While the U.S. Congress is considering whether and how to regulate Big Tech, the European Union adopted one of the most far-reaching laws targeting the digital sector. The Digital Markets Act (“DMA”) is a landmark EU law, designed to rein in the market power of large digital platforms. It applies to companies providing “core platform services” (“CPS”) and holding significant economic power, such as Alphabet, Amazon, Apple, Meta, and Microsoft. These companies will have to comply with a list of dos and don’ts, which might require them to make significant changes to their business models.
The DMA entered into force on November 1, 2022 and its key provisions will start applying on May 2, 2023.
What is the purpose of the DMA?
The purpose of the DMA is “to ensure contestability and fairness for the markets in the digital sector.” It is aimed at making digital markets more open, and preventing large platforms from imposing unfair conditions on businesses and end users.
Who is subject to the DMA?
The DMA applies to undertakings that are designated as “gatekeepers” by the European Commission (the “Commission”) according to the criteria set out in the DMA.
- online intermediation services (e.g., app stores, online marketplaces)
- online search engines (e.g., Google)
- online social networking services (e.g., Facebook)
- video-sharing platform services (e.g., YouTube)
- number-independent interpersonal communications services (e.g., WhatsApp)
- operating systems (e.g., Windows, iOS)
- web browsers (e.g., Chrome)
- virtual assistants (e.g., Siri)
- cloud computing services (e.g., AWS)
- online advertising services provided by a company that provides any other CPS
A company that provides a CPS will be designated as a gatekeeper if it fulfills the following three criteria in Article 3 by:
- Having a significant impact on the internal market: This is presumed if the company’s EU turnover is at least EUR 7.5 billion in the last three financial years, or its average market capitalization is at least EUR 75 billion in the last financial year, and it provides a CPS in at least three EU Member States.
- Providing a CPS which is an important gateway for businesses to reach end users: This is presumed if the CPS has at least 45 million monthly active end users established or located in the EU and at least 10,000 yearly active business users established in the EU in the last financial year.
- Enjoying an entrenched and durable position in its operations (or will foreseeably enjoy such a position in the near future): This is presumed if the thresholds for the second criterion were met in the last three financial years.
It is estimated that 13 companies, including Alphabet, Amazon, Apple, Meta, and Microsoft, are likely to meet the criteria above. Companies satisfying the quantitative thresholds may rebut the presumptions by presenting sufficiently substantiated arguments. Conversely, the Commission may conduct a market investigation to assess the specific situation of a CPS provider, and designate it as a gatekeeper based on a qualitative assessment, even if it does not meet the quantitative presumption thresholds.
What are the dos and don’ts?
Companies designated as gatekeepers will be subject to a list of obligations and prohibitions under the DMA. Many of these rules are inspired by recent competition law cases. For example, Article 6(5) prohibits gatekeepers from ranking their own services or products more favorably than those offered by a third party. This prohibition mirrors the Google Shopping case. Article 6(2) bans gatekeepers from using the non-public data of business users when gatekeepers compete with them on their own platforms. This rule echoes the Amazon Marketplace investigation. Under Article 5(4), gatekeepers must allow businesses to promote offers and conclude contracts with end users, whether through the gatekeeper’s platform or through other channels. This obligation might have been inspired by the Apple App Store investigation.
Some other examples from the long list of dos and don’ts in Articles 5 and 6 include the following:
- Allow the installation of third-party apps or app stores using or interoperating with the gatekeeper’s operating system;
- Allow end users to easily uninstall pre-installed apps or change default settings on operating systems, virtual assistants or web browsers that steer them to the gatekeeper’s products and services;
- Not require businesses or end users to use gatekeeper's payment services, identification services, or web browsers for services provided by the businesses using the CPS;
- Not process, for advertising purposes, personal data obtained from third parties using the CPS, without effective consent.
Furthermore, the DMA imposes interoperability obligations to companies designated as gatekeepers of instant messaging services (e.g., iMessage or Whatsapp). Under Article 7, these providers will have to gradually open up and interoperate with third party messaging platforms, if they so request.
The DMA will not replace, but rather complement the EU competition law enforcement. While competition laws address instances of market power and anticompetitive behavior on a case-by-case basis after the conduct occurs, the DMA prescribes general rules that will apply up-front regardless of the actual or potential effects of the conduct. Thus, the DMA is designed to prevent certain types of behavior ex-ante, without limiting the EU’s ability to enforce competition laws ex-post.
If a gatekeeper does not comply with its obligations under the DMA, the Commission may impose fines of up to 10% of its annual global turnover, or 20% in the case of repeated infringements. In the event of systematic non-compliance, the Commission may impose behavioral or structural remedies, including a ban on certain acquisitions.
Companies that meet the gatekeeper criteria will have to notify the Commission within two months after May 2, 2023. The Commission will confirm that a company meets the criteria and designate it as a gatekeeper within 45 working days of its notification. Once a company is designated as a gatekeeper, it will have six months to comply with the DMA. The Commission will adopt a regulation in early 2023 to provide additional guidance on the implementation of the DMA.
The DMA represents a new era of tech regulation in the EU and it might substantially change how digital platforms operate. While commentators expect that there will be legal challenges during the DMA’s implementation, some tech companies have already started changing their practices to comply with the new law. For example, Google now allows developers of non-gaming apps distributed via Google Play to offer billing systems alternative to Google Play’s billing system to users in the EEA.
The DMA’s scope is limited to the CPS offered to businesses established in the EU or end users established or located in the EU. Yet, it might have a larger impact, as some platforms may choose to implement their compliance policies on a global scale to avoid the costs of maintaining different business models in different locations.