Used Services and Cookies

Our website uses cookies to enhance your user experience. Some cookies are essential for the operation and management of the site, while others are used for anonymous statistics or personalized content. Please note that limiting cookie use may impair certain functions of the website.

More information: Imprint, Data protection

Essential cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website or, for example, saving your cookie settings. The website cannot function properly without these cookies. This category cannot be deactivated.
  • Name:
    ukie_a_cookie_consent_manager
  • Domain:
    blomstein.com
  • Purpose:
    Stores the cookie preferences of website visitors.
  • Name:
    blomstein_session
  • Domain:
    blomstein.com
  • Purpose:
    The session cookie is essential for the basic functioning of the website. It allows users to navigate through the site and use its basic features.
  • Name:
    XSRF-TOKEN
  • Domain:
    blomstein.com
  • Purpose:
    This cookie serves security purposes and aids in preventing Cross-Site Request Forgery (CSRF) attacks. It is a technical necessity.
These cookies collect information about how you use a website, e.g. which pages you have visited and which links you have clicked on.
  • Name:
    _ga
  • Domain:
    blomstein.com
  • Purpose:
    The Google Analytics cookie _ga is used to distinguish users by assigning a unique identification number to each visitor. This number is sent to Google Analytics each time a page is accessed in order to collect user, session and campaign data and to statistically evaluate the use of the website. The cookie helps website operators to understand how visitors interact with the website by collecting information anonymously and generating reports.
  • Name:
    _ga_*
  • Domain:
    blomstein.com
  • Purpose:
    The _ga_[container_id] cookie, specific to Google Analytics 4 (GA4), is used to distinguish website visitors by assigning a unique ID for each session and each user. It enables the collection and analysis of data on user behavior on the website in anonymized form. This includes tracking page views, interactions and the path users take on the website to give website operators deeper insights into the use of their site and improve the user experience.
  • Name:
    _gid
  • Domain:
    blomstein.com
  • Purpose:
    The _gid cookie is a cookie set by Google Analytics that is used to distinguish users. It assigns a unique identification number to each visitor to the website, which is sent to Google Analytics each time the page is accessed. This makes it possible to track and analyze user behavior on the website over a period of 24 hours.
  • Name:
    _gat_gtag_UA_77241503_1
  • Domain:
    blomstein.com
  • Purpose:
    The _gat_gtag_UA_77241503_1 cookie is part of Google Analytics and Google Tag Manager and is used to throttle the request rate, i.e. it limits data collection on high traffic websites. This cookie is linked to a specific Google Analytics property ID (in this case UA-77241503-1), which means that it is used for performance monitoring and control of data collection for that specific website property.

EC at the (anti)steering wheel

In our series of briefings, we recap the key milestones of the DMA implementation, deep dive into the various obligations that gatekeepers are facing, lay out the DMA’s implications for stakeholders who are not (currently) within the direct scope of the legislation and update you on the current status of affairs in the DMA’s implementation.

This time we focus on: Anti-steering measures under the DMA.

The fight against anti-steering practices under the DMA

Have you ever wondered why you, as a business user, were not allowed to direct users outside the IOS App Store for paid services? Or you, as an end user, could not see your purchases bought outside of the App in the App? Well, these so-called ‘anti-steering’ practices, here done by Apple, will no longer be allowed. The term 'anti-steering' refers to the efforts made by online platform services to prevent their business customers from directing end users away from their platforms and towards the customers' own websites or marketplaces, where they can enter into contracts without paying a commission to the platform services. Article 5(4) and (5) DMA addresses this behaviour by prohibiting gatekeepers from engaging in such anti-steering practices. The objectives of this regulation are to decrease business users' dependencies on Core Platform Services (CPS), enable multi-homing, and enhance end users' freedom of choice with respect to distribution channels.

While Article 5(4) DMA regulates the behaviour of gatekeepers towards business users, Art 5(5) DMA addresses the behaviour of gatekeepers vis-à-vis end customers.

Under the new provision of Article 5(4) DMA, gatekeepers shall allow business users to

  • communicate and advertise their offers free of charge to end users that have already been acquired;

  • enter into contracts with such end-users even outside the CPS.

