The Bundeskartellamt (Federal Cartel Office) has been undertaking a long-running sector study of the German messenger (and video services) market, and today has published its final report (here is a DeepL translation to English). The study looks much more broadly than at the implementation of the EU Digital Markets Act messaging interoperability requirement, but it has some relevant statements (translated here using Word).
I wanted to add a few comments to some of these statements, because without a close reading of the DMA’s provisions it is easy to draw incorrect assumptions about their implications…
It is true that the DMA interoperability regime is limited to basic functions and is designed to be asymmetrical. However, the architecture of the services and the technical location of the individual functions on them are very individual, so that interoperability here would require standardization and adaptation to varying degrees.p.240
This very much depends on the extent to which the European Commission (EC) uses its implementing act powers (Article 46(1)(c)) to specify any technical standards. I am sceptical this power legally goes very far (others disagree), but also expect some of the member states would strenuously object to such a use, even if their opinion in this “comitology” process is merely advisory.
Art. 7 simply states that designated “gatekeepers” (such as WhatsApp and Apple) must provide technical interfaces or equivalent to very specific functionality of their messaging services (initially to send one-to-one messages) — they are largely free to simply specify their own technical decisions as de facto “standards” their competitors must implement (which unfortunately means the costs of doing so are likely to fall on those startups and open source projects, rather than the trillion-dollar firms the DMA targets — but this was a deliberate choice by the EU Parliament and Council to protect “innovation” 🤷🏻♂️).
Any projects to implement and design interoperability and to address technical challenges must keep in mind the security and privacy of the data of all consumers and include all the services they use. Due to the interdisciplinary challenges in the field of messenger and video services – information technology, consumer and data protection law as well as economic – cooperation between different knowledge carriers in such interoperability projects seems to make sense. In view of the dynamism of the industry and the innovation potential of the technology, it seems necessary – as already stated in the interim report – to involve the industry, as was already practiced in principle by the European Commission on the occasion of a workshop on interoperability in February 2023.pp.240-1
I don’t think anyone disagrees with this statement! I would add that “industry” should include SMEs and open source developers (as the EC workshop did), and civil society should also be included (ditto). The DMA also includes specific mechanisms (Art. 40) for the EC to consult other regulators, including data protection authorities.
For a secure consumer product under interoperability, it would be important for an appropriate regime to provide for security criteria that have already been activated for cross-messenger exchanges. In addition, the aim should also be to ensure that data is processed sparingly under interoperability.pp.241-2
The DMA Art. 7 does precisely this (paragraphs 3 and 8). And the BKA correctly concludes:
“It should be possible to maintain a clear protective approach even under interoperability.”p.242
For those interested, there is (much) more detail in my report from last November on Private Messaging Interoperability in the Digital Markets Act.