Digital Regulation in Europe
This is an Insight article, written by a selected partner as part of GCR's co-published content. Read more on Insight
The European Commission has increasingly profiled itself as a frontrunner in regulating digital industries. As part of its ‘Digital Agenda for Europe’, it has set out to create safe and secure digital services and markets, prioritising, among others, areas such as digital sovereignty, artificial intelligence, semiconductors, access to data, the responsibility of online platforms and fair competition in digital markets. This strategy has led to various legislative initiatives, including the Digital Markets Act (DMA), Data Governance Act (DGA), Data Act, Chips Act, Digital Services Act (DSA) and Artificial Intelligence Act. This chapter focuses on the new regulatory regime established by the DMA and its far-reaching implications, particularly companies designated as ‘gatekeepers’. It also provides a bird’s-eye perspective of the DSA and Data Act and their interplay with the DMA.
Digital Markets Act
Purpose of the DMA
The DMA is born out of a perception that European Union competition law has struggled to remedy in sufficiently effective manner anticompetitive conduct by large digital companies in a timely manner. The DMA seeks to close that perceived gap by automatically subjecting companies that qualify as gatekeepers to specific ex ante obligations, without any need to define relevant markets, demonstrate the dominance of those companies, establish anticompetitive effects, or consider countervailing efficiencies and objective justifications.
This is reflected in Recital 11, which describes the purpose of the DMA as ‘complementary, but different’ from the protection of ‘undistorted competition on any given market’ under competition law terms. The DMA is intended to ensure that markets where gatekeepers are active remain ‘contestable and fair’ while seeking to achieve an enforcement method that is independent from a case-by-case assessment of the gatekeeper conduct in question. Hence, enforcement of the DMA is without prejudice to the application of any competition law provisions requiring a case-by-case assessment, such as Articles 101 and 102 of the Treaty on the Functioning of the European Union (TFEU), competition law provisions in EU Member States and ‘other competition rules regarding unilateral conduct’ requiring an individual assessment of market power and conduct (Recital 10 DMA). These ‘other competition rules’ refer to rules at the Member State level, including Section 19(a) of the Act against Restraints of Competition in Germany, which provides the German competition authority with new quasi-regulatory powers over large digital companies designated as having paramount significance for competition across markets.
While the policy goals of the DMA and competition law are broadly the same, the tools under the DMA on the one hand and EU and national competition laws on the other hand differ significantly: the DMA creates sector specific ex ante competition regulation whereas EU and national competition laws undertake an individual ex post case-by-case assessment. In this regard, the DMA creates a new type of competition regulation in the EU that is much more far-reaching than the traditional competition law concept. The legal basis for the DMA, a topic that itself has given rise to debate, is Article 114 TFEU. It was chosen to allow the European Commission (EC) to achieve its objectives and to harmonise the rules applying to gatekeepers within the internal market.
The EC, European Parliament and Council of the EU reached political agreement on the DMA in March 2022, which was endorsed by EU Member States’ representatives on 11 May 2022. The European Parliament and the Council of the EU provided their final approval on the new rules in July 2022. The final text has been published in the Official Journal of the EU. Upon entry into force on 1 November 2022, the DMA will start to apply six months later (i.e., on 2 May 2023). Companies that meet the quantitative gatekeeper thresholds have two months to provide certain relevant data to the EC, which would then issue a designation decision within 45 working days following receipt of the complete information. After that, designated gatekeepers have six months to comply with their respective obligations under the DMA. Provided that there are no delays in the process, these obligations are expected to begin applying in February 2024.
The DMA targets gatekeepers
Gatekeepers provide core platform services, and the obligations in the DMA apply to those gatekeepers. Only undertakings that provide core platform services can be designated as gatekeepers. Article 2(2) identifies the various types of core platform services. They include online intermediation services, online search engines, online social networking services, video-sharing platform services, number-independent interpersonal communications services, operating systems, web browsers, virtual assistants, cloud computing services, and online advertising services (if offered by an undertaking that provides at least one other core platform service). Article 19 gives the Commission the power to conduct a market investigation to identify digital services that should be added to the list of core platform services.
