On December 15, 2020, the European Commission (EC) published its long-awaited legislative proposal to regulate so-called “gatekeeper platforms,” the Digital Markets Act (DMA). The DMA will create a new framework to identify gatekeeper platforms; require or proscribe certain gatekeeper practices; and give the EC new powers to conduct investigations and impose both behavioral and structural remedies, such as divestitures. According to the EC, gatekeeper platforms benefit from extreme scale economies, very strong network effects, a significant degree of user dependence, lock-in effects, a lack of multi-homing for the same purpose by end users, vertical integration, and data driven-advantages. These characteristics make users vulnerable to practices that can substantially undermine the contestability of core platform services and lead to unfair treatment of business and end users.
More broadly, the EC is moving quickly to turn President Von der Leyen’s digital agenda into binding legislation. The DMA complements a Digital Services Act package published at the same time (the DSA) and proposed legislation on data governance published last month (the DGA). Additional legislative proposals will follow in early 2021, notably on artificial intelligence and data.
The EC’s regulatory agenda intertwines with its ongoing antitrust reform agenda. In particular, the EC has pursued many of the gatekeeper practices covered by the DMA as abuses of dominant positions under EU antitrust law. The criteria for identifying “gatekeepers” under the DMA also seem inspired by the EU antitrust concept of “dominant position,” but they are broader and easier to apply. The new investigative and remedial powers are based on those sought in the EC’s proposed “new competition tool,” but more limited in scope, being targeted at gatekeepers.
In recent years, governments around the world have studied the growth of online platforms’ market power and considered a range of possible responses, including reforms in antitrust enforcement and the creation of new regulatory regimes inspired by, but distinct from, antitrust enforcement. With the DMA, the European Union (EU) has opted for a regulatory approach, though the EC will no doubt continue to pursue an active antitrust enforcement policy in the digital sector. Other jurisdictions, including Germany, Japan and the UK, are considering their own reforms, some more aggressive than the DMA.
Following the U.S. elections, the EC has also proposed establishment of a new EU-US Trade and Technology Council and dialogue on online platforms and “Big Tech,” critical technologies, artificial intelligence, data flows, regulation and standards in its new Trans-Atlantic agenda proposal. Whether the new U.S. administration takes inspiration from the DMA proposal remains to be seen.
Under the DMA (Article 3), the EC will designate providers of “core platform services” as gatekeepers if they have a significant impact on the internal market; their core platform service(s) serve as an important gateway for business users to reach end users; and they enjoy (or foreseeably will enjoy) an entrenched and durable position. “Core platform services” include online intermediation services; online search engines; online social networking services; video-sharing platform services; “number-independent interpersonal communication services” (i.e., messaging services not linked to mobile phones); operating systems; cloud computing services; and online advertising services.
The EC has identified these core platform services based on EU antitrust enforcement experience and other evidence indicating that these services are controlled by highly concentrated multi-sided platforms who act as gateways for business users to reach their customers and vice-versa. According to the EC, this gatekeeper power is often misused by means of unfair behavior vis-à-vis economically dependent business users and customers, leading to barriers to entry and weak contestability of the markets for these services. In practice, however, the concepts of “business user” and “end user” may be difficult to apply in many cases outside the online marketplace context. Similarly, the relatively broad categories of core platform services may correspond to multiple products and services offered separately by individual gatekeepers.
The DMA creates a two-track approach to designating gatekeepers. If they satisfy certain quantitative criteria, providers of core platform services will be presumed to qualify as gatekeepers and have to notify the EC within three months of the criteria being satisfied. The EC would then have 60 days to determine whether the platform should be designated as a gatekeeper. In its designation, the EC would identify the group members and core platform services to which the DMA obligations will apply.
The EC would also have the power to designate gatekeepers not meeting the thresholds following a market investigation. The EC will be free to amend or repeal its gatekeeper designations at any time and will in any case review the status of designated gatekeepers every two years.
The DMA does not name companies likely to be designated gatekeepers, and the new regime purportedly targets a relatively small number of companies with significant market power. The common assumption that the DMA targets only a handful of U.S.-based companies may prove misplaced, however; Commissioner Breton recently noted that approximately ten European companies may be covered.
