The European Digital Market Act goes live – trick or treat for the digital sector?
On the night after Halloween, the long-awaited Digital Market Act (DMA) has entered into force. Should companies be frightened or euphoric about the new EU rules for digital gatekeepers? Although field testing is still some months away – the DMA will only start applying after a further six months, on 2 May 2023 – affected companies are well advised to already familiarize themselves with the mechanics of the DMA. Our briefing outlines how the DMA will work.
The DMA in a nutshell
Alongside its sister legislation, the Digital Services Act, the DMA is one of the core elements of the EU Digital Strategy. It aims to ensure that multi-sided platform markets remain fair and contestable. The rationale behind it is that traditional competition law instruments have often proven too little, too late when addressing the behaviour of ‘Big Tech’ – in particular of huge digital platforms with a global reach.
To understand how the DMA works, one needs to understand its two main concepts: That of the gatekeeper and that of the ‘core platform service’ (CPS). Only designated gatekeepers that provide a core platform will be caught by the new rules. In this case, the DMA imposes several very specific obligations and prohibitions on them, some of which are self-executing and directly applicable, and some of which need to be further specified by the European Commission (Commission) on a case-by-case basis. Most of them mirror previous and current high-profile competition enforcement cases in the digital sector.
The DMA has entered into force on 1 November 2022. It will start to apply 6 months after its entry into force on 2 May 2023. This means that the first gatekeeper designations should not be expected before early September 2023 and designated companies will have to comply with the new rules in March 2024 at the earliest.
A key question that remains is to what extent national enforcement regimes for digital gatekeepers and online platforms will remain relevant, most notably the German Sec. 19a ARC.
Who qualifies as a “gatekeeper”?
The new regulation is aimed at CPS, which have a gatekeeper function. Typical CPS include online intermediation services, online search engines, social networking services or video sharing platform services. Ultimately, this includes all important services offered by the major digital companies. Due to extreme economies of scale, very strong network effects and/or lock-in effects, effective enforcement of the law has not been possible with the previous means of competition law.
In order for an operator of a CPS to qualify as a gatekeeper, certain qualitative criteria have to be met. The DMA contains a rebuttable presumption that the qualitative criteria are met if certain quantitative criteria are met:
The CPS
1. must have a significant impact on the domestic market, which is presumed if the company achieved an annual EU-wide group turnover of at least EUR 7.5 billion in each of the last three financial years, or where its average market capitalization or equivalent fair market value amounted to at least EUR 75 billion in the last financial year, and it provides the same CPS in at least three EU Member States;
2. plays an important role as an intermediary between business and private users, which is presumed if the CPS has at least 45 million active monthly end users and at least 10,000 yearly active business users in the EU in the last financial year;
3. has an established and lasting position with its services or is likely to have one in the near future, which is presumed if the user number thresholds have been met in each of the last three financial years.
The rules of the DMA will start to apply on 2 May 2023. Within two months after this date, i.e., at the latest, on 3 July 2023, companies providing CPS will have to notify the Commission if they meet the quantitative thresholds and provide all relevant information.
The Commission will then decide about designating a company as a gatekeeper within 45 working days, i.e.by September 2023 at the earliest. Should the provider of a CPS present reasoned arguments to rebut the presumption and the Commission accepts these, a market investigation is required, which will extend the procedure by another 5 months.
The designated gatekeepers will have a maximum of six months after the Commission decision to ensure that they comply with all the obligations and prohibitions laid down in the DMA. If the undertaking fails to notify the Commission, the Commission may designate it as a gatekeeper on becoming aware of relevant information.
What are the Do’s and Don’ts for gatekeepers?
The DMA contains a blacklist of 13 very specific “do’s” and 9 “don’ts” that a gatekeeper must comply with. Many obligations concern interoperability, data access and self-preferencing. There is no denying that most of these obligations read like a “best of” from previous high-profile antitrust cases. We consider the following obligations as particularly notable:
Prohibition of Most-Favored-Nation Clauses (MFNs) (Article 5 para. 3)
A gatekeeper must not impose most favored nation/parity clauses that prevent suppliers and retailers from offering the same or better prices on other sales channels. This is intended to promote competition between platforms. While the initial draft only included a ban on wide MFN clauses (i.e., requiring suppliers to set the same or better prices on the gatekeeper’s website or platform as on its own website or through other sales channels), the DMA now contains a complete ban on wide and narrow (i.e., requiring suppliers to set a price on the gatekeeper’s website or platform that is not higher than the price offered through its own website) MFN clauses. Interestingly, the new Vertical Block Exemption Regulation (VBER) that came into effect in June 2022, only restrict the use of wide MFN clauses; narrow MFN’s can still benefit from the VBER. As a result, there is some risk of legal fragmentation depending on the applicable law, as different requirements for MFN clauses may apply under the VBER, the DMA and national law.
