Legal development

The EU Digital Markets Act- What do you need to know?

Insight Hero Image

    The Ashurst Emerging Tech Series is a collection of briefings compiled by our UK and European Digital Economy Transactions team, designed to help businesses understand and prepare for the impacts of new and incoming digital services and emerging tech legislation.

    In our third briefing, we consider the EU Digital Markets Act (DMA).

    Introduction to the DMA

    The DMA aims to make the market for digital services in the EU fairer, more innovative and more competitive.  It is hoped that the DMA will level the digital services playing field and allow challenger providers to get a footing in the market, ultimately benefitting consumers.

    What does the DMA do?When does the DMA take effect?Who does the DMA apply to?

    The DMA places pro-competition obligations on core platform operators (such as social media platforms, marketplaces or search engine operators) which have market dominance.

    Whether a platform operator has market dominance is assessed according to certain revenue and user thresholds. The DMA works alongside already established EU competition rules.

    The DMA entered into force in November 2022, became broadly applicable from May 2023 and will be completely in force by March 2024.

    Like the GDPR, the DMA has an extra-territorial effect, applying to companies who provide services in the EU, regardless of where such companies are based.

    The DMA sits alongside the EU Digital Services Act (DSA). You can read our article on the DSA here.

    Key points and timeline

    Gatekeeper criteria

    The DMA sets out criteria for a company to be designated as a 'gatekeeper', where it:

    1. provides 'a core platform service’ (see diagram below) which serves as an 'important gateway for business users to reach end users'. This will be presumed where it provides such a service that in the last financial year has:

    • at least 45 million monthly active end users in the EU; and 
    • at least 10 thousand yearly active business users in the EU; and 

    2. has 'a significant impact' on the internal EU market. This will be presumed where the company has:

    • had a minimum of €7.5 billion turnover in each of the last three financial years; or
    • had a valuation of at least €75 billion in the last financial year; and
    • in each case, provides the same core platform service in at least three Member States; and 

    3. enjoys 'an entrenched and durable position in its operations, or it is foreseeable that it will do so in the near future. This will be presumed where the monthly active end users and yearly active business users above are met in each of the last three financial years.

    Gatekeepers currently designated by the EU Commission

    In September 2023, the EU Commission designated the following companies as having gatekeeper status:



    These designated gatekeepers were deemed to operate the following core platform services:



    Gatekeeper obligations

    The DMA sets out a defined list of obligations for gatekeepers, which we have set out below. 

    These obligations relate primarily to designated core platform services – however, some obligations do go further and impact other digital products and services provided by a gatekeeper where such gatekeeper leverages its gateway position. These other digital products and services are often provided together with, or in support of, the gatekeeper's core platform service. 

    1.  Fair rankings

    To ensure a fairer playing field, gatekeepers must not:

    • not treat their own products or services more favourably in rankings than third party products; and
    • ensure that they operate rankings transparently, fairly and without discrimination. 

    2.  Interoperability of messaging services 

    As noted above, Whatsapp and Messenger are currently designated as core platform messenger services. Significant interoperability obligations are imposed on core platform messenger service providers, including to ensure free of charge that:

    • Interoperable individual user sharing functionality – core platform messenger service users who can send end-to-end text messages, images, voice messages and videos can do so with individual users of other messenger services.

    This functionality is to be deployed by Whatsapp and Messenger by 6 March this year. Any core platform messenger service providers that are designated after this date and allow their users to send end-to end text messaging, images, voice messages and videos between users will be required to deploy this functionality on designation. 

    • Interoperable group chat sharing functionality to be deployed by 6 March 2026 – core platform messenger service users who can send end-to-end text messages, images, voice messages and videos can do so in a group which includes users of other messenger services.

    This functionality is to be deployed by Whatsapp and Messenger by 6 March 2026. Any core platform messenger service providers that are designated after this date and allow their users to send end-to end text messaging, images, voice messages and videos in a group will be required to deploy this functionality within two years of designation.

    • Interoperable voice and video calls to be deployed by 6 March 2028 – core platform messenger service users who can make end-to end voice and video calls can do so to individual users of other messenger services and to a group chat which includes users of other messenger services. 

    This functionality is to be deployed by Whatsapp and Messenger by 6 March 2028. Any core platform messenger service providers that are designated after this date and allow their users to send end-to end text messaging, images, voice messages and videos in a group will be required to deploy this functionality within four years of designation.

    • Security – they provide the same level of security, including end-to-end encryption, across the interoperable services as they provide for their own services. 

    3.  Interoperability of operating system and virtual assistance hardware and software

    Gatekeepers who provide core platform operating systems (currently Google Android, iOS and Windows PC OS) or core platform virtual assistance (of which there are none currently designated) are required to provide third party service and hardware providers with free of charge access to the hardware and software features that those operating / virtual assistance platforms access or control. 

    4.  Business users' data

    Subject to certain narrow exemptions, unless a specific choice is given and the end user has provided consent that complies with the GDPR, a gatekeeper may not:

    • Advertise – use business user personal data obtained by business users on gatekeepers' core service for advertising services.
    • Combine / cross use – use personal data the gatekeeper has collected on one platform with personal data the gatekeeper has obtained from another of its platforms or with third party business provider data.
    • Multiple-sign ins – sign end users of one of the gatekeeper's services automatically into any of its other services with the intention of collecting personal data.
    • Use business users' non-public data – not compete with business users by using any non-public data of its business users (including its business users' customer data) that is generated on the gatekeeper's core platform or other gatekeeper products or services provided the gatekeeper together with, or in support of the gatekeeper's core platform.

