European Union

Last updated: 30 December 2022

Legislation

In 2022, the EU passed two key pieces of legislation affecting the largest technology companies:

  • The goal of the Digital Markets Act (DMA) is to ensure “contestable and fair markets in the digital sector”. It contains roughly 20 separate up-front obligations (some applying to specific services) for the very largest digital gatekeeper platforms’ core services designated by the European Commission.
  • The Digital Services Act (DSA) contains specific requirements for Very Large Online Platforms and Very Large Online Search Engines. It is intended to “ensure the best conditions for the provision of innovative digital services in the internal market, to contribute to online safety and the protection of fundamental rights, and to set a robust and durable governance structure for the effective supervision of providers of intermediary services.”

The scope of the two acts is similar, covering the very largest platforms operating in the EU:

Digital Markets ActDigital Services Act
“Gatekeeper” platforms (DMA Art. 3):
EU turnover > €7.5bn or capitalisation > €75bn and for three years has > 45m EU users + 10,000 yearly active EU business users; 
Providing “core platform services” in at least 3 Member States (Art. 2.2) of:
(a) online intermediation services;
(b) online search engines;
(c) online social networking services;
(d) video-sharing platform services;
(e) number-independent interpersonal communication services;
(f) operating systems;
(g) Web browsers;
(h) virtual assistants;
(i) cloud computing services;
(j) online advertising services, including any advertising networks, advertising exchanges and any other advertising intermediation services, provided by an undertaking providing of any of the core platform services listed in points (a) to (i);
DSA Art. 3(g)(iii) “a ‘hosting’ service, consisting of the storage of information provided by, and at the request of, a recipient of the service”

3(i) “‘online platform’ means a hosting service that, at the request of a recipient of the service, stores and disseminates information to the public…”

“Very large online platforms” and “search engines” (DSA Art. 33(1)) “have a number of average monthly active recipients of the service in the Union equal to or higher than 45 million”
Services covered by the EU Digital Markets Act and Digital Services Act

Digital Markets Act

The DMA obligations are in two lists: “self-executing” obligations in Article 5, and obligations capable of further specification by the European Commission in Article 6. The originally-proposed obligations have been summarised by Michael Veale as follows (these have been slightly updated during negotiations between the EU institutions):

Article 5. Platforms must:Article 6. Platforms must:
– Silo data relating to core services.
– Not forbid businesses from using other intermediaries too.
– Allow businesses to contract with users outside the platform but fulfil contracts through the platform. 
– Not forbid businesses from reporting them to enforcement agencies.
– Not force businesses to use a particular ID service.
– Not bundle their core services together and force you to sign up to 2+. 
AND interestingly for ads:
– Provide advertisers and publishers with the price/remuneration details (to stop intermediaries controlling market visibility). 
– Not use data of their business users to compete with them.
– Allow end users to uninstall preinstalled software unless it is technically essential and cannot be offered standalone.
– Allow installation and effective use of 3rd party software/app store using and interoperating with an OS, and allow their access by means other than through a core platform service.
– Not rank their own products better than others’.
– Refrain from technically restricting the ability of end users to switch between and subscribe to different apps/services to be accessed using the OS, including internet access.
– Allow businesses, in the offering of ‘ancillary services’ to interoperate with OS, hardware and software.
– Provide advertisers and publishers with free analysis and verification tools/information. 
– Provide effective data portability AND tools for end users to facilitate its exercise (normal, download your data tools exist) INCLUDING CONTINUOUS and REAL-TIME access.
– Provide business users with real-time aggregated/non-aggregated data generated by end-users in their interaction with the platform. Personal data only when it relates to that business user’s services and where consent is provided.
– Search engines must provide other search engine providers with anonymised “ranking, query, click and view data”.Apply non-discriminatory terms to app store terms and conditions
Digital Markets Act obligations

Gatekeepers may apply to the European Commission for suspension of specific obligations if they would “endanger… the economic viability of the operation of the gatekeeper” (Art. 8) or for “overriding reasons of public interest” (Art. 9). And the Commission may add further obligations following a market investigation (Art. 10).