Gatekeeper Restricted Practices
The DMA creates two categories of obligations for gatekeepers, immediately enforceable obligations and obligations “susceptible of being further specified.” The distinction between these categories is not clear. Both sets of obligations potentially apply to all gatekeepers. The DMA empowers the EC to adopt delegated acts specifying some but not all of the conduct referred to in the second category and envisages that gatekeepers will discuss such practices with the EC.
The DMA requires or prohibits 18 specific practices, set out in highly technical, abstract terms. Set out below is a “plain English,” though still abstract, list of the relevant practices. Gatekeepers will be subject to immediately enforceable obligations (Article 5) to:
- refrain from combining personal data sourced from their core platform services with personal data from other services offered by the gatekeeper or from third-party services or from signing in end users to other services to combine personal data without consent;
- allow business users to offer the same products or services to end users through third-party online intermediation services at prices or conditions that are different from those offered through the gatekeeper;
- allow business users to promote offers to and conclude contracts with end users, and allow end users to access and use content, subscriptions, features or other items from the business user, via the business user’s app on the gatekeeper’s platform, regardless of whether the end user uses the gatekeeper’s core platform services;
- refrain from preventing or restricting business users from complaining to public authorities;
- refrain from requiring business users to use, offer or interoperate with an identification service of the gatekeeper;
- refrain from bundling core platform services by requiring business or end users to subscribe to or register with other relevant core platform services as a condition to accessing, signing up for or registering on any of their core platform services; and
- provide advertisers and publishers with information concerning prices paid for publishing a given ad or providing advertising services.
Gatekeepers’ obligations susceptible to “specification” (Article 6) require gatekeepers to:
- refrain from using any non-public data generated through activities by business users (including their end users) to compete with those business users;
- allow end users to un-install any pre-installed apps on their core platform service except where essential for the functioning of the operating system or of the device and which cannot technically be offered by third parties;
- allow the installation and use of third-party apps or app stores using, or interoperating with, the gatekeeper’s operating systems and allow these apps or app stores to be accessed by means other than the gatekeeper’s core platform services;
- refrain from treating more favorably in ranking services and products offered by the gatekeeper itself or by any third party belonging to the same group compared to similar services or products of third parties and apply fair and non-discriminatory conditions to such rankings;
- refrain from technically restricting the ability of end users to switch between and subscribe to different apps and services to be accessed using the gatekeeper’s operating system, including as regards end users’ choice of Internet access provider;
- allow business users and providers of ancillary services access to and interoperability with the same operating system, hardware or software features that are available or used in the provision by the gatekeeper of any ancillary services;
- provide advertisers and publishers, free of charge, with access to the gatekeeper’s performance measuring tools and the information necessary for advertisers and publishers to carry out their own independent verification of the ad inventory;
- provide effective portability of data generated through the activity of a business user or end user and tools for end users to facilitate the exercise of data portability, including by the provision of continuous and real-time access;
- provide business users, or third parties authorized by a business user, free of charge, with effective, high-quality, continuous and real-time access and use of aggregated or non-aggregated data, that is provided for or generated in the context of the use of the relevant core platform services by those business users;
- refrain from using any data not publicly available, which is generated through activities by business users (or their end users), of core platform services to compete with those business users;
- allow end users to un-install any pre-installed apps except where essential for the functioning of the operating system or of the device and that cannot technically be offered by third parties;
- allow the installation and effective use of third party apps or app stores using, or interoperating with, the gatekeepers’ operating systems and allow these apps or app stores to be accessed by means other than the gatekeepers’ core platform services;
- refrain from ranking services and products offered by the gatekeepers themselves or by any third party belonging to their group more favorably compared to similar services or products of third parties and apply fair and non-discriminatory ranking conditions;
- refrain from technically restricting end users’ ability to switch between and subscribe to different apps and services accessed via the gatekeepers’ operating systems, including as regards end users’ choice of Internet access provider;
- allow business users and providers of ancillary services access to and interoperability with the same operating systems, hardware or software features that are available or used in the provision by the gatekeepers of any ancillary services;
- provide advertisers and publishers, upon their request and free of charge, with access to the performance measuring tools of the gatekeepers and information necessary for advertisers and publishers to verify ad inventory;
- provide effective portability of data generated through the activity of a business user or end user and tools for end users to facilitate the exercise of data portability, including by the provision of continuous and real-time access to data;
- provide business users, free of charge, with effective, high-quality, continuous and real-time access and use of aggregated or non-aggregated data provided for or generated through the use of the relevant core platform services by those business users (and their end users) and, for personal data, provide access and use only where directly connected with the end user’s use of the business user’s products or services through the core platform service, and subject to the end user’s consent;
- provide third-party providers of online search engines access on fair, reasonable and non-discriminatory terms to ranking, query, click and view data in relation to free and paid search generated by end users on online search engines of the gatekeepers, subject to anonymization for personal data; and
- apply fair and non-discriminatory general access conditions for business users to their app store.
