In early November, the much awaited and debated, Digital Markets Act ("DMA") entered into force. The DMA (a regulation) has direct effect and therefore does not need to be incorporated into national legislation. The DMA will apply after six months i.e. by the 2 May 2023.
The DMA establishes a set of rules that aim to make the digital sector fairer and competitive. For example by ensuring that there are low barriers to market entry and exit. The new law reflects the European legislator's goal to regulate online platforms effectively, create a level playing field for businesses and bring fairer conditions to consumers. For some, the regulation may have far-reaching consequences for their innovation efforts and business models, while for others it may offer opportunities to benefit from a more innovative and competitive business environment. The exact impact of the regulation will become clearer in the months ahead.
Why DMA and for whom?
Traditional antitrust laws have not proven to be sufficient in tackling the ever-evolving and complex digital markets. Certain characteristics of large platforms such as vertical integration, extreme scale economies, strong network effects, ability to connect business users to end-users, data driven advantages, lock-in effects, etc. can enable them to exploit such power and tilt the market in their own favour. The DMA intends to complement the existing antitrust laws by setting ex ante ground rules for the "gatekeepers", as they are called, regarding what conduct is acceptable and what is not.
The regulation applies to businesses (both EU and non-EU based) designated as "gatekeepers" by the European Commission. To qualify as a gatekeeper, these businesses should provide at least one of the ten core platform services ("CPS") listed in the regulation that include operating systems, online intermediation services, search engines, social networking, cloud computing, etc. If that is the case, the Commission can designate such a business as a gatekeeper if the following cumulative thresholds are met:
- it has a significant impact on the internal market: this is presumed to be the case if the business has an annual turnover of €7.5 billion within the EEA in each of the past three financial years, or a market valuation of at least €75 billion in the past financial year, and it provides the same CPS in at least three Member States;
- it provides an important gateway for business users to reach the end-users: this is presumed to be the case if the business operates a CPS with more than 45 million active end-users per month established or located in the EU and more than 10,000 yearly active business users established in the EU in the past financial year;
- it enjoys an entrenched and durable position: this is presumed to be the case if the other two conditions are met in each of the past three financial years.
Even if the quantitative thresholds are not met, a business providing a CPS can still be identified as a gatekeeper by the Commission following an in-depth market investigation. This seems to open the door to a degree of uncertainty and unpredictability for businesses and practitioners.
What are the obligations and prohibitions under the DMA?
If a business is designated as a gatekeeper, it will have to comply with a set of obligations and prohibitions within six months of the Commission's decision. The Commission may update the list of obligations and prohibitions following an in-depth investigation. Examples of the current obligations and prohibitions that gatekeepers will have to adhere to at all times include:
- allowing business users to promote their offers (for lower prices if they so wish) on other platforms and conclude contracts with their customers outside the gatekeeper's platform to prevent further dependence on the CPS of gatekeepers;
- not combining or cross using personal data between different CPS, unless the end-user has specifically provided consent. This obligation is intended to enable end-users to freely choose to opt-in to such data processing and sign-in practices by offering a less personalised but equivalent alternative, and without making the use of the CPS conditional upon the end-user’s consent.
Other obligations and prohibitions with which gatekeepers are also expected to comply, but for which they may request further specification from the Commission on how they should be applied, are:
- allowing third parties to interoperate with their own service;
- providing end-users with effective data portability and business users with access to the data generated by their activities on the gatekeeper's platform free of charge. Given that data is the lifeblood of the digital economy and that the end-users of businesses using a CPS generate a vast amount of data, access to such data aims to prevent the gatekeeper from undermining the contestability of the CPS;
- not treating their own products and services more favourably than those also offered by third parties in ranking and related indexing and crawling, and applying transparent, fair and non-discriminatory conditions to such ranking;
- allowing end-users to uninstall preinstalled apps easily and enable them to change default settings on operating systems, web browsers or virtual assistants. This obligation intends to prevent end-users from being steered towards the products and services of the gatekeepers and increases free choice.
The Commission will enforce the DMA with support of the national regulators. Infringement of the act could lead to a fine up to 10% of the businesses total worldwide turnover and up to 20% annual worldwide turnover in the case of repetitive infringements. In addition, an infringement could also lead to periodic penalty payments of up to 5% of the company's total worldwide daily turnover. Furthermore, systematic infringements can lead the Commission to impose additional behavioural and structural remedies.
What to expect?
The Commission expects 15 to 20 gatekeepers to be designated and estimates a total compliance cost for them combined between €21.15 million and €28.2 million per year (i.e. an average of about €1.4 million per gatekeeper per year). According to the Commission, these costs are incurred by additional staff to check whether a platform complies with the new rules and for staff who interact with the regulator and respond to information requests. Indirect costs for gatekeepers could be higher, as the proposed measures are expected to have an impact on their business models and potentially affect their profits.
Set against the effects the DMA could have on gatekeepers and innovation in general, the following practical effects could also include the following: (i) the creation of alternative app stores as well as the opening up of app stores to all, (ii) the creation of alternative payment systems or identification services (as gatekeepers can no longer require app developers to use certain services), (iii) the creation of alternative browsers (as users are now free to choose their browsers), (iv) guaranteed interoperability with major players such as WhatsApp for those launching a messaging app, (v) increased availability of analytical and statistical figures to sellers on online marketplaces, (vi) the end of platform monopolies (e.g. in hotel booking or car rental markets) because sellers will be free to offer their product elsewhere, and (vii) a better competitive position for non-gatekeeper businesses now that gatekeepers can no longer rank their own products and services above those of other providers.
Whether any of these predictions will come true remains to be seen. This is also true for any consequential effects the DMA rules may have on the national antitrust regulators' practices towards CPS businesses that are not formally designated as gatekeepers. That being said, timeline would be as follows:
What to do now?
Very large businesses active in the provision of CPS are likely to be aware of whether they qualify as a gatekeeper or not. It also seems probable that they have assessed their business operations in line with the obligations imposed by the DMA.
At this stage, the DMA may also affect the business operations (or potential business opportunities) of companies that offer or plan to offer services on the gatekeeper's platforms, or competing digital platforms. The rules set by the DMA may open up business opportunities. For businesses other than gatekeepers, it may be worthwhile to analyse the DMA in more detail to see if the new regulatory framework provides a legal basis for a broader offering of services, as expected by the European Commission.