Denis Kolbas

by
DENIS KOLBAS

CONTACT

Essential Guide to the Digital Markets Act (DMA)

Published on

Digital Markets Act (DMA) is another groundbreaking legislative policy imposed by the European Council in the European Economic Area (EEA). EEA includes 27 EU countries, and also Iceland, Liechtenstein and Norway.

The objective of the regulation is to make the digital economy fairer and more contestable. It’s aimed to prevent large companies identified as “gatekeepers” from abusing their market power and preventing new players from entering the market.

For the most part, it became applicable on May 2, 2023, but companies had to become compliant by March 7, 2024. We are now starting to see the real effect of the policy, so it’s a great time to discuss what it actually means for everybody working in tech or just being a tech consumer.

Digitial Markets Act (DMA) Timeline

Image source: europa.eu

The DMA doesn’t have a direct impact on all digital products in a way like GDPR did, where every business present in the EU market had to become compliant. DMA targets big tech companies like Google, Apple, Microsoft, etc. and their core services like search engines and app stores that host the majority of world’s transactions and traffic. It’s changes to those services that have a direct impact on every consumer in the world, so it’s clear that every ambitious business with a digital presence has to be on top of these changes.

Who are the Gatekeepers?

Gatekeeper companies are defined by these criteria:

  • Companies with a market cap of €75 billion OR yearly turnover in EEA equal or larger than €7.5 billion for three years at least.
  • Platforms that have at least 45 million MAU for three years in a row in the EU AND more than 10k active businesses in the EU.

There are 6 companies that have been designated as gatekeepers by the European Commission so far:

  • Alphabet (the parent company of Google)
  • Amazon
  • Apple
  • ByteDance (the parent company of TikTok)
  • Meta (the parent company of Instagram, Facebook, WhatsApp)
  • Microsoft

It’s crucial to mention that if the company is designated as the gatekeeper, not all of its platforms are impacted – only the ones that satisfy the above listed criteria. For example, Microsoft is designated as a gatekeeper because of LinkedIn and Windows, but Bing Search and Advertising is not impacted yet.

The regulation covers eight different sectors which are referred to as Core Platform Services (CPS).

  • online search engines
  • online intermediation services
  • social networks
  • video sharing platforms
  • communication platforms
  • advertising services
  • operating systems
  • cloud services

In plain language, these cover intermediary services that host the majority of the world’s transactions, communication and data. Such dependency on these platforms creates a bottleneck that is a threat to consumers and the free market.

In the context of six gatekeeper companies, these are the impacted services:

CompanyServices
Alphabet (Google)(9) Google Seach, Google Maps, Google Play, Google Shopping, Youtube, Google Advertising, Android OS, Chrome
Amazon(1) Amazon Advertising
Apple(4) App Store, iOS, iPadOS, Safari
ByteDance (TikTok)(1) TikTok
Meta(6) Meta Marketplace, Facebook, Instagram, WhatsApp, Messenger, Meta Advertising
Microsoft(2) LinkedIn, Windows OS

It’s important to mention that new gatekeepers can be identified through time. For example, iPadOS wasn’t on the list initially, but has been designated the gatekeeper status on April 29, 2024.

Other services and companies under scrutiny that might find themselves on the list in the near future are:

  • Microsoft Bing, Edge Browser, Microsoft Advertising
  • Apple iMessage
  • Booking.com, AirBnB
  • Netflix, Amazon Prime Video, HBO, SKY, DAZN
  • Spotify, Apple Music, Amazon Music
  • Samsung

In the future, existing gatekeepers have to notify the EU commission on their intended future merger or acquisition, while new gatekeepers have to notify the commission themselves once they surpass the above defined threshold.

Gatekeepers’s obligations & prohibitions

Article 5 of the regulation:

  • Personal data limitations
    • For advertising purposes, can’t process personal data of users using services of third parties that make use of gatekeeper’s core service. 
    • Can’t combine personal data from multiple core platforms or third-party services. 
    • Can’t automatically sign up users for other services offered by the gatekeeper without explicit consent.
    • If the consent is refused or withdrawn, the end-user can’t be asked again within a period of one year.
    • For example, Netflix (a third-party) app is available on Google Play (gatekeeper’s core service). Google has personal data of all users who downloaded the app, but it can no longer feed it to its advertising algorithm.
    • Another example is that Meta can’t combine data from Facebook, Instagram and WhatsApp without the end-users’ consent.

