The EU Has Today Published the Digital Markets Act – A New Rulebook for Leading Technology Companies That Will Affect Their Behaviour Worldwide

As with the General Data Protection Regulation (“GDPR”), the European Union has assumed the role of the world’s digital regulator by enacting a Digital Markets Act (the “DMA”). The new legislation is targeted exclusively at a handful of the largest technology firms, and it will not just affect their operations in the EU.

We set out below:

1. The issues that the DMA seeks to address
2. The worldwide impact of the DMA (and the DSA)
3. An overview of the DMA
4. The definition of “gatekeepers” (to whom the DMA applies)
5. The rules to which gatekeepers are subject
6. Timeline
7. Similar regulatory proposals in the UK

1. The issues that the DMA seeks to address

The rapid pace of technological development in recent years has significantly increased our dependence on, and demand for, digital products and services. The emergence of technology heavyweights, such as Apple and Facebook, has brought ground-breaking products and services into people’s homes, many of which are now a fundamental part of our daily lives.

However, digital markets raise specific competitive issues, as described under the first heading of our article “A List of the Big Technology Companies’ Multiple Antitrust Battles (For Those Who Have Lost Track).” Consequently, the large technology companies have become a focus of attention for competition regulators worldwide. The importance, complexity and fast-changing nature of digital markets create challenges for these regulators, who need to tread carefully lest their interventions to promote competition ends up damaging the very markets they seek to protect.

To date, regulation of large technology firms has tended to be by reference to decades-old legislation prohibiting abuse of dominance. The legislation was not drafted with digital markets in mind, and it does not consider the specific competitive issues in those markets referred to above.

The European Commission (“Commission”) has now devised the DMA, a comprehensive rulebook specifically for leading digital platforms, in order to manage their effects on impacted markets.

The DMA is unlike the EU’s existing competition laws in that it includes “ex-ante” obligations that seek to avoid concerns from arising in the first place. It is the first initiative of its kind to comprehensively regulate the power of leading technology companies.

Following on from our recent articles – the aforementioned “List of the Big Technology Companies’ Multiple Antitrust Battles” and “Antitrust in the Digital Economy – A Dive Into EU and UK Cases Alleging Self-Preferencing and Data Monopolisation” – this piece provides an overview of the new regime and explains the main features of its toolkit.

2. The worldwide impact of the DMA (and the DSA)

The EU is too large a market for multinational firms to ignore. Those wishing to do business in it must adhere to its rules, and it is frequently preferable to adhere to them on a worldwide basis, particularly if other jurisdictions are likely to adopt similar regimes.

For example, the GDPR – which, prior to the DMA, was the EU’s most significant regulation of digital markets – has become a worldwide standard. A paper by Graham Greenleaf of the University of New South Wales reports that, as of March 2022, 157 countries had enacted data protection laws, and “most of these laws are influenced substantially by the EU’s GDPR”. Indeed, the UK is already working on a regime similar to the DMA, as described below.

Unlike the GDPR, which is enforced by the EU’s member states, the Commission itself will enforce the DMA and its sister legislation, the Digital Services Act (“DSA”) which targets illegal or misleading online content. Unlike the DMA – which will regulate only the largest technology companies – the DSA will regulate all market participants; and it too is likely to become a worldwide standard, since firms who wish their content to be accessible in the EU must comply with it.

In a recent issue of The Economist (paywalled), Charlemagne, its Europe columnist, suggested that the EU did not seek the role of global regulator; the role was forced on it since the U.S. Congress is paralysed by its parties’ reluctance to work together. A less charitable explanation is that it is easier to clip the wings of foreign companies. The large technology firms are overwhelmingly American, whereas those wishing to compete with them are as likely to be European, particularly within the EU’s jurisdiction. Indeed, Charlemagne suggested that, unlike GDPR, the DMA goes to the core of the big technology firms’ business models, and one reason for empowering the Commission to enforce it is that member states might be tempted to engage in lacklustre enforcement to encourage those firms to locate themselves there.

