On July 18, the European Council approved the final text of the DMA, marking the final step before the DMA enters into force.  This followed the European Parliament approving, on July 5, the final text of the Digital Markets Act (DMA), by 588 votes to 11.  The DMA is likely to enter the EU’s Official Journal in October, which means the behavioural rules will kick in early-to-mid 2024.

The DMA marks a paradigm shift in the regulation of digital markets, giving the European Commission unprecedented powers to regulate leading digital platforms and setting a global standard for other jurisdictions that are developing similar rules.  The DMA targets platforms that operate as gatekeepers between businesses and users, hold an “entrenched and durable position,” and operate a core platform service (CPS).

The Commission is now preparing to oversee the gatekeepers’ compliance with the DMA. Shortly after the European Parliament vote, Commissioner Thierry Bretton stated that the Commission has “started to gear the internal organisation to this new role, including by shifting existing resources, and [they] also expect to ramp up recruitment next year and in 2024 to staff the dedicated DG CONNECT team with over 100 full time staff, combining both DSA and DMA – the DMA together with DG Competition”.

The DMA’s text agreed by the European Parliament and EU Member States included several notable additions and clarifications.  Following the agreement between the European Parliament and EU Member States in late March, the text of the DMA was published on May 11.  This text came with some significant late additions and clarifications:

  • Web Browsers and Virtual Assistants are included as categories of CPSs.
  • The rule against MFNs has been extended to cover both wide and narrow MFNs.
  • The rule against gatekeepers requiring exclusive use of their ID and in-app payment systems now also prohibits gatekeepers from exclusively requiring a single web browser rendering engine on their OS.
  • The rule against gatekeepers using businesses’confidential data to compete against them has been extended also to cover confidential data collected by a service related to a CPS and not just by the CPS itself.
  • There is a new rule (Article 7, formerly Article 6(a)) for messaging interoperability, which differs from the short Article 6(1)(fa) originally proposed by the European Parliament. This new rule sets out a framework for messaging services designated as CPSs to provide varying degrees of interoperability in a staggered process that will take up to four years after the designation.
  • The DMA now includes an Annex specifying guidelines on the methodology for identifying and calculating end users and business users for each CPS category, to see if services fall over the thresholds.
  • There has been a general renumbering of the DMA’s articles.

The latest technical adjustments do not change the substance of the DMA’s rules.  On June 27, the European Parliament and EU Member States agreed on a series of technical adjustments that mainly focus on closing a perceived loophole in the previous version of the DMA that did not provide for any fine if gatekeepers failed to set up a formal compliance function.  The Commission may now impose fines up to 1% of gatekeepers’ annual worldwide turnover where they intentionally or negligently “fail to introduce a compliance function in accordance with Article 28”.

Next steps: formal enactment and compliance.  Now that the DMA has been adopted by the European Parliament and ratified by EU Member States, it is expected to be published in the EU’s Official Journal in October.  The DMA will come into force 20 days after publication, but its substantive provisions will not apply until six months after publication.

The next step will be for gatekeepers to notify their in-scope CPSs and for those CPSs to be designated (which will likely take place around mid-2023).  After designation, gatekeepers will have six more months to comply with the DMA’s behavioural rules.  Considering this timeline, gatekeepers may only be legally obliged to comply with the new rules by early-to-mid 2024.

