Gatekeepers have to comply with DMA requirements by 7 March 2024 at the latest

News Update DMA

Gatekeepers have to comply with DMA requirements by 7 March 2024 at the latest
4 March 2024

The developments regarding the Digital Markets Act ("DMA") are mounting and the day by which Alphabet, Amazon, Apple, Bytedance, Meta and Microsoft must comply with the DMA's dos and don'ts is approaching (7 March 2024). This News Update provides an overview of the recent main developments, from the current state of play back to the day the first Big Tech companies were designated as 'gatekeepers' (5 September 2023).

Compliance with obligations and prohibitions under the DMA

Following their designation, gatekeepers (Alphabet, Amazon, Apple, Bytedance, Meta and Microsoft) must comply with the DMA's dos and don'ts by 7 March 2024 at the latest (Article 3(10) in conjunction with Article 5, 6 and 7 DMA). On the same date, these gatekeepers have to provide the European Commission ("Commission") with (i) a report describing the measures implemented to ensure compliance with the DMA obligations (Article 11 DMA); and (ii) an audit describing customer profiling techniques (Article 15 DMA). The Commission is organising workshops on each of the gatekeepers to allow interested parties to ask for clarification and to give feedback on the proposed compliance solutions. These workshops will take place between 18 and 26 March 2024.

Potential new gatekeeper – Booking

According to the Dutch Financial Newspaper (Financieel Dagblad, in Dutch only) dated 22 February 2024, Booking has submitted a notification to the Commission as Booking considers that it now meets the cumulative thresholds that presumptively lead to a designation as gatekeeper (Article 3(3) DMA). According to Booking, it did not previously meet the threshold of at least 45 million monthly active users established in the EU in each of the last three financial years because of the impact of the COVID crisis on its business. The Commission will take a decision on whether Booking should be designated as gatekeeper within 45 days after receiving complete information from Booking (Article 3(4) DMA). Booking's notification to the Commission may have been triggered by a fine of EUR 490 million that the Spanish authority CNMC intends to impose on Booking for an alleged abuse of a dominant position. According to Booking, CNMC's allegations against Booking should be dealt with by the Commission under the DMA to avoid fragmented solutions at national level.

Commission closes market investigations on Microsoft's and Apple's services

On 12 February 2024, the Commission adopted decisions closing the market investigations that it launched on 5 September 2023. The Commission found that, for the time being, Apple and Microsoft should not be designated as gatekeepers for certain core platform services, i.e. Apple's iMessage and Microsoft's search engine Bing, web browser Edge and online advertising service Microsoft Advertising, despite meeting the thresholds.

Bytedance's (TikTok) application seeking suspension of the designation decision has been dismissed

The Commission designated Bytedance as a gatekeeper by decision of 5 September 2023. Bytedance, however, brought an action for annulment of that decision in November 2023. In addition, Bytedance lodged an application for interim measures seeking the decision's suspension. On 9 February 2024, the President of the General Court dismissed Bytedance's application for interim measures. According to the President, Bytedance had not shown that it was necessary to suspend the contested decision until the proceedings on the substance of the case were closed. Bytedance had not shown that there was a real risk of disclosure of confidential information or that such risk would give rise to serious and irreparable harm to Bytedance. A judgment on Bytedance's appeal on the substance of the case has not yet been rendered.

Draft bill implementing the DMA into Dutch law

The Dutch legislature proposed a draft bill (in Dutch only) on 1 February 2024 to regulate DMA implementation in the Netherlands. Although responsibility for DMA enforcement lies solely with the Commission, national authorities have a supporting role. The draft bill appoints the Netherlands Authority for Consumers and Markets (ACM) as the competent national authority in the Netherlands. The draft bill is currently being debated in the Dutch House of Representatives (Tweede Kamer) and, when adopted, will subsequently be debated in the Senate (Eerste Kamer). When the Senate adopts the draft bill as well, it will become law and will enter into force at a set date.

