The Digital Markets Act (DMA) will have a significant impact on the operation of digital platforms. It requires large online platforms who act as “gatekeepers” in digital markets to comply with wide-ranging obligations. Its objective is to ensure that digital markets are more open and contestable.
The DMA sits alongside the Digital Services Act (DSA), which has a wider scope and provides obligations for digital services that act as intermediaries in connecting consumers with goods, services, and content. While the DMA aims to ensure fairer digital markets, the DSA focuses on ensuring online safety and transparency.
The obligations and prohibitions placed on gatekeepers by the DMA covers many aspects of their operations. They include restrictions on what they can do with user data, requirements to make services interoperable with those of third parties, and obligations to provide information to advertisers and publishers. The provisions of the DMA also bans activities such as ranking gatekeeper’s own products ahead of their competitors, the pre-installation of certain apps or software, and forcing the use of the gatekeeper’s other services.
There are harsh sanctions for non-compliance. If a gatekeeper does not comply with the rules, the European Commission (EC) can impose fines of up to 10% of its total worldwide turnover in the preceding financial year, and 20% in case of repeated infringements. In case of systematic infringements, the EC may ban them from acquiring other companies for a certain time.
Timing of the Digital Markets Act
The official legal text of the DMA will be published in the EU’s Official Journal in autumn this year. It will enter into force 20 days after publication and become applicable six months later, most likely in March or April 2023.
Scope of the Digital Markets Act
The DMA applies to “gatekeepers” in digital markets who provide “core platform services” (CPS). These include online intermediation services, online search engines, online social networking services, video-sharing platform services, number-independent interpersonal communications services, operating systems, web browsers, virtual assistants, cloud computing services and online advertising services.
A gatekeeper in this context is identified by three qualitative criteria, which are presumed to be satisfied if certain quantitative thresholds are met:
- A company must have “significant impact” on the EU market
The company is presumed to meet this criterion if it has: (a) achieved EU turnover equal to or above EUR7.5 billion in each of the last three financial years; or (b) has had average market capitalization or equivalent fair market value of at least EUR75bn in the last financial year; and it provides the same CPS in at least three Member States.
- Its CPS must be an “important gateway” between businesses and end users
The company is presumed to meet this criterion if its CPS has had at least: (a) 45 million monthly active end-users established or located in the EU; and (b) 10,000 annually active business users established in the EU in the last financial year.
- It must have or be likely to soon have “an entrenched and durable position”
The company is presumed to meet this criterion if the quantitative thresholds under criteria 2 above were met in each of the last three financial years.
CPS providers will have to assess themselves whether they meet the thresholds to be identified as a gatekeeper. If they do, they will have to notify the EC within two months from the date the DMA becomes applicable (or from the point that they start to meet the criteria, if later). They then have a maximum of six months after being designated as a gatekeeper to comply with the new obligations.
The Digital Markets Act’s obligations for core platform service providers
The DMA provides for two broad categories of do’s and don’ts for gatekeepers.
The first category is framed so that gatekeepers can comply without the need for the EC to specify any further details. It includes the following obligations:
- not to process, for online advertising purposes, the personal data of end-users of third-party services supplied through the gatekeeper’s platform without the end-user’s consent.
- not to combine or cross-use the personal data of end-users across CPS or between CPS and other services or sign-in end-users to other services in order to combine personal data, without the end-user’s consent.
- not to impose either ‘wide’ parity clauses (restricting business users from offering lower prices and better conditions on any other online sales channels) or ‘narrow’ parity clauses (restricting business users from offering lower prices and better conditions on their own sales channels)
- to allow business users, free of charge, to communicate and promote their products and services (including under different conditions) to end users acquired via the gatekeeper’s CPS (or through other channels) and to conclude the contracts with those end-users.
- to allow end-users to access and use through the gatekeeper’s CPS, content, subscriptions, features or other items by using the software application of a business user, including those acquired outside of the gatekeeper’s CPS.