3. An overview of the DMA

Traditionally, enforcement of EU competition law has been after-the-fact (i.e., “ex post facto”), which has the obvious disadvantage of only addressing issues after they arise, rather than preventing them.

The DMA introduces an ex ante regime that imposes rules specifically on large technology companies that meet the DMA’s definition of “gatekeeper,” meaning that they control access to major digital platforms that other businesses need to reach their consumers.

It is anticipated that gatekeepers will include the owners of the main social media platforms (e.g., Facebook), online search services (e.g., Google), online marketplaces (e.g., Amazon), smartphone platforms (e.g., Apple), and perhaps video-sharing platforms (e.g., Tik Tok) or number-independent interpersonal communication services (e.g., WhatsApp). It is no coincidence that, on 1 September 2022, the EU opened an office in San Francisco as a point of contact with the Silicon Valley firms.

4. The definition of “gatekeepers”

The Commission sets out three primary cumulative criteria for gatekeepers:

7. Company size: The company (i) had an EU turnover of at least €7.5 billion in the last three financial years or a market capitalisation of at least €75 billion in the last financial year; (ii) provides a core platform service in at least three Member States; and (iii) has more than 45 million monthly active end users and 10,000 yearly active business users in the EU.
8. Control of an important gateway: The company operates a core platform service which is an important gateway for business users to reach end users.
9. Market position: The company enjoys (or is about to have) an entrenched and durable position in its operations and will continue to do so in the foreseeable future.

A digital platform has to notify the Commission within two months if it meets the thresholds set out above. In the absence of notification, the Commission still has the power to designate a provider as a gatekeeper.

5. Key rules to which gatekeepers are subject

Obligations and prohibitions

The new rules establish a long list of behavioural obligations and prohibitions that large technology companies must adhere to in their daily operations. In fact, many of the practices subject to the DMA’s rules are also subject to the Commission’s antitrust cases described in the aforementioned “List of the Big Technology Companies’ Multiple Antitrust Battles” which, depending on your perspective, is either welcome legislative certainty or an exercise of legislative power by one of the disputants to win the argument.

All obligations and prohibitions are split between Articles 5 (the so-called “black-list” obligations) and 6 (the “grey list” obligations). While the rules under Article 5 are specific, the rules in Article 6 are open-ended and may be subject to further specification by the Commission for particular gatekeepers (which allows for pre-specification dialogue with that gatekeeper) although, absent specification, the Article 6 rules are still binding.

The obligations and prohibitions of the DMA for the gatekeepers, under Articles 5 and 6 respectively, are as follows.

1. Article 5 rules include the following (paraphrased; refer to DMA for full details):

DMA article	Obligation / Prohibition
5(2)		Re-use personal data collected during provision of a service for the purpose of another service.
5(3)		Prevent business users from offering the same products or services through a third party intermediation service at different prices and conditions to those offered through the gatekeeper’s platform.
5(4)		Allow business users, free of charge, to communicate with, promote offers to and contract with customers acquired via the platform regardless of whether they use the platform for that purpose.
5(5)		Allow end users to access content through the platform using the software of a business user.
5(6)		Restrict users’ ability to complain about the gatekeeper’s services to public authorities or courts.
5(7)		Mandatory use of (or interoperability with) gatekeeper’s identification or payment service by businesses using the platform.
5(8)		Require business or end users of the platform to subscribe to certain further platform services.
5(9) and 5(10)		Provide transparency of prices and fees, free of charge and on a daily basis, for online advertisers and publishers upon request.

