The European Union’s Digital Markets Act (DMA) is a proposal for bringing competition and fairness back to online platform markets. It just cleared a major hurdle on the way to becoming law in the EU as the European Parliament and the Council, representing the member states, reached a political agreement.

The DMA is complex and has many facets, but its overall approach is to place new requirements and restrictions on online “gatekeepers”: the largest tech platforms, which control access to digital markets for other businesses. These requirements are designed to break down the barriers businesses face in competing with the tech giants.

Although the details are very different, this basic approach is the same one used in various bills currently making their way through the US Congress, including the American Innovation and Competition Online Act (S. 2992), the Open App Markets Act (S. 2710) and the ACCESS Act (H.R. 3849).

This post describes the DMA’s overall approach and the requirements it places on gatekeepers. One section of the DMA requires gatekeepers to make their person-to-person messaging systems (like WhatsApp and iMessage) interoperable with competitors’ systems on request. Messaging systems raise a unique set of concerns surrounding how to preserve and strengthen end-to-end encryption. We walk through those issues here.

Obligations for Gatekeepers

The DMA only places obligations on “gatekeepers,” which are companies that create bottlenecks between businesses and consumers and have an entrenched position in digital markets. The DMA’s threshold is very high: companies will only be hit by the rules if they have an annual turnover of €7.5 billion within the EU or a worldwide market valuation of €75 billion. Gatekeepers must also have at least 45 million monthly individual end-users and 100,000 business users. Finally, gatekeepers must control one or more “core platform services” such as “marketplaces and app stores, search engines, social networking, cloud services, advertising services, voice assistants and web browsers.” In practice, this will almost certainly include Meta (Facebook), Apple, Alphabet (Google), Amazon, and possibly a few others.

The DMA restricts gatekeepers in several ways, including:

  • limiting how data from different services can be combined, 
  • banning forced single sign-ons, and 
  • forbidding app stores from conditioning access on the use of the platform’s own payment systems. 

Other parts of the DMA make it easier for users to freely choose their browser or search engine, and force companies to make unsubscribing from their “core platform services” as easy as subscribing was in the first place.

To improve anti-monopoly enforcement, the DMA also requires gatekeepers to inform the European Commission about their mergers and acquisitions.

The Stick (Potential Sanctions)

If a gatekeeper violates the new rules, it risks a fine of up to 10% of its total worldwide turnover (revenues). Even harsher sanctions are foreseen in the event of repeated or systematic infringement, which could ultimately lead to behavioral or structural remedies. These are significant remedies, and the threat of fines at this level should be a strong deterrent.

A Moving Target

There was a lot to like in the initial proposal, presented by the EU Commission in December 2020, but the DMA has been in flux, and the uncertainty continues right up to this moment. For example, at the last minute, lobbyists pushed to have the DMA include a “remuneration right” for the press, which would have obliged search engines and social networks to offer publishers uniform payment tariffs for news content displayed on their platforms. This was headed off by EFF and its allies. The political agreement will still need to be formally approved by the EU lawmakers. Once adopted, the DMA Regulation will apply six months after entry into force (expected in 2023).

Transatlantic Impact

Many of the DMA’s provisions for addressing gatekeeper power on the internet can also be taken up on the other side of the Atlantic. The Big Tech bills currently making their way through Congress, in particular, the Open App Markets Act, the American Innovation and Choice Online Act, and the ACCESS Act, also seek to impose a set of requirements and restrictions on Big Tech that are intended to give space for competition. These bills raise some of the same implementation challenges as the DMA, especially with regard to encrypted messaging apps, but the need to address the gatekeeper power of our largest tech platforms is the same. EFF will continue to work with policymakers and enforcers to address these challenges. An effective competition policy for the internet, one that keeps users’ needs front and center, will help align market forces and innovation to serve users’ security and privacy needs.

Related Issues