The Commission is planning the Act will come into force in spring 2023, following which the Commission has roughly 3-4 months to designate gatekeeper firms (which will include Alphabet, Meta, Apple, Amazon and Microsoft) and their covered “core platform services”, where the latter provide an important route for business users to reach end users. 

Interoperability

After much civil society campaigning, the final DMA imposes a very specific interoperability obligation on messaging/calling services (known in EU law as Number Independent Interpersonal Communications Services). Such services will be required to provide a technical “interface” (likely public Application Programming Interfaces or APIs) to interested competitors for specific “basic functions”, initially one-to-one text conversations, and later group discussions and group-individual voice and video calls. (No obligations will apply to smaller services, or to users of competitors who make use of gatekeeper interoperability.)

WhatsApp and iMessage will almost certainly be designated under the DMA and Facebook/Instagram Messenger are very likely to be designated; and Google Meet/Chat and Microsoft Skype/Teams probably will be. Telegram Inc. was reportedly valued at US$30-$40bn in 2021, but anyway already implements interoperability. It seems extraordinarily unlikely the non-profit Signal Foundation will ever meet the gatekeeper tests above. The final NIICS interoperability obligation explicitly protects end-to-end encryption and more broadly service security and privacy obligations.

While the European Parliament also wanted an interoperability obligation imposed on social networking services (principally Facebook), the 27 EU governments refused. However, this will be reviewed in 2026. Until then, a related DMA obligation (Article 6(12)) will apply to app stores, search engines and SNSes, requiring gatekeepers to offer “fair, reasonable, and non-discriminatory general conditions of access for business users”.

Civil society advocacy

A key civil society competition-related advocacy goal in the DMA/DSA package was to require the largest platforms to make their services interoperable with competitors. Civil society persuaded the European Commission to include an interoperability provision in its initial DMA proposal (Art. 6(1)(f)), relating to ancillary services such as payments. Since then, groups including EDRi, BEUC, Article 19, EFF and OpenForum Europe advocated the Parliament and Council extend this to the major platforms’ core services. Several such amendments, and adding similar interoperability requirements to the DSA, were proposed by centre-left and Green/Pirate parliamentarians, with some support from liberal and centre-right MEPs.

Civil society also advocated for amendments to require genuine informed consent in certain circumstances from users, restricting firms’ use of “dark patterns” in user interfaces, as well as more broadly speaking giving users more rights as opposed to focusing on business users.

Another priority for civil society is ensuring effective enforcement, increasing the resources allocated to the competition unit of the European Commission and potentially involving national regulators.

The Internal Market committee DMA vote was applauded by EDRiBEUCEFF and LobbyControl, who also called for remaining loopholes to be fixed in the next stage of negotiations between the Parliament, Council (member state governments) and Commission, the so-called “trilogues”.

Other legislative developments

The Commission published a proposal for a Data Act in early 2022, which includes provisions “ensuring fairness in how the value from using data is shared among businesses, consumers and accountable public bodies.” A public consultation on the proposal closed in June. It will require operators of “smart” (Internet of Things) devices to enable customers to access all the data generated by their devices, as well as provide government access to data resources under specific circumstances (such as public emergencies). Two of the responsible officials provided commentaries.

The prospect of significant EU legislative reform on merger control is limited, given the preference of significant Member States such as France for industrial policy building up “European champions.” A “New Competition Tool” envisaged by the Commission as part of the DMA/DSA package disappeared from the final proposals. Germany published a legal opinion arguing merger control measures could be included in the Digital Markets Act, but other member states, and some academics, argued the DMA’s internal market harmonisation legal basis ruled this out. Germany’s (Green party) junior minister for competition policy has restated his government’s preference for a more structural approach, and it seems likely such measures could be included in the next revision of the country’s competition law.

Instead, the Commission has since 19 February 2021 (before its updated merger guidance was even published) used its discretion under the Merger Regulation to encourage member states to refer cases that would not meet EU or even national turnover requirements, but “where the turnover of at least one of the companies concerned does not reflect its actual or future competitive potential. This could be the case of a start-up or recent entrant with significant competitive potential or an important innovator. It can be also the case of an actual or potential important competitive force, or of a company with access to competitively significant assets or with products or services that are key inputs or components for other industries.” 

Acknowledgment: this update was commissioned by Open Society Foundations.