Criteria and presumptions for gatekeeper designation
According to Article 3(1), an undertaking shall be designated as a gatekeeper if it meets three cumulative criteria, each of which are presumed to be satisfied if certain quantitative thresholds (included in Article 3(2)) are met.
- First criterion: significant impact on the internal market. In order to be designated, a gatekeeper must have a significant impact on the internal market. This criterion is presumed to be met where an undertaking (1) provides the same core platform service in at least three Member States, and (2) where it achieves an annual EU turnover of more than €7.5 billion in each of the last three financial years, or where its average market capitalisation or its equivalent fair market value amounted to at least €75 billion in the last financial year. It is not entirely clear why the market capitalisation or fair market value requirement only refers to the last financial year, while the EU revenue requirement needs to be fulfilled in each of the three financial years prior to designation. Recital 19 indicates that the presumption of significant impact may be particularly susceptible to rebuttal where the undertaking’s market capitalisation is above the threshold in the most recent year only, but significantly below it in previous years, and certain other factors are present. In contrast, if the threshold is exceeded for more than three years, Recital 18 states that this should be considered as ‘further strengthening that presumption’.
- Second criterion: important gateway. A gatekeeper must provide a core platform service that is an important gateway for business users to reach end users. This criterion is presumed to be met where an undertaking provides a core platform service that in the past financial year has at least 45 million monthly active end users established or located in the EU and at least 10,000 yearly active business users established in the EU. The DMA and the related annex remain silent on the meaning of the distinction between monthly active end users established or located in the EU. One possibility is that it refers to the quality of the link between a user and the EU territory. In that sense, a traveller using a core platform service in transit in the EU may be viewed as ‘located’ in the EU in contrast with a permanent resident (e.g., an EU citizen) who likely would be viewed as an ‘established’ end user.
- Third criterion: entrenched and durable position.
A gatekeeper must enjoy an entrenched and durable position in its operations, or it must be foreseeable that it will enjoy such a position in the near future. This criterion is presumed to be met where an undertaking has met the threshold of the second criterion in each of the last three financial years. Again, there seems to be an inconsistency between the three years required for a presumption of an entrenched and durable position and what is required in the second criterion for the presumption of an important gateway to apply. Although there is a difference between a durable position of an undertaking and the importance of a core platform service, the presumption requires that all criteria are met cumulatively. Hence, the presumption only applies if the most far-reaching criterion is satisfied. In this regard, the one-year requirement in the second criterion is effectively made redundant by the three-year requirement in the third criterion. From a practical perspective, given the lack of clarity and far-reaching implications, it would be helpful if the EC were to provide guidance on the underlying substantive concept and interpretation of an ‘entrenched and durable’ position and the basis to conclude that it is ‘foreseeable’ that an undertaking ‘will enjoy such a position in the near future’. Recital 4 provides that a gatekeeper position is characterised by a serious imbalance of bargaining power (i.e., economic dependency) resulting in unfair practices and conditions for a group of platform users collectively below the level of market dominance (Recital 5). Beyond that, the EC has wide discretion to intervene and designate potential gatekeepers provided that there is sufficient evidence that a group of platform users is dependent (or could become dependent) on the (potential) gatekeeper due to the absence of realistic alternative options. According to Recital 26, the EC may also intervene where it appears appropriate to prevent a market from tipping irreversibly, although within the limits of the principle of proportionality described in Recital 27.
Where an undertaking provides core platform services and meets each of the requirements of Article 3(1) but does not satisfy each of the three cumulative criteria of the presumption in Article 3(2), the EC shall take into account the (non-exhaustive) elements set out in Article 3(8) (a) to (g) in its designation decision. In carrying out its assessment, the EC also shall consider foreseeable developments in relation to the elements listed in letters (a) to (g) including planned concentrations involving another undertaking providing core platform services of other services in the digital sector. Again, the basis to establish the applicable time span to determine the foreseeability of developments is unclear.
