The Digital Markets Act: A revolution, and not only for gatekeepers
The Digital Markets Act or DMA (Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector), which entered into force on 1 November 2022, creates many new obligations for businesses operating in the digital sector, particularly so-called “gatekeepers.” The DMA will impact the functioning of the entire digital ecosystem—not only gatekeepers, but also other participants in digital markets, including business users and end users of core platform services, competing providers of core platform services, and providers of other digital services.
This is because the obligations and prohibitions imposed on gatekeepers will either directly or indirectly vest other groups with rights they can pursue before national courts.
The DMA in a broader context
Along with the Digital Services Act or DSA (Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services), which also entered into force in November 2022, the DMA is one of the elements of the EU’s comprehensive digital strategy, “A Europe fit for the digital age.” It is aimed at ensuring fair, competitive digital markets, to the benefit of business users and end users. The DMA will also impact other regulations applicable to the delivery of services on digital markets, particularly involving data protection (the General Data Protection Regulation and the ePrivacy Directive), competition law, consumer protection, and copyright (e.g. DMA recital 12).
Who is covered by obligations and prohibitions under the DMA
The obligations and prohibitions set forth in the DMA are targeted to “gatekeepers,” i.e. providers of “core platform services” who meet the criteria set forth in Art. 3 DMA and are designated by the European Commission under the procedure defined in that article.
Core platform services are defined as including the following:
- Online intermediation services (such as e-commerce platforms and stores with apps, see Art. 2(2) of Regulation (EU) 2019/1150)
- Online search engines
- Online social networking services
- Video-sharing platform services
- Number-independent interpersonal communications services
- Operating systems
- Web browsers
- Virtual assistants
- Cloud computing services
- Online advertising services, including any advertising networks, advertising exchanges and any other advertising intermediation services, provided by an undertaking that provides any of the core platform services listed above.
It is presumed that an undertaking meets the requirements for a gatekeeper if:
- It achieved an annual EU turnover of at least EUR 7.5 billion in each of the last three financial years, or where its average market capitalisation or its equivalent fair market value amounted to at least EUR 75 billion in the last financial year, and it provides the same core platform service in at least three member states
- It provides a core platform service that in the last financial year had at least 45 million monthly active end users from the EU and at least 10,000 yearly active business users established in the EU
- The thresholds in the foregoing point were met in each of the last three financial years.
The new regulation applies to core platform services provided or offered by gatekeepers to business users or end users with their registered office or residence in the EU, regardless of where the gatekeeper is established or located.
The DMA imposes a range of duties and prohibitions on gatekeepers, for the direct or indirect benefit of:
- Business users, defined as “any natural or legal person acting in a commercial or professional capacity using core platform services for the purpose of or in the course of providing goods or services to end users” (Art. 2(21), e.g. advertisers, publishers, app developers, or sellers offering goods or services online
- End users, i.e. “any natural or legal person using core platform services other than as a business user” (Art. 2(20))
- Competing providers of core platform services (see e.g. Art. 7)
- Providers of digital content or digital services (as defined in Art. 2(1)–(2) of the Digital Content Directive (2019/770)).
The DMA vests these entities with certain rights, directly or indirectly, which they can enforce before national courts (Art. 39) under national regulations.
New obligations
The obligations and prohibitions imposed on gatekeepers are listed in Art. 5, 6 and 7 DMA. These largely reflect competition issues involving the practices of large online platforms considered by the European Commission and national competition authorities in recent years (see Table 2: List of obligations with examples and underlying evidence, Commission Staff Working Document, Impact Assessment Report on the Proposal for a Digital Markets Act, SWD/2020/363 final, pp. 53 and following).
Obligations and prohibitions involving data access, use and administration
The obligations and prohibitions involving data access and use include:
- A ban on the gatekeeper’s processing, combining or cross-use of end users’ personal data from numerous sources, including the gatekeeper’s core platform services, without a relevant legal basis—which de facto means exclusively the end user’s consent under the GDPR (Art. 5(2) DMA)
- A ban on the gatekeeper’s use, in competition with business users, of any data not publicly available, generated or provided by business users in the context of their use of the relevant core platform services or linked services (Art. 6(2))
- The duty for the gatekeeper to provide end users, free of charge, with tools to facilitate the effective exercise of data portability, including continuous, real-time access to their data (Art. 6(9))
- The duty for the gatekeeper to provide business users, free of charge, with effective, high-quality, continuous and real-time access to data provided for or generated in the context of the use of the relevant core platform services or linked services by business users and their end users (Art. 6(10))
- The duty for the gatekeeper to provide any third-party undertaking providing online search engines with access on fair, reasonable and non-discriminatory terms to ranking, query, click and view data in relation to search generated by end users on its online search engines—any such query, click and view data that constitutes personal data shall be anonymised (Art. 6(11)).
Obligations to advertisers and publishers involving advertising services
In this respect, the gatekeeper shall:
- Provide each advertiser with information on a daily basis, free of charge, concerning the price and fees paid by the advertiser, the remuneration received by the publisher (with the publisher’s consent), and the metrics on which the prices, fees and remuneration are calculated (Art. 5(9))
- Provide each publisher with information on a daily basis, free of charge, regarding the remuneration received and fees paid by the publisher, the price paid by the advertiser (with the advertiser’s consent), and the metrics on which the prices and remuneration are calculated (Art. 5(10))
- Provide advertisers and publishers, free of charge, access to performance-measuring tools and data necessary to carry out their own independent verification of the advertising inventory (Art. 6(8)).
Interoperability obligations
The DMA defines “interoperability” as “the ability to exchange information and mutually use the information which has been exchanged through interfaces or other solutions, so that all elements of hardware or software work with other hardware and software and with users in all the ways in which they are intended to function” (Art. 2(29)). Interoperability may be vertical (Art. 6(4), (7)) or horizonal (Art. 7).
