The European Commission’s Stick-Without-A-Carrot DMA Enforcement: Five Non-Compliance Procedures to Capture Blatant Infringements
The Digital Markets Act (DMA) entails a change in the narrative of the punitive framework applied to digital dominant undertakings under EU competition law. At least, that’s what the European’s digital strategy proposed it to be. The failure of antitrust followed a new paradigm in applying per se rules to gatekeepers, based on cooperative-like mechanisms triggering trust relationships between the targets of the regulation and the public authority. Well, that illusion has vanished.
The rare vision of DMA enforcement based on cooperative iterations with gatekeepers was only a dream, past the wit of any enforcer to say what it really was. Following the compliance deadline set out for 7 March 2024 for the six designated gatekeepers by the European Commission (EC) in September 2024, on the 25th of March, the EC decided to open five (no less, no more) non-compliance procedures against Alphabet, Apple, and Meta. 18 days is the measure of the EC’s patience.
The announcement and its main tenets
The EC’s opening of five non-compliance procedures triggers its enforcement strategy from the outset – watch out for the fines the DMA unit may impose upon the gatekeeper in case of non-compliance with any of the obligations enshrined under Articles 5, 6 and 7 DMA. If any gatekeeper thought the DMA was an excuse to comply with EU competition law rules, let them think twice.
On 25 March, the European Commission demonstrated its clear predilection for opening digital ecosystems in the app environment. Two of the non-compliance procedures relate to Apple’s and Alphabet’s compliance with the anti-steering prohibition (Article 5(4) of the DMA), whilst Alphabet’s technical implementation of the self-preferencing prohibition under Article 6(5) also met public scrutiny. Moreover, the European Commission has also taken issue with Apple’s compliance with Article 6(3) DMA, i.e., how it presents web browser choice screens enabling end users to switch their defaults. Finally, the DMA enforcer also opened proceedings against Meta to investigate whether its pay-or-consent subscription model for users complies with Article 5(2), prohibiting data combinations across core platform services (CPSs). All the procedures seek to determine whether the gatekeepers violated these provisions according to the procedure set out under Article 20 DMA, with a view to adopting an implementing act setting out findings of non-compliance under Article 29 DMA. In line with Articles 29(5) and (6) DMA, once the European Commission issues a non-compliance decision, it shall order the gatekeeper to cease and desist from non-compliance and the target of the regulation shall provide explanations on how it plans to comply with this decision. Although the EC has not yet formally acknowledged its aims at fining gatekeepers on the basis of DMA non-compliance, Article 30 DMA enables it to impose fines not exceeding 10% of its total worldwide turnover.
The infringements with the substantive obligations do not only correspond with the examination of each provision’s legal requirements but they entail their blatant violation. This is the reason behind the fact that aside from Articles 20 and 29, the European Commission also justifies its initial opening of these procedures on the basis of Articles 13(4) and (6) DMA (for instance, para 9 of the EC’s decision opening a non-compliance procedure against Alphabet’s anti-steering solutions or para 11 of the EC’s decision on Apple’s web browser choice screens). The anti-circumvention clause contained under Article 13 enables the European Commission to capture gatekeeper conduct seeking to undermine effective compliance. For instance, by degrading the conditions or quality of any of the CPSs or by making the exercise of choice unduly difficult.
Aside from the more punitive aspect of the press release, the European Commission also established it was applying in practice different mechanisms catered by the DMA to scrutinise the gatekeeper’s compliance with the rest of the regulatory instrument’s provision. On one side, it recognised it was taking other investigatory steps to gather facts and information to clarify: i) whether Amazon complied with the self-preferencing prohibition under Article 6(5) when treating its own brand products on the Amazon Store; and ii) whether Apple’s new fee structure and other terms and conditions for alternative app stores and sideloading complied with the DMA, be that under the standard of Articles 6(4) or 6(12) DMA (for a thorough analysis of Apple’s new fee structure, see my comment here). Those investigatory steps may include the EC’s requests for information from the gatekeepers as provided by Article 21 DMA or its power to carry out interviews and take statements from them or third parties under Article 22 DMA.
Alternatively, the European Commission recognised it had issued five retention orders to all gatekeepers except for ByteDance on the documents at their disposal which could be deemed to be relevant to assess their implementation of the rest of the provisions under Articles 5, 6 and 7, as established by Article 26(1). Finally, the European Commission acknowledged within the same press release it exceptionally granted Meta a 6-month extension of the time limit for compliance with the interoperability obligation under Article 7 as established under Article 7(6) DMA. Even though Meta’s representatives had recognised the rolling out of its functionality relating to interoperability would materialise in the coming months, it is yet unclear whether those 6 months should be counted from the date of the request (January 2024) or from the date of their granting (March 2024).
