Sign in Subscribe
8 min read

What is the DMA?

This week, I've decided to read and attempt to understand the DMA. This is a significant piece of legislation affecting tech companies in the EU, and although I've heard lots about it from other tech commentators, this will be the first time I've read it. I am, of course, very late to this particular party. The DMA came into force in November 2022, and the first gatekeepers (see below) were designated in September 2023. It's taken me this long because I've just started writing my newsletter, but the advantage of getting here late is we can already see some of the impacts. However, this is a significant piece of legislation, so I will split this analysis across multiple weeks. Today is about understanding what the DMA says, with the implications coming next time.

Below is my summary and understanding. Hopefully, this is obvious, but I'm not qualified to advise on complying with the DMA, so please don't treat this as such.

The Spirit of the DMA

The thrust is that 'market processes are often incapable of ensuring fair economic outcomes with regard to core platform services' and, therefore, 'the purpose of [the DMA] is to contribute to the proper functioning of the internal market by laying down rules to ensure contestability and fairness for the markets in the digital sector in general, and for business users and end users of core platform services provided by gatekeepers in particular'. Sounds good so far.

The reason this is explicitly targeted at digital markets is that the services that make up those markets typically have very strong economic powers arising from one or more of the following:

  • Extreme scale economies, often resulting from near-zero marginal costs
  • Powerful network effects
  • Two-sided network effects from connecting users and businesses together
  • A significant degree of dependence from both business and end users
  • Lock-in effects
  • A lack of multi-homing for the same purposes by end users
  • Vertical integration
  • Data-driven advantages

This power makes it much more difficult for competitors to challenge gatekeepers. This, in turn, allows these gatekeepers to extract an unreasonably large amount of value from their marketplaces while stifling innovation.

I agree with that spirit; the DMA seems to be a well-intentioned attempt to limit the power of some of these massive platforms we all interact with regularly and allow others to compete with them and innovate. But what does the DMA say, and what does this mean for businesses?

Gatekeepers and Core Platform Services

The DMA is targeting core platform services, which, by their nature, are very likely to benefit from the powers listed in the previous section. The exact list of such services is in the next section of this article. A core platform service is designated as such simply by being a specific type of service.

Gatekeepers are large businesses that provide these core platform services, which have emerged 'with considerable economic power' (more below).

The image below, taken from the European Commission's website, shows the designations of gatekeepers and core platform services at the time of writing this article.

N-IICS: Number-independent interpersonal communication services

Most of these probably don't come as a surprise. I wouldn't initially think of Booking.com in this context because regulators don't seem to hate it as much as the others, but I wouldn't argue that it should be there. iPadOS seems like a strange addition as it feels significantly less powerful than everything else in this image. Still, there's probably enough overlap between it and iOS that it doesn't make that much difference. At some point in the future, I plan to dig into each gatekeeper and what grounds they were designated on, but not in this post.

How do you end up a Core Platform Service or Gatekeeper?

A core platform service is any of the following:

  • Online intermediation services
  • Online search engines
  • Operating systems
  • Online social networking
  • Video-sharing platform services
  • Web browsers
  • Online advertising services, including advertising intermediation services

However, being a core platform service alone does not mean you're subject to the DMA, and it is only when the business that runs the service is designated as a gatekeeper that these rules start to apply. The conditions to be designated as a gatekeeper are:

Two things to note here:

  1. The Commission has the right to designate as gatekeepers any business that is likely to meet these criteria soon, to avoid crossing a 'tipping point' beyond which it becomes more complicated or impossible to undo their power.
  2. The qualitative and quantitative criteria are deliberately separate: if you meet the quantitative criteria, you're automatically a gatekeeper, but even if you don't, the Commission can argue that you meet the qualitative criteria and designate you as such.

When deciding whether a business meets those criteria, they seem to consider how close they are to those quantitative thresholds and a view of the business's competitive powers, as described in the first section of this article.

Then what do you have to do?

There is some logic behind the designation of core service platforms and gatekeepers: big companies with many users and businesses and competitive forces that give them significant power over both. Once you see the final list, there's not much of a surprise, nor any businesses that people will have much sympathy for.

The problem is that this is a list of very diverse businesses with very diverse business models. How can the DMA impose coherent requirements across all of them that get to the root of their economic power? Well, as it turns out, that's hard. I would also argue that trying to do so in a single piece of legislation will have unintended consequences.

