The European Union’s Digital Markets Act: A Primer

The Digital Markets Act (DMA) is a forthcoming EU law concerning the regulation of online platforms. Along with its companion, the Digital Services Act (DSA), it is one of two flagship pieces of EU legislation aimed at such platforms. It is currently in the final stages of the European Union’s lawmaking procedure: the European Commission’s initial proposal came in December 2020 and, 12 months later, the European Parliament approved its version. Members of Parliament (MEPs) will now negotiate with the Council of the European Union—the institution that represents EU member states at the ministerial level—to reach a final text. The DMA is a top priority for France, which currently presides over the presidency of the council and hopes to reach an agreement before its presidential elections in April. This would be rapid for legislation of this magnitude.

This commentary seeks to explain the DMA, give insight into how it evolved through the EU legislative process, and outline some implications for competition, U.S. tech companies, European economic growth and innovation, and transatlantic relations. As the United States begins to consider its own digital regulations and antitrust initiatives, an examination of the benefits and drawbacks of the EU approach will be instructive.

Context

The European Commission’s proposal argues the DMA will address the way some tech companies have exploited their size and entrenched position to become “gatekeepers,” whose control over access to digital markets gives them undue power over other companies and consumers. A common example is self-preferencing—also increasingly the target of U.S. lawmakers—wherein a company favors its own products or services on an online platform it also owns (e.g., a company’s apps receiving preferential treatment in its own app store). The commission contended that these anticompetitive behaviors could lead to “inefficient outcomes in the digital sector in terms of higher prices, lower quality, as well as less choice and innovation to the detriment of European consumers.” Traditional competition and antitrust policy, which address infractions after they occur, were presumed inadequate to meet this new reality—or simply too slow to keep pace.

The Digital Markets Act

The DMA is conceptually straightforward: it identifies digital services that fall under its purview, defines characteristics that make a service provider a “gatekeeper,” creates rules and ex ante obligations for those gatekeepers, and establishes punishments if those obligations are not met. Each of these became areas of debate as the DMA traversed the European Parliament, and many were altered. These alterations are notable: some even compelled the Biden administration to write to European officials (both in the European Union and in national capitals) protesting the changes.

In its proposal, the European Commission “limited” the regulation to companies providing “core platform services.” The word “limit,” however, is misleading. The list includes nearly every significant digital service: online marketplaces and app stores, search engines, social networks, video-sharing platforms, operating systems, cloud services, certain interpersonal communications services like WhatsApp calls or web-based email services, and advertising networks affiliated with any of the above. In its final version of the bill, progressive MEPs pushed successfully to add three new core platform services: web browsers, virtual assistants (such as Siri or Alexa), and connected TV.

Any provider of these services can become a gatekeeper if they meet certain qualitative and/or quantitative thresholds (a company not meeting the latter can still be a gatekeeper if it does meet the former). The commission set three qualitative thresholds: a company must have “significant impact” on the European market, the service it provides must be an “important gateway” between businesses and end users, and it must have or be likely to soon have “an entrenched and durable position.” The European Parliament made no significant changes to these broad criteria, instead focusing on the quantitative thresholds—a debate that ultimately spread across the Atlantic.

The commission initially set the quantitative thresholds to capture providers that provide a core platform service in at least three EU member states, have either an annual turnover in the European Economic Area of at least €6.5 billion in the last three financial years or a market capitalization of at least €65 billion in the last financial year, and have at least 45 million active monthly end users and 10,000 yearly active business users in the European Union. The parliament made several changes, including most controversially to the second criterion. MEP Andreas Schwab, a conservative German parliamentarian assigned as the DMA’s rapporteur, released a report in June 2021 in which he proposed raising the turnover and capitalization floors to €10 billion and €100 billion, respectively. Schwab admitted to calibrating these numbers to target the more profitable U.S. tech giants and spare lower-earning European companies—a discriminatory approach that upset the Biden administration. Others in the parliament viewed matters differently, and the body reached a final compromise of €8 billion and €80 billion, respectively. Companies that meet these thresholds must report themselves as gatekeepers within two months, although the commission can designate a service provider as a gatekeeper whenever it deems fit, after conducting a market investigation.

The third critical area of debate concerns the obligations for gatekeepers. Some will be in effect immediately (those in Article 5), and others may be further specified by the European Commission after passage of the law (Article 6). One Article 5 obligation prohibits gatekeepers from using personal data mined from one of their services to benefit a separate service they offer—for example, Meta using data collected on Facebook for targeted ads on Instagram. Other Article 5 provisions include a prohibition on requiring users to subscribe to one’s services, a prohibition on restricting how business users of a gatekeeper’s platform sell their same service on another company’s platform, and requirements for transparency on advertising prices. Among others, Article 6 includes prohibitions on self-preferencing, restrictions on targeted advertising without consent, and requirements for interoperability with third-party software.

The final area of debate concerns punishment and implementation. The commission is empowered to levy fines in cases of noncompliance. The original proposal capped fines at 10 percent of the gatekeeper’s total turnover in the prior financial year. The European Parliament raised this ceiling and also added a floor, giving the commission latitude to impose fines “not less than 4% and not exceeding 20%” of a gatekeeper’s worldwide turnover. Another crucial addition made by the parliament grants the commission the ability, in cases of “systemic non-compliance” with the obligations above, to restrict gatekeepers from making certain acquisitions of other companies (e.g., a tech giant buying a small start-up).

Criticisms

Some private sector stakeholders and independent analysts have raised concerns about the DMA. In addition to criticism for its arguably subjective thresholds, some have cautioned it may have deleterious economic side effects that dilute the good it does for competition. These concerns have come from not only U.S. companies but also European analysts and industry groups.

