As the landmark Digital Markets Act (DMA) comes gradually into force over the next 18 months, the European Commission will gain unprecedented powers over the world’s biggest online platforms. How it deploys these tools will shape the digital space in Europe. And since the law is viewed as a blueprint for regulation elsewhere, the Commission’s approach is likely to impact enforcement beyond the block’s borders.   

What is the DMA?

The legislation is a specific set of demanding do’s and don’ts addressed to only the very largest digital platforms. The law only creates obligations on firms that operate a “core platform service” and wield significant economic influence:

  • Core platform services are types of online services that act as a gateway between a large number of users and businesses. The DMA contains a list of such services, which includes search engines, social networks, operating systems, web browsers, online advertising services, and cloud computing services.  
  • Significant economic influence is assessed based on a set of cumulative criteria, with a focus on the company’s size and the number of end and business users the company’s core platform services each have in the EU.

The Commission will designate in-scope companies as “gatekeepers.” It has long been clear that Alphabet, Amazon, Apple, Meta, and Microsoft will be designated as gatekeepers, each operating several core platform services. The law is more-or-less openly designed to apply to them. Others may join them, either right away or following future growth. One challenge in determining if a company is likely to be designated as a gatekeeper is a lack of reliable public data relevant to the end- and business- user thresholds. And even when data is available, it requires careful analysis to match the relevant data points with the detailed definitions of services and users that are specified in the DMA.

What is the DMA?

The legislation is a specific set of demanding do’s and don’ts addressed to only the very largest digital platforms. The law only creates obligations on firms that operate a “core platform service” and wield significant economic influence:

  • Core platform services are types of online services that act as a gateway between a large number of users and businesses. The DMA contains a list of such services, which includes search engines, social networks, operating systems, web browsers, online advertising services, and cloud computing services.  
  • Significant economic influence is assessed based on a set of cumulative criteria, with a focus on the company’s size and the number of end and business users the company’s core platform services each have in the EU.

The Commission will designate in-scope companies as “gatekeepers.” It has long been clear that Alphabet, Amazon, Apple, Meta, and Microsoft will be designated as gatekeepers, each operating several core platform services. The law is more-or-less openly designed to apply to them. Others may join them, either right away or following future growth. One challenge in determining if a company is likely to be designated as a gatekeeper is a lack of reliable public data relevant to the end- and business- user thresholds. And even when data is available, it requires careful analysis to match the relevant data points with the detailed definitions of services and users that are specified in the DMA.

Once a firm is designated as a gatekeeper, it must comply with the behavioral rules in Articles 5 and 6 for each of its core platform services that satisfy the user thresholds: the rules by-in-large apply to a specific service, not the company as a whole. When the rules do apply, however, they are strict and the penalties for breaching them are severe.  Many of these rules are inspired by recent antitrust cases. For example:

The main difference with existing antitrust enforcement is therefore not so much on the substance of the rules but rather on the form of their enforcement. The regulation outright bans several types of conduct. This is a significant departure from the Commission’s previous obligation to prove that the specific conduct it sought to forbid was capable of causing anti-competitive effects. The idea is that this change in form will speed up intervention, but this may come with the risk of smothering pro-competitive innovation.         

Recent Developments and Current Status

The DMA is set to come into force imminently. On July 5, the European Parliament approved the text by 588 votes to 11. Member state ministers on the Council approved the DMA on July 18, the final major legislative step. The regulation is now being finalized ahead of publication in the Official Journal. It will formally become law shortly thereafter.

In the meantime, the Commission has been gearing up for day-to-day enforcement. The responsibility to apply the law will span both the Commission’s Competition and Connect departments. Each department – technically called a Directorate-General or (DG) – will bring distinct skillsets and approaches.

  • DG Competition’s approach will reflect over a decade of competition enforcement in digital markets, often involving gatekeeper companies. While the DMA is prescriptive compared to the more open-textured legal principles enforced so far, the behaviors it singles out have been considered and litigated by DG Competition’s officials for many years. This experience has notably been garnered while the DG has been under the direction of Executive Vice-President Margrethe Vestager, who has earned a reputation as a strict and dynamic enforcer of antitrust rules in technology markets.     
  • DG Connect is charged with all things digital and led by Commissioner Thierry Breton, a former tech executive and French government minister with a mandate that included technology issues. DG Connect brings to the table sectoral expertise and officials well-versed in regulation. It has a reputation for the quality of its policy and technical work. It will also enforce the Digital Services Act, reducing the risk that companies subject to both laws will experience inconsistent oversight.

In view of these different backgrounds, the scope of each DG’s specific enforcement mandate will be important. As things stand, Mr. Breton has set high expectations for his DG’s role. He wants DG Connect to become “a powerful new digital regulator.” DG Competition has been more muted publicly but is clearly also taking its role as an enforcer seriously, including by staffing a new unit that will focus on the DMA. Our initial interactions with the Commission around this law indicates that both DGs have roles to play and that their teams are working closely and coherently together so far.

What to Look Out for Next

We expect the law to be published in the Official Journal in the fall, likely in October, coming into force 20 days later. This will start the clock running on a cascading series of deadlines:

  • A company that meets the economic size and user thresholds will have until around June 2023 to notify the Commission about its core platform services.
  • The Commission then has 45 working days to issue a decision designating that company as a gatekeeper.
  • The core behavioral rules then bite on gatekeepers six months after designation – taking us to Q1 2024 for full implementation.

One thing to watch out for in the coming months is further detail from the Commission on the day-to-day practicalities of enforcement. The Commission typically clarifies legal requirements by publishing more-or-less formal guidance. Here, we understand that the Commission will issue such guidance shortly, including by publishing a specific form for notifying Core Platform Services. It is likely to bear some resemblance to the forms used in merger notifications but should be considerably shorter and more focused on gathering numbers, rather than narratives. This publication may also begin to answer the key open question facing gatekeepers: what specific measures will achieve compliance with the requirements set out in Article 5 and 6. We will report on developments and insights in this space as they become available.  

What to Look Out for Next

We expect the law to be published in the Official Journal in the fall, likely in October, coming into force 20 days later. This will start the clock running on a cascading series of deadlines:

  • A company that meets the economic size and user thresholds will have until around June 2023 to notify the Commission about its core platform services.
  • The Commission then has 45 working days to issue a decision designating that company as a gatekeeper.
  • The core behavioral rules then bite on gatekeepers six months after designation – taking us to Q1 2024 for full implementation.

One thing to watch out for in the coming months is further detail from the Commission on the day-to-day practicalities of enforcement. The Commission typically clarifies legal requirements by publishing more-or-less formal guidance. Here, we understand that the Commission will issue such shortly next year, including by publishing a specific form for notifying Core Platform Services. It is likely to bear some resemblance to the forms used in merger notifications but should be considerably shorter and more focused on gathering numbers, rather than narratives. This publication may also begin to answer the key open question facing gatekeepers: what specific measures will achieve compliance with the requirements set out in Article 5 and 6. We will report on developments and insights in this space as they become available.