On October 12, 2022, the Digital Markets Act (DMA) was published in the Official Journal of the European Union. This is the last step in the almost two-year long journey since the publication of the Commission’s initial proposal in December 2020.[1]
The text is the same that was approved by the European Parliament and EU Member States in July 2022 (see our previous post here), following the political agreement reached on March 25, 2022 (see also our previous post here).[2]
The DMA will enter into force on November 1, 2022, 20 days after its publication. This date marks the automatic and uniform application of the text in all EU Member States. Despite the early entry into force, most of the DMA will only become applicable 6 months from entry into force, i.e., on May 2, 2023. As of then, prospective gatekeepers will have a two-month timeframe to notify their expected Core Platform Services (CPSs) to the Commission, which in turn will have 45 working days to issue a designation decision.[3] Once designated, gatekeepers will have six months to comply with the DMA’s behavioral obligations, and will be required to demonstrate compliance by Q1 2024 (see a timeline and a summary of DMA’s behavioral obligations, below).[4]
In the coming months, the Commission will adopt guidance and implementing provisions laying down rules concerning operational and procedural aspects of the CPS notification (see the Commission’s open consultation website). These rules may also provide more clarity on assessing the DMA’s quantitative thresholds. The draft implementing act is expected to be published in November, and the final text is scheduled for adoption during Q1 2023.
Shortly before publication, Executive Vice-President Vestager had said that “[e]xpectations are high that Europe delivers the needed changes in how digital platforms operate”. She added that “10 years ago, our data protection laws set the standard internationally. Now, our digital regulations will become a ‘gold standard’ across the world”.[5]
As we enter the enforcement phase, however, the Commission’s guidance becomes more and more pressing for companies expected to be covered by the legislation. Importantly, significant practical aspects relating to DMA enforcement remain unclear to this date. These include, as recently suggested by a top Commission official, how enforcement of the DMA will interact with enforcement of national competition laws with similar objectives.[6]
* * *
| Article | Summary |
| 5(2) | User consent for combining personal data. Requires gatekeepers to obtain user consent for (i) processing personal data obtained from third parties using a CPS for advertising purposes, (ii) combining personal data between a CPS and another first-party or third-party service, (iii) cross-using personal data between a CPS and a first-party service provided separately by the gatekeeper, and (iv) signing in users to other first-party services in order to combine their personal data, subject to certain GDPR-based carve-outs, for instance, to protect users or to comply with other laws. |
| 5(3) | No MFNs. Requires online intermediation services (like app stores or marketplaces) to allow their businesses to offer the same products to end users at different prices or conditions both on other platforms and their own websites. |
| 5(4) & (5) | No anti-steering provisions. Gatekeepers cannot restrict app developers from promoting offers to users and contracting with users outside the gatekeeper’s app store. Gatekeepers must allow users to access content, subscriptions, features and other items acquired without using the gatekeeper’s app store. |
| 5(6) | Cannot stop businesses from raising issues with public authorities. Prohibits gatekeepers from restricting business users’ ability to raise issues of non-compliance with any relevant public authority. Businesses and gatekeepers maintain the right to lay down in their agreements the terms of use of lawful complaint-handling mechanisms. |
| 5(7) | Use of identification services, payment services, and web browser engines. Prohibits gatekeepers from requiring businesses or end users to use a gatekeeper’s identification service, payment service, or web browser engine in the context of services provided by businesses using the gatekeeper’s CPS. |
| 5(8) | Bundling subscriptions or registrations. Prohibits gatekeepers from conditioning business or end users’ access to one CPS on the users subscribing or registering with another CPS. |
| 5(9) & 5(10) | Disclosure of ads prices/rev shares. Requires gatekeepers to disclose pricing information, revenue share information, and the measures on which prices and remuneration are calculated to advertisers and publishers upon their request free of charge and on a daily basis, if this information is also available to the gatekeeper. |
| 6(2) | Use of business data to compete. Prohibits gatekeepers from using non-publicly available data generated or provided by the business users on its CPS and the customers of those business users, to compete with the business users. |
| 6(3) | App uninstallation, easily switchable defaults, and choice screens. Requires gatekeepers to allow end users to uninstall apps from the operating system (“OS”) of the gatekeeper. The provision includes a safeguard for apps that (i) are considered essential to the functioning of the OS or the device, and (ii) are not offered by third parties on a standalone basis. Gatekeepers will also be required to enable users to easily switch defaults on their designated OSs, browsers, or virtual assistants. They will also, in certain circumstances, have to show choice screens to prompt users to select their default search engine, browser, or virtual assistant on the gatekeeper’s designated OS and select their default search engine on the gatekeeper’s designated browser or virtual assistant. |
