Verwendete Dienste und Cookies

Unsere Website nutzt Cookies, um Ihre Nutzungserfahrung zu verbessern. Einige Cookies sind essentiell für das Funktionieren und Managen der Seite, während andere für anonyme Statistiken oder personalisierte Inhalte verwendet werden. Bitte beachten Sie, dass bei eingeschränkter Cookie-Nutzung bestimmte Webseitenfunktionen beeinträchtigt sein können.

Weitere Informationen: Impressum, Datenschutz

Notwendige Cookies helfen dabei, eine Webseite nutzbar zu machen, indem sie Grundfunktionen wie Seitennavigation und Zugriff auf sichere Bereiche der Webseite ermöglichen oder z.B. Ihre Cookie-Einstellungen speichern. Die Webseite kann ohne diese Cookies nicht richtig funktionieren. Diese Kategorie kann nicht deaktiviert werden.
  • Name:
    ukie_a_cookie_consent_manager
  • Domain:
    blomstein.com
  • Zweck:
    Speichert die Cookie-Einstellungen der Website-Besucher.
  • Name:
    blomstein_session
  • Domain:
    blomstein.com
  • Zweck:
    Der Session-Cookie ist für das grundlegende Funktionieren der Website unerlässlich. Er ermöglicht es den Nutzern, durch die Website zu navigieren und ihre grundlegenden Funktionen zu nutzen.
  • Name:
    XSRF-TOKEN
  • Domain:
    blomstein.com
  • Zweck:
    Dieser Cookie dient der Sicherheit und hilft, Cross-Site Request Forgery (CSRF)-Angriffe zu verhindern. Er ist technisch notwendig.
Diese Cookies sammeln Informationen darüber, wie Sie eine Website nutzen, z. B. welche Seiten Sie besucht und auf welche Links Sie geklickt haben.
  • Name:
    _ga
  • Domain:
    blomstein.com
  • Zweck:
    Das Google Analytics Cookie _ga wird verwendet, um Benutzer zu unterscheiden, indem es eine eindeutige Identifikationsnummer für jeden Besucher vergibt. Diese Nummer wird bei jedem Seitenaufruf an Google Analytics gesendet, um Nutzer-, Sitzungs- und Kampagnendaten zu sammeln und die Nutzung der Website statistisch auszuwerten. Das Cookie hilft Website-Betreibern zu verstehen, wie Besucher mit der Website interagieren, indem es Informationen anonym sammelt und Berichte generiert.
  • Name:
    _ga_*
  • Domain:
    blomstein.com
  • Zweck:
    Das Cookie _ga_[container_id], spezifisch für Google Analytics 4 (GA4), dient der Unterscheidung von Website-Besuchern durch Zuweisung einer einzigartigen ID für jede Sitzung und jeden Nutzer. Es ermöglicht die Sammlung und Analyse von Daten über das Nutzerverhalten auf der Website in anonymisierter Form. Dies umfasst das Tracking von Seitenaufrufen, Interaktionen und dem Weg, den Nutzer auf der Website zurücklegen, um Website-Betreibern tiefere Einblicke in die Nutzung ihrer Seite zu geben und die Benutzererfahrung zu verbessern.
  • Name:
    _gid
  • Domain:
    blomstein.com
  • Zweck:
    Das Cookie _gid ist ein von Google Analytics gesetztes Cookie, das dazu dient, Benutzer zu unterscheiden. Es weist jedem Besucher der Website eine einzigartige Identifikationsnummer zu, die bei jedem Seitenaufruf an Google Analytics gesendet wird. Dies ermöglicht es, das Nutzerverhalten auf der Website über einen Zeitraum von 24 Stunden zu verfolgen und zu analysieren.
  • Name:
    _gat_gtag_UA_77241503_1
  • Domain:
    blomstein.com
  • Zweck:
    Das Cookie _gat_gtag_UA_77241503_1 ist Teil von Google Analytics und Google Tag Manager und wird verwendet, um die Anfragerate zu drosseln, d.h., es begrenzt die Datensammlung auf Websites mit hohem Verkehrsaufkommen. Dieses Cookie ist mit einer spezifischen Google Analytics-Property-ID (in diesem Fall UA-77241503-1) verknüpft, was bedeutet, dass es für die Leistungsüberwachung und -steuerung der Datenerfassung für diese spezielle Website-Property eingesetzt wird.

EC at the (anti)steering wheel

In our series of briefings, we recap the key milestones of the DMA implementation, deep dive into the various obligations that gatekeepers are facing, lay out the DMA’s implications for stakeholders who are not (currently) within the direct scope of the legislation and update you on the current status of affairs in the DMA’s implementation.