Prohibition of anti-steering practices (Article 5 paras. 4 and 5)
A gatekeeper must allow business users to promote their own offers and conclude contracts with customers outside the gatekeeper’s CPS and allow end users to access and use such third-party offers. This seems to be a clear nod to the Commission’s ongoing Apple App Store investigation, or the Epic Games case, where Apple is accused of unlawfully preventing other companies from directing consumers to alternative offers outside of Apple’s ecosystem. Thus, providers of an app store will have to allow app developers to promote offers outside of the app store to end users free of charge without involvement of the app store owner, for instance without using the app store owners in-app purchase solutions.
Prohibition of tying and bundling (Article 5 paras.7 and 8) The DMA also contains restrictions on tying and bundling practices. This restriction mirrors the famous Microsoft cases of the Commission (Open Document Format, Windows Media Player, Internet Explorer). The prohibition on tying is limited to other CPS, meaning Gatekeeper cannot make the use of one CPS dependent on the use of or subscription to another CPS. Where one or the other service is not a CPS, the prohibition does not apply. For instance, the German Facebook / Oculus case, where Facebook is accused of tying access to its Virtual-Reality activities to a Facebook login, will likely not be caught by the DMA. For the DMA to apply to this case, virtual reality applications would have to be designated as a CPS.
Prohibition of self-preferencing (Article 6 para. 1 d)
A gatekeeper must not give any preferential treatment in ranking on its CPS. This is not a general prohibition of self-preferencing, but only prohibits self-preferencing in “rankings” of products or services and related indexing and crawling. This prohibition mirrors the Commission’s Google Shopping case, where the Commission found self-preferencing to have occurred through disadvantageous display and ranking of results of other intermediation platforms. In addition, the conditions of the ranking have to be transparent, fair and non-discriminatory. The practical implications of the transparency, and whether, as a result, gatekeepers have to disclose some parts of their ranking algorithm remains to be seen. This obligation may require Gatekeepers to separate their search or intermediation activities from other business areas to some extent, including through Chinese Walls.
Other obligations for gatekeepers
Fair processing of personal data
While a number of the DMA’s obligations relate to the usage of consumer data, some clearly entail game changers from a consumer perspective. Specifically, Article 5 para. 2 DMA generally prohibits the combination and cross-use of personal user data and prevents gatekeepers from signing in end users of a CPS to other services of the gatekeeper in order to combine personal data.
Advertisers and Publishers
Other stipulations focus on advertisement: Article 5 para. 9 and 10 DMA contain obligations to provide advertisers and publishers access to transparent pricing and performance information and data for all of their advertisements. The corresponding Article 6 para. 8 DMA obliges gatekeepers to grant advertisers and publishers access to performance measurement tools used by the gatekeeper. Article 6 para. 2 DMA even prohibits gatekeepers from using the data of their business users if they compete with them on their own platform.
Interoperability, Portability and Switching
Additional obligations aim to keep digital ecosystems open and contestable by preventing lock-in effects (i.e., situations where consumers are dependent on a single platform or service and cannot move to another supplier): Apart from bans on requiring the registration with other CPS (Article 5 para. 8 DMA) and restricting the ability to uninstall pre-installed software and to change default settings (Article 6 para. 3 DMA), they concern side loading, i.e. the installation and effective use of third-party software and apps (Article 6 para. 4 DMA), the switching of apps or services (Article 6 para. 6 DMA), as well as interoperability (Article 6 para. 7 DMA) and data portability (Article 6 para. 9 DMA) obligations. Article 6 para. 10 DMA contains an obligation to grant business users and authorized third parties access to the data generated by their activities on the gatekeeper’s CPS. In addition, there is a specific interoperability obligation for messenger services in Article 7 DMA.
FRAND conditions and other obligations
Additionally, gatekeepers are obliged to offer access on fair, reasonable and non-discriminatory (FRAND) terms to providers of online search engines to ranking, query, click and view data (Article 6 para. 11 DMA). A similar FRAND obligation exists concerning the access of business users to gatekeepers’ app store services, search engines and social networking services (Article 6 para. 12 DMA).
Other notable gatekeeper obligations are bans on disproportionate conditions for the terminations of CPS (Article 6 para. 13 DMA) and on imposing restrictions on business users or end users from pursuing legal remedies before European and national courts (Article 5 para. 6 DMA).
