On 15 December The European Commission published the long awaited Digital Markets Act proposal. The Proposed Regulation imposes a series of ex ante behavioural obligations on entities that the Commission designates as ‘gatekeepers’. The obligations for those designated platforms and the potential sanctions largely resemble behavioural remedies and fines that the European Commission might otherwise seek to impose under its competition law powers. The Commission’s enforcement action is expected to be intense, with ten on-site investigations per year and an additional 80 full time staff.
What is the Digital Markets Act?
The Proposed Regulation introduces new behavioural rules for digital platforms designated by the European Commission as ‘gatekeepers’ in the context of one or more ‘core platform services’. It builds on the existing P2B Regulation, notably the definitions of ‘online intermediation services’ and ‘online search engines’.
How is ‘gatekeeper’ status imposed?
‘Gatekeeper’ is a designation that will be imposed by a decision of the European Commission, and that designation will trigger the application of a number of behavioural obligations.
Only providers of certain “core platform services” are liable to be designated: online intermediation services, online search engines, online social networking services, video-sharing platform services, number-independent interpersonal communication services, operating systems, cloud computing services, and advertising services (including any advertising networks, advertising exchanges and any other advertising intermediation services) provided in the context of other core platform services. It might be noted, however, that the European Commission is given the power to conduct market investigations aimed at proposing further legislation to add new services to this list.
Article 3 of the Proposed Regulation provides three cumulative criteria to be applied by the European Commission when exercising its power of designation. However, a set of mechanical presumptions apply, that in practice may limit the relevance of arguments over the exact meaning and application of these criteria
- Has a ‘significant impact’ on the internal market
Presumed if the provider achieved an annual turnover equal to or above €6.5 billion in the EEA in the last three financial years, or if its average market capitalization or equivalent fair market value amounted to at least €65 billion in the last financial year, and it provides a core platform service in at least 3 Member States.
- Operates a service which serves as ‘an important gateway’ for business users to reach end users
Presumed if the provider operates a core platform service with more than 45 million monthly active end users established or located in the EU and more than 10,000 yearly active business users established in the EU in the last financial year.
- Enjoys (or foreseeably will enjoy) an ‘entrenched and durable position’ when operating its services
Presumed if the provider met the two other criteria in each of the last three financial years.
Providers of core platform services are required to self-assess whether they meet the above quantitative thresholds and, if so, to notify this information to the European Commission. On the basis of such notifications or following a market investigation, the European Commission will designate as ‘gatekeepers’ those providers that meet the thresholds, unless they succeed in persuading the Commission that, after all, the substantive criteria are not met.
Once designated, the provider will have six months to comply with the specific obligations set out in Articles 5 and 6. At least every two years, the European Commission will review whether designated ‘gatekeepers’ continue to meet the criteria.
What obligations are imposed on ‘gatekeepers’?
Articles 5 and 6 are the key provisions of the Proposed Regulation. They include a long list of conduct-specific obligations, recognisably drawing inspiration from previous competition law decisions and investigations of the European Commission.
The obligations may broadly be summarised as follows:
- Constrain data accumulation
- Restrain the supposed ability of ‘gatekeepers’ to require third parties to use the services of those ‘gatekeepers’
- Restrain the claimed ability of ‘gatekeepers’ to use non-public information generated on their platforms as a result of third parties’ business activities
- Ban the tying of software applications
- Promote interoperability and switching between third party software, applications, and services
- Restrict the alleged ability of ‘gatekeepers’ to treat their offerings more favourably
- Take concrete steps to ensure compliance with GDPR
- Apply general conditions of access deemed to be fair and non-discriminatory
Article 7 of the Proposed Regulation requires that measures taken by ‘gatekeepers’ to comply with their obligations under Articles 5 and 6 “shall be effective in achieving the objective of the relevant obligation”. Further, Article 7(2) provides a power for the European Commission to specify the measures that a specific ‘gatekeeper’ must implement in order to comply with its Article 6 obligations. There is thus a distinction between the Article 5 obligations – with which ‘gatekeepers’ are supposed to comply ‘as such’, and the Article 6 obligations which are designed to be capable of further specification by the Commission.
It should also be noted that the Commission has a power to adopt delegated acts adding new obligations to the lists under Article 5 and 6, after a market investigation.
Enforcement and penalties
The Proposed Regulation gives the European Commission powers of investigation modeled on its familiar competition law powers. It can thus conduct surprise inspections, send out requests and mandatory decisions seeking information and documents, and interview witnesses. It also has the same power to impose fines as for competition law infringements, namely fines of up to 10% of the undertaking’s total worldwide annual turnover.
Initial observations on the Proposed Regulation
- The enforcement risk is very real
The Proposed Regulation should not be viewed merely as a best practice rule book for platform service providers. The European Commission is making preparations for substantial enforcement efforts. Specifically, it envisages taking on up to 80 new officials and external staff by 2025 to work on DMA related issues. The Commission is likewise budgeting for 10 on-site investigations of alleged ‘gatekeepers’ per year as of 2023 – only a year after the expected adoption of the Regulation.
- Structural remedies are a possibility
Article 16 of the Proposed Regulation empowers the European Commission to conduct market investigations into what is deemed ‘systematic non-compliance’ with the Article 5 and 6 obligations. This translates to at least three non-compliance or fining decisions within the previous five years, and a finding that the ‘gatekeeper’ concerned has “further strengthened or extended its gatekeeper position”. At the end of that investigation, the Commission may impose “any behavioural or structural remedies which are proportionate to the infringement committed and necessary to ensure compliance with this Regulation”. Structural remedies may be imposed only “where there is no equally effective behavioural remedy or where any equally effective behavioural remedy would be more burdensome”.
- The special obligation to notify concentrations
Article 12 imposes an obligation on designated ‘gatekeepers’ to report any intended concentration involving another provider of core platform services or any other services in the digital sector to the European Commission. This obligation applies irrespective of whether the EU Merger Regulation thresholds are met, and it may turn out to be the Commission’s answer to the long debated issue of supposed killer acquisitions.
It is not clear what the review of such notifications will entail, nor what powers the European Commission will have in this respect. The Proposed Regulation does not itself contain any powers to block transactions, and thus for the moment it must be assumed that the Commission envisages using its various options under the EU Merger Regulation to seek jurisdiction over a transaction even where the normal filing thresholds are not met.
- The ubiquity of privacy related considerations
Compliance with GDPR requirements is explicitly mentioned multiple times within the context of the obligations for ‘gatekeepers’. This is a clear confirmation of the ever closer relationship between competition policy and privacy. In turn, this is likely to encourage an ever closer relationship between competition and data protection authorities. Undertakings subject to the provisions of the Proposed Regulation will need to embrace engagement with a number of different authorities at the same time.