Obligation to notify and rebuttal of the presumption
Undertakings that meet all of the above thresholds must notify the EC thereof within two months of the thresholds being met, after which the EC shall designate the undertaking as a gatekeeper at the latest within 45 working days. An undertaking that meets these thresholds can seek to rebut the gatekeeper presumption. It can do so by presenting ‘sufficiently substantiated arguments’ in its notification to demonstrate that it ‘exceptionally’ does not satisfy the requirements in Article 3(1), despite meeting the quantitative thresholds. If the EC concludes that the arguments put forward by the presumed gatekeeper ‘do not manifestly call into question the presumptions’, it may reject these arguments and proceed with the gatekeeper designation. This formulation indicates that the bar to convince the EC not to designate an undertaking as a gatekeeper if it meets the quantitative thresholds is high, and it remains to be seen to what extent the presumption can be overcome in practice. Alternatively, where each of the requirements of Article 3(1) are met, but not the thresholds in Article 3(2), the EC shall take a designation decision following a market investigation in accordance with the procedure laid down in Article 17.
Gatekeeper designation based on qualitative criteria
Where a presumed gatekeeper fails to notify the EC, the EC can still designate an undertaking as a gatekeeper based on information it requests, or, if the undertaking fails to provide such information, based on available information. The EC also has the power to designate an undertaking as a gatekeeper even if it does not meet the quantitative thresholds, based on qualitative criteria including the size of the undertaking, its number of users, the existence of network effects, its access to data, user lock-in, or its vertically integrated nature.
The DMA imposes far-reaching obligations on gatekeepers
Gatekeepers must comply with obligations set out in the DMA. The DMA provides that gatekeepers must comply with the specific obligations laid down in Articles 5, 6 and 7 within six months after a core platform service has been listed in the designation decision pursuant to Article 3(9). There are many different obligations, and not all obligations will be equally relevant to all core platform services. Generally, the EC has drawn inspiration for these obligations from recently concluded and ongoing competition investigations. However, the order in the list lacks a clear structure, possibly given their apparent link to several investigations involving a range of issues. The overview below seeks to cluster the obligations based on a few recurring themes:
- Freedom on app stores: the DMA includes several obligations related to app stores. These will require gatekeepers with app stores to change their practices in relation to the distribution of apps on the respective operating systems (OS) (e.g., iOS or Android) substantially. Gatekeepers will be required to:
- allow sideloading of apps or third-party app stores on their OS and allow such apps or app stores to be accessed by means other than the relevant core platform services (Article 6(4));
- allow such apps to be easily set as default (Article 5(4));
- allow users easily to uninstall apps (Article 6(3));
- refrain from restricting end users from switching between, and subscribing to, different apps in services by using the core platform services of the gatekeepers (Article 6(6));
- provide fair, reasonable and non-discriminatory (FRAND) general conditions of access to their app stores, online search engines and online social networking services (Article 6(12));
- refrain from forcing app developers to use exclusively the in-app purchase systems of the gatekeeper to offer in-app purchases, for example on their Android or iOS apps (Article 5(7)).
- Prohibition of anti-steering practices: the DMA will put an end to practices preventing business users from directing their consumers to alternative offers. The new anti-steering provisions effectively create two obligations for gatekeepers: (1) allow businesses to inform users about and offer promotions, including under different conditions, outside the core platform services; and (2) allow business users to conclude contracts with end users without using the gatekeepers’ core platform service. Hence, gatekeepers are required to allow businesses using their intermediation services (e.g., app developers distributing apps on app stores) to promote offers to end users free of charge and subsequently transact with these users without using the gatekeepers’ services (e.g., without using the app store owner’s in-app purchase solution) (Article 5(4)). In addition, under Article 5(5) app store owners may not eliminate ‘reader apps’, which allow end users to access content purchased from a business outside the app store (e.g., accessing a Netflix subscription purchased on Netflix.com or the Netflix iOS app). The prohibition of anti-steering is at the heart of the EC’s ongoing investigation into Apple’s app store practices as they relate to music streaming services.
