Digital Markets Act: EU Institutions Agree on New Rules to Curb the Power Of “Big Tech” Platforms

On March 24, 2022, the European Union (EU) co-legislators (the European Parliament and the Council) reached political agreement on the final provisions of the Digital Markets Act (DMA). The DMA aims at ensuring fair and contestable markets in the digital sector by imposing specific regulatory obligations on so-called “gatekeepers,” i.e., major digital platforms with a powerful and entrenched position which act as important gateways for businesses to reach end users. The European Commission (EC) will act as the central enforcer of the DMA. It will have extensive investigative powers and be able to impose hefty fines as well as behavioral and structural remedies (including the breaking up of companies). As an instrument of ex ante regulation, the DMA is designed to complement (not replace) the ex post enforcement of competition law, which is often viewed as too slow to effectively rein in the market power of “Big Tech” players.

The EC first tabled its proposal for a DMA on December, 15, 2020 (see our Client Alert of January 5, 2021). The negotiations between the co-legislators were therefore completed within 15 months, which is remarkably fast for such an important, complex and innovative piece of legislation. This shows that there is a broad political consensus within the EU that more needs to be done to prevent digital markets from “tipping” in favor of a handful of powerful and entrenched platforms.

What’s new? Main changes compared to the EC’s initial proposal: Broadens the scope of the DMA by adding web browsers and virtual assistants to the list of “core platform services.” Raises the quantitative thresholds for notification as a presumed gatekeeper to €7.5bn annual EU turnover or €75bn market capitalization (up from €6.5bn and €65bn respectively). Requires the EC to review every three years (instead of two years previously) whether designated gatekeepers still satisfy the requirements to be designated as such. Provides for interoperability of messaging services. Prohibits not only ‘wide’ but also ‘narrow’ MFN (parity) clauses.  Requires not only app stores, but also search engines and social networking platforms to apply fair, reasonable and non-discriminatory (FRAND) conditions to business users. Requires gatekeepers to present a ‘choice screen’ for web browsers, virtual assistants and search engines. Requires gatekeepers to establish a ‘compliance function’ composed of one or more compliance officers. Empowers the EC to ban gatekeepers from engaging in M&A transactions for a limited time period in case of “systemic non-compliance”. Empowers the EC to fine gatekeepers up to 20% of worldwide turnover for repeat offenses. Provides for close cooperation and coordination of enforcement with national authorities. Establishes a European ‘High-Level Group’ of digital regulators to facilitate coordination with national regulators (including telecommunications, data protection, competition, consumer protection and audiovisual media regulators).

Who Will Be Regulated?

The DMA will apply to providers of “core platform services” (CPS) that have been designated as “gatekeepers” by the EC. 

The (exhaustive) list of CPS is as follows:

• online intermediation services (such as market places, hotel booking platforms, etc.);
• online search engines;
• online social networking services;
• video-sharing platform services (with user-generated videos or content provided by a media service provider, or both);
• number-independent interpersonal communication services, operating systems (such as messaging apps);
• operating systems;
• web browsers;
• virtual assistants;
• cloud computing services; and
• online advertising services (including ad networks, ad exchanges and any other advertising intermediation services).

There are three overarching qualitative criteria to qualify a provider of CPS as a gatekeeper, namely:

1. The undertaking has a significant impact on the internal market;
2. It provides a CPS which is an important gateway for business users to reach end users; and
3. It enjoys an entrenched and durable position in its operations or it is foreseeable that it will enjoy such a position in the near future (i.e., “emerging” gatekeepers).

A company is presumed to satisfy these requirements if the following quantitative thresholds are met:

1. Significant impact on the internal market: Presumed to be the case if the undertaking achieved an annual turnover of at least €7.5 billion within the EU in each of the last three financial years or a market capitalization of at least €75 billion in the last financial year and it provides the same CPS in at least three Member States.
2. Control of an important gateway for business users towards final consumers: Presumed to be the case if the company has at least 45 million monthly active end users established in the EU and at least 10,000 yearly active business users established in the EU in the last financial year; and
3. Entrenched and durable position: Presumed to be the case if the thresholds in point (2) were met in each of the last three financial years.

CPS providers meeting these thresholds must notify the EC within two months of the thresholds being reached. The EC has 45 working days from the date of submission of a complete notification to decide whether or not to designate the undertaking as a “gatekeeper.” As meeting the quantitative thresholds only creates a rebuttable presumption, the undertaking can present, as part of its notification, sufficiently substantiated arguments to demonstrate that it does not satisfy the qualitative criteria even though it meets the quantitative thresholds.