The fight continues!
In appearance, the DMA seemed the perfect opportunity for the European Commission to engage on the merits, with gatekeepers face to face to figure out what contestable and fair markets should look like. The mechanism of the regulatory dialogues established under Article 8 DMA fits in with this rationale, but the possibility of directly engaging with the gatekeeper is limited to those provisions under Articles 6 and 7 DMA. In any case, the EC does not seem to be prone to taking this path when enforcing the regulatory instrument. The imposition of fines is much more succulent, in terms of advancing enforcement in digital ecosystems, not without reason.
However, the current configuration of the EC’s enforcement strategy may complexify the venues of collaboration the DMA seemed to open for sitting gatekeepers at the table to avoid adversarial iterations before the courts. In other words, lengthy litigation in EU competition law procedures drained the effectiveness of Articles 101 and 102 TFEU over digital players. Thus, the alternative introduced by the DMA points to a non-adversarial regulation based on the enhancement of trust relationships between the different agents involved within the regulatory processes set out by the DMA (I already made this point in a previous paper, available here). In this sense, the DMA’s enforcement would depend, to a greater extent, on the carrot and less on the stick. Such was my initial perception of how the DMA was going to be applied by the Commission.
Notwithstanding, it all proved to be a rare vision. 18 days after the gatekeepers submitted their compliance reports, the EC went back to square one. Executive-Vice President Vestager recognised just that in her intervention before the Committee on the Internal Market and Consumer Protection in April. According to her words, there will “obviously (will) be a fight” with gatekeepers because “there is no way that businesses with this strength change business models just like that”. As a side note, she added the DMA’s deterrence is key to understanding the regulation’s effectiveness. In a similar vein, Rapporteur to the DMA Andreas Schwab also encouraged the European Commission to issue the regulation’s inaugural penalty decision before the upcoming European Parliament elections. One must recognise Director-General Guersent’s efforts in tempering the belligerent narrative toward a closer depiction of reality: the European Commission must pursue the cases it may win, despite of resource constraints.
This is precisely where the point on the non-adversarial fine-tuning of digital policymaking stems from. One would have thought punitive cases would have been brought by the European Commission as a matter of an exception, and not a rule, under the terms presented by the DMA. However, we must all now pivot towards reversing the paradigm of the EC’s enforcement strategy from carrot to stick. In fact, there is no carrot.
Before the DMA’s legal framework provision of a procedural highway for the European Commission, gatekeepers have lost (if there were any to start with, as a consequence of the regulatory instrument’s adoption) all incentives to narrow down asymmetries of information or to substantively engage with the European Commission in constructive conversations around the most adequate technical solutions to apply the DMA’s provisions. Incentives are dead, long live 10% (and upwards!) fining decisions to compel gatekeepers into compliance.
The merits of the non-compliance procedures
Following the initial press release, the European Commission issued on 24 April the decisions opening the non-compliance proceedings for Alphabet’s compliance with the anti-steering and self-preferencing prohibitions, Apple’s technical implementation of the anti-steering prohibition and the web browser choice screen and Meta’s pay or consent subscription model. In those decisions, the EC fleshed out the reasons sustaining each of the non-compliance procedures. In some instances, the EC’s line of reasoning demonstrates a creative interpretation of the legal requirements underlying each one of the DMA’s provisions.
Anti-steering: free means free
Article 5(4) DMA establishes the obligation upon the gatekeeper to enable business users to communicate with their end users via other means not directly supported by the gatekeeper’s CPS to present them, for instance, with promotional offers. It is worth noting that the provision enshrines that the gatekeeper must allow the users ‘steering’ free of charge. In turn, Recital 40 cracks the provision wide open by introducing the possibility that the gatekeeper may be remunerated by the business user for the acquisition of end users via its CPSs.
Clinging on this last tenet, both Alphabet and Apple allow link-outs within a business user’s apps in exchange for a price. Alphabet came up with a new dedicated fee structured for anti-steering where business users will be charged during the first 2 years since the end user’s acquisition an initial acquisition fee (equal to 5% for automatically-renewing subscriptions and 10% for other offers consumable in the app) on top of a fee for the ongoing services Google Play provides, notably regarding its ongoing security and updating services (at 7% for automatically-renewing subscriptions and 17% for other offers consumable within the app). Apple simply applied its renewed fee structure lowering its antithetical 30% commission fee to 17% and making it generally applicable also to those instances where a business user caters to a link-out outside of its app.
