Digital Markets Authority (DMA) Regulation

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL ON CONTESTABLE AND FAIR MARKETS IN THE DIGITAL SECTOR (DRAFT 15.12.2020)

[Digital Markets Act, DMA]

DMA - Summary

The DMA will impose obligations on certain digital service providers, the so-called “access gatekeepers” (providers of the so-called basic platform services that meet additional prerequisites of business size or customer volume). The European Commission will become the oversight body for DMA compliance.

DMA - Impact

The DMA will regulate the specific obligations of providers of certain digital services, known as the “access gatekeepers.” An access gatekeeper is a business designated by the European Commission to provide one of the core services of the platform and which:

– provides key platform services that serve as an important service for business users to reach their end users (over 45 million monthly active end users based or located in the EU and over 10000 active business users per year in the EU in the last financial year)

– has an established and sustainable market position within its business area or, based on relevant predictions, may have such a position in the near future (where the thresholds for the number of users have been reached in each of the last three financial years)

The platform’s core services are the following:

– Internet brokering services (pursuant to Article 2(2) of Regulation 2019/1150);

– Internet search engines (pursuant to Article 2(5) of Regulation 2019/1150);

– online social networking services (a platform that allows end users to connect, share, discover and communicate with each other across multiple devices, particularly through chats, posts, videos and recommendations);

– video sharing platform services (pursuant to Article 1(1aa) of Regulation 2010/13);

– non-number based interpersonal communication services (pursuant to Article 2(7) of Regulation 2018/1972);

– operating systems (system software that controls the basic functions of hardware or software and allows applications to be run);

– cloud processing services (pursuant to Article 4(19) of Regulation 2016/1148);

– advertising services, including advertising networks, advertising exchanges, and any other advertising intermediation services provided by a platform key service provider offering other services listed above,

– virtual assistants.

DMA – what we provide

  1. Representation in notification proceedings before the European Commission
    • Preparation of an application and handling of proceedings before the European Commission to notify that the conditions for access gatekeeper status have been met
  2. Audit of digital service provider operations
    • Business review and preparation of recommendations to implement DMA obligations.

DMA – impact and requirements

  1. The activities of the providers of platform core service will be supervised by the European Commission. As part of the supervisory responsibilities, duties will be imposed on the access gatekeeper with respect to the European Commission
    • notifying the Commission of the fulfillment of the conditions for granting access gatekeeper status within 3 months of their fulfillment
    • implementation of measures imposed on the access gatekeeper by the European Commission to ensure compliance with the obligations under the DMA
    • notifying the European Commission of proposed concentrations of the gatekeeper with any other provider of core platform services or any other services provided in the digital sector, whether there is an obligation to notify the competent supervisory authorities of the Member State concerned under national or EU provisions on concentrations
    • sending the European Commission an independently audited description of the consumer profiling techniques that the access gatekeeper uses for its core platform services, within 6 months of being granted the access gatekeeper status (and renewing the description at least annually)
    • transmitting to the European Commission, upon its request, all the information necessary for the purpose of supervisory activities
    • implementing interim measures imposed by the European Union on the access gatekeeper (in case of serious risk of irreparable damage to business or end users)
    • paying penalties for non-compliance with the DMA if the European Commission issues a decision determining such non-compliance
  2. The access gatekeeper will have additional responsibilities related to the user data
    • refraining from combining personal data obtained through the core platform services with personal data obtained through any other services offered by the access gatekeeper or with personal data obtained through services provided by third parties
    • refraining from registering end users as users of other services provided by the access gatekeeper for the purpose of combining personal data (unless the user has been presented with a choice and has consented thereto pursuant to the DPA)
    • ensuring that the data generated in the course of business of a business user or activities of the end user are truly portable and, in particular, provide end-users with tools to facilitate data portability in compliance with the GDPR, including by ensuring that end-users may access data in real time at all times
  3. A number of responsibilities will be placed on the access gatekeeper with respect to business users of its key platform services
    • enabling business users to offer the same products or services to end users at prices or on terms different from those provided as part of online intermediary services rendered by access gatekeepers
    • enabling business users to promote offers to end users acquired through the core platform services and
    • ensuring that contracts may be entered into with such end users whether or not they use the underlying platform services provided by the access gatekeeper for this purpose
    • refraining from preventing or hindering business users from commenting to the appropriate public authority on any practices committed by access gatekeepers
    • refraining from imposing an obligation on business users to use the identification service provided by the access gatekeeper in the context of the services offered by business users through the core platform services of that access gatekeeper, including an obligation to offer such identification service or to interact with such service
    • refraining from imposing an obligation on business users or end users to become subscribers or register as users of any other basic platform services as a requirement, whose fulfillment, will enable them to access, become subscribers or register as users of any of the basic platform services they provide
    • refrain from using, in the context of competition with business users, any non-publicly available data generated in the course of activities of such business users, including data generated by the end-users of those business users who use its core platform services, or any non-publicly available data provided by those business users who use its core platform services or services provided by the end-users of those business users
    • enabling business users and ancillary service providers with the to access the same operating system, hardware, or software functions that are available to or used by the access gatekeeper to provide any ancillary services, and ensuring interoperability of the said operating system, hardware, or software functions
    • enabling business users or third parties authorized by a business user to take advantage of free, real-time, continuous, high-quality access and use of aggregated or non-aggregated data provided or generated as part of the use of relevant core platform services by those business users and by end users coming into contract with the products or services offered by those business users; as far as personal data are concerned, providing access to and use of such data only if they are directly associated with the end user’s use of the products or services offered by the relevant core platform service by the relevant business user and if the end-user chooses to provide such data by giving consent within the meaning of the GDPR
    • allowing users fair and non-discriminatory terms and conditions of access to its app store
  4. A number of responsibilities will be placed on the access gatekeeper with respect to end users of its key platform services
    • enabling end users to uninstall any applications pre-installed as part of the offered core platform services, without prejudice to the ability of the access gatekeeper to limit the scope of such installation so that it does not include any applications that are critical to the operation of the operating system or device and that may not be offered by third parties as a stand-alone product due to technical reasons
    • refraining from technically restricting end users from using and subscribing to various applications and services that may be accessed using the access gatekeeper operating system, also when it comes to choosing a provider of Internet access services for end users
    • refraining from imposing an obligation on business users or end users to become subscribers or register as users of any other basic platform services identified pursuant to Article 3 or thresholds set in Article 3 item 2(b) as a requirement, whose fulfillment, will enable them to access, become subscribers or register as users of any of the basic platform services they provide;
    • enabling end users, through the underlying platform services provided by the access gatekeeper, to access and use content, subscriptions, features or other elements via the business user application if the end users have obtained those elements from the relevant business user without using the underlying platform services provided by the access gatekeeper
  5. A number of obligations will be imposed on the access gatekeeper towards third parties
    • upon their request, providing advertisers and publishers receiving advertising services, with the information regarding the price paid by the advertiser and publisher and the cost or amount of compensation paid to the publisher for the publication of a particular advertisement and any relevant advertising services provided by the access gatekeeper
    • upon their request and free of charge, providing advertisers and publishers with access to the performance measurement tools of the access gatekeeper and information needed by advertisers and publishers to conduct their own verification of advertising inventory
    • upon their request, providing any third-party search engine provider with access to the placement, query, click and display data associated with free and paid searches made by end users using the search engines of the access gatekeeper (subject to anonymization of query, click and display data that is personal information), on fair, reasonable and non-discriminatory terms
    • allowing the installation and effective use of third-party applications or application stores offered by third parties that use operating systems of the access gatekeeper or co-operative systems, and allowing access such applications or application stores other than through the underlying platform services provided by the access gatekeeper. The access gatekeeper must be able to take proportionate action to ensure that the applications or application stores offered by third parties do not compromise the integrity of the hardware or operating systems provided thereby
    • refraining from offering services and products of the access gatekeeper or any third party belonging to the same company on more favorable terms than similar services or products offered by another third party, instead, offering such services and products on fair and non-discriminatory conditions