  • Pricing Equality
    • Can’t forbid business users (e.g. apps) to offer their products or services at different prices or conditions on other services or their online sales channels.
    • For example, Amazon requirement for e-book publishers to apply their best conditions on the Amazon e-book marketplace is invalid.
    • Might have a huge impact on travel marketplaces like Booking.com, AirBnB, Expedia which often mandate that you have to offer the best deal on their site.
    • You could now run a better deal on your website and skip on fees imposed by intermediary platforms. They can no longer penalize you for that.

  • Payment storefront freedom
    • Allow business users (e.g. apps) to promote offers on gatekeeper’s core platforms or other channels and allow them to take payments outside the core platform. 
    • Allow users to use services, content, subscriptions, features or other items on the gatekeeper’s platform, even though they haven’t been purchased through the platform.
    • For example, you could now promote an offer on the App Store, but direct users to your website for the payment.
    • In-app purchases can now also be done through a payment system of choice, not Apple only.
  • Online advertising transparency
    • Gatekeeper to provide advertisers and publishers with daily information, free of charge, at their request, with data concerning each ad placed by advertiser or displayed by publisher. This data includes:
      • price and fees paid by advertiser
      • payment received by the publisher
      • metrics on how prices, fees and payments are calculated
    • Publishers and advertisers can revoke consent to share this information. In that scenario, the gatekeeper will provide the daily average for the respective entity.
    • This simply means you get to see what’s the cut that advertising networks take. For example, you placed a display ad on Google. You can now see that your CPC is €0.50, that a publisher received €0.20, and that Google took a €0.30 cut.
    • Also, you’ll be able to do your own independent verification of the advertising inventory using “raw” data, breaking down the secret barrier imposed by the ad networks.

Article 6 of the regulation: 

Obligations that might need to be specified with each gatekeeper individually.

  • Fair competition
    • Prohibits a gatekeeper from using not-publicly available data generated by the business users to compete with them.
    • For example, Amazon can’t use data to identify best-selling products and create copycat versions, then rank them at the top of search results.

  • Device neutrality 
    • Allow users to uninstall pre-installed applications on devices. 
    • Allow users to easily change default settings that steer users towards gatekeepers platforms.
    • You can now uninstall Microsoft Edge and disable annoying pop-ups trying to make you put it as the default browser.

  • Sideloading
    • Allow the installation of third-party apps and app stores using its operating system. Also, give users the option to set an app or app store as their default.
    • This is a big hit for Apple’s closed ecosystem, which might lose app store transaction fee (15-30%) on apps downloaded from third-party party app stores. Apple introduced a scary €0.50 core technology fee (CTF) to fight this – explained in more detail later.
    • New iOS store named AltStore PAL is already available to use for EU users.
  • No self-preferencing
    • Gatekeepers can’t treat their own products or offerings more favorably in rankings.
    • For example, companies like Google and Amazon shouldn’t be artificially displaying their products among top results in search. Ranking criteria must be equal for all.

  • Interoperability
    • Allow third-party providers and business users free of charge interoperability to the same hardware and software features accessed or controlled via its operating system or virtual assistant.
    • For example, if the new iPhone comes with a cool feature enabled by some new hardware component, Apple must allow developers to access that component as well. They can’t “lock” it, so only the Apple’s app can ever have that feature.
  • Data portability
    • Provide users with an option to port data they have provided or generated using the gatekeeper’s core platform service to other platforms. This could include personal information, preferences, usage history, or any other data relevant to the service.
    • For example, you could port your music library and preferences between Apple Music and Spotify.
    • Provide businesses with real-time access to data that is generated on gatekeeper’s platform.
    • For example, as an Amazon seller, you could use this data to analyze the performance of your products and make informed decisions. The same goes for apps published on the app stores.

  • Search engine data access
    • Provide third-party search engines with access to data for ranking, query, click and views. Personal data shall be anonymized.
    • For example, a smaller search engine like DuckDuckGo can now access a part of Google’s data to enhance its own search engine offerings, fostering competition and innovation in the online search market.

Article 7 

This section covers the interoperability of number-independent interpersonal communication services (NI-ICS).

NI-ICS refer to communication platforms or applications that enable users to connect and interact with others without relying on traditional phone numbers. Examples are: WhatsApp, iMessage, Facebook Messenger, Telegram, Signal.