    5.  Business users' freedom to do business 

    A gatekeeper shall:

    • Business users' ability to promote competing offers / conclude contracts off platform -  allow business users free of charge to (a) communicate and promote offers which are subject to better or alternative conditions (including price) than the gatekeeper offers itself to end users; and (b) conclude contracts with end users outside of the gatekeeper's platform;
    • Business users' ability to offer services under better terms off platform - not restrict business users from selling products or services through their own direct sales channels or on other platforms under better or alternative conditions than those business users sell on the gatekeeper's platform;
    • Business users' ability to freely select its supply chain - not require business users to use the gatekeeper's ID, web browser, or payment services on account of the business user offering services on the gatekeeper's platform; 
    • Access to data – allow business users at no cost to access and use continuous and real time data generated by the business users on the core platform or on services provided by the gatekeeper with, or in support of the core platform; 
    • Fair terms of use / ADR – ensure that their terms of service for access by business users of core platforms are fair, reasonable and non-discriminatory (including appropriate alternative dispute resolution mechanism).

    6.  End users' freedom to choose services

    A gatekeeper shall:

    • Access and use of third party content, subscriptions or features – allow end users to access and use content, subscriptions, features or other items through use of software applications of a business user, including where those end users acquired such content, subscriptions, features or other items from the relevant business user without using the core platform of the gatekeeper.
    • Ability to uninstall/ unsubscribe - allow end users to easily uninstall pre-installed apps or change default settings that steer them to products and services of gatekeepers and to unsubscribe from core platform services as easily as they subscribe to them.
    • Ability to switch– not restrict end users from switching between software applications and services accessed through the gatekeeper's core platform.
    • Portability of data – provide end users with access to their data (including in real time) free of charge.

    7.  No mandatory use of core platform services

    A gatekeeper must not require business users or end users to use any of their services on account of such users using another of the gatekeeper's platforms. 

    8.  Termination of core platform services 

    A gatekeeper must ensure that the terms of service for terminating core platform services are proportionate and that those services can be terminated without undue difficulty.

    9.  Freedom to make complaints

    Gatekeepers must not prevent or restrict business or end users from making complaints about their non-compliance with applicable laws. 

    10.  Online search engine data 

    Where a third party online search engine operator makes a request, a gatekeeper must provide data relating to rankings, clicks and views of free and paid for search generated by end users on the gatekeepers online search engine – such information is required to be provided on fair terms. 

    11.  Advertising metrics and review tools

    A gatekeeper shall provide advertisers and publishers with access information about the online advertising services that the gatekeeper provides, including:

    • the amount paid by the advertiser for the advert and the metrics on which such price was calculated (the publisher can only receive this information where advertiser provides consent); 
    • the remuneration paid to the publisher and the metrics on which that remuneration was calculated (the advertiser can only receive this information where the publisher provides consent); 
    • performance measuring tools and data to allow for verification of the adverts aggregated and non-aggregated data.

    Important dates for gatekeepers

    Important dates for gatekeepers chart
     

    Gatekeepers: non-compliance

    0102 03
     FinesPeriodic Penalty Payments Other Remedies
    The EU Commission can issue fines to gatekeepers of up to 10% of the company's total worldwide annual turnover – or up to 20% in the event of repeated infringements of the DMA.The EU Commission can issue periodic fines to gatekeepers of up to 5% of their average daily turnover.In cases of systematic infringement (i.e. at least three violations in eight  years), additional remedies may be enforced by the EU Commission after a market investigation. 
    Such remedies need to be proportionate to the offence committed. If necessary and as a last resort option, non-financial remedies can be imposed. These can include behavioural and structural remedies, e.g. the divestiture of (parts of) a business.

    Considerations and consequences

    Companies which have been designated as gatekeepers must ensure their platform services become compliant with the DMA by 6 March this year. Other companies which have the potential to be designated as gatekeepers should continue to monitor developments of the DMA - specifically, how current gatekeepers are approaching compliance and the outcomes of submissions by gatekeepers who challenge their designation as such under the DMA. 

    Gatekeepers may also be subject to the competition rules which are incoming in the UK under the Digital Markets, Competition and Consumers Bill (DMCC) if they provide relevant digital services and undertake business in the UK. The DMCC proposes to confer 'Strategic Market Status' on certain digital services providers if they meet certain revenue and active user thresholds. The DMCC was confirmed in the King's speech on 7 November 2023 as being a key agenda item for the new Parliamentary session.

    A number of gatekeepers are also likely to be considered very large online platforms (VLOPs) or very large online search engines (VLOSEs) under the DSA and may therefore be subject to the various obligations applicable to providers of intermediary services (as defined in the DSA).

    Authors: Rafael Baena, Partner; Aimi Gold, Senior Associate; Siân Deighan, Associate; Hana Byrne, Trainee Solicitor

    image

    Stay ahead with our business insights, updates and podcasts

    Sign-up to select your areas of interest

    Sign-up