DMA – contents

1 – Subject matter, scope and definitions
(a) positive scope
(b) disconnection of the electronic communications network
(c) disconnection of the electronic communications services
(d) access gatekeeper as provider of essential platform services specified pursuant to Article 3
(e) list of the platform core services

2 – Access gatekeepers
(a) conditions for acquiring the status
(b) mode of designation
(c) overview of the access gatekeeper status

3 – Practices of access gatekeepers that are unfair or have restrictive effects on competition
(a) responsibilities of access gatekeepers
(b) powers of the European Commission relating to the duties of access gatekeepers
(c) obligation to inform about concentrations

4 – Market research
(a) powers of the European Commission to initiate market research
(b) market research to appoint access gatekeepers
(c) market research on systematic non-compliance
(d) market research on new services and new practices

5 – Investigative, enforcement and inspection powers
(a) powers of the European Commission to instigate proceedings
(b) powers of the European Commission to demand information
(c) powers of the European Commission to hold hearings
(d) powers of the European Commission to carry out inspections
(e) provisional measures
(f) monitoring of the effective implementation of DMA responsibilities
(g) decisions concerning non-compliance
(h) fines
(i) right of audience and the right of access to files
(j) professional secrecy
(k) cooperation with national authorities and courts
(l) high-level group

6 – General provisions
(a) overall transparency of the EC decision
(b) judicial control by the Court of Justice of the EU
(c) delegated acts
(d) entry into force on the 20th day after publication
(e) application from 2 May 2023, with exceptions

DMA – FAQ

  1. What is the difference between end users and business users?
    • Business users use key platform services as part of their business or professional activities to provide goods and services to end users.

MILESTONES CALENDAR

  • 2021 Ongoing work on the project in the bodies of the European Union
  • 15.12.2020 Project announcement (go to project page)
  • 25.03.2022 Agreement between the Council and the European Parliament
  • 11.05.2022 Publication of the compromise text (go to text)
  • 05.2022 – postponement of entry into force until 2023
  • 12.10.2022 – publication in OJ, entry into force 20 days after publication
  • 02.05.2023 – start of application (with exceptions)

Also check

#Banking & Fintech #Online & eCommerce #Retail

New account access rules without SCA

On July 25, 2023, the amendment to the RTS to PSD2 enters into force, changing the rules for logging into the account without SCA

New account access rules without SCA

#Banking & Fintech #DLK Legal #Event #Online & eCommerce #Retail

Online, 04.2021

Buy Now Pay Later Summit Europe 2021

Panel dyskusyjny Buy Now Pay Later Summit Europe 2021

Buy Now Pay Later Summit Europe 2021

#Banking & Fintech #Online & eCommerce #Retail

Designing a deferred payment service (Buy Now, Pay Later): regulatory requirements

kredyt konsumencki - KYC - usługa płatnicza

Designing a deferred payment service (Buy Now, Pay Later): regulatory requirements

Contact us

Warsaw Office

Ogrodowa City Gate
ul. Ogrodowa 58
00-876 Warsaw

map > +48 22 652 26 18

Cracow Office

ul. Jana Kilińskiego 2
30-308 Cracow

map > +48 12 31 51 841