The EU’s Digital Markets Act (the “DMA”) is a landmark EU law, targeting companies that have acquired such a dominant position in critical sectors of the digital economy that act as ‘gatekeepers’ between business users and consumers. Despite the new rules coming into effect later this week, three of the six companies designated as gatekeepers by the European Commission have appeals pending as to their designation status – but with concerns increasingly raised in the industry and by commentators over the gatekeepers’ lack of effective engagement and readiness for the 7 March deadline, legal uncertainty has been created for access seekers across Europe. While the DMA has already had a significant impact, including causing some designated gatekeepers to make changes to their Core Platform Services (CPS) prior to the obligations taking legal effect, there is still a long way to go for all parties involved.

As a reminder, in September 2023, the European Commission designated its first six gatekeepers (Apple, Amazon, ByteDance (TikTok), Google, Meta and Microsoft) for twenty-two different core platform services under the DMA. These core platform services cover Social Networks (TikTok, Facebook, Instagram, LinkedIn), Intermediation services (including Google Maps, Google Play, Amazon Marketplace, App Store etc.), Ads (Google, Amazon, Meta), NI-ICs (WhatsApp and Messenger), Video Sharing (YouTube) Browsers (Chrome and Safari) and Search engines (Google Search) to Operating Systems (Google Android, iOS, Windows PC OS).

Once designated, these companies had six months to comply with the full list of “do’s and don’t’s” under the DMA, including requiring them to offer a range of interoperability obligations i.e., allowing functionalities, such as messaging, of third parties to ‘inter-operate’ with the gatekeeper’s own similar functionalities in certain specific situations. This is designed to result in more choice and increased freedom to end users and business users of the gatekeepers’ services.

Considering the material impact of the DMA and its obligations, it is perhaps not surprising that three of the designated gatekeepers – Apple, Meta and ByteDance – have appealed the Commission’s designation assessments that some of their services have been classed as a CPS.

Meta, whilst accepting the designation status of Facebook generally, is appealing the Commission’s assessment that its number independent ‘Messenger’ service and online intermediation service ‘Facebook Marketplace’, should be designated with gatekeeper status.

ByteDance has more generally challenged the Commission’s substantive decision designating TikTok itself as a CPS, and also argues that there were a number of procedural flaws in the Commission’s designation process, which it considers renders the Decision unlawful. The procedural flaws alleged include a failure by the Commission to be transparent about the issues of fact or law it was relying on in going about its designation process and that it failed to properly afford ByteDance proper rights of defence.

ByteDance’s appeal includes claims that complying with the EU rules would lead to the disclosure of highly confidential, strategic information concerning its user profiling practices which undermine its commercial use of the platform. As a consequence, ByteDance made an application to the EU General Court for interim relief to suspend the effects of its designation, so that it would not be required to comply in March, until the Court of Justice could hear its full appeal.

On 9 February, European General Court handed down its Order dismissing ByteDance’s bid for interim relief. In rejecting its application, the Court said that:

“ByteDance has failed to demonstrate the urgency required for an interim order in order to avoid serious and irreparable damage” and that they have “not shown that there is a real risk of confidential information or that such a risk would give rise to serious and irreparable harm.”

The General Court, no doubt whilst also reaffirming that the conditions for granting interim relief present a particularly high bar to meet, also stated that claims of harm that are ‘pecuniary’ and ‘hypothetical in nature’ are ‘difficult to reconcile’ with the test for interim relief. The General Court also noted the Commission’s evidence that ByteDance had also failed to follow the administrative process set down under the DMA if it disagreed with the Commission’s decision, requiring it to first submit an application under Article 9(1) requesting a suspension of the designation i.e., that it had failed to exhaust the requirements of the administrative process before seeking relief. This is likely to have further implications for other designation appeals who also missed this step.

Apple also challenged the Commission’s designation decision of its iOS and the ‘App store’ as each constituting a CPS. In relation to Apple’s iMessage service the Commission agreed with Apple that despite meeting the quantitative threshold for designation there was sufficient doubt that iMessage (at least) (along with Microsoft Bing, Edge and Microsoft Advertising) should be designated as a CPS and opened investigations to consider those separately. On 12 February the Commission concluded those investigations by agreeing and deciding not to designate iMessage, Microsoft Bing, Edge and Microsoft Advertising. A clear win for the digital operators involved, but also a message to industry that the Commission was not approaching the process with a closed mind from the outset if sufficient and robust evidence and arguments in opposition to its initial views can be marshalled.

The appeals of the Commission’s designation Decisions are to be heard by the General Court, likely later in the year. The designation decisions will be subject to full merits review by the General Court, in line with its jurisdiction to do so. When the time comes to review decisions on penalty, as it inevitably will, the General Court will similarly apply its unrestricted jurisdiction to re-consider those in full.

Of particular interest to many, has been what the new interoperability rules mean for the gatekeepers of number-independent intercommunications services (or “NI-ICS”), as specific obligations will apply to core platform services such as WhatsApp and Messenger: according to Article 7 of the DMA, designated gatekeepers providing NI-ICS shall make basic functionalities of its NI-ICS interoperable with the NI-ICS of another provider offering or intending to offer such services, by providing the necessary technical interfaces or similar solutions that facilitate interoperability, upon request and free of charge.

