On September 6, 2023, the European Commission (EC) returned from its summer break with full force and announced the designation of six tech companies as so-called “gatekeepers” under the EU’s Digital Markets Act (DMA) and published a Q&A document.
The six companies are predominantly American, with one Asian company represented and no European: Alphabet, Amazon, Apple, Meta, Microsoft, and TikTok-owner ByteDance. Booking.com, a European travel booking platform, previously stated that the impact of COVID-19 meant it did not meet the thresholds, but it expects to fall within scope by the end of 2023.
The designation starts a six-month DMA compliance countdown (by March 6, 2024, for those designated on September 6, 2023).
A Refresher: What Is the DMA?
The DMA applies to platforms offering “core platform services” (CPSs) that have been designated as gatekeepers by the EC based on quantitative and qualitative thresholds (e.g., app stores, social networking services, search engines, online advertising services, etc.). It sets out a list of fixed ex ante obligations for gatekeepers, including rules related to, among others, interoperability between platforms, data combination, data access by business users, and self-preferencing. Sanctions include fines of up to 10 percent of global annual turnover or even 20 percent fines and structural break-ups for repeat offenders. For more information on the DMA’s obligations and their application to digital platforms, please see our previous Wilson Sonsini Alert.
The Designation Process
Potential gatekeepers had until earlier this summer (July 3, 2023) to notify the EC as to whether they met the thresholds for gatekeepers set out in Article 3 of the DMA. Seven companies self-declared (the companies listed above, and Samsung). The EC then had 45 days to assess the notifications before taking its designation decisions, leaving a total of 22 CPSs across six gatekeepers—with Samsung the only one of the original notifiers to fully escape, for now. Some points of note are:
Source: European Commission Press Release, September 6, 2023
What Happens Next?
Gatekeepers have until mid-November to prepare and file an appeal to the Court of Justice of the European Union if they wish to challenge the designation, as parties have two months and 10 days to appeal an EC decision.
All the while the compliance clock will be ticking, with gatekeepers now having six months (by March 2024) to ensure they are in compliance with the new rules and prepare a detailed compliance report outlining the measures put in place. As of designation, however, two key obligations already kick in:
Business users and other market participants will also be watching with anticipation and no doubt continuing to engage with the EC on crafting compliance solutions that are workable for both gatekeepers and the market.
As flagged previously, the DMA will also have significant unintended spillover effects on commercial partnerships with data use at their core. For instance, companies receiving information from gatekeepers (e.g., activity data about their end-users on the gatekeeper platform) will now be impacted by the DMA obligation to require end-user consent where personal data is involved. Business users of gatekeepers’ CPSs will need to consider putting in place mechanisms, such as consent requirements in contracts with gatekeepers, to ensure continued access to data generated on a gatekeeper platform.
Both potential gatekeepers and business users should also not forget national laws may also kick in; platform services not covered by the EC’s current efforts could still be addressed by similar German rules, for instance.
For more information, please contact Jindrich Kloub, Cédric Burton, Yann Padova, Deirdre Carroll, or any member of the firm's antitrust or privacy and cybersecurity practices.
Deirdre Carroll and Laurine Daïnesi Signoret contributed to the preparation of this Wilson Sonsini Alert.