take copies, request explanations, request access to, for example, IT systems, algorithms and data-handling practices and can request assistance from external experts or national authorities in order to carry out the inspections34
- Market investigations35 in order to identify gatekeepers that otherwise would not have been identified based on the quantitative thresholds36 and to determine if new services or practices should fall under the DMA37
Defence rights for gatekeepers (and potential gatekeepers) include38:
- The right to be heard, including to challenge the Commission’s enforcement and sanction measures, and the right to access the file39
- The right to good administration, which refers to impartial, fair and reasonable treatment of a case, as well as provision of a reasoned decision40
- The right to safeguard professional secrecy, including by requesting non-disclosure of information in a Commission decision or respecting EU legal privilege41
The Commission intends to adopt an implementing regulation that will provide further clarity on the requirements of the DMA, in particular procedural aspects, including the notifications of gatekeeper status and technical measures that gatekeepers should adopt to ensure compliance with obligations.
The Commission proposes to adopt the implementing regulation, following consultation, in Q1 202342.
What role for the national competition authorities?
While the Commission has the sole authority to enforce the DMA, it has confirmed that it will cooperate with competition authorities in the EU Member States. As noted above, the Commission can request assistance from national authorities while conducting investigations, and a national authority can initiate an investigation into possible non-compliance with the DMA on its own territory (but may not take a substantive decision)43.
As noted above, national competition authorities will still be able to enforce competition law. They will also be able to enforce other rules imposing further obligations on gatekeepers beyond the scope of the DMA44.
What role for complainants?
Involvement in the Commission’s enforcement
The DMA provides that any third party, including business users, competitors or end-users, may inform a national authority, or the Commission directly, about any practice or behaviour by gatekeepers that falls within the scope of the DMA45. However, the DMA does not provide for a formal complaints mechanism or rights for complainants during an investigation. Nevertheless, it does envisage that the Commission may consult third parties at various points in its investigations.
Can complainants bring private enforcement actions?
Yes, and we expect this to be a key part of ‘enforcement’ of the DMA.
The Commission has confirmed that the DMA rules can be enforced directly in national courts and the DMA contains provisions on co-operation between the Commission and national courts to facilitate this.
In addition, the DMA envisages class actions. It provides that affected third parties may bring civil damages actions against infringements that harm the collective interests of consumers46 in line with the EU’s Representative Actions Directive47.
Interim and final injunctions may also be available to private litigants, depending on the procedural rules of the jurisdiction in which they bring the claim.
What role for the Courts?
Commission decisions under the DMA are subject to review by the EU Courts. This includes decisions on the designation of gatekeepers, as well as decisions relating to non-compliance including fines and periodic penalty payments48.
National courts will have a role in enforcement of the DMA where, as noted above, a litigant brings a private enforcement action – this is done at a national level rather than in the EU Courts.
How is the DMA “future proofed” against rapid changes in digital markets?
The Commission can review and update the obligations/prohibitions in the DMA through delegated acts49.
Entry into force
Following the publication of the DMA in the Official Journal on 12 October 2022 (as Regulation 2022/1925), the DMA will enter into force on 1 November 2022. It will start to apply six months later, i.e. on 2 May 2023 (although certain provisions will apply earlier)50.
Designation and compliance
Within two months, i.e. by 2 July 2023, providers of CPSs meeting the quantitative thresholds must notify the Commission, which then has 45 working days to designate them as gatekeepers. The Commission will therefore take designation decisions by early September 2023, although if the provider of a CPS presents substantiated arguments that the presumption should be rebutted, and these are accepted, the market investigation will extend this until February 2024.
Gatekeepers have six months post designation to comply with the prohibitions/obligations in the DMA. Based on designation in September 2023, the deadline to comply would be in March 2024.
As noted above, the Commission will soon launch a consultation on an Implementing Regulation for the DMA, with the aim of having it finalised in Q1 2023.
It is understood that potential gatekeepers are also already engaging with the Commission, and considering the notifications they will need to make and above all what changes they will need to make to their services in order to comply. In addition, those potential gatekeepers looking to settle ongoing competition law investigations with commitments to the Commission or national authorities are likely to have an eye to the need for future compliance with the DMA when framing those commitments.
If you would like to discuss these developments in more detail please get in touch with the authors or your usual contact at HSF.