Digital markets regulation in the EU and UK: DMA v DMCC
22 August 2024
In recent years, the EU and UK have both introduced new regimes regulating Big Tech companies with the EU Digital Markets Act (DMA) and the UK Digital Markets, Competition and Consumers Act (DMCC Act). This update focuses on the key similarities and differences between the two regimes.
In December 2020, the European Commission published drafts of the DMA and the Digital Services Act (DSA) (see our December 2023 update): the DMA focuses on competition in digital markets and the DSA focuses on transparency and consumer protection. The DMA was formally adopted by the European Parliament and Council on 14 September 2022. It contains forward-looking rules to regulate Big Tech and, at a high level, enables the European Commission to designate large platforms as "gatekeepers" where such large platforms provide a "core platform service". Once designated, gatekeepers are subject to a set of stringent behavioural requirements (see our January 2024 update).
The DMCC Act received Royal Assent on 24 May 2024. The key reforms introduced by the DMCC Act, including the new digital regime, are expected to enter into force later this year (see our May 2024 update). As with the DMA, the DMCC Act enables the UK Competition and Markets Authority (CMA) to designate companies as having strategic market status (SMS). Designated companies will then be subject to a tailored code of conduct.
While both the EU and UK are looking to achieve the same end goal (i.e., to make the digital sector fairer and more competitive), they have taken notably different approaches. In this update, we'll highlight the key similarities and differences between the two regimes.
When key provisions in the DMA entered into force in May 2023, potential gatekeepers had until 3 July 2023 to notify the European Commission that they met the criteria for designation under the DMA. In September 2023, the European Commission made its first designations: Alphabet (Google's parent company), Amazon, Apple, ByteDance (which owns TikTok), Meta and Microsoft. Booking was designated in May 2024 and the European Commission also announced that it had opened a market investigation to assess the rebuttal submission from online social networking service X (formerly Twitter) in more detail.
As the DMCC Act is not yet in force, no companies have been designated as having SMS status in the UK, although the CMA has indicated that it expects to start three to four SMS investigations in the first year of the new regime.
Under the DMA, companies may be designated as gatekeepers where they meet the three qualitative conditions set out below. The DMA also sets out rebuttable presumptions based on quantitative criteria which the European Commission may rely on when considering whether to designate a company as a gatekeeper.
The company must provide a core platform service which is an important gateway for business users to reach end users. This will be presumed where, in the last financial year, the service has:
The company must also have a significant impact on the EU market. This will be presumed where the company has:
The third condition requires that the company enjoys an entrenched and durable position in its operations (or it is foreseeable that the company will enjoy such a position in the near future). This condition will be presumed to have been met if the two previous conditions have been met in each of the last three financial years.
While the majority of gatekeeper core platform services to date have been designated on the basis of the presumptions set out above, the qualitative criteria are the key criteria for determining whether a service should be designated. The European Commission:
To be designated under the DMCC Act, a company must have:
Unlike the DMA, the DMCC Act does not include any quantitative thresholds which the CMA would be able to rely on to designate a company as having SMS.
Under the DMCC Act, engaging in a digital activity essentially means providing services on the internet or digital content, including free services and content. The digital activity must also be linked to the UK: the CMA will consider factors such as whether there are a significant number of users in the UK and if the digital activity (or the way the company carries on the digital activity) is likely to have an immediate, substantial and foreseeable effect on trade in the UK.
To establish that a company has strategic significance in respect of a digital activity, the CMA needs to conclude that the company meets one of four conditions set out in the DMCC Act which relate to the size and scale of the company's position in the digital activity, the number of users and the company's ability to leverage its position.
As with the DMA, the company must have substantial and entrenched market power. When considering this, the CMA will undertake a forward-looking assessment over at least five years (see our July 2024 podcast episode). In this assessment, the CMA is essentially looking to see whether the company is able to behave independently of competitive forces. The draft guidance notes that familiar analytical tools used in dominance cases will also be relevant (e.g., the company's share of supply or profitability levels), but that the CMA will not typically seek to draw on existing dominance case law. It will therefore be interesting to see what happens in practice when the CMA begins to undertake SMS investigations.