To meet its obligations under Article 7(4), the DMA set staggered timeframes for the provision of the basic functionalities to third parties, where the gatekeeper itself provides NI-ICS to its own end-users – the first of these come into effect from 7 March 2024 for the first group of designated gatekeepers – to provide interoperability access for end-to-end text messaging and the sharing of images, voice messages, videos and other attached files in end-to-end communications between two individual end-users.

To facilitate the practical implementation of interoperability, a reference offer was required under the DMA to be published within six months after the designation decision and updated where necessary by the designated gatekeeper. Once the reference offer has been published, a gatekeeper is required to comply with any reasonable interoperability request within three months. At the very least, the General Court’s decision to reject ByteDance’s application to suspend their gatekeeper status provides some certainty that all six gatekeepers will be expected to have published reference offers by 6 March at the latest.

However, as can be seen from an open letter published on 16 January, business and trade associations across Europe have accused gatekeepers of either failing to engage in a dialogue with third parties or have presented solutions falling short of compliance with the DMA.

The signatories of this letter have urged not only the gatekeepers to engage with impacted third parties as soon as possible, but also the European Commission and the European Parliament to use all avenues within their power to ensure that the gatekeepers comply with “the letter and the spirit of the DMA”. As the DMA already includes anti-circumvention provisions under Article 13, with Article 13(4) requiring gatekeepers not to engage in in “any behaviour that undermines effective compliance with the obligations of Articles 5, 6 and 7 regardless of whether that behaviour is of a contractual, commercial or technical nature, or of any other nature, or consists in the use of behavioural techniques or interface design”, unless that engagement happens quickly and effectively, it will shortly be up to the Commission to decide whether it wishes to open proceedings against the gatekeepers for failing to meet these obligations in a timely manner.

It is not surprising to those within the industry that these challenges have been faced – the different systems involved not only will include proprietary information which the gatekeepers will be keen to protect but are complex and will require collaboration between the gatekeepers and different access seekers, to establish the technical – and practicalities of the interoperability access sought, with debates over what is “reasonable access” expected between the parties.

Six months to implement the first tranche of interoperability rules, based on the complexities of the systems involved and the far-reaching effects of the new obligations, was always going to be challenging. Considering how many elements of the DMA rules are influenced by existing telecommunications rules, where many disputes, in arguably less complex areas with less data privacy and security issues to consider, the European Commission may have benefitted from considering industry examples where longer timescales were set, allowing for the successful – and on time – implementation of regulatory changes: for example, previously in the UK, Ofcom announced their Auto-Switch Reforms in December 2017 but these did not take effect for 19 months later, until July 2019. In reviewing this process, in an ex-post evaluation of the Reforms and their adoption, Ofcom noted that the Reforms were completed on time, with the implementation successfully managed by the industry.

Even with a 19 month-implementation window, the UK’s mobile industry had to work collaboratively in order to meet these timescales, with discussions being held not only with the Regulator, but other key parties including the NICC (who set the UK Interoperability standards for MNP) and the Mobile Number Portability Operator Steering Group (the “MNP-OSP” – an unincorporated association which provides a forum for its members to meet and agree practical, technological and procedural arrangements to provide mobile number portability) for the new systems to work in a compliant way.

Given the technical complexities and questions as to how it will all work in practice, and as is also common with the bedding in of any new regulatory framework, disputes are bound to arise. Access seekers will no doubt be keen to test the efficacy of the somewhat aspirationally worded alternative dispute resolutions mechanism framework in the DMA which states that gatekeepers ‘shall’ publish general conditions of access, including an ADR settlement mechanism. The DMA sets out that the ADR mechanism will be ‘Union based’ and must be ‘easily accessible, impartial, independent and free of charge for business users and proportionate’. However, given the wording, little has been published about how the ADR mechanisms will work in practice and there seems scope for the ADR mechanism to be undermined or ignored if industry and/or gatekeepers feel it is simply going to waste time if they think jumping straight to public or private enforcement is likely inevitable or more efficient (or fruitful).

In that event, access seekers also have the usual rights to complain directly to the Commission or to a competent national authority if they consider that a gatekeeper is failing to comply with the requirements of the DMA, such as in relation to interoperability. It’s worth noting that National Regulatory Authorities are required to provide any information they receive to the Commission that indicates non-compliance, which seems intended to ensure the Commission maintains a broad view of compliance across the framework.

Given the wide discretion the Commission exercises whether to take on complaints (and in light of its very limited resources) access seekers may end up heading down the private enforcement route quite quickly. As an EU ‘Regulation’ containing precise obligations and prohibitions the DMA has ‘direct effect’ in member states in that it can be enforced directly in national courts. The Commission has also stated that this will ‘facilitate direction actions for damages by those harmed by the conduct of non-complying gatekeepers’, a clear statement of the Commission’s support for private rights of enforcement and remedies.[1]

Once access is agreed, those with interoperability access will need to consider how this in turn impacts other legal obligations such as their compliance with GDPR – the DMA has a particular focus on data and introduces a data portability obligation. This requires gatekeepers to provide an end user and/or business user with access to data provided by the user or generated through the activity of the user through use of the gatekeeper’s CPSs, including the provision of continuous and real-time access to such data. How satisfaction of the portability obligation in relation to business users will align with the GDPR-imposed data subject rights remains to be seen. With the “portability” obligation requiring that any disclosure of data is disclosed in a format that is not only reusable, there will still be key aspects to be worked through.

We’ll be following developments in this area closely and will posting updates as and when they become available.

References

[1] https://ec.europa.eu/commission/presscorner/detail/en/qanda_20_2349