Conversely, the EC can also designate an undertaking as a gatekeeper even if it does not satisfy all the quantitative thresholds, on the basis that it satisfies the qualitative criteria. In making that determination, the EC will consider factors such as number of business users of the platform, network effects and data-driven advantages, scale and scope effects, business user or end user lock-in, a conglomerate corporate structure, etc. The EC can conduct market investigations on its own initiative in this context.

The EC must identify within the designation decision which CPS serve as an important gateway for business users to reach end users. With respect to each of these CPS, the undertaking concerned must comply with the obligations laid down in the DMA within six months from its designation as a gatekeeper.

With respect to “emerging” gatekeepers, i.e., those which do not yet enjoy an entrenched and durable position but will foreseeably do so in the near future, the EC may declare only some of the obligations applicable to that gatekeeper in the designation decision.

We expect no more than 10-15 companies to be designated as “gatekeepers.” They are likely to be predominantly, if not exclusively, US-based companies.

What obligations for gatekeepers?

Gatekeepers will have to comply, for each of the CPS identified in the EC’s designation decision, with specific obligations, including both affirmative obligations (“do’s”) and prohibitions (“don’ts”), as summarized in the overview below.

Do’s

Don’ts

Allow end users to access and use subscriptions, content, features… acquired outside the platform. Allow and technically enable users to easily uninstall applications and change default settings. Present a choice screen for search engines, web browsers and virtual assistants. Allow and technically enable installation and use of third-party software and app stores and allow setting them as default (without prejudice to strictly necessary safety measures). Enable effective portability of end user data upon request by the end user. Ensure interoperability of the own interpersonal communication services, such as messaging apps, with competing services (to be implemented according to a gradual timetable). Allow service and hardware providers full interoperability with the OS or virtual assistant of the gatekeeper. Allow business users non-discriminatory access to OS, hardware or software features as used by the gatekeeper to provide competing services. Provide advertisers/publishers with transparent pricing/remuneration information regarding digital advertising. Provide advertisers and publishers access to ad performance measuring tools. Apply FRAND conditions in ranking products and services. On request, provide business users with high-quality, continuous and real-time access to data provided or generated by end users engaging with the products and services of those business users on the gatekeeper’s platform (subject to end-user opt-in in case of personal data). Provide FRAND access to ranking, query, click and view data to rival online search engines. Give business users FRAND access to app stores, search engines and social networks.

Do not process for advertising purposes personal data of end users of third-party services supplied through the gatekeeper’s platform without specific user consent. Do not combine/cross-use personal data of end-users across CPS or between CPS and other services without specific user consent. Do not impose MFN obligations on business users (either ‘wide’ parity clauses restricting business users from offering lower prices on any other platform or ‘narrow’ parity clauses restricting the business users only from setting lower prices on their own websites). Do not prevent business users from promoting through the CPS offers available outside the platform. Do not prevent business users or end users from raising non-compliance issues with relevant authorities including courts (e.g., gatekeepers may not impose mandatory arbitration clauses). Do not require end users or business users to use the gatekeeper’s own identification system, web browser engine or payment service in the context of services offered on the platform by business users. Do not tie different CPS, i.e., require business or end users to subscribe to or register for further CPS provided by the gatekeeper as a condition for being able to use one of the gatekeeper’s CPS. Do not use non-public data of business users in competition with those users. Do not treat the gatekeeper’s own products and services more favorably in ranking and related indexing and crawling of the gate (self-preferencing in ranking). Do not restrict end users’ ability to switch between or subscribe to different software applications and services to be accessed through the gatekeeper’s CPS. Do not impose disproportionate termination conditions.

Upon request of a designated gatekeeper, the EC can suspend, in whole or in part, one or more of the abovementioned obligations if the gatekeeper can show that, due to exceptional circumstances beyond its control, the specific obligation affects the economic viability of its operation in the EU, and only to the extent and duration necessary to address such threat to its viability. 

The EC may also, on its own initiative or at the request of the gatekeeper, exempt the gatekeeper, in whole or in part, from one or more of the abovementioned obligations for overriding reasons of public interest. Such decision must be sufficiently substantiated. The EC must review the exemption decision when the ground for exemption no longer exists or at least on a yearly basis.

Furthermore, the DMA empowers the EC, within certain limits, to adopt delegated acts to supplement the abovementioned obligations where a market investigation has identified a need to update the obligations in order to address practices that limit the contestability of CPS or are otherwise unfair. 

