GAFAM giants will have marked their calendars today as the Digital Markets Act (DMA), the European Union's plan to curb the market power of Big Tech, now technically applies, after entering into force last November.
The next major milestone is a few months out, in early fall, when the Commission will confirm which of the usual suspect tech giants will be subject to the bloc's shiny new ex ante competition regulation regime. But tech giants are facing a busy summer to prepare their regional compliance strategies.
Quick recap: The DMA applies a fixed set of obligations to so-called Internet "gatekeepers" who meet specific, cumulative criteria: Firstly they must operate at least one "core platform service" (these include online search engines, social networking services, app stores, certain messaging services, virtual assistants, web browsers, operating systems and online intermediation services).
Secondly they must be of a large enough size and entrenched market position to fall under the regime. This means reporting annual revenue in the European Economic Area that hit or exceeded €7.5 billion in each of the last three financial years; or else having an average market capitalisation "or equivalent fair market value" that amounted to at least €75 billion in the last financial year, as well as providing a core platform service in at least three EU Member States.
Gatekeepers must also be an "important gateway for business users towards final consumers", as the Commission puts it -- which the DMA considers to be the case if the company in question operates a core platform service with 45M+ monthly active end users in the EU and more than 10,000 yearly active EU business users in the last financial year.
Lastly, an entrenched and durable position is presumed if the company met the other criteria in each of the last three financial years. Although the Commission may also apply a subset of DMA rules to companies it suspects will soon become gatekeepers.
Certain big names will very obviously hit the DMA threshold (Apple, Amazon, Google, Meta and Microsoft seem entirely safe bets for being deemed gatekeepers). But we'll have to wait a few months to see if the full list contains any surprises.
And on that front, European music streaming giant Spotify clearly isn't expecting to be one of them... but, er, let's see!
This is big. Totally agree with @vestager that the internet was never built to be controlled by a small number of dominant players. Effective enforcement is critical because we've watched Apple try to skirt the rules around the world. Here's our take - https://t.co/PnzglOaafZ. https://t.co/QL61DIonn7
— Daniel Ek (@eldsjal) May 2, 2023
"Now that the DMA applies, potential gatekeepers that meet the quantitative thresholds established have until July 3 to notify their core platform services to the Commission. The Commission will then have 45 working days (until September 6, 2023) to decide whether the company meets the thresholds and to designate gatekeepers. Following their designation, gatekeepers will have six months (i.e. until March 6, 2024) to comply with the requirements in the DMA," the Commission writes in a press release.
If you're feeling a sense of déjà vu, that's probably because EU lawmakers recently designated 19 very large online platforms (VLOPs) that are subject to the DMA's sister regulation, the Digital Services Act (DSA), which reboots the bloc's ecommerce governance regime.
It's likely some of the same companies which have already been named VLOPs under the DSA will also be designated gatekeepers under the DMA -- meaning they will accrue additional "specific obligations", on top of the algorithmic transparency requirements demanded by the DSA.
The DMA's operational "dos and don'ts" are distinctly targeted at ensuring digital markets stay "open and contestable" by enforcing a fixed set of behavioral conditions on gatekeepers that are intended to curb familiar anti-competitive actions.
Examples of DMA obligations include limits on how gatekeeping platforms can use third party data along with requirements they provide third parties with data on usage their apps generate; bans on self-preferencing and on indelible default apps or settings being forced on consumers; interoperability requirements, including for gatekeeping messenger services; requirements that app stores do not block sideloading nor require developers to use their own services (e.g. payment systems); and a ban on tracking users for targeted ads without consent, among other conditions.
The bulk of the list speaks to the Commission's experience in past Big Tech antitrust cases, such as several EU enforcements against Google. However there were some later additions, by co-legislators in the Parliament and Council, such as messaging interoperability (which caught many by surprise), as well as limits on tracking ads.
Some similar types of conditions have already been enforced on some tech giants in certain EU markets, using existing competition powers. Such as the Netherlands -- which last year forced Apple to allow developers of dating apps to choose to use alternative payment systems.
While Germany has been ahead of the ex ante curve domestically, after it updated its own competition regime back at the start of 2021 -- and already has some enforcements on a number of tech giants it has designated as having "paramount significance" for competition locally (such as Google).
Enforcement of EU data protection law is also finally cutting into Meta's ability to force behavioral ads on users. So we've had a taster of bigger things to come when the DMA is firing on all cylinders.
The big change here is that the conditions apply up-front -- so the idea is to proactively regulate digital giants that have the power to set rules on others that need to access their core platform services and force them to be supportive of competition and sensitive to consumer needs (rather than just favoring themselves); instead of antitrust regulators having to spend years investigating and amassing evidence of abuses to make cases against bad behavior before it can be stopped, typically long after the harm has been entrenched, as has been the case in most of Europe under classical (ex post) competition rules.
That said, the pan-EU regulation will take some time to spin up. And there are continuing concerns about resourcing and how prepared the Commission is to screw its courage to the sticking place and take on such a hefty oversight role leaning on some of the most powerful platforms in the world.
Time will tell how much pushback the DMA gets from tech giants accustomed to (mostly) operating how they like and/or lobbying like the damned when lawmakers suggest making changes that might get in the way of their money-minting machines. It also remains to be seen how willing the Commission is to stick to its guns and robustly enforce a new digital world order (especially as looming EU elections will reconfigure the bloc's political power structures next year, including by bringing in new leaders who may not be as committed to the approach as those that drafted the DMA).
We for sure won't seen any enforcements on gatekeepers until next Spring -- since those designated in September will have six months to get their house in order. But we may see some operational changes in preparation for the new rules. And possibly whole new business models emerging down the line as, for example, consentless ad tracking becomes less and less viable for major social media giants. Lots of legal action to test the boundaries and mettle of the DMA also looks inevitable. So the next few years in Europe are set to be filled with interesting new power struggles.
Over in the U.K., which left the bloc following the Brexit referendum vote, the government also recently signalled it will move forward with an ex ante reboot of its own to tackle anti-competitive tech giants. The approach being suggested there is for bespoke (tailored) conditions, per platform, on those with "strategic market significance", rather than fixed obligations for all in-scope giants.