EU Regulators Are Gearing Up for Digital Markets Act Enforcement

While the DMA has already been incorporated into EU law, the prescriptive behavioral obligations it imposes gradually unfurl throughout 2023 and into 2024. 2023 will see the European Commission identify in-scope companies, finalizing an Implementing Regulation, and organizing its internal structures to prepare to enforce the substantive rules. This enforcement will begin in early 2024 when Articles 5 and 6 of the DMA – which set out most of the law’s behavioral requirements – come into force.

The key development to watch for in 2023 will come about in early September. This is when the Commission will likely publicly designate certain large technology companies as “gatekeepers” under the DMA. The Commission will also identify these companies’ Core Platform Services (CPSs), which are the services operated by a gatekeeper that (i) operate in one of the CPS categories listed in the DMA, which include services such as general search engines, social networks, operating systems, online intermediation services such as marketplaces, web browsers, and virtual assistants; (ii) provide their services in Europe to more than 45 million monthly active end users and more than 10,000 business users. The designation of gatekeepers and their in-scope CPSs will mark the culmination of the DMA’s notification requirements, which obligate companies that meet certain criteria set out in the text of the law to make a “notification” to the Commission by early July.

In order to be designated as 'gatekeepers', companies must also provide certain services including browsers or social media, which have  at least 45 million monthly end users in the EU and 10,000 annual business users

This notification will need to be made on a “Form GD”. Over the holiday break, the Commission launched a consultation inviting feedback on a draft Implementing Regulation, which included the requirements of this Form. The draft Implementing Regulation also sets out new proposed rules that would govern procedural aspects of how the proceedings under the DMA will be conducted. In more detail: 

  • The Form GD – which borrows its structure from the Forms used in merger notifications – requires potential gatekeepers to provide qualitative and quantitative information about their businesses. The information required is not surprising, since it reflects the relevant criteria set out in the DMA itself. The Form merely structures how this information will be provided and provides further clarity on the degree of detail that will be required.    
  • The proposals for the procedural rules that would govern DMA proceedings envision limiting gatekeepers’ procedural rights to access evidence and respond to charges made against them compared to the rights available in antitrust proceedings. This illustrates the Commission’s focus on ensuring that the DMA delivers results more promptly than existing antitrust rules. But market feedback suggested the draft may go too far in this respect. 

The Commission is currently considering the feedback on the draft and is likely to adopt a final version of the regulation in March or April.

December 15, 2022 Commission proposal, March 25, 2023 Political agreement on the DMA,November 01, 2022 DMA rules enter into force, May 02, 2023 DMA rules start to apply, July 03, 2023 Data notification for thresholds check, September 06, 2023 Designation of gatekeepers, March 2024 Application of the obligations
December 15, 2022 Commission proposal, March 25, 2023 Political agreement on the DMA,November 01, 2022 DMA rules enter into force, May 02, 2023 DMA rules start to apply, July 03, 2023 Data notification for thresholds check, September 06, 2023 Designation of gatekeepers, March 2024 Application of the obligations

While the DMA has already been incorporated into EU law, the prescriptive behavioral obligations it imposes gradually unfurl throughout 2023 and into 2024. 2023 will see the European Commission identify in-scope companies, finalizing an Implementing Regulation, and organizing its internal structures to prepare to enforce the substantive rules. This enforcement will begin in early 2024 when Articles 5 and 6 of the DMA – which set out most of the law’s behavioral requirements – come into force.

The key development to watch for in 2023 will come about in early September. This is when the Commission will likely publicly designate certain large technology companies as “gatekeepers” under the DMA. The Commission will also identify these companies’ Core Platform Services (CPSs), which are the services operated by a gatekeeper that (i) operate in one of the CPS categories listed in the DMA, which include services such as general search engines, social networks, operating systems, online intermediation services such as marketplaces, web browsers, and virtual assistants; (ii) provide their services in Europe to more than 45 million monthly active end users and more than 10,000 business users. The designation of gatekeepers and their in-scope CPSs will mark the culmination of the DMA’s notification requirements, which obligate companies that meet certain criteria set out in the text of the law to make a “notification” to the Commission by early July.

