After more than a year of negotiations, three trilogues and significant debate, the European Commission (the Commission), European Parliament (Parliament) and European Council (Council) have, on 25 March 2022, reached political agreement on the EU Digital Markets Act (DMA) – the Commission’s new instrument for regulating so-called “gatekeeper” platforms.
While a provisional political agreement has been reached, there will be further work to finalise the text of the DMA over the course of the coming months, including to harmonise its requirements with the ongoing trilogue negotiations on the Digital Services Act (DSA).
It is expected that publication in the EU Official Journal and entry into force will occur in October this year, with the regulation taking effect 6 months later (i.e. in April 2023). Vice President Vestager has indicated that she expects designated gatekeepers will be required to comply with the DMA’s obligations by February 2024.
Since our last blog on the Commission’s original expansive proposal back in December 2020 (see here), and the Parliament’s subsequent focus on further expanding the DMA’s scope and enforcement powers, the agreed position now includes the following key updates and compromises:
- Scope – following the Parliament’s continued push, voice assistants and web browsers will become “core platform services”, and the turnover and market capitalisation thresholds have increased from €6.5bn/€65bn to €7.5bn/€75bn respectively (but falling short of the €100bn market capitalisation threshold originally proposed by Rapporteur Andreas Schwab and the €80bn in the Parliament’s mandate). No changes were agreed to the thresholds relating to numbers of monthly end users and yearly business users.
- Obligations – designated gatekeepers will be required to make their messaging services interoperable with requesting providers, with the legislators agreeing that the Parliament’s other proposals on interoperability obligations will need to be assessed in the future. A requirement enabling end users to choose their browser, virtual assistants or search engines has also been added.
- Enforcement – the Commission will be able to impose fines of up to 10% of worldwide turnover, and 20% (as per the Parliament’s amendments) for repeated infringements. In cases of systematic non-compliance (i.e. violating the rules at least three times in eight years), the Commission can open a market investigation and impose behavioural or structural remedies, including a ban on acquisitions relevant to the infringement for a certain period. Enforcement has also been centralised with the Commission, with the Parliament conceding on the veto it had envisioned for the Commission in relation to national enforcement actions that would run counter to the DMA.
While some of the DMA’s contours may now have become clearer, in addition to the further thinking and engagement required for implementing the obligations in Article 5 and 6 – particularly to minimise disruption and friction for users – businesses will also want to consider at least the following other forward-looking implications of the DMA.
1. Mergers and deal certainty
The DMA will require designated gatekeepers to inform the Commission of deals prior to their implementation with “systematic non-compliance” having the potential to restrict future acquisitions.
The new rules will put the Commission on notice of designated gatekeepers’ M&A activity, even where the EU’s jurisdictional thresholds are not met. This comes in addition to the recent expansion of the Commission’s Article 22 merger referral policy, and the lower deal value thresholds introduced in Austria and Germany, with the DMA now specifically referring to this requirement as another way to facilitate merger referrals from national competition agencies (NCAs).
In addition, “systematic non-compliance” with the DMA (reported as three non-compliance or fining decisions within eight years), may also lead to the imposition of remedies capable of restricting future deal-making activity – although any such restrictions will, as a minimum, need to be proportionate and necessary to remedy the damage caused by repeated infringements.
The impact of these changes on deal making remains to be seen, including how the Commission will balance its desire for greater deal oversight with incentives for continued investment in innovation and collaboration in the continually evolving competitive landscape for new digital technologies.
As part of this, greater clarity will also be needed on the interplay between the obligations in the DMA and the Commission’s substantive assessment of mergers, particularly as the Commission has previously accepted that existing regulation supports the exclusion of certain theories of harm (e.g. in the telecoms sector, where regulated access to infrastructure has been relied upon in the Commission’s decisional practice to exclude concerns about post-merger foreclosure of access to infrastructure).
It also remains to be seen whether those in the Commission who will be involved in enforcing the DMA will also play a role in enforcing merger control remedies agreed with designated gatekeepers (again, similar to the role often played by telecoms regulators in enforcing merger remedies agreed with telecoms operators).
2. Interoperability and privacy
Further thinking will be needed to ensure that interoperability obligations do not create vulnerable entry points which risk increasing the potential for cyber threats.
While the DMA’s obligations aim to promote fair competition and innovation, and to give users more control over their data, further thinking will be needed to ensure they can be reconciled with the legitimate privacy and data security priorities of designated gatekeeper platforms and their users, and their compliance with applicable data privacy laws. In that context, the newly introduced interoperability obligations for designated gatekeepers’ messaging services could, for example, risk opening up data flows to third-party providers of communications services, and thereby risk creating vulnerable entry points into designated gatekeepers’ systems and the potential for cyber threats.
Although the Parliament’s proposed safeguards – which require that interoperability with other providers’ services is subject to a high level of security and personal data protection – they do not specify any precise technical standards for doing so, including in regard to encryption methods and user identification and authentication features, all of which will need to be developed.
Further thought may also be needed in relation to appropriate dispute resolution mechanisms, particularly where disputes relate to security or data protection-based concerns, both in relation to the specific service in question and any knock-on impact on designated gatekeepers’ other services.
3. Interplay with parallel antitrust investigations and litigation
While the DMA provides the Commission with another tool in its regulatory “toolbox”, its interaction with existing antitrust investigations and new/pending national platform regulations remains unclear.
The Commission has said that the DMA will complement Article 102 TFEU, with Vice President Vestager having emphasised in her 25 March 2022 speech that both the DMA and antitrust will “remain necessary” and that “no one should expect the new regulatory instrument to replace Article 101 and 102 [TFEU] enforcement actions.”
However, given the DMA’s expansive reach, and the significant changes required to regulated platforms’ business infrastructure and product development plans, significant questions remain as to how the Commission will alleviate any corresponding double-jeopardy concerns.
In that context, the European Court of Justice’s preliminary ruling in the bpost case (Case C-117/20) which emphasised the need for “clear and precise rules that make it possible to predict which acts or omissions are liable to be subject to such duplication, and also to predict that there will be coordination between the two competent authorities”, and that “the two sets of proceedings must have been conducted in a sufficiently coordinated manner within a proximate timeframe”, will be relevant.
Another source of complexity will be the possibility of parallel investigations of designated gatekeepers’ behaviour under national platform regulations (such as sec. 19a of the German Act against Restraints of Competition and the pending new powers of the UK Digital Markets Unit), as well as private litigation before national courts in order to enforce the DMA.
If you would like to discuss the proposals in more detail please get in touch with your contacts in our Antitrust, Competition and Trade team. You can also reach out to reach out to Natalie Pettinger Kearney or Eugene McQuaid in our EU Regulatory and Public Affairs team, who are following the legislative process closely.
To read more about these and other antitrust developments, refer also to our Global antitrust in 2022: 10 key themes report.