The European Commission’s (Draft) Template for DMA Compliance Reports: Sailing Through Rough Seas
On 6 June 2023, the European Commission launched for public consultation its Template for Reporting pursuant to Article 11 of the DMA (the Template). The Template builds upon the substance of Article 11 of the DMA, which mandates designated gatekeepers (yet to come in early September): i) to provide the Commission with a report describing in a detailed and transparent manner the measures it has implemented to ensure compliance with the obligations laid down in Articles 5, 6 and 7; ii) to publish and provide the Commission with a non-confidential summary of that report (which will be later available on the Commission’s website).
Following the Commission’s adoption of the Procedural Implementing Regulation (the first implementing act passed by the EC following its powers under Article 46(1)(a), commented in this same space see here and here), the Template would be the second implementing act under Article 46(1)(f) -and perhaps under Article 46(1)(b), too- adopted by the Commission.
As opposed to the Procedural Implementing Regulation’s evolution from its draft to its final version, the Template comes short of being a complete draft to ensure that compliance reports abide by the terms of Article 11 of the DMA and in relation to the effective compliance of the DMA as a whole. But more on that later. For the time being, let’s review the content and substance of the current version of the Template and its static approach.
The sections of the Template: a long list of do’s, to be replicated per obligation and core platform service
The Template put forward by the Commission is broken down into five different sections, whereas the most relevant passages are concentrated in Section 2 (Information on compliance with the obligations laid down in Articles 5, 6 and 7). Sections 1 and 3 are particularly focused on requiring the details of the reporting undertaking and of the compliance function which will lie at the heart of the organisation of each of the gatekeepers to ensure compliance, as per Article 28. Moreover, Section 4 is dedicated to bringing the publication of the non-confidential summary version of the compliance reports into reality, and Section 5 requires the undertaking’s declaration that the submitted compliance report (built on the premises of the previous sections) is true, correct and complete.
A first out-of-step introductory remark: the requirements under Article 11 of the DMA
Aside from the five sections which are remarked throughout the Template, the European Commission provides a three-paragraph introduction to the implementing act. Despite its preliminary nature, the introduction tables three strong assumptions on the side of the European Commission: i) the Template specifies the minimum of information that the EC would expect from the gatekeepers to provide under Article 11 and, thus, the long list of requirements imposed on Section 2 apply in a non-exhaustive manner; ii) the EC’s administrative discretion with relation to adopting non-compliance decisions under Article 29(1)(a) is guided by the principle of prioritisation; and iii) failure by a gatekeeper to provide true, correct and complete information may be directly associated with non-compliance of any of the obligations laid down in Article 5, 6 or 7 of the DMA.
First, the non-exhaustive nature of the long list of requirements set out in Section 2 of the Template (up to 26 different elements must be submitted to the Commission per obligation and core platform service) does not seem coherent with the nature of Article 11 of the DMA. The provision establishes that the compliance report must necessarily contain “in a detailed and transparent manner the measures it has implemented to ensure compliance” (Article 11(1) of the DMA). Recital 68 expands on the obligation and mentions that the compliance report should include “those measures concerning compliance with the (GDPR), to the extent that they are relevant for compliance with the obligation (…) which should allow the Commission to fulfil its duties under this Regulation“. Therefore, imposing a 26-element metric to assess the extent of the implementation of these measures seems overtly comprehensive and excessive, under the lens of the principles of necessity and proportionality that must guide the Commission’s enforcement (Recital 31).
Second, the Template provides that failure to provide true, correct and complete information in the compliance report may “influence the Commission’s prioritisation in opening proceedings“. The content nor the recitals of the DMA indicate that the Commission is free to exercise a principle of prioritisation once a lack of compliance with the regulatory instrument is detected, other than (and this is a debated point of contention) in those cases where the national competition authority conducts an investigation into possible non-compliance by gatekeepers with certain obligations and then reports its findings to the Commission in view of the opening of further proceedings. Then, and only then, the DMA provides leeway to the Commission to “have full discretion to decide whether to open such proceedings” (Recital 91, second paragraph). In fact, Article 29(7) of the DMA provides that when the Commission decides not to adopt a non-compliance decision, it shall close the proceedings via a decision (which does not take the form of prioritisation as is).
