On Wednesday 6 September, the European Commission appointed the first six gatekeepers under the Digital Markets Area (DMA) legislation (see EUROPE 13243/11). From 6 March 2024, some 22 services offered by Alphabet (Google), Amazon, Apple, ByteDance (TikTok), Meta (Facebook) and Microsoft will have to comply with the regulation and abide by the new rules.
“Today we are finally curbing the economic power of six gatekeepers, giving consumers more choice and smaller, innovative technology companies new opportunities through interoperability, out-of-store downloading, real-time data portability and fairness”, commented Internal Market Commissioner Thierry Breton.
The appointment of these first six gatekeepers – all of whom are based outside the EU – comes at a time when the Commission had 45 days in which to reach a decision. Seven companies initially notified the Commission on 4 July (see EUROPE 13215/3). As well as adding 22 services to the list of entities affected by the DMA, this procedure resulted in the opening of four market investigations to determine whether Microsoft’s Bing, Edge and Advertising services and Apple’s iMessage should fall under the scope of the regulation. The investigation must be concluded within a maximum of five months.
In addition, a further investigation will have to reach a conclusion, within a maximum of 12 months, as to whether or not Apple’s iPadOS should be included in the list of entities concerned, even though the quantitative thresholds – 45 million monthly users in the EU and 10,000 professional users – have not been reached. “We hope that the results will come sooner” said a senior European Commission official, however.
On the other hand, the Commission has decided that Samsung’s Internet Browser service, which was notified to it by the company, cannot be considered as an essential platform service. The Commission has also taken a decision along the same lines for Google’s Gmail and Microsoft’s Outlook.com services.
No operators of cloud services or virtual worlds, such as Metavers, have notified the European Commission.
Six months to comply
While companies have six months to comply, certain provisions must be applied immediately. Gatekeepers must inform the European Commission of any planned merger or acquisition.
“Information obligations exist within the EU when a certain threshold is reached – generally calculated on the basis of turnover. For the ‘gatekeepers’, this is a reinforcement, as they will have to inform the Commission even when the project is below the thresholds”, explained a senior European Commission official.
Companies must also appoint a contact person who will be responsible for reporting information to the Board of Directors and keeping the Commission informed.
Other rules will follow between now and March. For example, gatekeepers will no longer be able to track users on services for advertising purposes without their consent. They will also no longer be able to use professionals’ data to compete with them or decide to promote the placement of their own products on their platforms. The text also stipulates that gatekeepers will no longer be able to block users wishing to install certain software – in particular third-party application shops – and will need to make it easy to uninstall applications installed by default.
“Between now and March, the Commission will continue its dialogue with the gatekeepers. They have six months to modify their systems and produce a compliance report, explaining how they are meeting the obligations. We are waiting for their proposal to see how these obligations will materialise”, said another senior European Commission official.
The possibility of imposing structural measures as sanctions
While new gatekeepers such as Booking.com or Twitter could, without any certainty, “decide to notify themselves” in the future, some could, on the other hand, try to request a suspension of the application of the regulation. In this case, “they should turn to the Court of Justice in Luxembourg and present their arguments. So far, this has not happened. We will then see whether or not the arguments hold water”, summed up a source close to the matter. “The decisions were carefully prepared, but we can’t rule that out”, added another European source.
The text also provides for fines to be imposed. These could amount to 10% of the company’s worldwide turnover, and up to 20% in the event of a repeat offence. In the case of systematic breaches, the company in question could be forced to sell all or part of an activity or be prohibited from acquiring new services.
“I wanted penalties that would act as a deterrent. We do have the possibility of imposing more structural measures”, commented Mr Breton. However, “no calculations” have yet been made to determine the commercial impact, explained a senior European official.
The Commission’s designation decisions should be published in the coming weeks. However, this will only be the case once the problems relating to the confidentiality of certain data have been resolved between the Commission and the companies concerned.
“We don’t have a precise timetable, but we want it to be quick. In the best-case scenario, we will have a direct agreement with the companies. But it may take some time”, concluded a senior EU official. (Original version in French by Thomas Mangin)