Third Workshop on the DMA – This is not a Blueprint for the DMA: The Proof of the App-Store Pudding is in the Eating
The DMA will start to apply in March 2024. The European Commission (EC) has acquired the compromise to make the process of the DMA’s future implementation, monitoring and oversight of compliance as transparent as possible. After the first two stakeholders’ workshops on the ban on self-preferencing and interoperability relating to messaging services, on the 6th of March, the Commission held its third workshop on the DMA’s app store-related provisions.
This entry is the overview of the third workshop, which will be followed by other entries on the subsequent events the EC will hold during 2023 around the interpretation and discussion of the different provisions of the DMA. The outline of the first and second workshops may be found here and here.
The range of provisions relating to app stores
In this third workshop, the European Commission has decided to engage with its stakeholders not on substance, i.e., analysing the legal and technical implications of a specific provision of the DMA (just as it did in its two previous workshops regarding Article 5(6) and 7 of the DMA), but regarding the context of their application and the digital environment that will result most affected by its prescriptions and prohibitions: app stores.
Building upon the experience and practical knowledge gained by competition authorities in the field of app stores, namely through the CMA’s findings on its Mobile ecosystems market study and the ACM’s Market Study into Mobile Apps as well as through the complaints voiced out by app developers from the market brought to the attention of the European Commission, the DMA rounds up a myriad of provisions directly addressed to the phenomenon of app stores and the tight grip of their holders (Apple in the case of iOS devices and Google for Android) in three differentiated groups.
These three categories may be split up into: i) those provisions relating to in-app user experience; ii) the potentiality for competition aside from the existing gatekeeper-dominated app economy and environment; and iii) the applicable FRAND requirements regarding conditions of access to app stores. The subsequent three panels held in the workshop followed this same categorisation, with the intervention of consumer associations, industry representatives and some to-be-designated gatekeepers, namely Apple and Google.
A step away from a monolithic app store
The first group of rules revolves around how the DMA is aimed to open up digital ecosystems in favour of genuine choice for both business and end users vis-à-vis gatekeeper power.
First, Article 5(4) of the DMA sets out the obligation upon gatekeepers to allow business users, free of charge, to communicate and promote offers, to end users acquired via its own core platform service or through other distribution channels. This capacity of app developers to directly communicate with the consumer and promote offers in different distribution channels, especially in those cases where different conditions are offered in other distributions channels other than the App Store or the Play Store, resembles the present struggle regarding the anti-steering obligations imposed by Apple upon developers. This same conduct is being analysed through the lens of Article 102 TFEU by the European Commission’s DG Comp as a consequence of Spotify’s complaint against Apple’s anti-steering obligations (for reference, the EC’s press release here).
The provision is paired up with Recital 40 of the DMA, which sets out the intention of the provision: to promote multi-homing on the end-user side. Article 5(4) of the DMA does not apply irrespective of the relationship between the prior relationship between the end user and the business (third-party) user. Instead, Recital 40 of the DMA highlights that only acquired end users are covered by this obligation. That is to say, the prescription applies to end users which had already entered into a commercial relationship with the business user, even if that relationship was based on a paid or free basis. Hence, the possibility to communicate and promote their offerings to end-users does not comprise an all-encompassing steering of consumers towards third parties, but instead, it encompasses the possibility to interact and consolidate existing relationships between business users and their users, without the undue interference of gatekeepers.
Second, Article 5(5) of the DMA requires gatekeepers to allow end users to access and use, through its core platform services, the content, subscription, features or other items by using the software application of a business user. The prescription includes those scenarios where end users acquired such items from the relevant business user without the aid or support of the gatekeeper’s services.
Third, Article 5(7) of the DMA is directly concerned with the larger part of the considerations that have been voiced out by the industry in the last years surrounding app stores: the tying of the developer’s in-app payment services (as well as identification services, web browser engines or other technical services) to the ecosystem holder’s own proprietary billing systems. This is precisely the workaround that Apple and Google have been battling across jurisdictions during the last five years, namely before the Dutch competition authority or the South Korean competition authority.
The idea behind the tying of the gatekeeper’s in-app payment services to that of the whole range of payments performed in the ecosystem is their fee-based business model. When operating on mobile systems, the ecosystem holders of app stores and mobile devices’ operating systems fund the range of their services through fees imposed on the developers when they access their app store as well as when a user makes a purchase on the device.
Apple imposes a fee of 30% on App Store purchases (although only digital goods and services remain affected), irrespective of the fact that their policy has evolved to only require the fee from those bigger developers -approximately 50% of the whole set of developers- whereas smaller developers with a lower income may be charged 15% on App Store purchases. Apple’s long-standing defence over its fee-based model has been unwavering, regardless of past antitrust intervention on the matter.