In addition, according to Article 5(5) DMA, gatekeepers shall allow end users to

  • access and use the content and subscriptions that have not been acquired through the CPS of the gatekeeper.

Gatekeepers must allow the communication and promotion protected by Article 5(4) DMA to take place both within and outside of the respective developers´ app or other platforms. While Article 5(4) DMA was drafted with situations arising in app stores/app operating systems in mind, it applies to all CPSs that may be subject to such conflicts in the future. To benefit from the anti-steering protection as a business user and to be able to communicate and conclude contracts free of charge, the relationship between the end user and the business customer must have already been established; the parties must have entered a commercial relationship already. This explicitly leaves room for gatekeepers to charge their business ´users for their first point of contact with end users to enter into commercial relationship.

Article 5(5) DMA is closely related to Article 5(4) DMA and requires gatekeepers to permit business users to give their end users access to digital contents, even if it was acquired outside the gatekeepers´ CPS. Otherwise, the practical impact of Article 5(4) DMA would be highly limited if the end users could only access/use these products outside of the business customers´ app.

Both Article 5(4) and (5) DMA use the wording “shall allow” which is ambiguous as to whether any impediments to the protected conduct are forbidden or whether the gatekeeper can e.g. impose certain requirements on its business customers or end users. The scope of the anti-steering provisions has yet to be refined on a case-by-case basis for such questions. The regulation is likely to be interpreted in a way that provides broad protection to business customers or end-users and prohibits any impediments by the gatekeeper. However, it is generally agreed that gatekeepers are not required to proactively develop and invest in new technological solutions for communication and off-app payment that do not currently exist, or in additional accessibility options to make certain digital contents usable. With regard to Article 5(5) DMA, ambiguity is increased as the provision does not explicitly state that gatekeepers must allow access to content acquired off-platform ‘free of charge’, as required by Article 5(4) DMA.

The way towards the DMA – Epic Games’ ”battle royale” against Apple

The disagreements that led the anti-steering measures in Article 5(4) DMA mainly revolve around the Apple App Store. The measures challenge the power of the US company to restrict business customers from entering into contracts with their end users outside of the app store payment system.

The video game and software developer Epic Games attempted to bypass the 30% commission fee that Apple charges on revenues generated through in-app purchases (IAP), distributed through the App Store, for Epic Games´ mobile game Fortnite. In order to do so, Epic Games established a separate payment system for Fortnite instead of relying on the Apple default system of paying for IAPs via an Apple ID and linked payment details. As a consequence, Apple removed Fortnite from its App Store in 2020. This let to Epic games filing antitrust complaints against Apple in multiple jurisdictions – amongst these the US, the EU, the UK, and Australia. In parallel, Epic Games proceeded against Google for similar restrictions in the Android operating system´s Play Store.

Music in Spotify’s ears

Spotify publicly supported Epic Games and criticized the commission model of the App Store. The music streaming service also complained about the restrictions of IAP payment options and filed a complaint with the EC in 2019. In a preliminary assessment, the EC had concerns about the mandatory use of Apple’s proprietary IAPs as well as the limitation of app developers to inform users of alternative purchasing possibilities outside of the IOS platform and send a statement of objections to Apple. In 2022, Apple permitted companies like Spotify to inform their end users about payment options that would not require IAPs, after facing regulatory pressure in Japan. However, Spotify was still dissatisfied with the concessions made by Apple, as Spotify´s advertising abilities for non-IAP payments were limited to sending emails to its customers. On 4 March 2024, only a few days before Apple had to comply with the DMA obligations, the EC fined Apple over EUR 1.8 billion over abusive rules for music streaming providers.

While Epic Games’ conflict with Apple centred on the ability to offer non-IAP payment options at all, Spotify’s case extended to the ability of App Store developers to inform end users of such payment options. Both feuds inspired, and are now regulated by, the DMA.

Implications

Anti-steering rules will re-shuffle App Store economics at the least.

