Digital Markets Act: EU Institutions Agree on New Rules to Curb the Power Of “Big Tech” Platforms
Client Alert | 14 min read | 05.17.22
On March 24, 2022, the European Union (EU) co-legislators (the European Parliament and the Council) reached political agreement on the final provisions of the Digital Markets Act (DMA). The DMA aims at ensuring fair and contestable markets in the digital sector by imposing specific regulatory obligations on so-called “gatekeepers,” i.e., major digital platforms with a powerful and entrenched position which act as important gateways for businesses to reach end users. The European Commission (EC) will act as the central enforcer of the DMA. It will have extensive investigative powers and be able to impose hefty fines as well as behavioral and structural remedies (including the breaking up of companies). As an instrument of ex ante regulation, the DMA is designed to complement (not replace) the ex post enforcement of competition law, which is often viewed as too slow to effectively rein in the market power of “Big Tech” players.
The EC first tabled its proposal for a DMA on December, 15, 2020 (see our Client Alert of January 5, 2021). The negotiations between the co-legislators were therefore completed within 15 months, which is remarkably fast for such an important, complex and innovative piece of legislation. This shows that there is a broad political consensus within the EU that more needs to be done to prevent digital markets from “tipping” in favor of a handful of powerful and entrenched platforms.
What’s new?Main changes compared to the EC’s initial proposal:
|
Who Will Be Regulated?
The DMA will apply to providers of “core platform services” (CPS) that have been designated as “gatekeepers” by the EC.
The (exhaustive) list of CPS is as follows:
- online intermediation services (such as market places, hotel booking platforms, etc.);
- online search engines;
- online social networking services;
- video-sharing platform services (with user-generated videos or content provided by a media service provider, or both);
- number-independent interpersonal communication services, operating systems (such as messaging apps);
- operating systems;
- web browsers;
- virtual assistants;
- cloud computing services; and
- online advertising services (including ad networks, ad exchanges and any other advertising intermediation services).
There are three overarching qualitative criteria to qualify a provider of CPS as a gatekeeper, namely:
- The undertaking has a significant impact on the internal market;
- It provides a CPS which is an important gateway for business users to reach end users; and
- It enjoys an entrenched and durable position in its operations or it is foreseeable that it will enjoy such a position in the near future (i.e., “emerging” gatekeepers).
A company is presumed to satisfy these requirements if the following quantitative thresholds are met:
- Significant impact on the internal market: Presumed to be the case if the undertaking achieved an annual turnover of at least €7.5 billion within the EU in each of the last three financial years or a market capitalization of at least €75 billion in the last financial year and it provides the same CPS in at least three Member States.
- Control of an important gateway for business users towards final consumers: Presumed to be the case if the company has at least 45 million monthly active end users established in the EU and at least 10,000 yearly active business users established in the EU in the last financial year; and
- Entrenched and durable position: Presumed to be the case if the thresholds in point (2) were met in each of the last three financial years.
CPS providers meeting these thresholds must notify the EC within two months of the thresholds being reached. The EC has 45 working days from the date of submission of a complete notification to decide whether or not to designate the undertaking as a “gatekeeper.” As meeting the quantitative thresholds only creates a rebuttable presumption, the undertaking can present, as part of its notification, sufficiently substantiated arguments to demonstrate that it does not satisfy the qualitative criteria even though it meets the quantitative thresholds.
Conversely, the EC can also designate an undertaking as a gatekeeper even if it does not satisfy all the quantitative thresholds, on the basis that it satisfies the qualitative criteria. In making that determination, the EC will consider factors such as number of business users of the platform, network effects and data-driven advantages, scale and scope effects, business user or end user lock-in, a conglomerate corporate structure, etc. The EC can conduct market investigations on its own initiative in this context.
The EC must identify within the designation decision which CPS serve as an important gateway for business users to reach end users. With respect to each of these CPS, the undertaking concerned must comply with the obligations laid down in the DMA within six months from its designation as a gatekeeper.
With respect to “emerging” gatekeepers, i.e., those which do not yet enjoy an entrenched and durable position but will foreseeably do so in the near future, the EC may declare only some of the obligations applicable to that gatekeeper in the designation decision.
We expect no more than 10-15 companies to be designated as “gatekeepers.” They are likely to be predominantly, if not exclusively, US-based companies.
What obligations for gatekeepers?
Gatekeepers will have to comply, for each of the CPS identified in the EC’s designation decision, with specific obligations, including both affirmative obligations (“do’s”) and prohibitions (“don’ts”), as summarized in the overview below.
Do’s |
Don’ts |
|
|
Upon request of a designated gatekeeper, the EC can suspend, in whole or in part, one or more of the abovementioned obligations if the gatekeeper can show that, due to exceptional circumstances beyond its control, the specific obligation affects the economic viability of its operation in the EU, and only to the extent and duration necessary to address such threat to its viability.
The EC may also, on its own initiative or at the request of the gatekeeper, exempt the gatekeeper, in whole or in part, from one or more of the abovementioned obligations for overriding reasons of public interest. Such decision must be sufficiently substantiated. The EC must review the exemption decision when the ground for exemption no longer exists or at least on a yearly basis.
Furthermore, the DMA empowers the EC, within certain limits, to adopt delegated acts to supplement the abovementioned obligations where a market investigation has identified a need to update the obligations in order to address practices that limit the contestability of CPS or are otherwise unfair.