| 6(4) | “Sideloading” and app stores. Requires gatekeepers to allow third-party apps and app stores to be installed on their OSs. These third-party apps and app stores must be accessible via means other than the CPS of the gatekeeper (i.e., users must be able to “sideload” them or download them through another app store). The obligation also precludes gatekeepers from preventing third-party apps from prompting users to set that app as their default. |
| 6(5) | Non-discriminatory ranking. Prohibits gatekeepers from treating their first-party services and products more favorably in ranking compared to similar third-party services. |
| 6(6) | No restrictions on multi-homing or switching on an OS. Prohibits gatekeepers from imposing any restrictions on end users’ ability to switch or multi-home across apps and services accessed through the gatekeeper’s CPSs. |
| 6(7) | Enable interoperability for OSs and virtual assistants. Requires CPS OSs and virtual assistants to give third-party service providers and hardware providers, free of charge, interoperability with and access to the same hardware and software features as first-party services. Gatekeepers may take strictly necessary and proportionate measures to ensure that interoperability does not compromise the integrity of the OS, virtual assistant, hardware, or software. |
| 6(8) | Ads performance measurement tools. Requires a gatekeeper to provide advertisers and publishers with free access to relevant information and performance measuring tools so they can independently verify the performance of their advertisements. |
| 6(9) | Data portability. Requires gatekeepers to provide end users, free of charge, with the ability to port over their data to other platforms, as well as tools to facilitate data portability. This goes beyond the GDPR data portability requirements as it is not limited to personal data. |
| 6(10) | Data access. Requires gatekeepers to provide businesses, upon their request, with “continuous and real time access” to data on their use of their CPS and the users interacting with their products. |
| 6(11) | Search data sharing. Requires online search engines to share anonymized ranking, query, click, and view data with rival search engines. |
| 6(12) | Fair, reasonable, and non-discriminatory access to app stores, search engines, and social networking services. Requires gatekeepers to apply fair, reasonable, and non-discriminatory general terms and conditions of access to their CPS app stores, search engines, and social networking sites. The accompanying recital makes clear that this article does not provide a general right of access to these services. |
| 6(13) | Termination of use. Prohibits gatekeepers from imposing contractual or technical restrictions to termination (e.g., unsubscribing, or terminating a service contract more generally) on its business users and end users. |
| 7 |
Enable interoperability for messaging services. Requires gatekeepers to make the basic functionalities of their “number-independent interpersonal communications services” interoperable with rival services upon request and free of charge.
This rule is designed to expand over time. Following designation, the requirement will be limited to text messages and sharing of images, voice messages, and videos between two users., but within 2 years of designation, the obligation will expand to messaging and sharing in groups, and within 4 years of designation to voice and video calls between two users as well as groups. |
| 14 | Merger alerts. Gatekeepers will have to inform the Commission of all intended mergers and acquisitions involving “another provider of core platform services or of any other services provided in the digital sector” regardless of whether these transactions meet EU merger control thresholds. This rule is designed to facilitate the possibility of referrals under Article 22 of the EU Merger Regulation, which enables the Commission to take jurisdiction over transactions referred by national competition authorities. |
[1] Commission, Press Release: Europe fit for the Digital Age: Commission proposes new rules for digital platforms (December 15, 2020). The original Commission proposal is available here.
[2] The numbering of the articles used in the initial proposal of the Commission was changed after the political agreement on the final text.
[3] In cases where potential gatekeepers present “sufficiently substantiated arguments” against their designation, the Commission will need to open a market investigation to assess whether the evidence put forward shows that a given CPS does not meet the DMA’s qualitative criteria. The timeline below does not account for designation through this procedure. Under Article 263 TFEU, gatekeepers will be able to challenge designation decisions before the European Courts.
[4] The obligation to inform the Commission of any acquisitions in the digital sector will kick in as soon as gatekeepers are designated, i.e., 6 months before the behavioral obligations.
[5] Commission, Keynote speech by EVP Vestager at the IBEC conference, September 30, 2022.
[6] “In many cases, we will not know if [conduct] will be exclusively under the DMA, national law or specific national law”, from Mlex, EU’s Digital Markets Act ushers in new era of ‘cooperative’ enforcement, Guersent says (October 10, 2022).