- to refrain from stopping business users or end-users from raising the issue of gatekeeper non-compliance with EU or national laws with the relevant public authorities or national courts.
- not to require end-users or business users to subscribe or register with any further of the gatekeeper’s CPS as a condition for using one of the gatekeeper’s CPS.
- not to require end-users to use, or business users to use, offer, or interoperate with, an identification service, a web browser engine or a payment service, or technical services that support the provision of payment services, such as payment systems for in-app purchases, of that gatekeeper in the context of services provided by the business users using that gatekeeper’s CPS.
- to provide advertisers and publishers (or their authorized third parties) to which a gatekeeper supplies online advertising services, on request and free of charge, with information on a daily basis concerning the price and fees (including any deductions and surcharges) paid by the advertiser and publisher, as well as the amount of remuneration (including any deductions and surcharges) paid to the publisher, and the metrics on which each of the prices, fees and remunerations are calculated for the publishing of a given advertisement and for each of the relevant advertising services provided by the gatekeeper.
The second category of obligations are those “susceptible to be further specified”, meaning that the EC can give further clarity on whether a gatekeeper’s proposed method of implementing the obligations is sufficient (which the EC can investigate either on its own initiative or at the request of the gatekeeper). These include obligations:
- not to use non-publicly available data acquired by the gatekeeper in relation to business users using a gatekeeper’s CPS to then compete with those business users.
- to allow and technically enable end-users to easily uninstall any software applications or change default settings in the gatekeeper’s operating system, virtual assistant and web browser.
- to allow and technically enable the installation and effective use of third party software applications or software application stores and allow setting them as default (subject to certain carve-outs relating to safety measures).
- not to treat more favorably in ranking and related indexing and crawling, services and products offered by the gatekeeper itself compared to similar services or products of third parties and to apply transparent, fair and non-discriminatory conditions to such ranking (self-preferencing).
- not to technically or otherwise restrict end-users from switching between and subscribing to software applications and services accessed under a gatekeeper’s CPS.
- to allow hardware and service providers and business users, free of charge with effective interoperability and access to the same hardware or software features that are accessed or controlled via the operating system or virtual assistant of the gatekeeper.
- to provide advertisers and publishers and their authorized third parties, on request and free of charge, with access to the gatekeeper’s performance measuring tools and the data necessary for advertisers and publishers to carry out their own independent verification of the advertising inventory
- to provide end-users or their authorized third parties, on request and free of charge, with effective portability of data (including tools to facilitate the effective exercise of such data portability) provided by the end-user or generated through its activity.
- subject to personal data restrictions, to provide business users, or their authorized third parties, on request and free of charge, with effective, high quality, continuous and real-time access and use of aggregated and non-aggregated data (including personal data) , that is provided for, or generated in the context of, the use of the relevant CPS (or services provided together with or in support of the relevant CPS) by those business users and the end-users engaging with the products or services provided by those business users.
- to provide to any third-party providers of online search engines, on request, with access on fair, reasonable and non-discriminatory (FRAND) terms to ranking, query, click and view data in relation to free and paid searches generated by end- users on the gatekeeper’s online search engines, subject to the anonymization of personal data.
- to apply FRAND general conditions of access for business users to the gatekeeper’s software application stores, online search engines and online social networking services (the gatekeeper must publish general conditions of access, including an alternative dispute settlement mechanism).
- not to impose disproportionate general conditions for terminating the provisions of CPS and ensuring that these conditions are exercised without undue difficulty.
In addition, gatekeepers will be subject to the following obligations:
- gatekeepers providing messenger services will have to make basic functionalities such as text messages, video calls, interoperable with the services of other providers.
- gatekeepers will be obliged to inform the EC of all transactions before closing: (i) where the parties provide CPS or any other services in the digital sector; or (ii) which enable the collection of data.
- gatekeepers will have to report to the EC on the measures that they have implemented to ensure compliance with the obligations.
- gatekeepers must also set up a compliance function, which should be independent from the companies’ operational functions.