The role of gatekeepers under the Digital Markets Act

The power and influence of large online platforms over smaller businesses and consumers cannot be understated. These platforms, known as gatekeepers under the Digital Markets Act, have the ability to shape the digital landscape and impact millions of businesses and consumers. The European Union has recognized the need to regulate these gatekeepers to ensure more fair competition and protection of users’ data and privacy rights. This has led to the implementation of the Digital Markets Act (DMA), a regulation that aims to create a more level playing field in European digital markets.

In this article, we will explore the role of gatekeepers under the Digital Markets Act (DMA). We will delve into the criteria for designation as a gatekeeper, the obligations imposed on these companies, and the consequences for noncompliance with this new regulation. Join us as we navigate the DMA and shed light on the implications for European businesses.

The term ‘gatekeepers’ as designated by the European Commission (EC) refers to large tech corporations operating one or more core platform services (CPS). These CPS are also identified by the EC due to their audience size, volume of data generated and processed, and influence on digital markets and consumers. The 22 CPS include web browsers, social media platforms, voice assistants, search engines, operating systems, video platforms, and more.

By providing core platform services, gatekeepers serve as important gateways for businesses to reach end users. They collect and manage enormous amounts of user data, control access to popular and arguably essential services, and can potentially use their position to stifle competition and innovation.

Gatekeepers have the ability to shape the online landscape and impact the success of businesses operating within it. With their vast reach and user base, gatekeepers have become the key players in the digital marketplace.

The gatekeeper companies were chosen based on specific criteria, and this designation has had varying responses from those companies, ranging from acceptance to strong disagreement. Analysis of large tech companies’ role and influence in digital markets is ongoing, so it is entirely possible the list of gatekeeper companies may grow or change, as may the list of their core platform services.

To be designated as a gatekeeper under the DMA, a company must meet specific qualitative and quantitative criteria.

The qualitative criteria include having a significant impact on digital markets, providing one or more core platform services that serves as an important intermediary between businesses and consumers, and having an entrenched and durable position in the market.

The quantitative criteria involve meeting certain financial thresholds, such as having an annual turnover of at least € 7.5 billion in the EU, or a market valuation of at least € 75 billion. Additionally, gatekeepers must provide the same core platform services in at least three EU member states and have a substantial number of active end users and business users.

The designation of gatekeepers under the DMA follows a rigorous process. The European Commission is responsible for designating gatekeepers based on the qualitative and quantitative criteria outlined in the regulation. Gatekeepers that meet the thresholds for designation are presumed to meet the requirements unless they can successfully challenge the presumption.

Gatekeepers have the opportunity to dispute the quantitative criteria by providing evidence and arguments to demonstrate that they do not meet the qualitative criteria. The Commission may also conduct market investigations to assess the designation of gatekeepers and consider additional factors such as turnover, market capitalization, number of users, network effects, and more.

The six companies currently designated as gatekeepers by the European Commission include five US-based and one Chinese-based company. They all have European operations and users, but none is headquartered in the EU or UK. The gatekeepers are:

• Microsoft (owner of LinkedIn and Windows PC OS)
• Meta (owner of Facebook, Instagram, WhatsApp, and others)
• Alphabet (owner of Google, YouTube, and Android)
• ByteDance (owner of TikTok)
• Amazon (owner of Amazon Marketplace)
• Apple (owner of iOS and the App Store)

Following their designation on September 6, 2023, each gatekeeper has a six-month window to achieve compliance with the DMA obligations for their specified core platform services. The deadline is March 6, 2024.

The Commission has also opened market investigations to further assess the submissions of Microsoft and Apple, as they have disputed the designation of some of their core platform services (source: Financial Times, September 2023). These investigations aim to determine whether the services in question should be designated as CPS. Additionally, a market investigation has been initiated to assess whether Apple’s iPadOS should be designated as a core platform service.

The gatekeepers’ core platform services encompass a wide range of digital platforms, and activities, from facilitating online transactions to connecting individuals through social media. The extraterritorial effect of the DMA means that gatekeepers are subject to its regulations regardless of where they are headquartered because they offer their services to business users or end users established or located in the EU, EEA and UK.

Gatekeepers have a set of obligations they must adhere to under the DMA, which include the following.

Data processing and targeted advertising: Gatekeepers must obtain user consent before collecting and processing personal data for targeted advertising purposes. They are prohibited from combining personal data from different core platform services or cross-using personal data in other services provided by the gatekeeper.

Nondiscrimination: Gatekeepers must not discriminate against business users by preventing them from offering the same products or services through third-party online intermediation services or their own direct online sales channels at different prices or with different conditions.

Freedom of communication and promotion: Gatekeepers must allow business users to communicate and promote their offers to end users acquired through the gatekeeper’s core platform services, regardless of whether they use the gatekeeper’s services. This promotes fair competition and ensures that business users have the freedom to reach their target audience.

Access to content and services: Gatekeepers must allow end users to access and use content, subscriptions, features, or other items through their core platform services by using the software application of a third-party business user. This promotes user choice and prevents gatekeepers from limiting access to certain services.