Under the DMA, companies are required to notify the European Commission if they meet the quantitative thresholds set out in the Act. Once the European Commission has received a complete notification, it has 45 working days to assess whether to designate the company as a gatekeeper. Where the European Commission is making a designation based on qualitative criteria (for example, because the quantitative thresholds are not met), it has indicated that it will endeavour to conclude investigations within 12 months.
In the UK, there are no notification requirements. The CMA will be able to begin an SMS investigation based on its own research, evidence gathered through its other work or based on information or recommendations from other regulators. Once it has begun an SMS investigation, the CMA will have up to nine months to complete it.
A number of gatekeepers have sought to challenge their designation by the Commission. Only one appeal has been determined to date: ByteDance's unsuccessful appeal before the General Court. While ByteDance did not dispute that it met the quantitative thresholds, it argued that it does not have a significant impact on the internal market and does not enjoy an entrenched and durable market position. ByteDance argued that:
On 17 July 2024, the General Court dismissed ByteDance's arguments. The Court emphasised that while TikTok had been a challenger in 2018, it had rapidly consolidated its position and continued to strengthen this position despite Meta and Google launching competing services such as Reels and Shorts.
Other gatekeepers have also challenged designation decisions:
Third parties can also challenge European Commission decisions: a competing browser has challenged the European Commission's decision not to designate Microsoft's Edge as a gatekeeper.
In the UK, there have not yet been any designation decisions to challenge. However, it is worth highlighting that designation decisions will only be challengeable by way of judicial review, and therefore there will be no opportunity for a full merits appeal.
DMA | DMCC Act | |
Notification requirement | Yes (if quantitative thresholds met) | No |
Timeline for designation decisions | 45 working days from a complete notification | 9 months for an SMS investigation |
Turnover threshold | EUR 7.5 billion in the EU (in each of the last 3 financial years) | GBP 1 billion in the UK or GBP 25 billion worldwide (in the previous 12 months) |
Possibility of appeal | Full merits | Judicial review |
Once a firm has been designated, the aims of the DMCC and DMA are very similar – the ex-ante regulation of digital services – but the EU and UK have taken different approaches to implementation. One of the key differences is that the gatekeeper obligations are prescribed in the DMA itself. In contrast, in the UK, the CMA will be able to impose tailored codes of conduct under the DMCC Act.
The DMA obligations include a number of positive obligations to behave in certain ways, as well as prohibitions on gatekeepers engaging in certain types of conduct. The DMA obligations cover three key areas:
For further details of the gatekeeper obligations under the DMA, see our January 2024 update.
The DMCC Act enables the CMA to impose bespoke conduct requirements on each SMS firm. The CMA's discretion is not unfettered as the Act provides a framework for the CMA to follow when crafting a conduct requirement (CR). The CR must:
In its draft guidance, the CMA indicates that the level of detail in a CR may vary, depending on whether the outcome is measurable and whether compliance is easy to assess. Where an outcome-focused CR would not achieve the CMA's aim or where compliance is not measurable or easy to assess, the CMA may impose an action-focused CR. It is possible that a high-level CR may be revised following a breach to provide additional detail.
The DMA obligations are the types of obligations which could fall under the CR framework in the UK so we may see the CMA take inspiration from the gatekeeper obligations which apply to companies which have already been designated in the EU as gatekeepers, particularly given the requirement that the CMA act proportionately in imposing CRs.
Under the DMA, gatekeepers have six months to comply with the gatekeeper requirements once they have been designated. In the UK, the CR will enter into force on the date specified in the CR notice issued by the CMA. This allows greater flexibility, and the CMA may specify that different elements of the CR enter into force at different times. The CMA's draft guidance also indicates that there may be an implementation period to allow SMS firms sufficient time to make changes to technical systems before the requirements come into effect. This is likely to be determined on a case-by-case basis.
Gatekeepers are able to request guidance from the European Commission in respect of proposed measures to comply with their gatekeeper obligations. The European Commission has also organised a number of public workshops involving individual gatekeepers and other interested stakeholders to discuss potential issues relating to specific implementing measures.