- Prohibition on MFNs: Article 5(3) prevents gatekeepers from imposing most-favoured-nation (MFN) clauses on business users preventing them from offering their products to third-party online intermediation services or through their own direct sales channels on different (potentially more favourable) terms. This prohibition draws on the treatment of MFNs under competition law at the EU and Member State levels, including cases relating to hotel online booking websites, as well as the EC’s recently revised vertical block exemption regulation and corresponding guidelines.
- Users’ freedom to set default: the DMA also expressly requires that users are able to easily change the default services to which a gatekeeper’s OS, virtual assistant, or web browser steers them for various functions (e.g., which music service comes up when the user asks Siri to play a song). It also introduces the obligation to provide a choice screen on the OS enabling users to choose their preferred default online search engine, web browser or virtual assistant when first using a device (Article 6(3), sub-paragraph 2). However, this obligation only applies to an online search engine, virtual assistant or web browser listed in the designation decision pursuant to Article 3(9).
- Restrictions on gatekeepers’ use of data: the DMA restricts how gatekeepers can use the data gathered through their various activities. For instance, without specific user consent, gatekeepers must not combine or cross-use personal data from a core platform service with personal data from any other service of a gatekeeper or third party services. Gatekeepers should also obtain consent to use, for advertising purposes, the data collected from end users through their usage of, for example, third-party websites and apps. Repeated cookie banners requiring consent will also be banned, as gatekeepers cannot request consent more than once per year if consent has already been refused (Article 5(2)). Moreover, gatekeepers shall not use, in competition with business users, any data that is not publicly available that is generated or provided by those business users in the context of their use of the relevant core platform services (Article 6(2)).
- Access to gatekeepers’ data: the DMA regards data as a critical input in the digital economy. In an attempt to lower barriers to entry in these markets, the DMA obliges gatekeepers to give end users, business users and competitors access to different types of data, if so requested. Search engine gatekeepers will need to provide rivals with FRAND access to user-generated search data (Article 6(11)). Gatekeepers will also have to provide business users with access to data that is generated by those business users (and their customers) on the core platform service, or another service offered with, or supporting, the core platform service (Article 6(10)). To facilitate switching between different services and multi-homing, the DMA requires gatekeepers to ensure portability and provide free-of-charge tools to enable end users to port the data they generate on the gatekeeper’s core platform service (Article 6(9)).
- Prohibition of self-preferencing: likely inspired by the Google Shopping case (T-612/17 dated 10 November 2021), the DMA includes a prohibition on gatekeepers treating their own services and products more favourably in ranking, indexing and web-crawling. It also requires rankings to be conducted under FRAND terms (Article 6(5)). In Google Shopping, the EC found, and the General Court confirmed, that Google had abused its dominant position by promoting its own comparison-shopping services on its search engine result page and demoting similar services offered by rivals.
- Prohibition of tying: gatekeepers must not impose on businesses or end users, inter alia, their identification services, web browser engines, payment services and in-app purchase mechanisms (Article 5(8)). They should also refrain from requiring end users to subscribe to further core platform services as a condition for subscribing to any of their other core platform services (Article 5(7)) (see above freedom on app stores).
- Advertising transparency: the DMA aims to increase information available to advertisers and publishers about the terms of the advertising services they purchase. Gatekeepers will have to provide advertisers and publishers with information about prices paid and remuneration received as well as the methodology under which the prices and remuneration were calculated (Articles 5(9) and 5(10)). Moreover, the DMA requires gatekeepers to provide advertisers and publishers with access to the performance measuring tools and data, allowing them to run their own verifications to assess the performance of gatekeepers’ advertising services (Article 6(8)).
- Interoperability: the DMA also includes new and far-reaching obligations related to interoperability. Gatekeepers will need to provide third-party services interoperability with the same software and hardware features as are available to their own services (Article 6(7)). The entirely new Article 7 (that did not exist in the EC’s original legislative proposal) requires, subject to conditions, that gatekeeper messaging services must interoperate with competing messaging services for basic functions such as text messaging, voice and video calls and sharing files. In practical terms, this would mean that iMessage users must be allowed to correspond with, for instance, Signal users on iMessage.