Finally, gatekeepers are subject to two general obligations: They must inform the Commission if they intend to engage in mergers and acquisitions involving other CPS providers (Article 12 DMA). They must also provide an annual independently audited description of any consumer profiling techniques used in or across their CPSs (Article 13).
Enforcement powers of the Commission and Sanctions
Some ‘self-executing’ obligations of the DMA take immediate effect (Article 5 DMA), whereas others first require further specification through a regulatory dialogue (Article 6 DMA). This means that the Commission may open a procedure but must further specify some of the measures that the “gatekeeper” in question should adopt.
The Commission has various investigative powers to effectively enforce the provisions of the DMA. As the “guardian of the European Treaties”, it will be the sole enforcer of the DMA. National authorities will have no enforcement powers under the DMA but their role is limited to supporting the Commission’s investigations, in particular at the beginning of an investigation when gathering information. Given the scope of the DMA and some concerns regarding lack of enforcement staff at the Commission, some expect the role of national enforcers to increase in the medium term.
If a company violates the provisions of the DMA, the Commission can impose fines of up to 10 percent of the company’s worldwide turnover. There is a steep increase for repeat offenders: If a gatekeeper has committed the same or a similar infringement in relation to the same CPS, leading the Commission to issue a second fine within eight years, the maximum amount imposed can reach up to 20 % of the gatekeeper’s worldwide turnover.
Private enforcement
The DMA also provides for private enforcement. Competitors, customers, or suppliers of the gatekeepers can bring actions in the competent courts of EU Member States. National courts can ask the Commission for information or opinions on questions concerning the application of DMA.
One of the main objectives of the 11th amendment to the German Act against Restraints of Competition (ARC), which was proposed on September 26, 2022, is the effective enforcement of the DMA in Germany. The proposal of German Federal Ministry of Economics and Climate Protection Claimants provides for claims for damages or injunctive reliefs. Additionally, final decisions by the Commission and by national courts determining a violation of the obligations under the DMA will be binding on German courts. Lastly, a longer limitation period of five years applies instead of the general limitation period for civil law matters of three years.
Relationship to national gatekeeper regulation
The DMA supersedes national Gatekeeper regulation, not however national competition law. This raises the question to which extent there is room for national rules for digital gatekeepers. As a pioneer of gatekeeper regulation, the German legislator introduced specific legislation addressing digital gatekeepers with Sec. 19a ARC in 2021 (see our briefing on Sec. 19a ARC). Like the DMA, Sec. 19a ARC aims at curbing the power of gatekeepers. While Sec. 19a ARC addresses similar conduct as the DMA, it is based on a more flexible and technology-neutral approach while the DMA is clearer and more predictable in terms of which types of conduct and services are covered.
The key question to be asked is whether the national law qualifies as regulatory law – meaning that the DMA will supersede national law. If, however, national law qualifies as competition law, it will be applied alongside the DMA to the extent that it exceeds the scope of the regulation or the catalogue of obligations. With regard to Sec. 19a ARC specifically, it is expected that it will apply alongside the DMA to a limited extent, particularly with regard to services not yet included in the list of CPS, companies below the gatekeeper threshold or as a catch-all provision to capture novel technologies, behaviours or bypass constructs that cannot (yet) be captured by the DMA.
The German rules for gatekeepers may have shown one thing: If you give competition enforcers a powerful new tool to target Big Tech, they are likely going to use it. The jury is still out on if we will experience something similar with the Commission and the new DMA.
Outlook
Expectations of the DMA’s impact on the digital and platform industries range from completely ineffective to absolutely disruptive. One thing is clear: Providers of CPS will have to assess whether they meet the criteria and qualify as gatekeepers. If they are designated by the Commission, compliance with the DMA will be a mammoth task. Other stakeholders such as competitors, suppliers and end customers will likely be affected by the new rules as well and attempt to use them for their own benefit. Myriads of practical questions are yet to be addressed, from privacy concerns to technical issues, such as the interoperability obligation of messenger services. They will pose major challenges for both affected companies and the Commission. Active discussions and stakeholder workshops are currently taking place between the Commission and the industry to facilitate a smooth start of the DMA. Moreover, the Commission is currently working on an implementing regulation that will cover key procedural aspects of the DMA’s notification and designation process.
BLOMSTEIN will continue to monitor and inform about antitrust enforcement trends in the digital economy in Germany and across Europe. If you have any questions on the topic, Max Klasse, Philipp Trube, Marie-Luise Heuer and BLOMSTEIN’s entire competition law team will be happy to advise you.