This notification will need to be made on a “Form GD”. Over the holiday break, the Commission launched a consultation inviting feedback on a draft Implementing Regulation, which included the requirements of this Form. The draft Implementing Regulation also sets out new proposed rules that would govern procedural aspects of how the proceedings under the DMA will be conducted. In more detail: 

  • The Form GD – which borrows its structure from the Forms used in merger notifications – requires potential gatekeepers to provide qualitative and quantitative information about their businesses. The information required is not surprising, since it reflects the relevant criteria set out in the DMA itself. The Form merely structures how this information will be provided and provides further clarity on the degree of detail that will be required.
  • The proposals for the procedural rules that would govern DMA proceedings envision limiting gatekeepers’ procedural rights to access evidence and respond to charges made against them compared to the rights available in antitrust proceedings. This illustrates the Commission’s focus on ensuring that the DMA delivers results more promptly than existing antitrust rules. But market feedback suggested the draft may go too far in this respect. 

The Commission is currently considering the feedback on the draft and is likely to adopt a final version of the regulation in March or April.

“With a range of open cases with regulators in member states including Germany, France and Italy, there is a worry that leaving digital regulation to piecemeal enforcement could result in fragmentation. The DMA is a recognition of this fact, and its second objective is to try and achieve harmonization within the internal market. Whether it achieves that objective will be an important metric for its success.” Henry Mostyn, Partner

The holiday break also provided new insight into how the Commission is organizing itself for enforcement. DG Competition has re-shuffled its internal structure to create a new Directorate – Directorate J – that will have responsibility for DMA enforcement as well as for existing antitrust enforcement relating to digital platforms (another nod to the close relationship between the DMA and existing antitrust cases). This Directorate will include three new working units responsible for enforcing the DMA. It is not yet clear precisely how work will be distributed across these units, but it is likely to be by “CPS category” with each unit having responsibility for applying the rules to one or more categories of services (e.g., web browsers and operating systems). This “product-centric” approach will enable the units to develop technical expertise relevant to that CPS category and should foster a coherent approach to the enforcement of each rule to a given type of service. Some unanswered questions remain, however, including how the Commission will address the rules that apply across a gatekeepers’ services – such as Article 5(2)’s requirements around the cross-service processing of personal data. We expect that more detail on DG Competition’s organizational model will become available throughout the month of March.

DG Connect – which shares the DMA enforcement mandate with DG Competition and is the sole holder of the DSA enforcement mandate – has not yet announced organizational changes to reflect the new mandates. However internally organized, our expectation is that DG Connect will continue to work closely with DG Competition, although the precise allocation of responsibility remains unclear.   

One development that we will not see in 2023 is the enforcement of the law’s behavioral requirements (although gatekeepers will need to begin reporting their M&A transactions to the Commission from September under Article 14). The behavioral requirements will instead kick-in in Q1, 2024, likely in March.   

2023 should still yield insight into what the behavioral requirements will require in practice once they become applicable, including through:   

Technical Workshop The Commission held the first technical workshop last December where several panels featuring representatives from the Commission, likely gatekeepers, and potential complainants discussed the possible implications of Art. 6(5), which bans certain forms of self-preferencing in ranking. More workshops are planned, including one later this month on Art.7’s requirement to provide interoperability between designated messaging services and one in March on the various rules concerning app stores. Resolution of ongoing cases As we have previously explained1, the DMA’s rules reflect the outcomes of existing antitrust cases. The resolutions in some previous cases already therefore provide insight into what will be required under the DMA. There are also several open cases that cover similar ground to the DMA. Should these be resolved this year, these decisions will provide more clarity into what will be required by the law.

2023 is therefore a year of final preparations for the DMA ahead of the regulation taking full effect in early 2024. 

“If there are different ways to comply or meet the objectives of the DMA, proportionality will need to come in. If there is a particular way to comply which is more beneficial or is less harmful to quality or security, then that should prevail over alternative options.” Thomas Graf, Partner, Cleary Gottlieb