- Prohibition of non-aggression obligations: another new prohibition that was not included in the original proposal prevents gatekeepers from restricting business users or end users from raising any issue of non-compliance with other applicable provisions under EU or national law by the gatekeeper with the competent authority, including national courts (Article 5(6)).
- Prohibition of disproportionate general terms and conditions: Article 6(13) provides another mosaic stone in the DMA to facilitate switching between different core platform services and multi-homing. The gatekeepers must not apply general terms and conditions for terminating the core platform services that are disproportionate for the end user. In practical terms, gatekeepers shall ensure that users can terminate the core platform service without undue difficulty (e.g., no hidden obstacles or particularly burdensome communication requirements).
Articles 5, 6 and 7 are considered self-executing, namely directly binding on the gatekeeper. Article 8 requires gatekeepers to ensure and demonstrate effective compliance with those Articles. In this regard, the DMA clarifies that gatekeepers’ compliance must not result in cutting corners at the expense of consumers. They need to observe in particular all applicable consumer protection law provisions, namely data privacy, cybersecurity and product safety aspects.
Obligation to inform about concentrations
Gatekeepers will also be required to inform the EC of any intended concentration – prior to its implementation – where the merging entities or the target of the concentration provide core platform services or any other services in the digital sector or enable the collection of data. The EC will publish annually the list of acquisitions of which it has been informed by gatekeepers and will inform competent Member State authorities of the information received as part of the gatekeeper’s notification. These authorities may rely on this information to request the EC to examine the concentration pursuant to the referral mechanism under Article 22 of Regulation 139/2004, even if the transaction does not meet the merger control thresholds of the EU or of any EEA Member States. This additional notification requirement for gatekeepers is expected to lead to an increase in Article 22 referral requests to the EC and as such increases uncertainty for gatekeepers’ transactions in the digital sector where the turnover thresholds under the EUMR are not met.
Enforcement by the EC
The EC will be the sole enforcer of the DMA. In this regard, lobbying efforts from national competition authorities (NCAs) and regulators aimed at obtaining concurrent enforcement powers under the DMA have failed. However, Articles 37 and 38, which were not reflected in the EC’s original proposal, provide a legal framework for cooperation and coordination between the EC and NCAs through the European Competition Network (ECN). This is important for the parallel enforcement of the DMA and competition law rules set out in Article 1(6).
Based on the latest communication from the hierarchy of the EC, it is likely that the Directorate-General for Communications Networks, Content and Technology (DG Connect) will oversee enforcement of the DMA together with DG COMP and other Commission services. However, enforcement will also encompass the DSA and will need to be divided into three different units with responsibility for technical, social and economic aspects of the DMA and the DSA. The unit in charge of economic enforcement shall be drawn from enforcers from the Directorate-General for Competition (DG COMP) and see through the application of the DMA. Under the EC’s original DMA proposal, it was envisaged that the size of the EC team enforcing the DMA would increase to 80 EC officials over the next few years. Given the magnitude of the task, this may be insufficient to ensure effective enforcement. The EC has since acknowledged this as a potential issue and committed to increase the number of EC officials to 150.
The EC’s broad enforcement powers and the role of NCAs
The EC will have broad investigative powers to enforce the DMA which resemble those under EU competition law. The EC will be able to request all relevant information to carry out its duties, regardless of ownership, location, format or storage medium. Furthermore, the EC has the power to conduct inspections (dawn raids) and interviews. At the same time, NCAs also have a role to play.
The EC and NCAs are under an obligation to cooperate and coordinate their enforcement activities under the DMA on the one hand and EU and national competition law on the other through the ECN (Articles 37 and 38).
NCAs may, on their own initiative, investigate possible gatekeeper non-compliance with Articles 5 and 6. The relevant NCA will then report its findings to the EC and the EC can at any point relieve the NCA by opening its own investigation. The NCAs have no power to sanction gatekeepers for violations of the DMA.
NCAs and other regulators, such as the Body of the European Regulators for Electronic Communications, will also be represented in the high-level group for the DMA. This high-level group may provide the EC with advice and expertise regarding the implementation and enforcement of the DMA.