The EC took issue, thus, with both gatekeepers charging a fee in exchange for the ‘steering’ of users as a disproportionate means to monetise their CPS activities. In this regard, the EC is forced to substantively engage with the contradiction surrounding the terms of Article 5(4) vis-à-vis Recital 40 on the matter of compensation.
The charges against Apple are much more nuanced. Just as the gatekeeper did when presenting its compliance solutions before the public authority, the EC bundled its non-compliance procedure with the broader theme developers have wrestled with since Apple proposed its renewed fee structure: the Alternative Terms Addendum for Apps in the EU (the Terms). According to the gatekeeper, to enjoy the possibilities the DMA presents to business users, they must agree to these Terms, which include the new fee structure and conditions cemented upon the DMA’s compliance. Alternatively, developers may remain impassive to the changes the regulation has brought into life and decide to not opt into the Terms. Under the correct assumption that the DMA applies to both types of scenarios, the EC’s non-compliance procedure is not only directed at determining whether the compliance solution is effective under the terms of the DMA but also at establishing whether Article 5(4) is complied with in the ‘pre-existing business practices’ applied by Apple, prior to the DMA’s application (para 10 of the decision).
Apple’s compliance with Article 6(3): late compliance is no compliance at all
Article 6(3) compels the gatekeeper to technically enable end users to easily un-install any app on the gatekeeper’s operating system. To comply with the provision, Apple presented a wide array of solutions.
Nonetheless, not all solutions would apply starting in March 2024. For instance, Apple announced it would make its browser engine Safari fully uninstallable from its devices by the end of 2024 whereas it also announced it would introduce a new default control for users for navigation applications by March 2025. The compliance deadline was clearly set for 7 March 2024. Therefore, the European Commission finds Apple accountable for those ‘proposed’ compliance solutions it has not yet rolled out on its devices. By this token, those delays in implementation are read as direct violations of Article 6(3) DMA.
The choice screen Apple presents to its end users on Safari once they install the iOS 17.4 update is also put into question by the European Commission. From the brief references of the decision opening the non-compliance procedure, it seems like the EC has taken issue with the fact that end users cannot easily uninstall any app on iOS nor can they easily change their default settings on iOS. As I commented when describing Apple’s intervention before stakeholders in its compliance workshop following the compliance deadline, the main concerns surrounding the gatekeeper’s technical implementation of the provision may relate to the fact that end users are not directly redirected to the alternative apps once they choose to change their default web browser to a different provider nor does an automatic download trigger as a consequence of the action.
Past dues and regulatory overlap: Article 5(2) and 6(5)
The European Commission’s non-compliance procedures on the gatekeepers’ compliance with Articles 5(2) and 6(5) are somewhat more obscure and less clear. Meta’s pay or consent subscription model remains under the EC’s scrutiny, and it seems as if it will be assessing compliance under the light of Articles 13(4) and (6). In other words, whether the end user’s granting of consent in the sense of their autonomy in decision-making is undermined as a consequence. In a similar vein, the European Commission will also compare a counterfactual of sorts under the DMA by comparing whether Meta caters to two services of equivalent quality and functionality, irrespective of the end user’s choice in granting consent for the processing of personal data.
In terms of its practical consequences, the EC’s non-compliance procedure against Meta’s compliance with Article 5(2) will demonstrate to be the most complex in terms of disentangling the nature of its competence. The EC cannot, in principle, contradict the terms of the interpretation of DPAs with regard to Meta’s subscription model, abiding by the principle of sincere cooperation under Article 4(3) TEU. However, under Recital 12 of the DMA, the DMA applies without prejudice to the GDPR. In all sincerity, the EC will have to strike a balance between one of these two positions, given different DPAs have declared the subscription model as incompatible with the GDPR’s terms whereas others have declared it lawful under EU data protection regulation. Within the discussion, EC officials have recognised Meta has a right to monetise, but it does not have a right to obtain a certain level of profit when processing vast amounts of personal data for the purposes of behavioural advertising.
On the side of Alphabet’s compliance with Article 6(5) DMA, the EC basically seeks to reconvene the gatekeeper’s infringement of EU competition rules via the per se prohibition. Legitimately, it can do so. In fact, Google Shopping is, as a matter of fact, one of the foundational roots of the DMA’s adoption. However, the EC shall now interpret the self-preferencing prohibition in a different light. Fairness does not mean the same for antitrust as it does for the DMA (just as the EC declared in a recent decision applying Article 102 TFEU, para 552), so the burden of intervention (i.e., the remedy) will shift as a result.