In this regard, the Dutch competition authority has been the only one to impose remedies on Apple forcing it to reduce the fee from 30% (to 27%) on dating apps circumscribed to the territorial scope of The Netherlands (on the ACM’s remedies, see their press release here). Moreover, this 30% fee is locked into the Apple ecosystem, insofar as the ecosystem holder has not allowed alternative in-app payment systems to be deployed in the apps available in the App Store. Instead, it only allows payments to be processed through its proprietary In-App Purchase (IAP). Again, the Dutch ACM’s case concerning dating apps challenged the fact that developers could not choose the payment service of their choice to process their payments on their own apps. This was a landmark decision for app store ecosystems, but it did not have much impact in practice, insofar as the competition authority forced Apple to permit alternative payment services in developers’ apps through remedial action. Nonetheless, Apple responded to the authority’s demands by conditioning the veering of end users towards alternative payment systems different to its proprietary IAP to a whole range of requirements, such as showing a prompt to the user when an alternative payment system was chosen to alert about the potential risk to the device’s security and privacy.
On the other side, Google’s stance on its fee policy and structure has also been stalled on imposing a 30% fee upon developers, although recent events have steered the percentage of the fees down to 15%, following the intervention of the South Korean authorities passing national laws to curb in-app payment commissions (see the passed legislation in Korean here and a review in English here). Unlike Apple, Google is more flexible on the side of tying in its own payment processing system. As a response to the DMA’s approval, it updated its billing policy and opened up an alternative billing system for users in the European Economic Area (EEA), although some limitations were imposed (for example, gaming apps were not concerned with the change) (see Google’s press release announcing the changes here).
Therefore, Article 5(7) of the DMA is aimed to end up with the gatekeepers’ past conduct with regard to in-app payments and open up entirely in-app purchases in the mobile ecosystem to protect the freedom of business users to choose alternative services to the ones catered by the gatekeeper, regardless of the fact that the business user is not forced to offer such alternatives if it does not wish to, according to Recital 43 of the DMA.
In appearance, the substance and merit of the DMA’s provisions are quite straightforward regarding these three provisions. As such, one would think that striking out the obligations that the potential gatekeepers impose on developers which basically spell out these obligations would be enough. In this regard, it seems fair that the DMA requires that Apple’s and Google’s terms and conditions will no longer contain these anti-steering obligations.
In the words of Martijn Snoep’s intervention further on in the workshop, making these sections of the app developer’s agreements unenforceable would be enough to ascribe the gatekeeper to a scenario of legal and strict compliance. However, the DMA goes a step further when it comes to balancing the requirements imposed on gatekeepers’ business models vis-à-vis achieving effective compliance with the prescriptions set out in the regulatory instrument.
In this regard, the anti-circumvention clause under Article 13 of the DMA comes to mind as far as workarounds are concerned, insofar as gatekeepers may hinder the DMA’s enforceability not only by addressing the direct provisions of the license agreements regarding the app developers, i.e., eliminating them but also through more nuanced forms of circumvention. For instance, consumer associations highlighted that lack of compliance may take place by nudging user behaviour through dark patterns and prompting users away from alternative services by adverting that only the ecosystem holders’ proprietary services for payment processing or identification services are secure or privacy-enhancing enough.
To discourage anti-circumvention and encourage effective compliance with the obligations set out in the DMA, Articles 13(4) and (6) of the DMA provide that the gatekeeper shall not engage in behaviour of a contractual, commercial or technical nature or consisting in the use of behavioural techniques or interface design to offset the benefits of making app stores fairer. Thus, striking out of the (unfair) terms and conditions imposed by the gatekeepers does not equal full compliance with the provisions of the DMA, but the minimum requirement to strict legal compliance.
In light of Snoep’s remarks, compliance, in this regard, is not a one-off solution, but a continuous process via the engagement with the regulated gatekeeper through an ex-post evaluation to appraise whether meaningful changes and substantive compliance with the DMA is predicated.
A brave new app world outside of gatekeeper ecosystems
As opposed to the fairness objectives of the previous provisions set out in Article 5 of the DMA, contestability concerns are approached through a range of stipulations set forth under Article 6 of the DMA regarding app stores, namely the new configuration to access content and services online through different distribution channels in contrast to the existing mobile ecosystem where side-loading of apps and downloading of alternative app stores is not permitted (especially in the Apple App Store).
In this sense, apps can be downloaded through four main pathways on mobile devices, as set out by Prof. Jan Krämer in the introductory remarks to the second panel. From a technical perspective, these different layers are i) the pre-installed apps on the operating system of the mobile device; ii) the native apps accessed through the gatekeepers’ app store; iii) the side-loaded apps, that is, the apps downloaded without the use of an app store and iv) web apps, in other words, those apps running inside of a web browser.
The first two routes to accessing applications are available through the platform-enveloped mobile ecosystem, whereas the DMA will open up for side-loading and web-browsing apps. However, the regulatory instrument under Article 6(3) of the DMA provides for the easy uninstallation of the pre-installed apps on the operating system. Therefore, the pre-installation in the operating system of apps is not reprehensible in the eyes of the DMA, but the capacity to uninstall those apps is key to ensure that the status quo bias and default preferences are not imposed on end users.
Regarding the side-loading of apps in mobile ecosystems, Article 6(4) of the DMA mandates alternative distribution channels for native apps, both in the sense of opening up these ecosystems to side-loaded apps (those that are not directly supported in an app store) as well as those native apps through alternative app stores different to Google’s and Apple’s.