Member States will be represented in the Digital Markets Advisory Committee. This Advisory Committee is to provide its opinion to the EC on a specific issue presented to it.
Finally, three or more Member States may request the EC to open an investigation on suspicion that an undertaking should be designated as a gatekeeper. They may also request the EC to open a market investigation to add a service or practice to the DMA (Article 17). A sole Member State may request the EC to open an investigation into suspected systematic non-compliance by a gatekeeper.
As an EU regulation, the DMA has direct horizontal effect, meaning third parties can bring private actions before the national courts against gatekeepers. In doing so, private actors could enforce compliance with the obligations and prohibitions set out in Articles 5 and 6 DMA subject to two conditions: (1) they are directly applicable and provide third party rights; and (2) the EC has designated a gatekeeper (which is an exclusive competence of the EC).
The possibility of private enforcement is recognised in Article 39, which sets out a mechanism for cooperation between the EC and national courts; however, the extent to which private enforcement can establish itself as a successful dispute resolution mechanism will also depend on further clarification by the EC of which DMA obligations provide individual rights to private actors. Another indication that the DMA recognises private enforcement is Article 42, which applies the rules on representative actions to infringements by gatekeepers of their obligations under the DMA that harm or may harm the collective interests of consumers.
In addition, third parties can inform competent national authorities and the EC regarding any behaviour by gatekeepers that falls within the scope of the DMA (Article 27), though this is not a formal complaint procedure. National authorities or the EC will have full discretion to follow up on any information received by third parties. Third parties benefit from the protection of the EU Whistle-blower Directive 2019/1937 (Article 43).
Penalties for non-compliance
The EC may adopt a non-compliance decision if it considers that a gatekeeper does not comply with the DMA. The EC will aim to adopt a non-compliance decision within 12 months from opening a proceeding. In addition to a cease-and-desist order, the EC is empowered to impose fines on gatekeepers of up to 10 per cent of their total worldwide turnover in the preceding financial year. In the case of a second non-compliance decision within eight years concerning the same or a similar infringement of a DMA obligation in relation to the same core platform service, the maximum amount of the fine the EC could impose increases to 20 per cent of the gatekeeper’s total worldwide turnover in the preceding financial year. The DMA also gives the EC the power to impose periodic penalty payments. To prevent serious and irreparable harm, the EC has the ability to order interim measures against a gatekeeper on the basis of a prima facie finding of an infringement.
When a gatekeeper has engaged in systematic non-compliance, the EC may impose appropriate behavioural or structural remedies to ensure effective compliance with the DMA. In this regard, the DMA explicitly sets out the ability for the EC to prohibit, for a limited time period, the gatekeeper from entering into any concentration regarding those core platform services or other digital services that are affected. A gatekeeper shall be deemed to have engaged in systematic non-compliance with the obligations set out in Articles 5 and 6 where the EC has issued three non-compliance decisions against a gatekeeper within eight years in relation to any of its core platform services. To ensure that the remedies the EC adopts are effective, interested third parties will have the ability to provide comments during the market investigation into possible systematic non-compliance.
EC’s subordinate acts
Once the DMA enters into force, it is likely that it will be complemented by various non-legislative acts that can be adopted by the EC. In particular, the DMA envisages that the EC may adopt implementing acts, delegated acts and guidelines.
The implementing acts could cover various issues, such as: specifying the details of gatekeepers’ notifications (e.g., notification on meeting the thresholds, notification of concentrations), submissions (e.g., compliance reporting) and requests (e.g., request for a suspension of obligations); the EC’s proceedings (e.g., market investigations, interim measures, commitments proceedings); and cooperation between the EC and national authorities, or could even specify the technical measures that the gatekeepers should put in place to ensure compliance with DMA obligations.
The delegated acts may be used to supplement the list of DMA obligations following a market investigation. This could, for example, include the extension of existing obligations to other core platform services or ancillary services or specifying the manner in which the obligations are to be performed to ensure compliance. In addition, the delegated act may specify the methodology of calculation of quantitative thresholds.
