Gating the Keepers: The Digital Markets Act
Background: in December 2020, the European Commission (the “Commission”) published a proposal for the Digital Markets Act (the “DMA”) which would, if enacted, introduce new rules for platforms that act as “gatekeepers” for “core platform services”. The DMA would expand the Commission’s enforcement powers in the digital sector, allowing it to exert a considerably greater degree of control over the commercial policy of designated gatekeepers. European Commissioner for Competition Margrethe Vestager stated that the purpose of DMA “is exactly to make sure we don’t have the tipping of a market.” It is expected to come into force in late 2022/early 2023, but the precise enacting provisions are not yet known.
Gatekeepers: defined in the DMA as companies with substantial market power active in certain digital sectors (e.g., online marketplaces, search engines, social networks, video-sharing platform services, communication services, and others who have substantial market presence in the EU).
Obligations: gatekeepers would be subject to a number of obligations relating to their dealings with both “business users” (e.g., the companies that make use of the gatekeeper’s platforms) and “end users” (the direct customers of either the gatekeeper and/or its business users). These obligations fall into two main categories:
- Obligations for self-execution: Article 5 of the DMA sets out obligations for gatekeepers to implement themselves and which relate to their core business practices (e.g., how they contract with business users and end users). They include a ban on gatekeepers combining personal data from their core platform services with data from other sources (including other services offered by the gatekeeper), and a restriction on gatekeepers imposing most-favored-nation clauses.
- Obligations on gatekeepers “susceptible of being further specified”: these requirements relate chiefly to a gatekeeper’s management of its infrastructure, particularly with respect to data availability and interoperability. Article 6 provides, for example, that a gatekeeper must enable broad system interoperability for its business users. As another example, a gatekeeper must also provide business users, free of charge, with effective, high-quality, continuous and real-time access and use of aggregated or non-aggregated data, that is provided for or generated from the use of the relevant core platform of the gatekeeper. Moreover, the Commission may directly specify commercial measures that it deems necessary for a particular gatekeeper.
The Commission’s Powers: The DMA grants the Commission wide powers of investigation to determine both designation of gatekeeper status and whether a designated gatekeeper is complying with its obligations. In addition, the DMA also grants the Commission:
- Fining powers of up to 10% of a company’s global annual turnover and periodic penalty payments of up to 5% of the company’s global annual turnover;
- The ability to impose structural remedies (e.g., business/asset divestments) where a gatekeeper has systematically not complied with its obligations; and
- The right to be informed of a gatekeeper’s proposed transactions in the digital space (separate and in addition to merger control rules).
The DMA Applies to “Gatekeepers” – Who Is a Gatekeeper?
Under the proposed DMA, to be designated a gatekeeper, a company must (a) provide “core platform services”; AND (b) meet certain thresholds regarding market power.
Taking each in turn:
Only Providers of Core Platform Services Can Be Gatekeepers
The DMA defines core platform services as:
- online intermediation services;
- online search engines;
- online social networking services;
- video-sharing platform services;
- number-independent interpersonal communication services;
- operating systems;
- cloud computing services; or
- advertising services, including any advertising networks, advertising exchanges and any other advertising intermediation services, provided by a provider of any of the core platform services listed above.
Only Entities That Meet Certain Thresholds Can Be Gatekeepers
Under the proposed DMA, a provider of core platform services shall be presumed as gatekeeper if it meets all of the below criteria:
- It has a significant impact on the internal market. This will be presumed where the undertaking to which it belongs achieved annual EEA revenues equal to or above EUR 6.5 billion in each of the last three financial years, or where the average market capitalization or the equivalent fair market value of the undertaking to which it belongs amounted to at least EUR 6.5 billion in the last financial year, and it provides a core platform service in at least three member states.
- It operates a core platform service thatserves as an important gateway for business users to reach end users. This will be presumed where it provides a core platform service that has more than 45 million monthly active end users established or located in the EU and more than 10 000 yearly active business users established in the EU in the last financial year.
- It enjoys an entrenched and durable position in its operations or it is foreseeable that it will enjoy such a position in the near future. This criterion may be met where a platform’s contestability is limited. This is likely to be the case where a platform operates in at least three Member States to a very high number of business users and end users during at least three years (as per 2. above).
Once a provider of core platform services meets the above thresholds, it must notify the Commission within three months. The Commission then has 60 days to designate the provider as a gatekeeper. However, it is open to a company to rebut the presumption of being a gatekeeper.
In addition to self-reporting, the Commission may also launch a “market investigation” (see more below) to identify a gatekeeper. Once qualified as a gatekeeper, companies are subject to various obligations. The DMA also foresees a regular review (at least every two years) of a provider’s status as gatekeeper, assessing whether such provider continues to meet the above requirements. Additional reviews may also occur upon a gatekeeper’s request or the Commission’s own initiative.
