3 – Digital Markets Act: Fairer digital markets
The European Union's regulation on contestable and fair markets in the digital sector, the Digital Markets Act ("DMA"), has entered into force in the EU. Today, there are a small number of very large online platforms globally that greatly influence the framework for innovation, consumer choice and competition in the digital markets. Certain large platforms therefore act as so-called gatekeepers. By establishing duties and prohibitions for such gatekeepers, the new rules seek to ensure fair competition in digital brands and to give users greater freedom of choice. The DMA also enables the European Commission to carry out market investigations and sanction non-compliance in ways heavily influenced by EU competition law enforcement.
In this article, we will outline the key provisions in the DMA and identify the services and businesses which are likely to be affected by this new legislation. If you believe your business could be affected by the DMA, either because you are likely to be designated as a gatekeeper or because you use the services of digital gatekeepers, please get in touch.
Which businesses are potentially affected by the DMA?
The DMA applies to core platform services provided by gatekeepers to businesses or end users within the EU/EEA, irrespective of the place of establishment or residence of the gatekeeper.
Core platform services include a significant number of services such as online intermediation services, online search engines, online social networking and video-sharing platforms, web browsers, virtual assistants, cloud computing services and online advertising services.
While this definition of core platform services is quite wide, the application of the DMA is limited by the definition of "gatekeepers", as an undertaking shall only be designated as a gatekeeper by the European Commission if
- it has a significant impact on the internal market;
- it provides a service which is an important gateway for business users to reach end users; and
- it enjoys an entrenched and durable position in its operations, or it is foreseeable that it will enjoy such a position in the near future.
This means that not all large technology companies will be within the scope of the DMA, even those that might be dominant under EU competition law (or national law equivalents) in their respective market(s).
To decide whether each of foregoing criteria are met, the DMA includes certain thresholds, satisfaction of which will create rebuttable presumptions as follows.
- A provider will be presumed to have a significant impact on the internal market if it is operating in at least three EU/EEA states and either had a market value of €75 billion in the last year or turnover in the EEA area of at least €7.5 billion in each of the last three years;
- A provider will be presumed to provide a service that is an important gateway for business users and to have an entrenched position, if it had at least 45 million end users monthly and 10 thousand business customers annually in the EEA area for each of the last three years.
As of today, it is not expected that any Norwegian companies will be designated as gatekeepers. And while it remains to be seen which companies will be designated as gatekeepers, the European Commission anticipates that only around 10 to 15 companies will fall within the scope of the DMA at the outset.
Designation as a gatekeeper
Where an undertaking meets the thresholds in the DMA, it is under an obligation to notify the European Commission within two months after the relevant thresholds are met. And even where an undertaking fails to notify the Commission, the Commission is still be entitled to designate that undertaking as a gatekeeper.
This means that designation as a gatekeeper is not automatic. Companies meeting the thresholds may rebut the presumption of designation if it can provide good arguments to the Commission, and the Commission may open an investigation into whether the designation should in fact be made.
It is important to note that an undertaking providing core platform services shall not fragment those services through contractual, commercial, technical or any other means in order to circumvent the quantitative thresholds laid down in the DMA.
Once an undertaking has been designated as a gatekeeper, this is not the end of the story. The Commission is under an obligation to regularly, and at least every three years, review whether the designated gatekeepers continue to satisfy the thresholds. Moreover, the Commission shall yearly examine whether there are new undertakings satisfying the thresholds.
Key obligations for gatekeepers
Once an undertaking is designated as a gatekeeper by the European Commission, it is under an obligation to comply with the obligations of the DMA within 6 months. The obligations are essentially split into a number of "do's and don'ts" for gatekeepers.
Gatekeepers shall not
- combine personal data from the relevant core platform service with personal data from the other services provided by the gatekeeper or third parties without user consent;
- prevent business users from offering the same products/services to end users through different platforms at prices or conditions that are different from those offered through gatekeeper's platform (i.e., it shall refrain from imposing most favoured nation clauses in agreements);
- treat more favourably, in ranking and related indexing and crawling, services and products offered by the gatekeeper itself than similar services or products of a third party;
- require business users or end users to use, offer or interoperate with a gatekeeper's identification service, web browser engine or payment service or require users to subscribe to or register with any of the gatekeeper's other core platform services (i.e., the gatekeeper is limited in its ability to tie or bundle products together into a single package);
- restrict technically or otherwise the ability of end users to switch between, and subscribe to, different software applications and services that are accessed using the core platform services of the gatekeeper.
