Digital Decade: Digital Markets Act and Digital Markets, Competition and Consumer Bill
Bolstering competition in digital markets – the EU and UK introduce sweeping reforms
Introduction
Regulators have grown increasingly hostile to the market dominance displayed by the largest digital platforms, believing this state of affairs to be at risk of (if not already) fostering endemic market failures that need to be addressed. Generally, regulators have identified a number of problematic aspects in digital markets, including network effects and economies of scale, unequal access to data, a distinct lack of transparency and restrictions on the exercise of consumer choices.
Part of the problem lies in the nature of digital markets – because they are dynamic, fast evolving, and often esoteric, regulators have been "behind the curve" both in understanding the nuances as to how they function and, in turn, appreciating the potential theories of harm that may arise within them. Some stakeholders argue that this factor has resulted in authorities like the European Commission ("Commission") and the Competition & Markets Authority ("CMA") adopting erroneous merger control clearance decisions like Google / Doubleclick and Facebook (Meta) / WhatsApp and otherwise failing to take any other sufficient enforcement actions to curb the power of the largest digital firms.
The EU's solution is the Digital Markets Act ("DMA"), first proposed on 15 December 2020 as part of sweeping legislative reforms to bolster regulatory scrutiny and obligations owed by certain digital firms. The DMA came into force on 1 November 2022, though its substantive elements will not begin to take effect until 2 May 2023. The intention behind the DMA is to classify large online platforms as "Gatekeepers" and, in doing so, introduce (inter alia) behavioural obligations on these firms to better monitor and regulate their activities in their relevant digital markets.
In the UK, the Digital Markets, Competition and Consumer Bill ("DMCCB") was finally brought before Parliament on 25 April 2023. Among a raft of new proposals spanning the whole spectrum of competition and consumer rights laws, the DMCCB also looks to emulate the DMA by introducing a bespoke regulatory regime for digital firms operating in the UK (or whose activities affect the UK). This has been a long time coming – indeed, proposals for a standalone regulatory regime for digital markets date back to the 'Furman Review', which was published in March 2019. Simply put, this new digital markets regime will introduce behavioural and other regulatory obligations on firms which are deemed to have Strategic Market Status ("SMS"). The new regime will be overseen by a new unit within the Competition & Markets Authority ("CMA"), called the Digital Markets Unit ("DMU").
What obligations do the DMA and DMCCB create, who do these apply to and what could happen if you don’t comply?
Topic | EU (DMA) | UK (DMCCB) |
Who do the obligations apply to? | The DMA will apply to companies designated as Gatekeepers by the Commission. Gatekeepers are defined as providers of Core Platform Services ("CPSs") which meet both quantitative and qualitative criteria (see below). CPSs range from online search engines and social networking services to video-sharing platforms and cloud-computing services. Firms/entities which could be classified as Gatekeepers must carry out a self-assessment in the first instance to determine if they meet the applicable criteria. From 2 May 2023, any potential Gatekeepers will have until 2 July 2023 to submit a written application if they consider themselves to be a Gatekeeper. Within 45 working days following the receipt of a written notification, the Commission will decide whether to designate the CPS provider as a Gatekeeper. Gatekeeper criteria: 1. Quantitative criteria To meet the thresholds, the Gatekeeper does not need to be established (or resident) within the EU. As such, the DMA is capable of having a wide extra-territorial scope. The quantitative criteria (which apply cumulatively) are as follows:
2. Qualitative criteria If a CPS provider meets the quantitative criteria, it will be presumed that the following qualitative criteria apply:
If an undertaking that meets the quantitative criteria wishes to rebut this presumption, it will need to submit a written notification to the Commission before 2 July 2023 explaining why the qualitative criteria do not apply. The Commission may conduct a market investigation (see below) to determine whether or not it should issue a Gatekeeper designation in such instances (i.e., it will confirm whether the undertaking's submissions as to why the qualitative criteria do not apply can be substantiated). Otherwise, the Commission will issue a Gatekeeper designation within the 45 working day period. Finally, the Commission will not need to define any particular market in which a Gatekeeper is deemed to meet the qualitative criteria, thereby giving significant flexibility to the Commission to ensure CPS providers receive a Gatekeeper designation. The Commission will review whether a Gatekeeper continues to satisfy the quantitative thresholds every three years. | The DMCCB will apply to any undertaking (involved in digital activities) operating in the UK which is deemed to have SMS. Unlike the DMA (which requires potential Gatekeepers to self-notify), the DMU will, under the DMCCB, be solely responsible for assessing if a firm meets the SMS criteria and issuing SMS designations. There is no need for (potential) SMS firms to self-assess. The DMCCB will apply extra-territorially to undertakings if they have the requisite market presence in the UK. In order for a firm to be eligible for SMS, it must meet the following cumulative criteria:
Saliently, the turnover threshold was not included within any of the proposals which preceded (and led up to) the DMCCB. It is likely that its inclusion has been made in response to criticisms that the SMS criteria were otherwise too broad and lacked certainty as to the firms that could be issued with an SMS designation. The turnover threshold also brings the SMS criteria into more alignment with the scope of the EU's DMA, which has applicable quantitative thresholds which must be met for a firm to be eligible for the so-called Gatekeeper status. Like the Commission, the DMU will not be required to identify formal market definitions when issuing SMS designations or in any other aspect of its enforcement role under the new digital regime. |
What are the obligations? | 1. Behavioural obligations Articles 5, 6 and 7 of the DMA require Gatekeepers to abide by obligations and restrictions in their conduct vis-à-vis any CPS they operate. These obligations are numerous, broad, stringent and in some cases relatively complex. Helpfully, the Commission has provided a summary of overriding "do's" and "don’ts" that will apply to Gatekeepers. Examples of do's include
Examples of don't include
Once a Gatekeeper is designated as such by the Commission, it will have six months to comply with the behavioural obligations. By current timelines the earliest time that a Gatekeeper will be obliged to comply will behavioural obligations is 1 March 2024. Gatekeepers will be obliged to appoint an internal compliance officer who must submit an annual compliance report to the Commission. 2. Merger control Article 14 of the DMA will require Gatekeepers to inform the Commission of any contemplated M&A which do not meet the mandatory notification thresholds under the EC Merger Regulation No 139/2004. and which involve a target which either provides a CPS or, alternatively, provides any other services in the digital sector or enables the collection of data. The information required is quite detailed. | SMS firms will be subject to the following obligations:
In terms of the applicable thresholds, SMS firms will be required to notify mergers which involve:
|
Market investigations | Under the DMA, the Commission will be able to conduct market investigations in several circumstances, including: 1. Unilateral investigations into suspected Gatekeepers The Commission may conduct a market investigation on its own initiative into an undertaking it suspects should be designated as a Gatekeeper. These investigations will last a maximum of 12 months. This is even if an undertaking does not meet the quantitative criteria. 2. Challenges to Gatekeeper designation As mentioned, undertakings that meet the quantitative thresholds may make a submission to the Commission as to why the qualitative thresholds do not apply. The Commission may decide to conduct a market investigation to finally determine this. These market investigations are intended to last no longer than five months. 3. Systematic non-compliance The Commission may conduct a market investigation if it suspects a Gatekeeper has engaged in "systematic non-compliance" with its obligations under Articles 5, 6 and 7 of the DMA. A Gatekeeper will be deemed to engage in systematic non-compliance where it has received at least three non-compliance decisions from the Commission within an 8-year period. Such a market investigation will be concluded within 12 months. 4. Requests by Member States The Commission may open a market investigation at the request of three or more Member States which believe (e.g.,) that a particular firm/entity should be classified as a Gatekeeper or that a Gatekeeper has been guilty of systematic non-compliance. | Under the DMCCB, the DMU will not engage in market investigations per se. Rather, the DMU will be empowered to make pro-competitive interventions ("PCIs") which will enable it to take targeted remedial actions to specifically combat aspects of an SMS firm's market power. specifically identified market failures arising from SMS firms' conduct. PCIs will go further than the Code of Conduct, as PCIs will look to combat the root causes behind a SMS firm's substantial and entrenched market power, instead of only seeking to manage conduct. For the DMU to issue a PCI, it must be able to prove that, as a result of an SMS firm's conduct, there has arisen an adverse effect on competition in relation to a specified digital activity. As such, a PCI can only be made after the DMU has conducted a tailored investigation, akin to a traditional CMA market investigation. PCIs are intended to supplement the applicable Code of Conduct to a relevant SMS firm by enabling the DMU to tackle the root causes of a particular SMS firm's market power. A PCI may, for example, take the form of either an order imposing requirements as to how an SMS firm must conduct itself in respect of a designated activity or a recommendation as to steps to be taken by anyone exercising public functions. Further points to note:
|
Enforcement and penalties | The Commission will be able to open proceedings against a Gatekeeper it suspects of non-compliance and will be the sole enforcer of the DMA's rules, though it will cooperate with national courts and national competition authorities. Article 30 of the DMA empowers the Commission to impose fines on Gatekeepers of up to 10% of their annual worldwide turnover in cases of breaches of any behavioural obligations, interim measures, or remedies or legally binding commitments arising from a market investigation. The Commission may impose fines of 20% of a Gatekeeper's annual worldwide turnover in cases of recidivism. The Commission may impose a 1% fine of a Gatekeeper's annual worldwide turnover for non-compliance with requests for information or for providing false information. The Commission may also have recourse to other enforcement mechanisms as exists under its other antitrust powers. For instance, it will have the power to request information, documents and data, impose interim measures and impose binding commitments / remedies (structural and behavioural) following the outcome of its market investigations. | The DMU will be able to impose penalties against infringing SMS firms, including:
As with the Commission under the DMA, the DMU will be empowered with commensurate enforcement powers as afforded to the wider CMA. Noteworthy to the DMCCB, however, is the putative ability for the DMU to apply to the court for an order (e.g., specific performance) requiring SMS firms to comply with any particular aspect of the digital regime. SMS may appeal aspects of the DMU's decision-making (e.g., SMS designations, PCIs) to the Competition Appeal Tribunal ("CAT"). Such appeals will only be permitted on judicial review grounds. As such, there will be no ability to appeal a DMU decision on its particular merits, but rather only if there has been some breach of procedure, error of law or other material impropriety. |
Other regulatory developments to be aware of
The most significant additional development is the EU's Digital Services Act ("DSA") which has been developed in parallel to the DMA (together they form the EU's so-called Digital Services Package). In short, whereas the DMA is intended to address underlying market failures in the digital space, the DSA has been constructed to combat inherent failings in the nature of the digital products and services provided to EU businesses and consumers. The DSA will also be far broader in scope than the DMA. The latter will apply only to the largest, most power digital platforms, whereas the DSA will apply ubiquitously to entities providing digital products and/or services. It can, therefore, be described as a substantial "top down" reform to the nature of the EU's digital markets.
The DSA will introduce many new obligations on digital companies, including:
- requirements to counter the hosting of illegal content online (including illegal products and/or services);
- introducing effective safeguards for digital users;
- heightening the transparency measures by which online platforms must abide; and
- bans on targeted advertising on online platforms.
Conclusion: why do you need to be aware of all this?
The short answer is that you need to be aware because you could be on the receiving end of considerable penalties if you are not aware of these changes and/or if you fail to comply. The penalties range from substantial fines to director disqualification, or potentially even criminal conviction. Businesses which could be classified as a Gatekeeper under the DMA, or an SMS firm under the DMCCB, should therefore begin taking measures now to prepare for these regimes that will soon come into full effect.
In the EU, any CPS providers which meet the quantitative criteria will, after 2 May 2023, need to submit a written notification to the Commission before 2 July 2023. To that end, digital companies should be gathering all relevant information required for this written submission and, indeed, thinking now about the measures they may need to introduce to comply with the DMA's general behavioural obligations. It may also be sensible for such companies to conduct an internal audit to identify, and quantify, the risks of non-compliance in this area and identify remedial actions to introduce.
In the UK, digital platforms should continue to track the legislative developments in this area. Even though the DMCCB is a long way from receiving Royal Assent (where, with the best will in the world, this is not expected until early 2024 at the earliest), businesses and individuals would be well advised to plan ahead. Particularly, by making any necessary adjustments to their relevant business practices that might otherwise fall foul of the new rules.