The Proposed DMA Would Impose Stringent and Broad Obligations on Gatekeepers
If enacted, Articles 5-13 of the DMA would impose on gatekeepers a set of wide-ranging obligations, which are summarised below:
- Gatekeepers’ use of data would be further restricted. Gatekeepers would be required to:
- Refrain from combining personal data sourced from core platform services with personal data from any other services offered by the gatekeeper or with personal data from third-party services; and
- Refrain from using, in competition with business users, any data not publicly available, that is generated through activities by business users.
- Gatekeepers would be subject to additional data disclosure requirements. Gatekeepers would be required to provide:
- To advertisers and publishers, access to the performance measuring tools of the gatekeeper and the information necessary for them to carry out their own independent verification of the ad inventory;
- To business users, free of charge, effective, high-quality, continuous and real-time access to and use of aggregated or non-aggregated data, that is provided for or generated by use of the gatekeeper’s platform;
- To end users, access to data generated through their direct or indirect use of the gatekeeper’s platform; and
- To third party providers of online search engines, upon their request, access on fair, reasonable and non-discriminatory terms to ranking, query, click and view data in relation to free and paid search results generated by end users on online search engines of the gatekeeper (subject to anonymization for the query).
- Gatekeepers would be subject to new requirements regarding interoperability for their systems. Gatekeepers would be required to:
- Allow business users and providers of ancillary services access to and interoperability with the same operating system, hardware, or software features that are available or used in the provision by the gatekeeper of any ancillary services;
- Allow end users to uninstall any pre-installed software applications on its core platform service (except in certain circumstances);
- Allow the installation and effective use of third-party software applications or software application stores using, or interoperating with, operating systems of that gatekeeper and allow these software applications or software application stores to be accessed by means other than the core platform services of that gatekeeper; and
- Refrain from technically restricting the ability of end users to switch between and subscribe to different software applications.
- Further restrictions would be placed on gatekeepers’ ability to control the commercial and regulatory actions of its business and end users. Gatekeepers would be required to:
- Allow business users to offer products and services on different/better terms through rival platforms;
- Allow business users to promote offers to end users acquired via the core platform service, and to conclude contracts with these end users regardless of whether for that purpose they use the core platform services of the gatekeeper or not;
- Refrain from preventing or restricting business users from raising issues with any relevant public authority relating to any practice of gatekeepers;
- Refrain from requiring business users to use, offer or interoperate with an identification service of the gatekeeper in the context of services offered by the business users using the core platform services of that gatekeeper; and
- Refrain from requiring business users or end users to subscribe to or register with any other core platform services.
- Gatekeepers could not unfairly favour themselves in their ranking systems. Gatekeepers would have to refrain from treating themselves more favorably in ranking services and products offered by the gatekeeper itself or by any third party belonging to the same undertaking compared to similar services or products of a third party and apply fair and non-discriminatory conditions to such ranking.
- Gatekeepers would face notification obligations for transactions and customer profiling. Gatekeepers would be required to:
- Notify any intended concentration involving another provider of core platform services or of any other services provided in the digital sector irrespective of whether it is notifiable under the EU Merger Regulation or the merger rules of any member state.
- Submit any techniques for profiling of consumers that the gatekeeper applies to or across its core platform services to an independent audit.
As noted above, some of these obligations fall under Article 6 of the DMA, which allows the Commission to specify directly what measures are needed for compliance. However, it is unclear to what extent enforcement of Article 5 and Article 6 obligations would differ in practice.
The DMA Would Grant the Commission Wide Investigation and Enforcement Powers
The Commission would be granted wide powers to investigate and enforce compliance with the obligations set out in Article 5 and Article 6, consistent with its existing antitrust enforcement powers. Once the Commission has opened an investigation under the DMA, it would have the power to issue requests for information, carry out interviews and conduct on-site investigations. To ensure compliance, the Commission could impose:
- Fines up to 10% of turnover for negligent or intentional non-compliance;
- Fines up to 1% of turnover for failure to provide information or provision of false or misleading information;
- Periodic penalty payments not exceeding 5% of the average daily turnover for certain breaches of the obligations;
- Structural and behavioural orders (e.g., divestments and interoperability requirements);
- Market investigations to examine whether:
- A provider of core platform services should be presumed a gatekeeper pursuant to, or in order to, identify core platform services; and
- A gatekeeper has systematically infringed its obligations, in which case the Commission can impose on such gatekeeper any behavioural or structural remedies it deems proportionate.
- If three or more national regulators suspect that a provider of core platform services should be designated as a gatekeeper, they can request Commission launch a market investigation to determine this. While the Commission is not obliged to launch an investigation on foot of such a request, it must within four months examine whether there are indeed reasonable grounds to do so. National regulators must submit evidence in support of their request.
Implications and Next Steps
If the DMA does come into force as currently drafted, it will radically expand the Commission’s ability to marshal the digital sector. However, the Commission’s publication of the proposal is only the start of the process, and typically under the “ordinary legislative procedure”, it can take one to three years for a Commission proposal to be enacted.
The Commission has invited comments on the proposed DMA by February 10, 2021. Many companies are likely to provide comments, and given the scope of the legislation, the responses may impact the content of the proposed DMA. The European Parliament and European Council may also introduce substantial changes to the proposed DMA.