- allow business users to communicate and promote offers to end users acquired via its core platform service, and to conclude contracts with those end users, regardless of whether, for that purpose, they use the core platform services of the gatekeeper;
- allow and technically enable end users to easily un-install any software applications on the operating system of the gatekeeper;
- allow and technically enable end users to easily change default settings on the operating system, virtual assistant and web browser of the gatekeeper that direct or steer end users to products or services provided by the gatekeeper;
- provide advertisers and publishers, upon their request and free of charge, with access to the performance measuring tools of the gatekeeper and the data necessary for advertisers and publishers to carry out their own independent verification of the advertisements inventory, including aggregated and non-aggregated data;
- provide end users and third parties authorised by an end user, at their request and free of charge, with effective portability of data provided/generated by the end user;
- apply fair, reasonable, and non-discriminatory general conditions of access for business users to its software application stores, online search engines and online social networking services;
- inform the European Commission of any intended concentration, where the merging entities or the target of the concentration provide core platform services or any other services in the digital sector or enable the collection of data. This obligation applies regardless of whether the concentration would otherwise need to be notified to the Commission under the EU Merger Regulation or to national authorities under any national merger rules.
In addition, gatekeepers providing interpersonal communications services are under an obligation to make the basic functionalities of these services interoperable with third-party services. Such functionalities include end-to-end text messaging and the sharing of images, voice messages, videos and other attached files in end to end communication.
These obligations are expected to apply to a number of major messaging services such as iMessage, WhatsApp, Telegram and Messenger. What these obligations entail, in essence, is that when a user (sender) wishes to send a message to another user (recipient), the sender should be able to send the message from his/her preferred service regardless of which platform the recipient uses.
Please note the above is not an exhaustive list, and gatekeepers should seek advice from legal counsel when interpreting their obligations under the DMA.
The Commission's powers
The Commission is given extensive powers under the DMA to supervise compliance with the new rules and sanction non-compliance.
Such powers include
- carrying out market investigations (to examine whether an undertaking should be designated as a gatekeeper or whether a gatekeeper has engaged in systematic non-compliance);
- opening proceedings;
- requiring undertakings to provide all necessary information including access to any data, algorithms and information about testing;
- conducting inspections; and
- ordering interim measures against a gatekeeper on the basis of a prima facie finding of an infringement.
Undertakings that fail to comply with their obligations under the Digital Markets Act may also be subject to fines of up to 10 % of their total worldwide turnover in the preceding financial year. For repeat infringements, fines may be increased to up to 20 % of total worldwide turnover.
Where a gatekeeper has been found to have engaged in several infringements of the DMA (three infringements within an eight year period) then the Commission may also impose any "behavioural or structural remedies" that are necessary to ensuring effective compliance.
These powers of investigation and enforcement are, in similarity with the powers of the Commission when enforcing competition law, relatively draconian. Our competition team has extensive experience within the Commission's enforcement practice and is thus well-positioned to assist also with regard to the Commission's enforcement of the DMA.
Rights of non-gatekeepers
The DMA provides that any third party, including users or competing companies, may inform a national authority or the Commission about any practice or behaviour of a gatekeeper that might be covered by the DMA.
However the DMA does not provide for a formal complaints mechanism or for rights for complainants during any subsequent investigation. Third parties might therefore prefer to take action against gatekeepers in national courts. The DMA even provides for the possibility of class actions against gatekeepers, and private enforcement of the DMA may therefore be an important mechanism for holding gatekeepers to account going forward.
Legislative status of the DMA
The DMA entered into force on 1 November 2022. The Commission also intends to adopt an implementing regulation providing more guidance on the requirements of the DMA, to be adopted in early 2023.
For Norway, as an EEA country, the Digital Markets Act will first need to be incorporated into the EEA agreement. After that, legislators in Norway must propose a law to implement the Digital Markets Act into Norwegian law.
Our Technology and Digitalisation and Competition Law teams are ready to assist you and your business regarding any questions relating to the DMA.