This time we focus on: Anti-steering measures under the DMA.

The fight against anti-steering practices under the DMA

Have you ever wondered why you, as a business user, were not allowed to direct users outside the IOS App Store for paid services? Or you, as an end user, could not see your purchases bought outside of the App in the App? Well, these so-called ‘anti-steering’ practices, here done by Apple, will no longer be allowed. The term 'anti-steering' refers to the efforts made by online platform services to prevent their business customers from directing end users away from their platforms and towards the customers' own websites or marketplaces, where they can enter into contracts without paying a commission to the platform services. Article 5(4) and (5) DMA addresses this behaviour by prohibiting gatekeepers from engaging in such anti-steering practices. The objectives of this regulation are to decrease business users' dependencies on Core Platform Services (CPS), enable multi-homing, and enhance end users' freedom of choice with respect to distribution channels.

While Article 5(4) DMA regulates the behaviour of gatekeepers towards business users, Art 5(5) DMA addresses the behaviour of gatekeepers vis-à-vis end customers.

Under the new provision of Article 5(4) DMA, gatekeepers shall allow business users to

  • communicate and advertise their offers free of charge to end users that have already been acquired;

  • enter into contracts with such end-users even outside the CPS.

In addition, according to Article 5(5) DMA, gatekeepers shall allow end users to

  • access and use the content and subscriptions that have not been acquired through the CPS of the gatekeeper.

Gatekeepers must allow the communication and promotion protected by Article 5(4) DMA to take place both within and outside of the respective developers´ app or other platforms. While Article 5(4) DMA was drafted with situations arising in app stores/app operating systems in mind, it applies to all CPSs that may be subject to such conflicts in the future. To benefit from the anti-steering protection as a business user and to be able to communicate and conclude contracts free of charge, the relationship between the end user and the business customer must have already been established; the parties must have entered a commercial relationship already. This explicitly leaves room for gatekeepers to charge their business ´users for their first point of contact with end users to enter into commercial relationship.

Article 5(5) DMA is closely related to Article 5(4) DMA and requires gatekeepers to permit business users to give their end users access to digital contents, even if it was acquired outside the gatekeepers´ CPS. Otherwise, the practical impact of Article 5(4) DMA would be highly limited if the end users could only access/use these products outside of the business customers´ app.

Both Article 5(4) and (5) DMA use the wording “shall allow” which is ambiguous as to whether any impediments to the protected conduct are forbidden or whether the gatekeeper can e.g. impose certain requirements on its business customers or end users. The scope of the anti-steering provisions has yet to be refined on a case-by-case basis for such questions. The regulation is likely to be interpreted in a way that provides broad protection to business customers or end-users and prohibits any impediments by the gatekeeper. However, it is generally agreed that gatekeepers are not required to proactively develop and invest in new technological solutions for communication and off-app payment that do not currently exist, or in additional accessibility options to make certain digital contents usable. With regard to Article 5(5) DMA, ambiguity is increased as the provision does not explicitly state that gatekeepers must allow access to content acquired off-platform ‘free of charge’, as required by Article 5(4) DMA.

The way towards the DMA – Epic Games’ ”battle royale” against Apple

The disagreements that led the anti-steering measures in Article 5(4) DMA mainly revolve around the Apple App Store. The measures challenge the power of the US company to restrict business customers from entering into contracts with their end users outside of the app store payment system.

The video game and software developer Epic Games attempted to bypass the 30% commission fee that Apple charges on revenues generated through in-app purchases (IAP), distributed through the App Store, for Epic Games´ mobile game Fortnite. In order to do so, Epic Games established a separate payment system for Fortnite instead of relying on the Apple default system of paying for IAPs via an Apple ID and linked payment details. As a consequence, Apple removed Fortnite from its App Store in 2020. This let to Epic games filing antitrust complaints against Apple in multiple jurisdictions – amongst these the US, the EU, the UK, and Australia. In parallel, Epic Games proceeded against Google for similar restrictions in the Android operating system´s Play Store.

Music in Spotify’s ears

Spotify publicly supported Epic Games and criticized the commission model of the App Store. The music streaming service also complained about the restrictions of IAP payment options and filed a complaint with the EC in 2019. In a preliminary assessment, the EC had concerns about the mandatory use of Apple’s proprietary IAPs as well as the limitation of app developers to inform users of alternative purchasing possibilities outside of the IOS platform and send a statement of objections to Apple. In 2022, Apple permitted companies like Spotify to inform their end users about payment options that would not require IAPs, after facing regulatory pressure in Japan. However, Spotify was still dissatisfied with the concessions made by Apple, as Spotify´s advertising abilities for non-IAP payments were limited to sending emails to its customers. On 4 March 2024, only a few days before Apple had to comply with the DMA obligations, the EC fined Apple over EUR 1.8 billion over abusive rules for music streaming providers.