But before doing that, it's worth considering again what the DMA is trying to achieve. From my opening paragraph: 'market processes are often incapable of ensuring fair economic outcomes with regard to core platform services' and, therefore, 'the purpose of [the DMA] is to contribute to the proper functioning of the internal market by laying down rules to ensure contestability and fairness for the markets in the digital sector in general, and for business users and end users of core platform services provided by gatekeepers in particular'.

I'm still unsure about what they want to happen here. It seems like success for the DMA would be another company successfully challenging the core platform service of one of the gatekeepers. But there are two ways to achieve that outcome:

  • Opening up the competition: making it easier for other businesses to provide competing services, such that a new, better service comes along that pulls users away from the core platform service
  • Slowing down gatekeepers: preventing gatekeepers from improving their core service platforms, or at least making it hard for them to do so, to help an alternative eventually provide a better service and pull users away

The former would be more pro-competition and better for end users: gatekeepers would be forced to innovate quickly or potentially lose market share. I suspect the authors of the DMA, though, are aiming for both. It's worth clarifying which outcome you think is right and then reading through the section below.

I've tried to add some structure to the obligations by grouping them, but this is my own structure and not reflected in the DMA itself. I have also attempted to cover most of what's in the DMA, but I certainly can't claim to have been exhaustive.

Data

Gatekeepers cannot use the data they gather by providing a core platform service to their advantage. This means they cannot collect data from third parties on the platform, use non-publicly available data to compete with their business users, combine platform data with other data or cross-use that data without explicit permission, freely given, to do so.

They also must provide both end users and business users, on request and free of charge, access to the data provided or generated by their use of the platform for data portability. This includes a real-time stream of this data.

Software and App Stores

Gatekeepers must allow users to uninstall non-essential software, change the defaults (including an initial prompt to set the default) and allow third-party app stores with 'strictly necessary and proportionate' measures to ensure the integrity of the hardware or operating system. They also must not restrict the ability of end users to switch between and subscribe to different software applications and not treat their services more favourably. Finally, gatekeepers cannot require end users to subscribe to one core platform service to get full access to another.

Integration and interoperability

Gatekeepers must allow providers of services or hardware and business users to interoperate with and access the same hardware and software features accessed or controlled by the platform.

Payments

Gatekeepers shall not require end users to offer or interoperate with the gatekeeper's payment or identification service.

Access to customers

Gatekeepers shall not prevent businesses from offering the same products or services elsewhere on different terms, communicating offers available through other channels, or accessing content and subscriptions acquired outside the platform.

Advertising

Gatekeepers must provide each advertiser or an authorised third party with information concerning the advertisement placement, the price and fees paid by the advertiser, the remuneration to the publisher, and the metrics used to set those values. Similarly, publishers or their authorised third parties must receive information concerning the remuneration and fees they received, the price paid by the advertiser, and the metrics on which those were calculated. Finally, advertisers, publishers, and their authorised third parties must be provided with access to the gatekeeper's measurement tools and data to carry out their independent performance verifications.

Number-Independent Interpersonal Communication Services

Gatekeepers must make their basic functionality interoperate with other providers while preserving the level of security (e.g. end-to-end encryption) across services. This functionality is:

  • Immediately on designation: end-to-end messaging and sharing of images, voice messages, videos and other attachments between individuals
  • Within two years: end-to-end messaging, and sharing of images, voice messages, videos and other attachments across groups
  • Within four years: end-to-end voice and video calls between users and groups

And if you don't?

The fine can be up to 10% of global revenue for the business if you don't comply with the DMA once. If you're found guilty of a repeat offence, then that rises to a maximum of 20% of global revenue. A repeat offence is committing 'the same or similar' infringement within eight years(!) of the first.

So far, it's not clear how much of this is to make the DMA seem scarier, with the actual fines ending up lower. For now, though, everyone (including the affected gatekeepers) has to assume this is at least a possibility and take this very seriously. For context, Apple's net profit ratio (the percentage of revenue that makes it down to the net profit line) has been 20-25% in the last five years. For Meta, it's been 20-35%. Net income isn't the ideal measure of what the company can afford to pay, and even if they were fined, it's likely they'd be able to spread out the payment, but the point is the DMA isn't something these businesses are taking lightly.

So what?

I shouldn't be surprised that my summary of a 66-page regulation has become a long article. I want to explore each category's implications for the affected businesses and whether that's good or bad in the context of innovation. However, doing that here would make this an intolerably long article, so that's what I'll be writing about next week.