As mentioned, the policy goals underlying this long and abstract list of practices can be difficult to discern. The Explanatory Memorandum accompanying the proposal observes that the proposals are based on the EC’s observation in the Shaping Europe’s Digital Future Communication that ex ante rules may be needed to ensure that “markets characterised by large platforms with significant network effects acting as gatekeepers, remain fair and contestable for innovators, businesses, and new market entrants.” Many of the required or prohibited practices correspond to practices that may be considered abusive under EU competition law if engaged in by dominant companies, including in particular tying or bundling services where gatekeepers play a dual role.
Gatekeepers are also required to provide access to key inputs, such as operating systems, app stores, ranking information and data. EU competition law may require dominant companies to provide access to “essential facilities,” but the DMA does not use this term or reference EU competition law criteria for identifying essential facilities. The DMA also imposes transparency requirements that may promote competition but do not correspond directly to EU competition law requirements. In short, the DMA and EU competition law share a great deal of DNA but the precise family relationship is unclear.
As mentioned, gatekeepers may have difficulty matching their products and services to the core platform services defined in the DMA and in applying the concepts of business and end user. For example, many different activities can be included in the category of “cloud services,” and it may not be easy to identify the relevant business and end users. Deciding how to comply with Articles 5 and 6 across their entire businesses may prove a huge undertaking for many gatekeepers. In some cases, for instance where one gatekeeper is trying to enter a field dominated by another gatekeeper, application of these requirements could be counterproductive.
Gatekeepers’ obligations could be suspended (Article 8) by the EC where compliance would jeopardize, due to force majeure, the gatekeeper’s viability in the EU. Gatekeepers could also be exempted (Article 9) from certain obligations on public interest grounds. The EC will have the power to update these obligations (Article 10), and gatekeepers will be subject to general anti-circumvention (Article 11) and audit (Article 13) requirements.
Gatekeeper Acquisition Notifications
Gatekeepers would be required (Article 12) to inform the EC of all proposed acquisitions of other providers of core platform services or other digital services. This obligation would be separate from the EU Merger Regulation process and would not apply to all acquisitions by gatekeepers (for example, of manufacturers of devices as opposed to service providers. No approval would be required under the DMA before proposed acquisitions could close. However, gatekeepers would have to notify the EC within three months of an acquisition if additional core platform services meet the quantitative thresholds for a presumption of gatekeeper status, apparently so the EC can reassess the list of the gatekeeper’s core platform services subject to the DMA.
The DMA approach to acquisitions represents a strikingly modest approach to gatekeeper acquisitions, which have attracted significant scrutiny in recent years. Notably, the DMA is much more restrained than the UK CMA’s recent recommendations and would not authorize retroactive merger challenges such as the recent U.S. Federal Trade Commission challenge to Facebook’s Instagram and WhatsApp acquisitions.
The DMA provides for several different types of market investigation: investigations to designate gatekeepers (Article 15); investigations into systemic non-compliance (Article 16); and investigations into new services and practices to determine whether they should be added to the definition of core platform services covered by the DMA (Article 17).