Obligation to notify mergers and acquisitions
Designated gatekeepers must inform the EC of any intended ‘concentration’ (merger, acquisition, or creation of a full-function joint venture) where the parties or the target provide CPS or other services in the digital sector or that involve the collection of data, irrespective of whether it is notifiable to the EC or national competition authorities based on relevant merger control thresholds.
The EC will share this information with the national competition authorities of the Member States who may, on that basis, request the EC to review the concentration on the basis of Article 22 of the EU Merger Regulation.
Audit of consumer profiling techniques
Within six months from its designation, a gatekeeper must submit to the EC an independently audited description of the consumer profiling techniques that the gatekeeper applies to or across the CPS for which it was designated as a gatekeeper. An overview of the audited description shall be made publicly available, taking into account the need to respect business secrets, and shall be updated at least annually.
Compliance function
Designated gatekeepers must establish a compliance function composed of at least one compliance officer. The compliance officer must be independent from the companies’ operational functions and must have enough authority resources, and access to the management body of the gatekeeper, so as to be able to monitor compliance. The internal governance rules must ensure the independence and absence of conflict of interests of the compliance officers.
Enforcement
The EC will be the central enforcer of the DMA. To that end, the EC has extensive investigative powers (similar to its powers in antitrust investigations) and, as already noted, can also conduct own-initiative market investigations.
In case of non-compliance, the EC can impose fines of up to 10% of the total worldwide turnover of the gatekeeper in the preceding financial year. In case of repeat infringements (i.e., if the gatekeeper has committed the same or a similar infringement in relation to the same CPS as it was found to have committed in a decision adopted in the preceding eight years), the EC may even impose a fine of up to 20% of total worldwide turnover.
The EC can open market investigation and impose remedies that are either behavioral (i.e., requiring thecompany to refrain from acting in a specified way) or structural (i.e., requiring a permanent change to the structure of the company) if a gatekeeper has systematically failed to comply with the DMA’s obligations (namely, by violating the rules at least three times in a period of eight years). Thus, the EC even has the power to break up a company and to prohibit it from entering into mergers for a limited time-period.
EC Vice-President and competition Commissioner Margrethe Vestager has recently declared that the EC has already begun the process of setting up an enforcement structure and will look to hire new staff and pool resources from the Directorates-General Competition and Connect. The DMA task force is likely to include not only lawyers and economists, but also “technical” profiles such as computer scientists, data scientists, etc. The impact assessment accompanying the EC’s initial proposal foresaw a staff of 80 to oversee the DMA. However, European Parliament rapporteur Andreas Schwab has called on the Member States to provide funding for at least 220 positions.
Relationship with competition law
Whilst the DMA applies on an ex ante basis to all undertakings designated as gatekeepers, competition law is based on an individualized ex post assessment of the market conduct of one or more specific undertakings.
The DMA provides that it is without prejudice to the application of EU or national competition rules, including merger control rules. The DMA purports to pursue complementary objectives to competition rules and to protect a different legal interest from those rules.
In this context, it is noteworthy that, just days before the EU institutions reached political agreement on the DMA, the Court of Justice of the EU ruled on the application of the ne bis in idem (double jeopardy) principle to a parallel application of ex ante regulation and competition law (judgment of 22 March 2022 in case C-117/20, bpost). In this judgment, the Court held that provided certain conditions are met an undertaking can be fined for an infringement of competition law where, on the same facts, it has already been fined for a breach of sectoral regulation. In particular, a double investigation and fine is possible provided that there are clear and precise rules making it possible to predict which acts or omissions are liable to be subject to such duplication; that the two sets of proceedings are conducted in a sufficiently coordinated manner and within a proximate timeframe; and that the overall penalties imposed correspond to the seriousness of the offenses committed. This case law can be expected to also be relevant for the parallel application of the DMA and EU and/or national competition rules.
National authorities (including courts) must abstain from taking decisions which run counter to decisions adopted by the EC under the DMA. However, the DMA provides for close cooperation and information exchange between the EC and national competition authorities.
Since the DMA is directly applicable in the Member States, national courts will also be competent to rule on claims of alleged non-compliance with the DMA.
Next steps
The DMA will likely enter into force in October 2022, after a vote in the European Parliament in July or September 2022. The DMA will then apply after a six-month period from its entry into force, i.e., likely not before April 2023. Allowing for the time needed to carry out a designation procedure and the six months that a gatekeeper will be given in order to comply with the obligations of the DMA following its designation as such, we expect that those obligations will not start to really “kick in” until 2024.
Contacts
Insights
Client Alert | 2 min read | 11.14.24
SEC ESG Enforcement Is Still Alive
On November 8, 2024 the SEC announced a settled enforcement action against Invesco Advisers, Inc. for making misleading statements about its integration of environmental, social, and governance (ESG) factors into the firm’s investment decisions. Invesco agreed to pay a $17.5 million civil penalty to settle the matter. This enforcement action makes it clear that, even though the SEC dissolved its ESG Task Force, the Commission continues to monitor firms’ statements and representations for misleading statements about ESG.
Client Alert | 8 min read | 11.12.24
Client Alert | 3 min read | 11.11.24
Allegations of a Litany of Lyin’: Penn State Settles Claims of Cybersecurity Noncompliance
Client Alert | 1 min read | 11.08.24
A Common-Sense Change to the Continuous SAM Registration Requirement at FAR 52.204 7