Privacy & Cybersecurity Law Blog

On November 1, 2022, the Digital Markets Act (the “DMA”) entered into force. The DMA introduces new rules for certain core platforms services acting as “gatekeepers” in the digital sector (including search engines, social networks, online advertising services, cloud computing, video-sharing services, messaging services, operating systems and online intermediation services). The DMA also aims to prevent such platforms from imposing unfair conditions on businesses and consumers, and to ensure the openness of important digital services.

To be considered a “gatekeeper” and therefore subject to the DMA, a business must:

• Have a certain annual turnover in the European Economic Area (“EEA”) and provide a core platform service in at least three EU Member States;
• Provide a core platform service to more than 45 million monthly active end users established or located in the EU and to more than 10,000 yearly active business users in the EU; and
• Have an entrenched and durable position in the EU. This is presumed to be the case if a business meets the second criterion described above in each of the last three financial years.

The DMA contains a list of requirements with which gatekeepers must comply to ensure fair and open digital markets, including:

• Allowing end users to install third-party apps or app stores that use or interoperate with the gatekeeper’s operating system;
• Allowing end users to unsubscribe from the gatekeeper’s core platform services as easily as they subscribe to them;
• Providing companies advertising on a gatekeeper’s platform with access to the gatekeeper’s performance measuring tools and information necessary to allow advertisers and publishers to conduct their own independent verification of their advertisements hosted by the gatekeeper;
• A ban on using the data of a business user if the gatekeeper competes with the business user on the gatekeeper’s own platform;
• A ban on ranking the gatekeeper’s own products or services more favorably compared to those of third parties hosted on the gatekeeper’s own platform; and
• A ban on tracking end users outside of the gatekeepers’ core platform service for the purpose of targeted advertising without obtaining appropriate consent.

Next Steps

The DMA will become applicable in six months, as of May 2, 2023. Businesses will have until July 3, 2023, to register their core platform services with the European Commission if the business believes it meets the DMA’s “gatekeeper” thresholds. Following such registration, the European Commission will assess whether the business meets the “gatekeeper” threshold, and if so, designate the business as a gatekeeper. Following such designation, a gatekeeper will have until March 6, 2024, to comply with the requirements of the DMA.

The European Commission will publish an implementing regulation containing provisions on the procedural aspects of registration with the European Commission.

Read the official text of the DMA.

Read Questions and Answers on the DMA.

Read the European Commission’s press release on the DMA.