As for U.S. tech giants that meet the gatekeeper threshold, other than any fines they incur, the most immediate effect will be compliance costs, which the European Commission estimated would be €1.41 million per year, per platform. This is not a major burden for these companies, but some indirect effects may be costlier. Some provisions, for example, the one requiring search engine services to disclose to competitors how they rank answers to a given query, may compel gatekeepers to share proprietary information and expertise essential to their own competitive success. Clauses such as these may help smaller tech companies to take market share from gatekeepers even in situations where it is not clear there has been an unfair practice.

European private sector stakeholders have also registered concerns regarding the impact on EU companies, highlighting the DMA’s qualitative and quantitative thresholds as potentially hurting the growth of new businesses and deterring EU digitalization. The thresholds could also impact innovation in some circumstances. For example, if a new, innovative service would attract so many additional users that it would push an already large company (U.S. or European) into the gatekeeper category and trigger the DMA obligations, the company may be disincentivized from developing it in the first place—likely to the detriment of consumers, who may have benefited from that new service or the competition it engendered. Some companies would likely decide this trade-off is worth it, but others may not.

Allied for Startups, a nonprofit association based in Belgium, raised other concerns that the prohibition on acquisitions for systemically noncompliant gatekeepers, if implemented excessively, risks interfering with the “startup lifecycle.” A representative of the association clarified his view that even though there are documented instances of tech giants acquiring startups to preempt future competition, their relative freedom to acquire promising startups is, on net, good for the tech ecosystem (some European venture capitalists agree, noting the prospective exit ramp of acquisition by a large company is something that helps start-ups to attract initial capital). The DMA could have a chilling effect on this, even if accidentally.

Echoing this, a Danish consultancy published a study that concluded there are potentially harmful provisions to EU small and medium-sized enterprises (SMEs). For example, the prohibition on combining personal data across services that a gatekeeper provides could diminish the value of cloud computing services (which are ostensibly more useful as they incorporate more data). This would affect European SMEs who rely on cloud services, thereby reducing their competitiveness abroad. These possible side effects are worth noting—a fact the European Parliament is aware of: it amended Article 4 of the DMA so that the commission must not only keep track of gatekeepers, but also publish an annual report on the “impact on business-users especially [SMEs] and end-users.”

Finally, it is also important to note that these concerns are not the predominant view of European stakeholders, or even the universal view of U.S. tech giants operating in Europe. Member states have been broadly aligned since the beginning and the parliament passed the DMA easily, with 642 votes in favor and only 8 against. EU consumer protection organizations unsurprisingly support it. Allied for Startups, despite registering the concerns above, remains in favor of the law overall. A recent survey of French and German SMEs showed that 79 percent believed tech giants should face tougher regulation on how they use personal data. And even U.S. companies like Mozilla and Microsoft have welcomed the DMA rules in theory (although there is of course a strong element of self-interest in these positions, as both would see their competitors affected more severely).

Conclusion and Transatlantic Implications

There is general transatlantic agreement on the need to regulate big tech and there is a good case to be made that ex ante regulations are required, in some fashion, to manage the negative externalities of tech giant dominance. It is not only the European Commission that believes after-the-fact interventions are often too slow in this sector, and the DMA will indeed likely have positive effects for competition in core platform services.

Reasonable policymakers and analysts, including in Europe, simply want regulators to keep sight of the need for balance—as indeed some in the European Union occasionally fail to do. Center-right lawmakers in the parliament, for example, had to rein in the enthusiasm of some of their colleagues who wanted to amend the DMA to shift the burden of proof onto systemically noncompliant gatekeepers to demonstrate that any potential acquisitions would not harm competition, instead of the commission proving that they would. The amendment was rejected as disproportionately harsh, to the presumed relief of U.S. tech giants.

EU stakeholders would do well to convey such nuances in their debate to U.S. audiences, who would similarly do well to refrain from generalizing about the EU position. If the winding process of the DMA through the European Parliament shows anything, it is that not all Europeans think like MEP Schwab. This point is not just academic: it means there is ample room for U.S. lawmakers and officials to engage with their EU counterparts as Congress begins to consider regulations of its own concerning antitrust and competition in the digital sector.

This engagement should be proactive, and it should come early and often in the EU legislative process. The Biden administration’s recent attempt to push negotiators to change core DMA provisions, for example, has come too late to make any significant impact—although the administration’s astute tactic of targeting influential MEPs is an encouraging sign that future efforts, if initiated earlier, could allow the United States to impact forthcoming legislation like the Artificial Intelligence Act. In the meantime, the Digital Markets Act is coming. And although not every U.S. stakeholder will be happy, it creates an opportunity to learn valuable lessons as societies and economies similar to the United States begin to unpack and grapple with the particular blend the European Union has chosen for competition, innovation, and security in digital regulation.

Colin Wall is a research associate with the Europe, Russia, and Eurasia Program at the Center for Strategic and International Studies (CSIS) in Washington, D.C. Eugenia Lostri is an associate fellow with the Strategic Technologies Program at CSIS.

The authors would like to thank former Strategic Technologies Program intern David Robusto and Europe, Russia, and Eurasia Program intern Karolina Lång for their research assistance.

This commentary is made possible thanks to support from Apple.

Commentary is produced by the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s).

© 2022 by the Center for Strategic and International Studies. All rights reserved.

Image
Colin Wall
Associate Fellow, Europe, Russia, and Eurasia Program
Image
Eugenia Lostri

Eugenia Lostri

Former Associate Fellow, Strategic Technologies Program