In turn, the opposite side of this exceptional exercise of the principle of prioritisation and the exercise of ample discretion (if both are to be understood hand in hand in a wide reading and interpretation of Recital 91), would be that in those cases where the Commission engages directly with the gatekeeper, the Commission would be forced to pursue every single lead with a looming -and sometimes, insignificant- fault of non-compliance. Given the DMA’s regulatory nature, in principle distinct from antitrust, the Commission’s exercise of a competition law-like principle of prioritisation would undermine the regulatory instrument’s effective implementation. If the EC were not to follow every single lead of non-compliance under the DMA, then the non-compliance proceedings would grow into an error-cost framework (with its origins, precisely, in antitrust) that the DMA’s per se prohibitions and obligations tries to defeat (as Elias Deutscher pointed out in his relevant paper, see here).
In a contrary motion, the Commission presents the failure to provide accurate information regarding compliance reports in relation to the requirements of submitting true, correct and complete information, as opposed to the complete, correct and not misleading requirements set out in both EUMR and Regulation 1/2003. In fact, equivalent infringements with relation to Articles 14 (obligation to inform about concentrations) and 15 (obligation of an audit) of the DMA are tied up to the supply of incorrect, incomplete or misleading information as per Articles 30(3)(c) and (d). Although it would seem as if the EC deviates from competition law in this regard, in fact, it builds upon it, insofar as both in its Facebook/WhatsApp and Merck/Sigma-Aldrich cases which were brought for a lack of compliance with Article 14(1) EUMR, those characteristics were used to unravel the incomplete, incorrect and misleading provision of information by the merging undertakings (and following Article 3(1) of the Implementing Regulation to the EUMR).
Unlike in merger control and the case of sanctioning proceedings, the same consequences do not apply in terms of the level of fines which may be imposed thereof. Although a milder fine is established, for instance in Article 23(1)(a) of Regulation 1/2003 when the undertaking supplies incorrect or misleading information (i.e., a fine not exceeding 1 % of the total turnover in the preceding business year), the Template pre-empts the same type of behaviour in a completely different light.
According to the Template’s introduction, the Commission could open proceedings “with a view to the possible adoption to a non-compliance decision pursuant to Article 29(1)(a)“. That would be the same as equating a lack of compliance with the obligations laid down in Articles 5, 6 or 7 to the failure to provide true, correct and complete information. In terms of competition law, that would mean bringing the supply of incorrect or misleading information to the category of fully-fledged anti-competitive conduct. In the realm of the DMA, this would bring the supply of inaccurate information via compliance reports to the category of a non-compliance decision. In this context, the European Commission would be legitimised to impose on the gatekeeper a fine not exceeding 10% of its total worldwide turnover in the preceding financial year, as set out by Article 30(1)(a), even though similar infringements relating to the supply of incorrect, incomplete or misleading information are attributed fines not exceeding 1 % of their total worldwide turnover in the preceding financial year (Articles 30(3)(c) and (d)).
Section 2 of the Template undermines the obligation-specific benchmarks construed by the DMA
Section 2 of the Template provides the long 26-item list of elements that a gatekeeper must communicate to the European Commission to complete the obligation under Article 11 of the DMA. That same template must be used by the gatekeeper in “separate and standalone annexes for each core platform service“.