Old Numbering New Numbering Summary
5(a) 5(2) User consent for combining personal data.  Prohibits gatekeepers from (i) processing personal data obtained from 3Ps using a CPS for advertising purposes, and from (ii) combining or cross-using personal data obtained by a CPS with data obtained by other relevant services and (iii) signing in users to other 1P services in order to combine their personal data, absent express user consent or subject to the GDPR-based carve-outs, for instance, to protect users or to comply with other laws.
5(b) 5(3) No MFNs.  Requires online intermediation services (like app stores, marketplaces) to allow their business users to offer the same products to end users at different prices or conditions both on other platforms and their own websites.
5(c) 5(4) No anti-steering provisions. Gatekeepers cannot restrict app developers from promoting offers to users and contracting with users outside the gatekeeper’s app store.  Gatekeepers must allow users to access content, subscriptions, features and other items acquired without using the gatekeeper’s app store.
5(ca) 5(5)
5(d) 5(6) Cannot stop businesses from raising issues with public authorities.  Prohibits gatekeepers from restricting business users’ ability to raise issues of non-compliance with any relevant public authority.  Businesses and gatekeepers maintain the right to lay down in their agreements the terms of use of lawful complaint-handling mechanisms.
5(e) 5(7) Use of identification and payment services and web browser engines.  Prohibits gatekeepers from requiring business users or end users to use a gatekeeper’s identification or payment service in third-party apps.  Gatekeepers will also be prohibited from exclusively requiring the use of their web browser engine on their CPSs.
5(f) 5(8) Bundling subscriptions or registrations.  Prohibits gatekeepers from conditioning business or end users’ access to one CPS on the users subscribing or registering with another CPS.
5(g) 5(9) and 5(10) Disclosure of ads prices/rev shares.  Requires gatekeepers to disclose pricing information, revenue share information, and the measures on which prices and remuneration are calculated to advertisers and publishers upon their request free of charge and on a daily basis, if this information is also available to the gatekeeper.
6(1)(a) 6(2) Use of business data to compete.  Prohibits gatekeepers from using non-publicly available data generated or provided by the business users on its CPS and the customers of those business users, to compete with the business users.
6(1)(b) 6(3) App uninstallation, changing defaults, and choice screens.  Requires gatekeepers to allow end users to fully uninstall any apps from the OS of the gatekeeper.  The provision includes a safeguard for apps that are considered to be essential to the functioning of the OS or the device. Gatekeepers will also be required to enable users to easily change defaults, and to provide choice screens on their OSs to allow end users to change default settings for virtual assistants, web browsers and online search engines.
6(1)(c) 6(4) Installing 3P apps and app stores.  Requires gatekeepers to allow 3P apps and app stores to be installed on their OSs.  These 3P apps and app stores must be accessible via means other than the CPS of the gatekeeper.  The obligation also precludes gatekeepers from preventing these 3P apps or app stores from prompting users to decide whether they want to set that app or app store as their default.
6(1)(d) 6(5) Non-discriminatory ranking.  Prohibits gatekeepers from treating its 1P services and products more favourably in ranking compared to similar 3P services.
6(1)(e) 6(6) No restrictions on multi-homing or switching on an OS.  Prohibits gatekeepers from imposing any restrictions on end users’ ability to switch or multi-home across apps and services accessed through the gatekeeper’s CPSs.
6(1)(f) 6(7) Enable interoperability for OSs and virtual assistants.  Requires gatekeepers to give 3P service providers and hardware providers, free of charge, interoperability with and access to the same hardware and software features accessed or controlled via the OS or virtual assistant of the gatekeeper.  Gatekeepers may take strictly necessary and proportionate measures to ensure that interoperability does not compromise the integrity of the OS, virtual assistant, hardware or software.
6(1)(g) 6(8) Ads performance measurement tools.  Requires a gatekeepers’ online advertising services to provide advertisers and publishers with free access to relevant information and performance measuring tools so that they can independently verify the performance of their advertisements.
6(1)(h) 6(9) Data portability.  Requires gatekeepers to provide end users, free of charge, with the ability to port over their data to other platforms, as well as tools to facilitate data portability.  This goes beyond the GDPR data portability requirements as it is not limited to personal data.
6(1)(i) 6(10) Data access.  Requires gatekeepers to provide businesses, upon their request, with “continuous and real time access” to data on their use of their CPS and the users interacting with their products.
6(1)(j) 6(11) Search data sharing.  Requires online search engines to share anonymized ranking, query, click, and view data with rival search engines, for both free and paid search results.
6(1)(k) 6(12) Fair access to app stores, search engines and social networking services.  Requires gatekeepers to provide app developers with fair and non-discriminatory access to its app stores, search engines and social networking sites designated as CPSs.  The accompanying recital makes clear, however, that this article does not provide a right of access to these services.
6(1)(ka) 6(13) Termination of use.  Prohibits gatekeepers from imposing contractual or technical restrictions to termination (e.g., unsubscribing, or terminating a service contract more generally) on its business users and end users.
6(a) 7

Enable interoperability for messaging services.  Requires gatekeepers to make the basic functionalities of their messaging services interoperable with rival services upon request and free of charge.

 

The rule is designed to expand over time:  Following designation, the requirement will be limited to messaging and sharing of images, voice messages and videos between 2 users, but within 2 years of designation it will expand to messaging and sharing in groups, and within 4 years of designation to voice and video calls between 2 users as well as in groups.

12 14 Inform the EC about mergers.  Gatekeepers will have to inform the EC of all intended mergers and acquisitions involving “another provider of core platform services or of any other services provided in the digital sector” regardless of whether these transactions meet EU merger control thresholds. This rule is designed to facilitate the possibility of Article 22 referrals under the EU Merger Regulation enabling the EC to take jurisdiction over transactions of which they are informed under the DMA.