The CMA plans to issue so-called "interpretative notes", which will provide further detail on the CMA's interpretation of a CR, how it might apply in particular circumstances and include illustrative examples. The notes will not be binding on the SMS firm, which will be free to take a different approach if they can demonstrate that their approach complies with a CR. The CMA has also indicated that the notes may be flexible and change over time.
Under the DMA, gatekeepers are required to submit annual compliance reports. The first compliance reports were published in March 2024 and these set out high level information about how each gatekeeper is complying with its obligations under the DMA. The European Commission will monitor compliance with the DMA using the compliance reports, as well as its investigatory powers.
Compliance reports are also required under the DMCC Act and the CMA will specify a reporting period which could require more frequent compliance reports than under the DMA.
DMA | DMCC Act | |
Obligations | Standardised – set out in the DMA | Tailored to the particular company |
Timing for compliance | Within 6 months of designation | As set out in the CR notice |
Compliance reports | Annual | As specified by the CMA |
Under the DMA and DMCC Act, designated companies are required to inform the European Commission and/or the CMA (as appropriate) of proposed mergers and acquisitions:
The enforcement powers under the DMA and DMCC Act are broadly similar. Both the European Commission and the CMA have the power to impose penalties. The European Commission also has the power to impose additional remedies on gatekeepers following a market investigation if a gatekeeper is systematically failing to meet its obligations under the DMA. These remedies could be behavioural (meaning a requirement to do something such as make a service interoperable or to stop doing something like combining user data collected across different activities) or structural, meaning the European Commission could require parts of the business to be sold off.
In the UK, the CMA can impose an enforcement order requiring the SMS firm to comply with a conduct requirement following a breach investigation. The CMA also has the power to conduct a pro-competition intervention (PCI) investigation which will be an important tool for the CMA to regulate designated companies. Following a PCI investigation, a PCI order can be imposed to remedy any harmful effects on competition identified during the investigation. At this stage, the CMA's Digital Markets Unit (DMU) will have broad powers to impose remedies, including behavioural remedies, requiring the company to divest part of its business or requiring certain information to be supplied or published (for example, a requirement to supply user data to competitors). It will be interesting to see when the CMA looks to impose conduct requirements versus when it undertakes a PCI investigation. Unfortunately, the CMA's draft guidance does not provide much additional insight on this point.
DMA | DMCC Act | |
Fines | Up to 10% of worldwide turnover and up to 20% of worldwide turnover for repeated infringements | Up to 10% of worldwide turnover and £30,000 for individuals who fail to comply with investigative requirements |
Daily penalties | 5% of average daily turnover | 5% of daily turnover |
Remedies | Behavioural and structural | Enforcement order |
Shortly after the first compliance reports were published, the European Commission opened five non-compliance investigations into Alphabet, Apple and Meta. The investigations opened in March 2024 relate to:
In June 2024, the European Commission also announced a third non-compliance investigation into Apple: this investigation relates to its new contractual requirements for third-party app developers and app stores. The European Commission is also undertaking a fact-finding investigation into Amazon Store listings.
The European Commission has also ordered Apple, Alphabet, Meta, Amazon and Microsoft to retain documents which the European Commission might use to assess each business' compliance with the DMA.
In addition, there is still ongoing enforcement activity at EU and national levels with gatekeepers being investigated for alleged abuses of dominance and there is potential for private enforcement activity to commence in the near future.
Digital companies operate globally and will therefore be considering how to navigate the two regimes, as well as being mindful of on ongoing work in other jurisdictions, such as Australia (see our February 2024 update).
The CMA's DMU has indicated that it expects to start three to four SMS investigations in the first year of the new regime. Based on the CMA's recent enforcement activity against digital companies, we expect the CMA to designate several of the companies that have already been designated in the EU. It will be interesting to see the extent to which the UK's tailored codes of conduct add additional obligations to the ones the companies have been grappling with under the DMA.
With thanks to Isabella Hunt for her contribution.
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.
Sign-up to select your areas of interest
Sign-up