DMA countdown - Perhaps the most important milestone: gatekeepers must ensure compliance

Update
06.03.2024
6 March 2024 marks another milestone in the regulation of digital markets, as it is the deadline for the six designated gatekeepers to comply with their obligations under the Digital Markets Act (DMA).
DMA timeline

With the entry into force of the DMA, the European Commission not only added another instrument to its regulatory toolbox. It has also expanded its supervisory regime with a tool that allows it to intervene preventatively in the market behaviour of the largest technology and digital companies in the European Union. In less than a year, the DMA has certainly proven to stir the (digital) pot. The question now is whether all the movement can be directed towards the ultimate goal of it all: to make digital markets fair and contestable.

A refresher: what is the Digital Markets Act?
Before we look ahead to what is to come, it is good to briefly recap what the DMA is all about. For a more elaborate introduction and historical overview, please see our previous blogs on the consequences for large tech platforms and on the main changes and concerns. The DMA aims to make digital markets fair and contestable for businesses and consumers by introducing a set of obligations and prohibitions for so-called gatekeepers. Gatekeepers are large digital platforms that provide core platform services (CPS) such as online search engines, online intermediation or advertising services, app stores and messenger services.

A CPS provider is designated as a gatekeeper if it meets three qualitative criteria: the company has a significant impact on the internal market, provides an important gateway for business users to reach end users and enjoys an established and durable position. These criteria are presumed to be met if three quantitative thresholds, based on turnover and/or monthly active end users, are met. Companies have the possibility to rebut the presumption and provide substantiated arguments to demonstrate that - despite meeting all the thresholds - they should not be designated as a gatekeeper due to exceptional circumstances. In addition, the DMA empowers the Commission to launch a market investigation to assess whether a company should be designated as a gatekeeper despite not meeting the quantitative thresholds.

Once designated as a gatekeeper, the company has six months to ensure full compliance with the DMA obligations and prohibitions. The obligations include those relating to interoperability, access to data, advertising tools and allowing off-platform transactions. The prohibitions include prohibitions on self-preferencing, preventing the uninstallation of pre-installed applications and off-platform tracking. Non-compliance by gatekeepers can result in significant fines (up to 10% of the worldwide turnover) or periodic penalty payments (up to 5% of the average daily turnover).

2 July 2023 was the first deadline under the DMA for potential gatekeepers to notify the Commission if they met the quantitative thresholds. By the deadline, the Commission received notifications from Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft and Samsung.

First milestone: designation of gatekeepers
After receiving the first notifications, the Commission designated Alphabet, Amazon, Apple, ByteDance, Meta and Microsoft as gatekeepers on 6 September 2023. These gatekeepers have to ensure compliance with the DMA rules by March 2024. The Commission has also accepted the first exceptions. One CPS (Samsung's internet browser and Microsoft's and Alphabet's email services) met the thresholds, but nevertheless did not qualify as a gateway. Consequently, Samsung is not designated as a gatekeeper to any core CPS. With regard to its Internet browser, the Commission considered that, inter alia, taking into account the overall scale of the Internet browser, it is not an important gateway for business users to reach end users; and moreover, it is dependent on Alphabet's Blink browser engine.

Second milestone: market investigations and (expected) outcomes
Simultaneous to the initial designation of gatekeepers, the Commission launched five market investigations. Four investigations were initiated because the parties (Apple in respect of iMessage) and Microsoft in respect of Bing, Edge and Microsoft Advertising) that notified the Commission that the met the thresholds submitted rebuttal arguments, arguing that their platforms do not qualify as gateways.

On 12 February 2024, the Commission agreed with Apple and Microsoft and decided that indeed iMessage, Bing, Edge and Microsoft Advertising do not qualify as gatekeeper services. Consequently, Apple will not have to allow interoperability between iMessage and rival messaging platforms. Microsoft will still be able to make Bing and Edge the default search engine and browser in Windows, and Microsoft Advertising will be subject to less stringent advertising transparency rules. The decisions are yet to be published.

The fifth investigation is still ongoing and aims to assess whether Apple's iPadOS should qualify as a gatekeeper even though it does not meet the quantitative thresholds. The outcome of this investigation is expected in September 2024.

Third milestone: new notifications
On 1 March 2024, the Commission received new notifications from Booking, ByteDance and X about their services potentially meeting the DMA thresholds, which could make them subject to the new EU rules on gatekeeper platforms. It now has 45 working days to decide whether to designate the companies as gatekeepers and it will also assess any arguments to rebut the presumption that they should be designated as gatekeepers.

Fourth milestone: unveiling the effect of the DMA - compliance by designated gatekeepers as of 7 March
Perhaps the most important milestone in 2024 is 7 March, when those designated as gatekeepers in September 2023 must ensure full compliance of their CPSs. Several gatekeepers have announced the actions they will take to ensure compliance with their obligations under the DMA. The overall question now is whether the gatekeepers will indeed be fully compliant by 6 March. In the run-up to this deadline, various developments illustrate the vulnerability of a new enforcement tool put into practice, for example:

  • Will the DMA be able to ensure effective compliance?
     Commissioner Vestager has voiced her doubts whether indeed the tech companies will be fully compliant by 6 March, their ultimate deadline, though she remained mildly positive of the fact that several measures are at the moment being tested with stakeholders. However, several market players, competitors, and users of CPSs have already heavily criticized the proposals for not going far enough, and in some cases even claiming that new fees are 'extortion'. A recent letter by various companies and associations summarizes the various concerns heard so far perfectly: the measures proposed so far by the designated gatekeepers "not only disregard both the spirit and letter of the law, but if left unchanged, make a mockery of the DMA and the considerable efforts by the European Commission and EU institutions to make digital markets competitive".
  • What negative externalities may need to be taken into account when applying the DMA?
     Sufficient compliance is not the only concern. Accusations of gatekeepers amending their business in bad faith already surfaced, resulting in additional revenue streams for the gatekeepers and more expensive conditions for (business) users that are depending on the relevant gatekeepers' CPS. Even more, amendments under the DMA by one gatekeeper may have unintended 'positive' externalities for other (potential) gatekeepers. In a letter to the Commission French lawmakers warned that "plans by Google to change its search service to comply with the EU's new tech "gatekeeper" law risk actually increasing the prominence of major travel platform Booking.com over hotels".
  • What will the role of data protection arguments be?
    In the past, dominant companies have invoked data protection and privacy arguments in the context of competition law investigations. In the digital and tech sector, data is incredibly powerful asset for business. The question is to what extent they will be able to invoke data protection and privacy arguments in case of non-compliance. Apple for example, after having announced that, in order to comply with the DMA, it would allow developers to use different browser engines other than its own, it could no longer do so due to privacy and security risks.
  • Will the European Commission be able to effectively and quickly address non-compliance?
    We do not expect that the Commission will start handing out fines left, right, and center after the implementation date for compliance measures has arrived. Competition officials have indicated that they will initially aim to use quick fixes (where available) to ensure compliance, rather than starting infringement procedures every time. However, if history has taught us anything (thinking for example about the Google search engine case, where various attempts to end the procedure by means of commitments failed, forcing quick fixes from unwilling companies may not lead anywhere. Hopefully, where the Commission will sense it is not making sufficient progress, it will not hesitate to open formal proceedings.

A cautious but hopeful outlook
Despite the current reservations, the commitment of the European Commission, and the availability of an extensive and engaged 'enforcement squad', offers a cautious but hopeful outlook for the DMA. Days before the deadline for compliance, the Commission sent a strong message to the gatekeepers when it announced the fine imposed on Apple for its abusive App Store rules for music streaming providers. The fine of EUR 1.84 billion consists of the basic amount of 40 million plus an additional 1.8 billion (!) for deterrence.

Furthermore, even though the enforcement of the DMA will in principle be the responsibility of the Commission, national competition authorities and third parties such as competitors, business users and end users, will also have an important role to play.

Competitors, business users and end-users have been given an important role throughout the whole enforcement process. The Commission has confirmed on multiple occasions that it will rely on third parties to, inter alia, market test any amendments proposed by the designated gatekeepers to ensure DMA compliance. Furthermore, In the event of non-compliance with the DMA, affected parties will be able to call on national authorities. The underlying idea is that national authorities will be much are more approachable. The threshold for approaching an authority to voice a concern about a gatekeeper will therefore be much lower. As various stakeholders have already commented on the proposed compliance measures, it is expected that several complaints will be lodged with national authorities. Moreover, we expect private enforcement to be an important pillar of DMA enforcement. Similar to private enforcement of antitrust laws, private parties who have suffered damages as a result of a breach of the DMA will be able to lodge a claim in court. Given the number of outspoken stakeholders, it can be expected that over time this will be a serious area of opportunity for those who feel that they have been disadvantaged by the gatekeepers, especially where those gatekeepers have failed to comply with the DMA.

But most importantly, the national competition authorities are clearly willing to assume their role and take responsibility to ensure full DMA compliance and digital markets becoming fair and contestable. As mentioned in our update on Benelux Competition Law in 2024, the Dutch Authority for Consumers and Markets (ACM) - like other regulators for example in France and Spain - is very active in the field of digital markets. For example, the ACM, together with the ECN network, is organising a major event on the DMA on 24 June 2024. The conference ('DMA: empowering business models') will focus on the possibilities that the DMA presents to businesses, and it aims to place these businesses in a stronger position to use the benefits the DMA intends to offer. This event is specifically aimed at competitors and parties seeking access to gatekeepers and aims to help these entrepreneurs use the DMA.

The ACM has sent two employees to Brussels to join the Commission's enforcement teams for the DMA. This move will give the Commission more enforcement power, and enables the ACM employees to gain relevant experience. The ACM is also preparing to strengthen its own position as a national enforcement body at the forefront of regulating large technology companies. The fact that the ACM takes its role in the proper functioning of the digital markets seriously is further illustrated by its recent investigation of an online platform over indications of self-preferencing and the possible use of company data to strengthen its own position on the platform.

Conclusion
We have reached an important point in the application of the DMA; and even though it will most certainly be challenging, we so far remain hopeful for the opportunities it will entail for the digital market and all of its players.We have reached an important point in the application of the DMA. Even though it will most certainly be challenging, we remain hopeful for the opportunities it will entail for the digital market and all of its players.

Related articles

Cookie notification

This functionality uses third-party cookies. Change your cookie preferences to view this content or view more information.
These cookies ensure that the website works properly. These cookies cannot be disabled.
These cookies can be placed by third parties, such as YouTube or Vimeo.
By deactivating categories, it is possible that related functionalities within the website may no longer work properly. It is always possible to change your preferences at a later time. View more information.