The list includes self-explanatory fundamentals towards compliance such as “an explanation of how you have assessed compliance with the obligation” (Section 2.1.3. of the Template); “the relevant situation prior to implementation of the measure and how the measure ensures compliance with the obligations laid down in Article 5 to 7 of the DMA” (Section 2.1.2.a) of the Template); “a set of indicators which allow or will allow based on their future evolution to assess whether the measures implemented by the undertaking to ensure compliance are effective in achieving the objectives of this Regulation of the relevant obligation, as required by Article 8 of the DMA, including an explanation why you think that these indicators are the most relevant” (Section 2.1.2.q) of the Template); or “any relevant data which can inform whether the measure is or will be effective in achieving the objectives of the DMA” (Section 2.1.2.r) of the Template).
By this token, the European Commission via the indirect means of compliance reports delegates the tasks of interpreting the DMA solely to the gatekeepers through a one-size-fits-all strategy. However, as most would have expected the one-size-fits-all approach does not apply to the regulatory design of the regulatory instrument, but to the Commission’s approach towards compliance. If the DMA will provide the grounds for ensuring contestable and fair markets in the digital sector (Article 1(1) of the DMA), its application will have to be tailored to the necessities and benchmarks of each one of the obligations set out in Articles 5, 6 and 7.
The Commission’s 7-page long Template falls short of crystallising the spirit behind the DMA’s provisions. On one side, the Template must capture the diverse nature of the different obligations which are imposed upon the gatekeeper, i.e., self-enforcing under Article 5 (although that is more of a chimaera than a reality, in this same line see comment on the fourth stakeholder’s workshop held by the EC on the DMA’s data-related obligations here) and subject to further specification under Articles 6 and 7, via implementing act (Article 8(2) second paragraph).
This will require distinguishing the degree of disclosure and burden imposed on the gatekeeper per obligation into the Template because it will surely not be the same to require compliance with an obligation under Article 5 imposing an obligation of abstention regarding certain conducts (for instance, the compliance of the obligations set out in Articles 5(3) (6) of the DMA), than the positive obligations that have also been termed as ‘self-enforcing’ (for example, the compliance with Articles 5(2), (4), (5) or (9) of the DMA, for further distinction on positive and negative obligations see here Friso Bostoen’s paper on the DMA).
Despite that introducing a differentiation between active and passive behaviour into the Template may not be warranted, the compliance report must take into account that each of the obligations may pursue different objectives one from another, even though they all follow the wider meta-objective of ensuring contestability and fairness. In fact, Section 2.1.2.q) of the Template remarks that compliance must be ensured in relation to the objectives of the DMA (those in Article 1(1) as well as the avoiding of impending fragmentation in the regulatory approach towards digital markets) AND to the relevant obligations. Thus, distinct objectives/indicators are implied per obligation. In this regard, although the burden of intervention is reversed upon the gatekeeper, it is for the European Commission to hold the interpretative sceptre of the DMA, to establish adequate benchmarks leading to compliance.
Furthermore, the compliance report must acknowledge the role that specification under Article 8 of the DMA will play in the coming years in relation to the regulatory instrument’s effective implementation. In this sense, the Commission may act, on its own initiative or following the request of the gatekeeper, to engage in a process to determine whether the measures that the gatekeeper will implement will be effective in achieving the objective of the relevant obligation in the specific circumstances of the gatekeeper, regardless that the EC may exercise its discretion to decide whether it wishes to engage in such a process (Articles 8(2) and (3) of the DMA). Up until this moment, the Template does not acknowledge the interplay of compliance with these provisions and there is nothing hindering the EC from engaging with gatekeepers to this very moment.
Compliance reports are one form of demonstrating compliance, but there are more!
It is true that the DMA places most of its emphasis on compliance reports and the related obligations imposed on compliance officers under Article 28, but the regulatory instrument’s futureproofing in its enforcement will also come from other sides and instruments already provided in the DMA, such as the obligation to submit an independently audited description of any techniques for the profiling of consumers that the gatekeeper applies to or across its core platform services, under Article 15 of the DMA.