The interoperability obligations include:
- Where a gatekeeper provides number-independent interpersonal communications services, it shall make the basic functionalities of these services interoperable with such services of another provider offering or intending to offer such services in the EU, by providing the necessary technical interfaces or similar solutions facilitating interoperability, free of charge (Art. 7)
- The gatekeeper shall allow providers of services and hardware, free of charge, effective interoperability with, and access to, the same features available to services or hardware provided by the gatekeeper (Art. 6(7))
- The gatekeeper shall enable installation and effective use of third-party software applications or software application stores using its operating system, and allow those applications or stores to be accessed by means other than the relevant core platform services of the gatekeeper—in other words, direct download of the application, aka “sideloading” (Art. 6(4)).
Obligations and prohibitions concerning tying and distribution
These include:
- A ban on the use of “most favoured nation” clauses, i.e. the gatekeeper shall not prevent business users from offering the same products or services to end users through third-party online intermediation services or their own direct online sales channel at prices or conditions different from those offered through the gatekeeper’s online intermediation services (Art. 5(3))
- The gatekeeper shall allow business users, free of charge, to communicate and promote offers to end users acquired via its core platform service, and to conclude contracts with those end users (Art. 5(4))
- The gatekeeper shall allow end users to access and use, through its core platform services, content, subscriptions, features or other items of a business user (Art. 5(5))
- A ban on tying the core platform service with additional services from the gatekeeper, e.g. identification service, web browser engine, payment service, or technical service supporting payment services, such as payment systems for in-app purchases (Art. 5(7))
- The gatekeeper shall not require users to subscribe to, or register with, any further core platform services as a condition for being able to use any of the gatekeeper’s core platform services (Art. 5(8))
- The gatekeeper shall allow end users to easily uninstall any pre-installed applications and change the default settings (Art. 6(3))
- The gatekeeper shall not restrict the ability of end users to switch between, and subscribe to, different applications and services accessed using the gatekeeper’s core platform services, including the choice of internet access services (Art. 6(6)).
Other obligations and prohibitions
These include:
- The gatekeeper shall not prevent or restrict users from raising any issue of legal non-compliance with any public authority related to any practice of the gatekeeper (Art. 5(6))
- In ranking, indexing and “crawling,” the gatekeeper shall not treat services and products offered by the gatekeeper itself more favourably than similar services or products of a third party, and the gatekeeper shall apply transparent, fair and non-discriminatory conditions to such ranking (Art. 6(5))
- The gatekeeper shall apply fair, reasonable, and non-discriminatory general conditions of access for business users to its software application stores, online search engines and online social networking services (Art. 6(12))
- The gatekeeper shall not have general conditions for terminating the provision of a core platform service that are disproportionate or require undue difficulty (Art. 6(13)).
Consequences of non-compliance
For failure to comply with the obligations imposed by Art. 5–7 DMA, the European Commission may impose a fine on a gatekeeper of up to 10% of its total worldwide turnover in the preceding financial year (Art. 30(1)).
However, if the Commission finds that a gatekeeper has committed the same or a similar infringement of an obligation under Art. 5–7 in relation to the same core platform service as it was found to have committed in a non-compliance decision adopted in the eight preceding years, the Commission may impose on the gatekeeper fines of up to 20% of its total worldwide turnover in the preceding financial year (Art. 30(2)).
Moreover, as mentioned above, business users, end users, and competing providers of certain core platform services can pursue their rights under the DMA before national courts (see Art. 39 and recital 42). If any of these entities suffer an injury as a result of a gatekeeper’s infringement of the obligations or prohibitions under Art. 5–7 DMA, they may seek damages. Such claims will be pursued under the rules of national law, as the DMA does not address how these entities will enforce their rights (unlike in the case of claims for damages for violation of competition laws of the EU or the member states under the Private Enforcement Directive (2014/104/EU), governed by national law, implemented in Poland by the Act on Claims for Redress of Injury from Infringement of Competition Law of 21 April 2017).
In proceedings for application of the DMA, national courts may ask the Commission to transmit to them information in its possession or its opinion on questions concerning application of the regulation, and the Commission may submit written or oral observations to the national courts (Art. 39).
Additionally, under Art. 27, any third party, including business users, competitors or end users of core platform services, as well as their representatives, may inform the national competition authority of the member state, or the Commission directly, about any practice or behaviour by gatekeepers that falls within the scope of the DMA.
When will the new obligations enter into effect?
Although the DMA applies from 2 May 2023, most of the obligations will not enter into effect until early 2024 (particularly March 2024), due to the multistage procedure for designating gatekeepers and the periods set forth in the DMA for each stage.
If an undertaking providing core platform services meets all of the thresholds in Art. 3(2), it shall notify the Commission without delay and in any event within two months after the thresholds are satisfied (by 3 July 2023 at the latest) and provide it with the relevant information (Art. 3(3)).
Then the Commission shall designate as a gatekeeper an undertaking providing core platform services that meets all the thresholds in Art. 3(2), without undue delay and at the latest within 45 working days after receiving the complete information (by 6 September 2023 at the latest) (Art. 3(4)).
Gatekeepers have up to six months after issuance of the decision listing their core platform services to achieve compliance with their obligations under Art. 5–7 DMA, i.e. by March 2024 at the latest (Art. 3(10)).
As an EU regulation, the Digital Markets Act will apply directly, and it will not be necessary to adopt any national implementing acts.
The article was first published on newtech.law
Iga Małobęcka-Szwast, attorney-at-law, New Technologies practice, Wardyński & Partners