Finally, the EC could also adopt guidelines ‘on any of the aspects’ of the DMA to ‘facilitate its effective implementation and enforcement’. It remains to be seen how and when the EC will make use of these powers. It is possible that, in the first instance, the EC will prioritise those acts that are strictly necessary for the designation process and other proceedings foreseen in the DMA.
How enforcement of the DMA will unfold in practice is unclear, of course. Several key factors are yet unknown.
The EC is facing considerable enforcement challenges
The EC as central enforcement authority still must decide on its final organisation and strategy (how much willingness to compromise and how much appetite to litigate), which will inevitably depend on the gap between the staff required and those available on the ground. Furthermore, the DMA provisions largely are uncharted territory and some of the gatekeeper obligations appear to be quite complex and raise multiple questions regarding their scope in practice. The EC has been criticised for adopting a ‘one size fits all’ approach to regulation lacking appropriate flexibility to take account of specific aspects of vastly differing underlying business models that may be subject to the DMA. The EC now must deliver by striking the right balance between reigning in the power of gatekeepers where there are harmful practices and avoiding damage to their ability and incentives to innovate. In the first quarter of 2023, the EC intends to publish an ‘implementing regulation’, which shall provide ‘detailed arrangements’ on the designation process and how gatekeepers are expected to comply with their obligations in Articles 5 and 6 and the interoperability obligations in Article 7. The EC also wants to give more guidance on how it will use its powers to investigate, including on important issues such as rights of defence, disclosure of information and coordination with NCAs.
DMA might not be an enforcement priority for all NCAs
However, the extent to which the EC can rely on the NCAs’ willingness to do more than pay lip-service in assisting with the enforcement of the DMA is far from clear. Some NCAs still will have some misgivings about the EC’s powerplay and barely concealed unwillingness to agree with the NCAs on a co-enforcement mechanism under the DMA. A role that is reduced to being the eyes and ears of the EC may not be much of an incentive to contribute for NCAs. As such, NCAs may choose to focus on enforcing antitrust law and unilateral conduct based on other competition law rules outside of the scope of the DMA or in addition to gatekeeper obligations. This could result in a greater role for national courts and private litigants seeking to enforce those obligations that are relevant to them.
Interaction with competition law enforcement unclear
It remains to be seen how the DMA regime will interact with traditional competition law enforcement by the EC and NCAs. In principle, the DMA was created as a complementary tool to traditional enforcement, thus leaving sufficient space for competition law rules (at both the EU level and the national level) to continue to apply to digital sector activities in parallel with the DMA regime. Such parallel enforcement of antitrust rules appears particularly important in relation to practices in digital markets with strong economies of scale and network effects and that have not yet ‘tipped’.
Potential gatekeepers are gauging their options
Complying with the DMA will require far-reaching changes to certain of the gatekeepers’ operations. Therefore, companies likely to meet the DMA’s gatekeeper thresholds will be carefully weighing their options, including challenges to decisions adopted under the DMA. There will inevitably be issues where gatekeepers’ views and that of the EC will differ significantly. In those cases, it is extremely important that gatekeepers’ rights of defence are respected. The EC cannot simply jump to conclusions as to whether these companies’ conduct is caught by the provisions of the DMA, not least given the potentially draconian sanctions for non-compliance.
Opportunities for non-gatekeepers
It goes without saying that the DMA is not just relevant to gatekeepers and users of their core platform services. Smaller operators, including online platforms, will likely also be impacted in a variety of ways under the DMA. For example, they can benefit from DMA obligations on gatekeepers such as those on interoperability and data portability. They may also seek to engage in practices that the DMA prohibits for gatekeepers competing with them. Furthermore, they will play a role in enforcing the DMA, and indeed the EC may to some extent rely on support from third parties in alleviating the burden of DMA enforcement. To that end, the DMA contains provisions enabling third parties to submit complaints as well as to provide comments at key stages in enforcement investigations, including in relation to the specification of compliance measures, findings of circumvention, the adoption of a non-compliance decision, and the imposition of behavioural or structural remedies in cases of systematic non-compliance.