Template for reporting on consumer profiling techniques

Under Article 15 DMA, gatekeepers are obliged to submit an independently audited description of any techniques for profiling of consumers that the gatekeeper applies to or across its core platform services within 6 months after its designation. On 12 December 2023, the Commission published the template for reporting on consumer profiling techniques and the independent audit of such reports.

Apple, Bytedance and Meta contest gatekeeper decisions

Parties that have been designated as gatekeepers had to file an appeal against that designation decision by no later than 16 November 2023. Apple, Bytedance and Meta have submitted appeals. Apple (Case T-1079/23 and Case T-1080/23) challenged the Commission's decision on Apple's operating system iOS, online intermediation service App Store, and iMessage service. Apple claims that the decision on the latter wrongly concluded that iMessage is a number-independent interpersonal communications service within the meaning of the DMA. It has not contested the Commission's designation decision in relation to its web browser Safari. Bytedance (Case T-1077/23) brought an action for annulment of the decision to designate Bytedance in relation to its online social networking service TikTok. In addition, it lodged an application for interim measures seeking suspension of that decision. Meta (Case T-1078/23) brought an action for annulment of the decision to designate Meta in relation to its N-IIC service Messenger and online intermediation service Meta Marketplace. It did not challenge the designation in relation to Facebook, WhatsApp or Instagram. Judgments on Apple's, Bytedance's and Meta's appeals on the substance of the cases have not been rendered to date.

Template for compliance report

Under Article 11 DMA, gatekeepers have to provide the Commission with a report describing in a detailed and transparent manner the measures they have implemented to ensure compliance with the obligations laid down in Articles 5, 6 and 7 of the DMA. They must do so within 6 months after the designation decision. On 9 October 2023, the Commission published the template for the compliance report.

Designation of gatekeepers

The Commission designated 6 gatekeepers under the DMA (Alphabet, Amazon, Apple, Bytedance, Meta and Microsoft) for 22 core platform services on 5 September 2023. Two DMA gatekeeper obligations are effective as from the moment of designation: (i) to put in place a compliance function (Article 8 DMA) and (ii) to report on intended concentrations within the meaning of the EU Merger Regulation (Article 14 DMA).

On 5 September 2023, the Commission also opened market investigations into Microsoft's Bing, Edge and Advertising and Apple's iMessage to see whether the undertakings providing these platform services do not qualify as gatekeeper, despite meeting the thresholds (Article 3(5) and 17(3) DMA). The Commission also opened a market investigation into Apple's iPadOS to assess whether Apple should be designated as a gatekeeper for this core platform service despite not meeting the thresholds (Article 3(8) and 17(1) DMA). The Commission decided not to designate gatekeepers for the core platform services Gmail, and Samsung Internet Browser, albeit that the thresholds were met.

The fact that the Commission is organising workshops to allow third parties to give feedback on the compliance solutions that each of the gatekeepers has proposed emphasises the role that third parties will have in ensuring the DMA's success. Third parties may be business users, competitors, and end users of a core platform service. Under Article 27 DMA, third parties can directly report breaches to both the competent national authorities and the Commission. For example, app developers have already sent a letter to the Commission raising concerns about the measures that Apple proposed to comply with the DMA. There is, however, no obligation for the national authorities or the Commission to investigate the alleged breach, nor do they have to explain their decision not to pursue a complaint. If the authorities decide not to act or a third party does not want to be dependent on the opening of proceedings by the Commission, the third party could initiate private enforcement proceedings to put an end to the breach and obtain compensation for harm caused (standalone proceedings). Private enforcement proceedings could also be initiated following a DMA infringement decision by the Commission (follow-on proceedings). The role of third parties in ensuring the (public and private) enforcement of the DMA can therefore not be underestimated.

Written by:

Key Contact

Advocaat | Partner
Lumine van Uden

Key Contact

Advocaat | Counsel
Yvo de Vries

Key Contact

Advocaat | Partner