1. Article 6 rules include the following (paraphrased; refer to DMA for full details):

DMA article	Obligation / Prohibition
6(2)		Compete with business users of the platform by utilising non-public data harvested through the platform.
6(3)		Allow end users to easily un-install any pre-loaded app from the operating system of the gatekeeper.
6(4)		Allow the installation and use of third party apps using or interoperating with operating systems of that gatekeeper and allow these to be accessed by means other than the platform services of that gatekeeper, subject to security measures.
6(5)		Treat gatekeeper’s own services and products more favourably in ranking on its own platform than similar services or products offered by third parties.
6(6)		Prevent consumers from switching between different services and apps that can be accessed through the platform.
6(7)		Allow service and hardware providers, free of charge, to access and interoperate with certain hardware and software features available to the gatekeeper.
6(8)		Provide advertisers on the platform with free tools and information to carry out their own independent review of the performance of their advertisements.
6(9)		Allow for continuous access and portability of end or business users’ data generated through activity on the platform.
6(10)		Allow business users to access the data that they generate in their use of the platform.
6(11)		Give third party providers of search engines fair, reasonable, and non-discriminatory (“FRAND”) access to ranking, query, click and view data in relation to searches using its engine.
6(12)		Provide FRAND access for business users to certain of the gatekeeper’s app stores, search engines and social network services.
6(13)		Impose disproportionate conditions on users who wish to terminate the provision of a platform service (e.g., in terms of fees or the length of the notice period).

Interoperability for messaging services

Article 7 imposes a requirement on the gatekeeper of certain designated messaging services to ensure that the basic functionalities of that service is interoperable with rival services. In other words, users of messaging services must be able to share content (including voice messages, videos and other files) across messaging apps.

The rule under Article 7 is intended to expand over time in that, following the Commission’s designation decision, the interoperability requirement on the gatekeeper will initially be limited to messaging between two users. However, within two years of the designation, this will expand to group messaging and, within four years, to voice and video calls.

Merger control 

Gatekeepers must inform the Commission of planned mergers and acquisitions with other companies within the digital sector. This obligation, encapsulated in Article 14, is included in the new regulatory regime to enable the Commission to identify so-called “killer acquisitions”, whereby large digital companies acquire small, but promising, market players to prevent future competition.

Sanctions

The Commission will have the power to impose fines of up to 10% of a company’s annual worldwide turnover for breach of the DMA, or up to 20% in case of recidivism. If a gatekeeper systematically fails to abide by the DMA’s rules (i.e., it violates the rules at least three times in eight years), the Commission can launch a market investigation and, if necessary, impose behavioural or structural remedies (or even the break-up of the gatekeeper).

6. Timeline

The DMA was approved by the European Parliament on 5 July 2022 and, on 18 July 2022, it was adopted by the European Council, the EU body which represents member-state governments.

Today (12 October 2022), it was published in the Official Journal of the European Union. It will enter into force in 20 days’ time, on 1 November 2022, and will apply from 2 May 2023. The crucial moment in the timeline will be the designation of the first gatekeepers (expected in summer 2023) who will be given a maximum of six months after the Commission’s designation decision to ensure their compliance with the DMA’s obligations (expected to be from early 2024). After that, the Commission will review each gatekeeper designation every three years, in order to assess whether the gatekeeper conditions remain fulfilled.

7. Similar regulatory proposals in the UK

In parallel with the regulatory overhaul of digital markets in the EU, the UK government is developing its own statutory regime with the creation of a Digital Markets Unit (“DMU”) within the Competition & Markets Authority, although implementation of the DMU was apparently deprioritised when this year’s Queen’s speech gave no timetable for the passage of the Competition and Consumer Bill, the draft legislation intended to put the DMU on a statutory footing.

The powers of the DMU, as currently drafted, are solely to oversee the conduct of firms with a so-called “Strategic Market Status,” a concept which overlaps significantly with the EU’s “gatekeepers.” Indeed, the delay of the Bill may have been motived in part by a desire to allow time to watch the Commission’s implementation of the DMA, so that the DMU can follow in its slipstream.

Written by Stephen Critchley and Alicja Dijakiewicz-Kocon

Edited by Gary J. Malone