Obligation to notify mergers and acquisitions

Designated gatekeepers must inform the EC of any intended ‘concentration’ (merger, acquisition, or creation of a full-function joint venture) where the parties or the target provide CPS or other services in the digital sector or that involve the collection of data, irrespective of whether it is notifiable to the EC or national competition authorities based on relevant merger control thresholds.

The EC will share this information with the national competition authorities of the Member States who may, on that basis, request the EC to review the concentration on the basis of Article 22 of the EU Merger Regulation.

Audit of consumer profiling techniques

Within six months from its designation, a gatekeeper must submit to the EC an independently audited description of the consumer profiling techniques that the gatekeeper applies to or across the CPS for which it was designated as a gatekeeper. An overview of the audited description shall be made publicly available, taking into account the need to respect business secrets, and shall be updated at least annually.

Compliance function

Designated gatekeepers must establish a compliance function composed of at least one compliance officer. The compliance officer must be independent from the companies’ operational functions and must have enough authority resources, and access to the management body of the gatekeeper, so as to be able to monitor compliance. The internal governance rules must ensure the independence and absence of conflict of interests of the compliance officers.

Enforcement

The EC will be the central enforcer of the DMA. To that end, the EC has extensive investigative powers (similar to its powers in antitrust investigations) and, as already noted, can also conduct own-initiative market investigations. 

In case of non-compliance, the EC can impose fines of up to 10% of the total worldwide turnover of the gatekeeper in the preceding financial year. In case of repeat infringements (i.e., if the gatekeeper has committed the same or a similar infringement in relation to the same CPS as it was found to have committed in a decision adopted in the preceding eight years), the EC may even impose a fine of up to 20% of total worldwide turnover.

The EC can open market investigation and impose remedies that are either behavioral (i.e., requiring thecompany to refrain from acting in a specified way) or structural (i.e., requiring a permanent change to the structure of the company) if a gatekeeper has systematically failed to comply with the DMA’s obligations (namely, by violating the rules at least three times in a period of eight years). Thus, the EC even has the power to break up a company and to prohibit it from entering into mergers for a limited time-period.

EC Vice-President and competition Commissioner Margrethe Vestager has recently declared that the EC has already begun the process of setting up an enforcement structure and will look to hire new staff and pool resources from the Directorates-General Competition and Connect. The DMA task force is likely to include not only lawyers and economists, but also “technical” profiles such as computer scientists, data scientists, etc. The impact assessment accompanying the EC’s initial proposal foresaw a staff of 80 to oversee the DMA. However, European Parliament rapporteur Andreas Schwab has called on the Member States to provide funding for at least 220 positions.

Relationship with competition law

Whilst the DMA applies on an ex ante basis to all undertakings designated as gatekeepers, competition law is based on an individualized ex post assessment of the market conduct of one or more specific undertakings.

The DMA provides that it is without prejudice to the application of EU or national competition rules, including merger control rules. The DMA purports to pursue complementary objectives to competition rules and to protect a different legal interest from those rules.

In this context, it is noteworthy that, just days before the EU institutions reached political agreement on the DMA, the Court of Justice of the EU ruled on the application of the ne bis in idem (double jeopardy) principle to a parallel application of ex ante regulation and competition law (judgment of 22 March 2022 in case C-117/20, bpost). In this judgment, the Court held that provided certain conditions are met an undertaking can be fined for an infringement of competition law where, on the same facts, it has already been fined for a breach of sectoral regulation. In particular, a double investigation and fine is possible provided that there are clear and precise rules making it possible to predict which acts or omissions are liable to be subject to such duplication; that the two sets of proceedings are conducted in a sufficiently coordinated manner and within a proximate timeframe; and that the overall penalties imposed correspond to the seriousness of the offenses committed. This case law can be expected to also be relevant for the parallel application of the DMA and EU and/or national competition rules.

National authorities (including courts) must abstain from taking decisions which run counter to decisions adopted by the EC under the DMA. However, the DMA provides for close cooperation and information exchange between the EC and national competition authorities.

Since the DMA is directly applicable in the Member States, national courts will also be competent to rule on claims of alleged non-compliance with the DMA.

Next steps

The DMA will likely enter into force in October 2022, after a vote in the European Parliament in July or September 2022. The DMA will then apply after a six-month period from its entry into force, i.e., likely not before April 2023. Allowing for the time needed to carry out a designation procedure and the six months that a gatekeeper will be given in order to comply with the obligations of the DMA following its designation as such, we expect that those obligations will not start to really “kick in” until 2024.