While Epic Games’ conflict with Apple centred on the ability to offer non-IAP payment options at all, Spotify’s case extended to the ability of App Store developers to inform end users of such payment options. Both feuds inspired, and are now regulated by, the DMA.

Implications

Anti-steering rules will re-shuffle App Store economics at the least.

With new operating spaces granted to business customers under the DMA, a few companies have already taken measures to utilise their newfound freedoms. For 2024, Epic Games announced the relaunch of its game Fortnite, which will be available through a separate game store within the EU (allowing developer app stores independent of the Apple App Store is another feat of the DMA, Article 6(4) DMA). Other developers will follow suit and launch proprietary stores as well. From now on, Apple or Google are not able to charge these companies for, or prohibit them from, selling e.g. in-game currency either within the iOS Fortnite app or in a separate e-store linked in the app.

During the DMA´s first “live” week, the EC´s soft power in DMA matters was already demonstrated when the dispute between Apple and Epic Games re-escalated: Apple initially granted Epic Games a developer account to facilitate the construction of a proprietary game store but later revoked this decision with reference to, i.a., Epic Games´ lack of intention to “follow the rules”. After Epic Games complained very publicly and after the EC intervened on an informal basis as well, Apple returned to the status quo ante by granting Epic Games developer access.

Additionally, Apple will from now on not be able to prohibit its business users from letting their customers use contents bought outside of the Apple App Store – e.g. a podcast subscription in the case of Spotify or an extension package to a gaming iOS App in the case of Epic Games – within the respective apps. Given that anti-steering measures under Article 5(4) DMA only apply to already-acquired end customers, Apple has already announced that it will make use of this by charging a “core technology fee” per app download for developers that choose to not partake in its IAP system anymore with their apps.

Spotify, along with 33 other European companies and associations, criticised Apple´s non-compliance with the DMA shortly before it entered into force. In an open letter to the EC, these entities attacked e.g. Apple´s core technology fee and “scare screens” (mandatory warnings to end users that want to make payments or downloads outside of the Apple ecosystem).

Outlook: Legal ambiguity remains high

As has by now emerged, the anti-steering provision in Article 5(4) and (5) allow for some interpretative leeway that gatekeepers might utilize to operate in a pre-DMA style as far as possible. It is yet to be determined whether gatekeepers are willing to take the risks associated with adopting a narrow interpretation which could result in penalties imposed by the EC. Gatekeepers were required to submit their DMA compliance reports to the EC. The DMA contains an anti-circumvention provision in Article 13, but it provides little help in determining which types of behaviour are affected and protected from possible circumvention in the first place. Apple has confirmed that it will not provide free lunches, which may further aggravate companies like Spotify. Instead, it sticks to its core development fee and its commission on iOS apps (though the commission has been considerably reduced) and establishes alternative commission models for developers choosing to opt out of its IAP system. Both non-IAP payments and alternative marketplaces will also see detailed end user education on risks connected to leaving the Apple ecosystem. Spotify and its fellow protestors will likely keep up its complaints, then. On 25 March 2026, the EC announced that it has opened proceedings to assess whether the measures implemented by Alphabet and Apple in relation to their obligations pertaining to app stores are in breach of the DMA. It has further announced that it is taking investigatory steps to gather facts on Apple’s new fee structure. It remains to be seen whether the EC will conclude that the measures taken by the gatekeepers will be an infringement of the DMA.

BLOMSTEIN will continue to monitor and assess the developments and practical application of the DMA provisions. If you have any questions on the topic, Anna HuttenlauchElisa Theresa Hauch and Marie-Luise Heuer will be happy to assist you.

 

  1.  DMA Briefing Series – Kick Off

  2. Private Enforcement under the DMA

  3. Use of End User / Business User Data (Article 5 para 2, Article 6 para 2)

  4. Most-Favored-Nation Clauses (Article 5 para. 3)

  5. Anti-Steering Practices (Article 5 paras. 4 and 5)

  6. Tying and Bundling (Article 5 paras.7 and 8)

  7. Advertising under the DMA (Article 5 para. 9 and 10 and Article 6 para 8)

  8. Self-Preferencing (Article 6 para. 5)

  9. Interoperability, Portability and Switching (Article 6 para. 3, 4, 6, 7, 9)

  10. Business User Access to Data (Article 6 para 10)

  11. Access to Data and Services (Article 6 para 10 - 12)

  12. Outlook: Digital Regulation around the Globe