On November 1, the EU Digital Markets Act comes into force, targeting large technology platforms such as search engines, social networks and app stores. Fines can reach 20% of global turnover for those who frequently violate the rules, such as favoring their own services, unfair access conditions or preventing the installation of programs from other sources. The provision is supposed to be a revolution, but it remains to be seen how it will be implemented. The first fines will be announced no earlier than 2024.

The new DMA rule aims to put an end to unfair practices by companies that act as gatekeepers to the online platform economy. It was proposed by the Commission in December 2020 and approved by the European Parliament and the Council in record time in March 2022.

The Digital Markets Regulation defines the situations in which a large online platform can be considered a gatekeeper. Digital platforms are targeted, which represent an important meeting place between commercial users and consumers and which, based on the position from which they benefit, can act as a private regulatory body, thus creating a blockage in the digital economy, the representatives of the European Commission explain. In 2023, the companies that fall under the “gatekeeper” chapter will be determined.

The Digital Markets Regulation will set out a number of obligations that these access controllers will have to comply with, including prohibiting certain conduct on their part.

What is a goalkeeper?

Companies that operate one or more of the so-called “core platform services” listed in the DMA are considered access controllers if they meet the requirements described below. Targeted: online intermediary services such as application stores, online search engines, social networking services, certain messaging services, video sharing platform services, virtual assistants, web browsers, cloud computing services, operating systems, online marketplaces and advertising services

There are three main criteria by which a company is subject to the DMA:

• be large enough to have an impact on the domestic market – when the company reaches a certain annual turnover in the European Economic Area (EEA) and provides a substantial platform service in at least three EU member states;

• control the important channel through which business users connect with end consumers, where the company provides an important platform service to over 45 million active end users based or located in the EU every month and over 10,000 active business users based in the EU every year;

• take a strong and stable position – if the company has fulfilled the second criterion during the last three years.

The commission will be able to impose sanctions and fines of up to 10% of the company’s global turnover and up to 20% for repeated violations. In case of systematic violations, the Commission will also be able to introduce the necessary behavioral or structural corrective measures to ensure the effectiveness of the obligations, including a ban on additional purchases.

What is possible and what is not possible

The DMA sets out a list of dos and don’ts that access controllers will have to follow in their day-to-day operations to ensure “fair and open digital markets”.

When an access controller engages in practices such as favoring its own services or preventing commercial users of its services from reaching consumers, it may hinder competition, leading to lower quality of products or services and higher prices.

When an access controller engages in unfair practices, such as imposing unfair conditions on access to its app store or preventing the installation of apps from other sources, it may result in higher prices for consumers or deprive them of benefits they could otherwise receive . would have if they had access to alternative services.

What’s next

With its entry into force, the DMA will enter a crucial phase of implementation: it will begin to apply within six months, i.e. from 2 May 2023. Within two months from that date, i.e. no later than 3 July 2023, if they meet the thresholds set out in the DMA, potential access controllers will have to notify the Commission of their core platform services.

Once the Commission receives a complete notification, it will have 45 working days to assess whether the undertaking concerned meets the thresholds and designate it as an access controller (the deadline for the last possible notifications is 6 September 2023).

Once appointed, access controllers will have six months, ie until 6 March 2024, to comply with the requirements set out in the DMA.

To prepare for the implementation of the DMA, the Commission is working with stakeholders in the sector to ensure effective enforcement of the new rules. In addition, the Commission will hold a series of technical workshops with stakeholders in the coming months to assess the views of third parties on compliance with the obligations of access controllers under the DMA.

The commission is also working on an implementing regulation that will contain provisions on the procedural aspects of the notification.

Along with the Digital Services Act (DSA) proposal, in December 2020 the Commission proposed a DMA to address negative consequences related to certain behaviors of online platforms acting as access controllers in the EU single market.

The Commission says the DMA “will be implemented through a robust supervisory architecture”, where the Commission will be the sole enforcement body in close cooperation with EU Member State authorities.

The DMA empowers the Commission to carry out market studies that will ensure that the obligations set out in the regulation are updated in the context of the ever-changing reality of digital markets.