Midnight on July 3, 2023, heralded the deadline for potential gatekeepers to notify the European Commission (EC) as to whether they meet the thresholds for gatekeepers set out in Article 3 of the Digital Markets Act (DMA).
By the morning of the U.S.’s Independence Day, five U.S. companies and two Asian companies—but no European—had submitted their notifications: Alphabet, Amazon, Apple, Meta, Microsoft, ByteDance, and Samsung. Booking.com, a European travel booking platform, stated that the impact of COVID-19 meant it did not meet the thresholds as of the July 3 deadline, but expects to fall within scope by the end of 2023.
The EC now has 45 working days to assess the notifications and adopt a designation decision (by September 6, 2023), starting a six-month DMA compliance countdown (by March 6, 2024).
The DMA sets out a list of fixed ex ante obligations for the large tech platforms designated as gatekeepers, including rules related to, among others, interoperability between platforms, data combination, data access by business users, and self-preferencing. Sanctions include fines of up to 10 percent of global annual turnover or even structural break-ups for repeat offenders. For more information on the DMA’s obligations and their application to digital platforms, please see our previous Wilson Sonsini Alert.
The Threshold Question
The DMA applies to platforms offering “core platform services” (CPS) that have been designated as gatekeepers by the EC (e.g., app stores, social networking services, search engines, online advertising services, etc.). There is a rebuttable presumption that a platform is a gatekeeper if it has:
- A significant impact on the internal market—shown by an annual European Economic Area revenue of at least €7.5 billion (ca. $8 billion) in each of the last three financial years, or an average market capitalization is at least €75 billion (ca. $80 billion);
- A CPS which is an important gateway for business users to reach end users—shown by at least 45 million monthly end users and 10,000 business users in the EU; and
- An entrenched and durable position (or foreseeably will have in the near future)—shown by each of the above two thresholds being met in the three previous years.
However, even if the quantitative thresholds are met, gatekeepers can try to rebut the gatekeeper presumption. Microsoft previously made it clear that it hopes to escape the DMA’s scope despite meeting the thresholds, as its Bing search engine has, in its view, a three percent share in this space. EC officials publicly rejected this approach, noting market share will not be accepted as a reason to rebut a DMA designation.
The EC can also designate a gatekeeper that does not meet the quantitative thresholds following a market investigation, which will focus on a qualitative assessment of the gatekeeper’s position and of the market.
The seven current companies notified the EC on the basis of the quantitative thresholds, but it remains to be seen whether the EC will begin to designate others by September based on a qualitative assessment. The EC has also not made clear which of the companies’ services will be designated as CPSs.
Compliance Report Consultation
The companies ultimately designated by the EC in September—whether quantitatively or qualitatively—will need to submit an annual compliance report outlining, in a detailed and transparent manner, the measures that they have implemented to ensure DMA compliance. The first report is due by March 2024, when compliance is required with the DMA’s obligations. A nonconfidential summary of that report will be made publicly available, giving third parties the opportunity to raise compliance concerns with the EC.
The EC launched a public consultation on the template compliance report in early June, with the feedback window closed on July 5, 2023.
Wilson Sonsini Insights
The next 45 days until September 6 will be key in determining what platforms and which of their services will be subject to the DMA’s obligations, while the specific obligations applicable to the different services designated as CPS will be ironed out in the subsequent six-month compliance period (by March 6, 2024). During this time, the EC will be focused on engaging with both potential gatekeepers and companies relying on their services (so-called business users) that want to have a say in this process and impact which of the gatekeepers’ services are designated as CPSs and how the DMA’s general obligations apply to them in practice. Given the scale of this task, requiring engagement with seven potential gatekeepers and numerous business users, the EC is not expected to prioritize launching of market investigations to designate as gatekeeper platforms that do not meet the quantitative thresholds at this time.
As flagged previously, the DMA will also have significant unintended spillover effects on commercial partnerships with data use at their core. For instance, companies receiving information from gatekeepers (e.g., activity data about their end-users on the gatekeeper platform) will now be impacted by the DMA obligation to require end-user consent where personal data is involved. Business users of gatekeepers’ CPSs will need to consider putting in place mechanisms, such as consent requirements in contracts with gatekeepers, to ensure continued access to data generated on a gatekeeper platform.