Make the basic functionalities of these services interoperable with similar services or another provider. Provide the necessary technical interfaces or similar solutions that facilitate interoperability, upon request, and free of charge.

This means that Android users could receive and send messages to and from iMessage, or you could call someone from Signal to WhatsApp. Apps would only be an interface that shares a standardized communication protocol, similar to how email functions today.

Image: Digital Markets Act article 7 timeline

This covers the whole regulation and what impact it may have in theory. Failure to comply with the regulation will lead to sanctions, including fines of up to 10% of the worldwide turnover for the first infringement, and up to 20% for repeated infringements. The EU is not messing around. Based on the turnover numbers of these services, potential fines would mount up to billions of euros.

All gatekeepers have released their compliance reports, which are hundreds of pages long, so let’s cover the most important updates below.

How did the platforms change so far?

Google (Alphabet)

  • More than 20 changes to search results.
  • Choice screens for default browser and search engine on Android. Randomly ordered, so Google’s services don’t have an advantage. Also coming to Chrome for desktop and iOS.
  • Consent settings for linking data between different Google services.
  • Alternative billing options for non-gaming app developers. The service fee still exists, but is reduced by 3%, meaning you pay 12% of the first $1M revenue earned and 27% of revenue excess of $1M.
  • External offers program allowing developers to lead users outside the app to promote offers. Requires approval, integration and comes with high fees during the two years following the user’s external transaction.
    • Initial acquisition fee: 5% for auto-renewing subscriptions and 10% for other offers of in-app digital features and services.
    • Ongoing services fee: 7% for auto-renewing subscriptions and 17% for other offers of in-app digital features and services.
  • Added additional data for EEA advertisers Play and Search Console, Merchant Center, Google Analytics, Google Ads and various other dashboards and APIs.
  • Launched data portability API that allows to transfer content of Chrome browser, Google Maps, Play Store, Google Search, Google Shopping, and YouTube to another service. Available in all EEA countries + the United Kingdom.

My take on this is that Google sucks. Their updates might be considered compliant, but are anti-business and against the spirit of the DMA regulation. Specifically talking about imposing fees on payments through third-party processors and even on linked-out payments done outside of Google Play.

The official blog post from Google covering the updates can be found here.

Apple

Changes to iOS (17.4 or later):

  • Controls to select a third-party contactless payment app (other than Apple Pay).
  • Controls to select an alternative app marketplace (other than App Store).
  • Safeguard mechanisms to prevent malicious apps.
  • Options (APIs and developer tools) for distributing iOS apps from alternative app marketplaces.
  • New framework and APIs for creating alternative app marketplaces.
  • New frameworks and APIs for alternative browser engines. Developers now don’t have to use WebKit as the browser engine.
  • Interoperability request form where developers can submit additional requests.

Safari

  • Choice screen for a default browser on first open of Safar in iOS 17.4 or later.

App Store (impacts iOS, iPadOS, macOS, watchOS, and tvOS)

  • Alternative payments changes
    • Options to implement third-party payment service providers into your app. 
    • Options to link-out for payments (complete a transactional outside the App Store).
    • Created an app transaction fee calculator for EU apps.
    • App Store product labels showing if the app uses alternative payment processing.
    • In-app payment disclosure letting users know they are about to use an alternative payment processor.
    • New app review process for developers who use alternative payment processors.
  • New business terms for Apps in the EU
    • 3% fee discount if you use alternative payment processor. Old fees if you use App Store payments.
    • Fees also apply for link-out purchases (e.g. purchases on your website linked from the App Store).
    • Introduced a €0.50 Core Technology Fee (CTF) for iOS. Apps will have to pay a €0.50 fee per app install above one million first app installs. Doesn’t apply to free apps, nonprofits, educational institutions and government apps. If you earn less than €10 million in global business revenue in 3 years, you get a 3-year free period. This is applied not only to the app store, but to web distribution and alternative app stores.
  • Expanded data portability site where users can retrieve data about their usage of the App Store.

This regulation is a big threat to the Apple’s closed ecosystem, so as a defense, they have been doing a lot of fear mongering in media, saying that these changes will have a negative impact on user privacy and security.

The official post from Apple covering the updates can be found here.

Amazon

  • Two new prompts (Store and Ads) asking for consent to link data between Amazon Store, Prime Video and Audible.
  • New data portability tools for users and developers.
  • Additional datasets for business users through Seller Central and the SP-API.
  • Implemented equal ranking criteria for third-party sellers and Amazon’s products.
  • Added advertising transparency tools.