If an investigation reveals “systematic non-compliance” (i.e., three or more infringements in a five-year period) by a gatekeeper and strengthening or extension of its gatekeeper position, the EC may impose any behavioral or structural remedies that are proportionate to the infringement and necessary to ensure compliance. The EC may only impose structural remedies, such as divestitures, where there is no equally effective behavioral remedy or where any equally effective behavioral remedy would be more burdensome.
For purposes of these investigations, the EC would have broad powers to request information (Article 19), carry out interviews and take statements (Article 20), conduct dawn raids (Article 21), adopt interim measures (Article 22), accept commitments to close proceedings (Article 23), and monitor compliance (Article 24).
The EC may also adopt non-compliance decisions (Article 25) and impose fines up to 10% of turnover (Article 26) or periodic penalty payments (Article 27), subject to a three-year statute of limitations (Article 28). Gatekeepers would benefit from a number of procedural rights of defense, including a right to be heard and to inspect the EC’s files (Article 30) and confidentiality (Article 31).
Relationship between the DMA and EU Antitrust Reform
As mentioned, the DMA proposal is closely linked to the EC’s antitrust reform agenda. The concept of gatekeepers as platforms with “an entrenched and durable position” appears to be inspired by the EU antitrust concept of dominant position, but broader. The long list of required and prohibited gatekeeper practices also seem to be inspired by EU antitrust concepts but more specific and easier to prove.
The DMA’s investigative powers and procedures are closely modeled after the EC’s competition law enforcement tools. The DMA’s market investigation tool goes further than the EC’s antitrust sector inquiry powers, in that the DMA confers broad remedial powers, but the DMA is narrower than the broad “new competition tool” the EC sought earlier this year.
The DMA does not detract from the EC’s antitrust enforcement powers. Indeed, the DMA specifies that it is without prejudice to Articles 101 and 102 TFEU and national competition rules based on individualized assessments of market positions and behavior. On the other hand, where conduct is arguably covered by both the DMA and EU competition law, the EC may prefer to use the DMA’s enforcement tools. Conversely, in the digital sector, the EC may focus its antitrust enforcement efforts on stakeholders other than large online platforms, for instance as a follow-up to its ongoing sector inquiry into the consumer Internet of things.
The DMA is one of the Von der Leyen Commission’s signature initiatives. The DMA enters the EU legislative process with significant momentum and political support from the European Parliament and Member States. It seems likely that the DMA will be adopted relatively quickly – in some form. Specific aspects of the DMA will be highly controversial, as well as difficult to apply in practice. The highly technical list of required and prohibited practices seem vulnerable to lobbying and political horse-trading, and it may be necessary to build in more flexibility where the DMA requirements prove difficult to interpret and apply in practice.
The DMA must also be seen in a broader context, both in terms of the EC’s policy agenda and the global debate on how best to address the growing power of “Big Tech.” In terms of the broader EC policy agenda, the DMA complements in particular the EC’s data strategy, including the DGA’s objective of promoting the development of new intermediaries for private data held by public authorities. Meanwhile, the DMA may shift the focus of EU antitrust enforcement away from the long-running online-platform cases that have characterized EU antitrust enforcement in recent years.
In the global context, the DMA will be examined as a potential model for action by governments worldwide, not least the new U.S. administration. The Biden administration will inherit recently launched litigation against online platforms, suggesting bipartisan support, and may welcome dialogue with the EC on a potentially broader regulatory agenda.
|Jay Modrall, Partner, Norton Rose Fulbright LLP|
|James R. Modrall is an antitrust and competition lawyer based in Brussels. He joined Norton Rose Fulbright LLP in September 2013 as partner, having been a resident partner in a major US law firm since 1986. A US-qualified lawyer by background, he is a member of the bar in New York, Washington, D.C., and Belgium.
With 27 years of experience, he is a leading advisor for EU and international competition work, in particular the review and clearance of international mergers and acquisitions. Mr Modrall also has extensive experience with EU financial regulatory reform, advising the world’s leading private equity groups in connection with the new EU directive on alternative investment fund managers and leading banks and investment firms on EU initiatives including EU regulation of derivatives, EU reforms in financial market regulation and the creation of a new EU framework for crisis management, among others. Mr. Modrall’s native language is English, and he is fluent in Italian and proficient in Dutch and French.