The DMA’s interplay with other key regulatory initiatives: DSA, DGA and Data Act
Alongside the DMA, other key pillars of the EU’s digital strategy include the DSA, DGA and the proposed Data Act.
The DSA was adopted by the European Parliament in July at the same time as the DMA. The DSA’s formal adoption by the Council, planned for September 2022, is expected to be a formality. The DSA, which creates harmonised EU rules for the regulation of illegal online content and the protection of online service users, will apply to a broader range of undertakings than the DMA. It incorporates the conditional liability exemptions of the 2000 e-Commerce Directive for mere conduit, caching and hosting services (together termed ‘intermediary services’ under the DSA). Some of the DSA’s provisions apply to all providers offering intermediary services to EU-located recipients, such as the duty to provide information in user terms and conditions on certain usage restrictions and content moderation policies and tools. Other rules apply specifically to providers of ‘hosting services’ (including online platforms), for instance a notice and action regime for illegal content. Providers of ‘online platforms’ are subject to further requirements, including a prohibition on using interfaces to distort or impair recipients’ ability to make informed decisions, restrictions on targeted advertising, transparency and user modification requirements for adverts and recommender systems and, for online marketplaces, a duty to collect – and verify – trader traceability information. Larger technology companies are subject to additional rules: the DSA reserves further obligations for ‘very large online platforms’ and ‘very large online search engines’, with over 45 million average monthly active EU service recipients, including additional requirements concerning recommender systems and public reporting on advertising activity. While this threshold number of service recipients mirrors one of the cumulative criteria for gatekeeper designation under the DMA, it remains to be seen how these numbers will be calculated under each piece of legislation.
Some of the DSA’s provisions echo themes under the DMA – for example, advertising transparency, and prohibitions on making repeated consent requests or making termination cumbersome – and the DSA may contribute to a ‘levelling of the playing field’ for providers of intermediary services through harmonisation of EU rules.
The DGA, adopted on 16 May 2022 and officially published on 3 June 2022, creates a legal framework for the reuse of protected public sector data (e.g., confidential data, personal data or data protected by intellectual property rights) for public or commercial purposes and the voluntary sharing of data between businesses. The DGA seeks to promote access to protected public sector data by creating harmonised conditions for its reuse and establishing a system of recognised independent data intermediation service providers who facilitate the exchange and use of data between data subjects, data holders and data users and are not permitted to monetise the relevant data. The EU Commission describes this framework as ‘an alternative model to the data-handling practices of the Big Tech platforms, which have a high degree of market power because they control large amounts of data’.
The proposed Data Act, issued in February 2022, complements the DGA in terms of seeking to ensure the flow of data. The proposed regulation has the declared objective of ensuring fairness in how the value of data is allocated and unlocking the potential of the data economy. The Data Act would require that data generated by use of ‘internet of things’ products and related services is easily accessible to users (including business users) and, at the user’s request, to third parties. Approaching data as a non-rivalrous good, the proposal prohibits data access on an exclusive basis, except by user request, and when data sharing is mandated by national or EU rules data holders must provide access on FRAND terms. There are further restrictions on imposing unfair terms on small- and medium-sized enterprises. The proposal excludes designated gatekeepers under the DMA from being beneficiaries of the data access rights, given ‘the unrivalled ability of these companies to acquire data’. Other aspects of the proposal that seek to promote competition include measures aimed at facilitating customer switching and enhancing of interoperability between cloud, edge and other related data processing services. At the time of writing, the proposal is being debated at the European Parliament and the Council and is unlikely to be adopted before 2023.
Together, these regulatory initiatives demonstrate the need to adopt a holistic approach to review and compliance with the EU’s broad and evolving framework for digital regulation.
1 Michael Dietrich, Nelson Jung and Ashwin van Rooijen are partners at Clifford Chance LLP.
3 Proposal for a Regulation of the Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act) COM(2022) 68 final. Read more detail in the Clifford Chance briefing on the Data Act proposal here. Discussions are ongoing on the proposal.