On September 6, 2023, the European Commission (EC) returned from its summer break with full force and announced the designation of six tech companies as so-called “gatekeepers” under the EU’s Digital Markets Act (DMA) and published a Q&A document.

The six companies are predominantly American, with one Asian company represented and no European: Alphabet, Amazon, Apple, Meta, Microsoft, and TikTok-owner ByteDance. Booking.com, a European travel booking platform, previously stated that the impact of COVID-19 meant it did not meet the thresholds, but it expects to fall within scope by the end of 2023.

The designation starts a six-month DMA compliance countdown (by March 6, 2024, for those designated on September 6, 2023).

A Refresher: What Is the DMA?
The DMA applies to platforms offering “core platform services” (CPSs) that have been designated as gatekeepers by the EC based on quantitative and qualitative thresholds (e.g., app stores, social networking services, search engines, online advertising services, etc.). It sets out a list of fixed ex ante obligations for gatekeepers, including rules related to, among others, interoperability between platforms, data combination, data access by business users, and self-preferencing. Sanctions include fines of up to 10 percent of global annual turnover or even 20 percent fines and structural break-ups for repeat offenders. For more information on the DMA’s obligations and their application to digital platforms, please see our previous Wilson Sonsini Alert.

The Designation Process
Potential gatekeepers had until earlier this summer (July 3, 2023) to notify the EC as to whether they met the thresholds for gatekeepers set out in Article 3 of the DMA. Seven companies self-declared (the companies listed above, and Samsung). The EC then had 45 days to assess the notifications before taking its designation decisions, leaving a total of 22 CPSs across six gatekeepers—with Samsung the only one of the original notifiers to fully escape, for now. Some points of note are:

  • Rebuttal attempts: Microsoft and Apple have both argued that despite meeting the quantitative thresholds, some of their CPSs do not qualify as gateways (Bing, Edge, and Microsoft Advertising for Microsoft, and iMessage for Apple). The EC has opened four market investigations to assess their arguments, with a February 6, 2024, deadline.
    • Microsoft previously made it clear that it believes its Bing search engine should escape the DMA’s scope despite meeting the thresholds, as it has, in its view, a three percent share in this space. EC officials publicly rejected this approach, noting market share will not be accepted as a reason to rebut a DMA designation.
  • Rebuttal success: Several platform services avoided a CPS designation after providing “sufficiently justified arguments” that they do not qualify as gateways for key services (Google’s Gmail, Microsoft’s Outlook.com, and Samsung’s Internet Browser).
  • Qualitative designation: Despite it not meeting the quantitative thresholds, the EC opened a market investigation to assess whether Apple’s iPadOS should nonetheless be designated as a gatekeeper as it constitutes a “gateway” for business users to reach end users. The EC has until September 6, 2024, for its assessment.
  • Two categories escaped: Virtual assistants and cloud computing services have not yet received any designations, but the EC could still use its market investigation tools to assess designation—as it is doing with Apple’s iPadOS. Cloud computing services in particular may come under the spotlight. The sector is under scrutiny by Ofcom, the communications regulator in the UK, which is considering a referral to the UK antitrust agency for further investigation. Ofcom noted that it is “particularly concerned about the practices of Amazon and Microsoft because of their market position.” The EU may follow.

Source: European Commission Press Release, September 6, 2023

What Happens Next?
Gatekeepers have until mid-November to prepare and file an appeal to the Court of Justice of the European Union if they wish to challenge the designation, as parties have two months and 10 days to appeal an EC decision.
All the while the compliance clock will be ticking, with gatekeepers now having six months (by March 2024) to ensure they are in compliance with the new rules and prepare a detailed compliance report outlining the measures put in place. As of designation, however, two key obligations already kick in:

  • gatekeepers must establish a dedicated compliance function internally, and
  • gatekeepers must inform the EC of intended M&A where it involves a CPS or any other services in the digital sector or enables the collection of data.

Business users and other market participants will also be watching with anticipation and no doubt continuing to engage with the EC on crafting compliance solutions that are workable for both gatekeepers and the market.

As flagged previously, the DMA will also have significant unintended spillover effects on commercial partnerships with data use at their core. For instance, companies receiving information from gatekeepers (e.g., activity data about their end-users on the gatekeeper platform) will now be impacted by the DMA obligation to require end-user consent where personal data is involved. Business users of gatekeepers’ CPSs will need to consider putting in place mechanisms, such as consent requirements in contracts with gatekeepers, to ensure continued access to data generated on a gatekeeper platform.

Both potential gatekeepers and business users should also not forget national laws may also kick in; platform services not covered by the EC’s current efforts could still be addressed by similar German rules, for instance.

For more information, please contact Jindrich KloubCédric BurtonYann PadovaDeirdre Carroll, or any member of the firm’s antitrust or privacy and cybersecurity practices.

Deirdre Carroll and Laurine Daïnesi Signoret contributed to the preparation of this post.