With new operating spaces granted to business customers under the DMA, a few companies have already taken measures to utilise their newfound freedoms. For 2024, Epic Games announced the relaunch of its game Fortnite, which will be available through a separate game store within the EU (allowing developer app stores independent of the Apple App Store is another feat of the DMA, Article 6(4) DMA). Other developers will follow suit and launch proprietary stores as well. From now on, Apple or Google are not able to charge these companies for, or prohibit them from, selling e.g. in-game currency either within the iOS Fortnite app or in a separate e-store linked in the app.

During the DMA´s first “live” week, the EC´s soft power in DMA matters was already demonstrated when the dispute between Apple and Epic Games re-escalated: Apple initially granted Epic Games a developer account to facilitate the construction of a proprietary game store but later revoked this decision with reference to, i.a., Epic Games´ lack of intention to “follow the rules”. After Epic Games complained very publicly and after the EC intervened on an informal basis as well, Apple returned to the status quo ante by granting Epic Games developer access.

Additionally, Apple will from now on not be able to prohibit its business users from letting their customers use contents bought outside of the Apple App Store – e.g. a podcast subscription in the case of Spotify or an extension package to a gaming iOS App in the case of Epic Games – within the respective apps. Given that anti-steering measures under Article 5(4) DMA only apply to already-acquired end customers, Apple has already announced that it will make use of this by charging a “core technology fee” per app download for developers that choose to not partake in its IAP system anymore with their apps.

Spotify, along with 33 other European companies and associations, criticised Apple´s non-compliance with the DMA shortly before it entered into force. In an open letter to the EC, these entities attacked e.g. Apple´s core technology fee and “scare screens” (mandatory warnings to end users that want to make payments or downloads outside of the Apple ecosystem).

Outlook: Legal ambiguity remains high

As has by now emerged, the anti-steering provision in Article 5(4) and (5) allow for some interpretative leeway that gatekeepers might utilize to operate in a pre-DMA style as far as possible. It is yet to be determined whether gatekeepers are willing to take the risks associated with adopting a narrow interpretation which could result in penalties imposed by the EC. Gatekeepers were required to submit their DMA compliance reports to the EC. The DMA contains an anti-circumvention provision in Article 13, but it provides little help in determining which types of behaviour are affected and protected from possible circumvention in the first place. Apple has confirmed that it will not provide free lunches, which may further aggravate companies like Spotify. Instead, it sticks to its core development fee and its commission on iOS apps (though the commission has been considerably reduced) and establishes alternative commission models for developers choosing to opt out of its IAP system. Both non-IAP payments and alternative marketplaces will also see detailed end user education on risks connected to leaving the Apple ecosystem. Spotify and its fellow protestors will likely keep up its complaints, then. On 25 March 2026, the EC announced that it has opened proceedings to assess whether the measures implemented by Alphabet and Apple in relation to their obligations pertaining to app stores are in breach of the DMA. It has further announced that it is taking investigatory steps to gather facts on Apple’s new fee structure. It remains to be seen whether the EC will conclude that the measures taken by the gatekeepers will be an infringement of the DMA.

BLOMSTEIN will continue to monitor and assess the developments and practical application of the DMA provisions. If you have any questions on the topic, Anna HuttenlauchElisa Theresa Hauch and Marie-Luise Heuer will be happy to assist you.

 

  1.  DMA Briefing Series – Kick Off

  2. Private Enforcement under the DMA

  3. Use of End User / Business User Data (Article 5 para 2, Article 6 para 2)

  4. Most-Favored-Nation Clauses (Article 5 para. 3)

  5. Anti-Steering Practices (Article 5 paras. 4 and 5)

  6. Tying and Bundling (Article 5 paras.7 and 8)

  7. Advertising under the DMA (Article 5 para. 9 and 10 and Article 6 para 8)

  8. Self-Preferencing (Article 6 para. 5)

  9. Interoperability, Portability and Switching (Article 6 para. 3, 4, 6, 7, 9)

  10. Business User Access to Data (Article 6 para 10)

  11. Access to Data and Services (Article 6 para 10 - 12)

  12. Outlook: Digital Regulation around the Globe