Complaints and dispute resolution: Gatekeepers must not prevent or restrict business users or end users from raising issues of noncompliance with relevant laws to public authorities, including national courts. Gatekeepers are encouraged to establish lawful complaints-handling mechanisms to address any concerns raised by users.

Gatekeepers have a responsibility to ensure their compliance with the obligations set out in the DMA, but also with third parties connected to their platforms and services. They must establish a compliance function that is independent from their operational functions. The compliance function, led by a designated compliance officer, monitors and supervises the gatekeeper’s compliance with the DMA. The compliance officer has the authority and resources necessary to fulfill their tasks and report any noncompliance to the gatekeeper’s management body.

Gatekeepers have six months from their designation — until March 6, 2024 — to comply with the full list of obligations under the DMA. During this period, they are required to submit a detailed compliance report to the European Commission, outlining how they have implemented the necessary measures to meet their obligations. The Commission will closely monitor the implementation and compliance of gatekeepers and may impose high fines for noncompliance. Details below.

Gatekeepers that fail to comply with the obligations set out in the DMA face significant consequences. The European Commission has the authority to impose fines of up to 10% of the gatekeeper’s annual worldwide turnover, or up to 20% in case of repeated infringements.

In addition to fines, the Commission may impose behavioral or structural remedies if a gatekeeper systematically fails to comply with the DMA. These remedies can include divestiture of certain business units or a ban on acquisitions related to noncompliant practices.

The DMA also enables the Commission to open market investigations to assess compliance and designate gatekeepers based on their qualitative criteria. These investigations are conducted to ensure a fair and competitive digital market and may result in further consequences for gatekeepers found to be in violation of the DMA.

Like many regulations today, especially those covering data privacy, the Digital Markets Act is something of a work in progress. Business, technology and legal thought are always evolving, and so regulation must evolve as well. Requirements under the DMA may change, as may end users’ rights, as well as the list of gatekeepers and core platform services.

The DMA provides an opportunity for additional companies to submit notifications to the European Commission for designation as gatekeepers. These companies can self-assess their compliance with the relevant thresholds and engage in discussions with the Commission. This allows for a dynamic and evolving regulatory environment that adapts to the changing digital landscape.

Compliance with DMA obligations is crucial for gatekeepers to maintain user trust and confidence. By adhering to the requirements of the DMA, gatekeepers can demonstrate their commitment to providing a safe and secure digital environment. Compliance not only mitigates the risk of fines and penalties but also fosters a positive reputation and long-term sustainability in the digital market. This building of trust applies also to third-party companies that rely on access to the gatekeepers’ platforms and services, and that meet DMA complication obligations regarding data privacy.

The role of gatekeepers under the Digital Markets Act is instrumental in shaping the digital landscape and ensuring fair competition. Their decisions and operations directly impact millions of businesses and consumers. The DMA aims to set certain rules to limit gatekeepers’ power and prevent unfair practices in the digital marketplace.

Gatekeepers have a responsibility to comply with the DMA within a specified timeline and establish compliance functions to monitor the actions undertaken and how they maintain their compliance. The designation of gatekeepers under the DMA has been and will continue to be a rigorous process carried out by the European Commission. As digital markets continue to evolve, the DMA and the designation of gatekeepers will play a crucial role in maintaining a fair, competitive and secure digital environment.

Although the DMA applies to gatekeepers, it is important for smaller businesses operating in the EU, EEA and UK to understand the regulation as it will directly impact their use of the large online platforms and services owned by gatekeepers, such as Facebook, LinkedIn, or Google Ads.

Businesses will be required to comply with the regulatory guidelines enforced by digital service providers such as Google and Amazon. Here is all you need to know to comply with the DMA and the new privacy requirements likely to be imposed by major tech companies. We’ve also put together a short list of steps you can take to get ready for the DMA.

1. First, know the data your organization gathers, how it’s gathered, used, shared, and with whom. Review your policies regarding the handling of user data, obtaining user consent, and data usage. This includes any agreements for sharing data with third parties.
2. Make sure your website or app has the required privacy tools, obtains user consent in a compliant way, and has a thorough and clear privacy policy.
3. Consider implementing a privacy compliance solution that helps to achieve compliance with the DMA, such as the Usercentrics Consent Management Platform (CMP) or the Mobile App SDK.

The Usercentrics CMP helps companies to comply with the Digital Markets Act’s requirements and rules imposed by gatekeepers pursuing DMA compliance. It’s fully customizable and automated and also enables compliance with the General Data Protection Regulation (GDPR), the primary European data privacy regulation. The Usercentrics CMP helps you to:

• collect and manage user consent in a secure and compliant way
• respect user data and privacy
• analyze user consent preferences to increase opt-in rates

Stay up to date with Digital Markets Act news and developments by subscribing to our newsletter.

By following our guidelines above, you can prepare your business for DMA and gatekeepers requirements and upcoming changes in the European digital marketplace.

Usercentrics does not provide legal advice, and information is provided for educational purposes only. We always recommend engaging qualified legal counsel or privacy specialists regarding data privacy and protection issues and operations.