The nice PDF with screenshots and explanations made by Amazon can be found here. It’s one of the best PDFs I’ve ever seen. So well explained.

TikTok (ByteDance)

The official post from TikTok covering the updates can be found here.

Meta 

  • Addressing data combining rules for advertising purposes, Introduced two service models for Facebook and Instagram.
    • Ad-funded: you have to consent for your personal information to be processed for advertising purposes.
    • Subscription-based: pay €9.99/month on desktop/web or €12.99/month on iOS and Android to withhold your consent and get ad free experience.
  • Six new consent moments giving choice to combine data across Facebook, Instagram, Facebook Messenger, Facebook Marketplace, Facebook Gaming Play and Facebook Dating.
  • Working on messaging interoperability of Messenger and WhatsApp with third-party platforms.
  • Updates to Download Your Information (DYI) and Transfer Your Information (TYI) tools:
    • Option for regular and automatic recurring data transfers for DYI and TI.
    • TYI recurrence increase from monthly to daily and increased duration from three months to one year.
  • New ad reports available to download via Ads Manager.
  • New ad transparency tool for publishers called “Monetization Manager”.

An official report from Meta covering the updates can be found here.

Microsoft 

Windows

  • Newer versions of Windows 10 and 11 are DMA compliant.
  • Option to uninstall Edge and Bing web search.
  • New sign-in experience that doesn’t auto sign-in users to all Microsoft services.
  • Enabled third-party web search through the Windows taskbar search box.
  • Enabled creating of third-party news feeds in Windows Widgets panel.
  • New practices in data handling, where data from apps running on Windows can’t be used for competitive purposes against app providers.
  • Added new consent screens for data combining purposes.

LinkedIn

  • Option to disconnect core LinkedIn from other services like LinkedIn’s Jobs, Marketing Solutions, and Learning services.
    • If you disconnect them, you’ll still have access, it’s just they don’t share data anymore.
  • New Member Data Portability APIs that allow members to download their LinkedIn data or share it with 3rd Party Application.
  • New Pages Data Portability API that allow page administrators to access: (1) data they have provided or generated while using LinkedIn; and (2) data provided or generated by LinkedIn members on their page.
  • New Advertiser Transparency API that enables advertisers to carry out verification of their LinkedIn advertisements inventory.

The official post from Microsoft covering the updates can be found here.

This is a summary of the biggest changes across all platforms. There are still hundreds, if not thousands, of other small changes for each platform that I have deemed not important enough, or just simply haven’t caught in official reports that are hundreds of pages long.

Just to demonstrate the scale of this regulation, there is stunning information where Meta claims to have spent 590,000 engineering hours making compliancy updates – that is 67 years.

World’s reaction to DMA

The regulation is applicable to the EEA region, but other world countries have taken steps to discuss implementation of similar regulatory frameworks inspired by the DMA. Those include:

  • Brazil
  • India
  • Japan
  • South Korea
  • UK

The hottest question is how will the United States react, as 5 out of 6 gatekeeper companies are from the US, and it’s the richest consumer market in the world. 

On one hand, debates about “big-tech” are rising. For example, an antitrust lawsuit was opened in December 2020 against Facebook in 46 states. On the other hand, Biden’s administration stance on DMA is not publicly known, and it’s hard to believe that a serious change will come due to the likely negative impact on the US economy.

Conclusion

Digital Markets act is a huge milestone for businesses and consumer rights. It gives businesses more ability to compete and retain more revenue, but it’s going to be a long battle. While gatekeepers have made some significant changes outlined in this post, they are still fighting hard against them to retain as much control as possible. New deadlines are coming, and new platforms will be designated as gatekeepers, so changes will be constant in months and years to come.

Lastly, as business and consumers, we also need to keep these companies accountable and fight for our rights. There are two mechanism available:

  • Every gatekeeper must have a DMA compliancy form where you can submit criticism
  • Raise any issue of non-compliance with the relevant Union or national law by the gatekeeper with any relevant public authority, including national courts, related to any practice of the gatekeeper. I recommend using the online complaint form sent to the European Commission.

How did you like this post?

Thanks for your feedback!
Previous Post
Next Post

🚀

Why name denis-test.com?

© 2024 Denis Kolbas

Privacy Policy