Even though the obligation of submitting an audit is less well-known as opposed to compliance reports, it will be enforceable within 6 months after the designation of the gatekeeper. That is, at the same time that the compliance reports will be required from the future addressees of the norm (i.e., March 2024). Consequently, if the Commission does not plan to do so in the near future, it would be commendable that the Template introduced the methodology and procedure of the obligation under Article 15, given that Article 46(1)(g) establishes that it may adopt an implementing act to that end. Nothing stands in the EC’s way of passing implementing acts with a hybrid nature and based on two or more legal bases provided in Article 46 of the DMA.
A few notes on particular items of Section 2 of the Template
A few side notes are warranted to be highlighted in relation to some of the items listed in Section 2, which lack precision and clarity and, perhaps, do not hold fully coherent with the DMA’s intentions and objectives, and they are highlighted in the table below:
Relevant provision of the Template | Current drafting | (Potential) problems with the drafting | Proposed changes |
Section 2.1.2.b) | “when the measure was implemented“ | The moment of implementation of the measure might be relevant, but the DMA is aimed to be a flexible regulatory instrument, open to require additional obligations to the gatekeepers and, given the contestability trends in the market, the European Commission might require the fine-tuning of existing obligations. As is, the item glimpses a stagnant perception of the DMA. | An acknowledgement of a possible (imposed) update of the measures implemented by the gatekeeper, as well as the fine-tuning of the European Commission of the proposed measures in degree or intensity. |
Section 2.1.2.c) | “the scope of the measure in terms of the products/services covered” | Despite the European Commission being bound by the principles of necessity and proportionality in applying the DMA (Recital 31), the item seems to indicate that different -non-CPS- products and services catered by the gatekeeper may fall within the scope of the measure. | The wording of the item should prompt to an automatic translation of the gatekeeper’s CPS to the products, for example, Alphabet’s online search engine = Google Search. |
Section 2.1.2.k) | “any alternative measures whose feasibility or implicants has been assessed and the reasons for not choosing them” | There is an inherent risk that the information provided by the gatekeeper may play to its own detriment on this point, insofar as the European Commission may point towards a different measure (within the set of possibilities provided by the gatekeeper) to provide for the effective implementation of the regulatory instrument. | A Chinese-wall-like obligation imposed on the European Commission’s practices would be warranted, so that compliance information could not be instrumentalised against the gatekeeper’s operations and instruments. |
Section 2.3. | “If applicable, the reasons why you consider that a specific obligation laid down in Articles 5 to 7 of Regulation (EU) 2022/1925 cannot, by nature, apply to the Undertaking’s relevant core platform service” | The item may lead to confusion, in terms of its conflicting nature with the EC’s capacity to exceptionally suspend, in whole or in part, a specific obligation given that it would endanger the gatekeeper’s operations in terms of economic viability in the Union (Article 9 of the DMA) or the exemption granted on grounds of public health or public security (Article 10 of the DMA). | The item must reflect the fact that Articles 9 and 10 must be referred separately by the gatekeeper, and it is narrowly ascribed to those cases where the gatekeeper’s CPS is unrelated completely to the particular obligation. |
Key takeaways
The Template proposed by the European Commission for reporting under Article 11 of the DMA falls short of prompting effective compliance with the DMA for the following reasons:
- The Template depicts a catch-all approach towards the appraisal of the DMA’s effective enforcement, which must be grounded on the basis of precise benchmarks per obligation, aside from the wider obligations of ensuring contestable and fair markets.
- The Template abstains completely from the different enforcement strategies which will have to be deployed in relation to distinct types of obligations (positive v. negative as well as self-enforcing and obligations subject to specification).
- The Template goes well beyond the original intentions of the DMA that point towards a compliance report including the measures which have been implemented by the gatekeeper to ensure compliance. The principles of proportionality and necessity in the European Commission’s enforcement must be considered in this respect.
Against this background, there seems to be much work to be done to complete the task of ensuring the DMA’s effective enforcement as far as compliance reports are concerned, but the introduction of the Template is a first step towards capturing the real essence of the future relations of the gatekeepers vis-à-vis the European Commission.