The counterargument to these mandates, supported by the DMA’s own content, is that side-loading and the availability of different app stores operating on top of proprietary gatekeeper hardware and software will cause concern in terms of ensuring the ecosystem’s integrity and security. And this is precisely the argument put forward by Apple in its intervention throughout the panel. From this perspective, Apple has been satisfactorily handling, designing and re-framing its business model during the last years to provide the safest and most secure user experience. Any of those decisions which do not fall within its own hands will imperil user experience in the iOS devices, it upholds. To back this argument, Apple puts forward its engagement with privacy-enhancing technologies and satisfying up-and-above EU standards relating to the GDPR through its Privacy Nutrition Labels or its mandated iOS 14.5 App Tracking Transparency Framework imposed on app developers to ask users whether they wished to be tracked on each of the apps available on their device.
In this context, advocating for the middle ground between the stakeholders’ interests seems the sensible response to give. The DMA will introduce and strike out the limitations that the gatekeepers have used to moat their own ecosystems against their most imminent threats, namely other ecosystem holders emerging and catering for the same (or even more advanced) services that they now provide for on a quasi-duopolistic manner. However, the force of the provisions will produce an incremental change in the mobile ecosystem as we know it today, and transitions to an open and contestable market may not happen overnight, even if side-loading is authorised in these ecosystems. On the other side, not every shady argument arguing that ‘maintaining a standard of security and integrity through the app store’ should be admissible under the necessary and effective implementation of the DMA.
In this regard, going back (once again) to Snoep’s observations on the regulatory dialogue between the regulator and the target of regulation, acting upon the misunderstanding of biases should be avoided on both sides of the table, including regulatory capture from the side of the regulator and discord from the side of the target.
The ‘gate’ in gatekeeper is FRAND
The third and last panel of the day discussed the fair, reasonable and non-discriminatory (FRAND) general conditions of access for business users to software application stores which will be imposed upon the gatekeepers under Article 6(12) of the DMA. Just as Prof. Rupprecht Podszun pointed out in the initial commentaries in advance to the panel, the definition of ‘conditions of access’ must be comprehensive and interpreted in a wide way.
In light of the two previous panels, it seems that the previous provisions which will transform the mobile ecosystem will have to be interpreted in conjunction and coherence with the imposition of FRAND conditions upon access to the app stores. For instance, the provision should not only be directed at assessing whether the current app store fee structure should be re-worked in order to fall within this FRAND definition but other elements of the app store may be factored into the analysis as well, such as the design of a certain app, an app’s compliance with the gatekeeper’s proprietary house rules or the app store’s decision to suspend or terminate the licensing agreements with third-party app developers. Thus, access in app stores and under Article 6(12) of the DMA is not only circumscribed to the first-off entry of the business user into the app store (as a yes/no proposition), but also in light of the continuous actions developed by the gatekeeper. For example, the reasons which justify the imposition of a particular fee on a given developer, as opposed to the imposition of a different fee on a developer with similar characteristics.
Moreover, in light of the text of Article 6(12) of the DMA, the panel picked up on the fact that the FRAND conditions which the gatekeepers shall comply with must not only be regarded as a substantive provision but also as a procedural one. From this perspective, the procedural steps which are laid out in the DMA require that the gatekeeper shall publish these conditions of access, including an alternative dispute settlement mechanism and that the European Commission performs an assessment of whether those same general conditions of access comply with the provision altogether.
Similarly to the experience and knowledge one acquired throughout the different workshops, this is one of those instances where the compliance of a particular provision may take place in a myriad of ways. In this context, Article 6(12) of the DMA may be interpreted to mandate that the conditions of access are set out in a fair and objective procedure between the different parties involved (gatekeepers vis-à-vis third-party app developers engage in a balanced negotiation) or the opposite interpretation of the provision may take one to remark that the European Commission may be drawn to set the fair and reasonable standards in a range which satisfy the requirements of the FRAND conditions. The degree of intervention of the EC in this instance will then multiply the impeding questions looming on the prescription of FRAND general conditions of access for business users, namely what the value is catered for by the app stores to third-party app developers and how it should be assigned and interpreted in practice.
One of the intervening stakeholders hinted at a solution in terms of fee distribution on the app ecosystem and set out a proposal for the European Commission’s consideration, i.e., to break up and separate the consideration of distribution services from the provision of payment services. According to the party, the first fee should be accounted for on the basis of monthly active users (MAU) -and not based on revenue thresholds- so that developers are charged for a rational value in a tier-structured manner. On the other hand, for the second set of services, a payment processing fee should be enough to account for the gatekeeper’s efforts in performing this task, in line with industry-referenced standards of around a fee of 2 and 5%.
One way or another, the revolution sparked by the DMA triggers the debate on the structure and rationale of how the future mobile app ecosystem should look to resemble a fairer and more contestable environment, where decisions are justified on the basis of objective and fair arguments and not with regard to a competitive rivalry between the market players involved.