All that Glitters is not a DMA Review

The European Commission (EC) has just published the report reviewing the DMA’s effectiveness, which it has sent to the European Parliament, the Council and the European Economic and Social Committee, abiding by Article 53 DMA. Alongside the report on the DMA’s review, the EC also issued a more detailed Staff Working Document detailing the improvements and developments that have taken place surrounding the DMA’s application. The headline is that the DMA has contributed positively to the core objective of making digital markets in the EU fairer and more contestable. Whilst the statement is true in some instances where the introduction of ex ante regulation has proved effective in delivering fairer outcomes to consumers and business users, it also hides the many inconsistencies that characterise some of the DMA’s enforcement.

Positive impacts only give one side of the DMA’s story

Article 53 DMA compels the enforcer to draft a report on the regulation’s effectiveness and the need for an amendment relating to its scope, obligations or enforcement. On its Report and Staff Working Document, the EC did just that and overall states that “the DMA has been working well overall, contributing to making digital markets in the EU more contestable and fairer” (page 69 of the Staff Working Document). Throughout the Staff Working Document, the enforcer highlights the instances where the DMA has delivered on the expected results. For instance, it sets out that the implementation of Article 5(2) has produced that 45% of end users withhold their consent with respect to the gatekeepers’ combining and cross-using of their personal data across core platform services (CPSs) (page 7) or reports on the exercise of consumer choice produced as a consequence of the application of Article 6(3) DMA, which has delivered a surge in new users to small and medium-sized web browsers, such as Aloha, Opera and Vivaldi (page 14).

As I pointed out in my previous work and contribution to the DMA review, one cannot simply assert that the regulation is effective based on a few positive impacts that have crystallised in the market. The EU legislator’s transformative endeavour in adopting the DMA was much more ambitious, i.e., to make markets more open, competitive and fair for consumers and businesses in the broadest sense. Behaviour such as self-preferencing, the imposition of unfair conditions to access to digital services/platforms and hindering the steering of users still persist in the market, and the EC rarely accounts for that in the regulation’s review.

The most intense self-criticism coming from the regulator laser focuses on its long-drawn experience with applying Article 6(5) DMA, given that it finds itself in a tug-of-war where a group of stakeholders will necessarily suffer the consequences of regulatory intervention (either hotels, airlines and merchants, or comparison-shopping services) (page 25). Bearing in mind that the enforcer triggered a non-compliance procedure against Google over two years ago (and has not settled for a solution until now), the EC declares that it “has not endorsed any part of Alphabet’s compliance solution for the time being” and is willing to back a technical solution that “consider(s) the interests of all participants in the market” (page 26). In other words, the EC does not seek to disadvantage any interested group in the DMA’s application through its enforcement, even if it finds itself between a rock and a hard place.

But the moment of self-reflection does not display again in the EC’s review of its enforcement on the DMA. Instead, the enforcer puts forward its many achievements to obscure those less-than-optimal impacts that the regulation has brought to the market. For example, it highlights that “as a result of Article 6(4), several third-party app stores began distributing apps on iOS/iPadOS, including the Epic Games Store, Aptoide, AltStore PAL, mobivention, and Skich” (page 20). The impact is illustrated with anecdotical evidence referring to the alternative app store “AltStore (which) recorded an overall increase in (the) number of distinct apps installed through its store since the launch of its service” (page 21). Outcomes such as Ukranian Setapp Mobile’s departure of the app store market due to the complex business terms that Apple has introduced as compliance with the same provision are left out of the scope of the DMA’s review. This is particularly discouraging given that the whole point of the review is actually to contrast the positive impacts that the regulation has delivered (that I, for the record, do not contest and commend the EC for their achievement) with the unanticipated negative economic effects that the DMA has caused in practice. That is precisely how regulations become future-proof and resilient over time.

It is true, however, that the enforcer recognises that not all provisions cannot be expected to deliver on results in the space of 2 years. First, because business opportunities opened by the DMA do not transform into reality automatically as the EC gets the job well done. The enforcer revisits over and over again the idea that it must do more to raise the knowledge and awareness surrounding the opportunities for business opened by the regulation (page 54). Even if the enforcer prioritises relevant DMA provisions impacting millions of business users (as it did on Apple’s anti-steering case), business users need time to adapt to the new opportunities created by their implementation and to develop or adjust their business models accordingly (page 16). Second, because there are instances where the EC has simply de-prioritised the implementation of some of the DMA’s provisions in favour of concentrating on the most blatant infringements of the regulation taking place with regard to one of the key mandates embedded in it. This is not me saying that the EC has de-prioritised certain provisions. Actually, the EC recognises that “there are other obligations that have been less the focus of the ongoing regulatory dialogue as the Commission did not receive substantiated complaints pointing at compliance issues” (page 35). Due to this reason, the EC recognises that “the DMA has not yet achieved its full potential” (page 69), but it fails to account for the shortcomings of the DMA’s application in practice.

What about harmonisation?

The DMA review acknowledges that the regulation contains a three-fold goal: to secure contestable and fair markets in the digital space, “as well as ensuring that business users and end users of CPSs provided by gatekeepers benefit from consistent regulatory safeguards throughout the EU against unfair practices of gatekeepers”. Harmonisation is also tied to the objective of ensuring that “regulated companies follow a single rulebook in the internal market” (page 4 of the Report). This has not been the case for the first two years of the DMA’s application, but the review stays silent on this front as well, despite stakeholder contributions stressing the fact that the EC’s role as the sole enforcer of the DMA has been increasingly eroding (page 66 of the Staff Working Document). On this particular note, the DMA review does not touch upon the deviations that the Member States have introduced through their transposition of the DMA into their national regimes, as a recent paper on the DMA’s de facto decentralisation illustrated.

On the side of public enforcement, the EC highlights that the “NCAs and the Commission also worked closely together to coordinate the scope of their respective enforcement actions” (page 63). The enforcer exemplifies the close cooperation with the NCAs by setting forth of the Bundeskartellamt’s use of Section 19a GWB that entailed the expansion of the Article 5(2) remedies to Google’s non-designated CPSs. Once again, the regulator fails to account for similar cases that have not delivered on harmonisation-prone results, such as the Italian competition authority’s interpretation of Article 5(2) DMA and the Bundeskartellamt’s Amazon price gouging case. To solve the impending fragmentation problems of the concurrent application of national competition law regimes under Article 1(6) DMA, the DMA’s review remains at a standstill.

Regarding private enforcement, the EC does acknowledge the existing “ten proceedings before national courts relying on different provisions of the DMA (…) (in) France, Germany, the Netherlands and Poland” (page 66). Despite that the DMA provides that the European Commission can intervene as an amicus curiae to national courts to ensure a consistent application of the DMA, the enforcer has refused to do so in all proceedings open at the national level. The regulator promises to closely monitor further developments (i.e., when those cases move to higher instance courts) “to ensure consistency and the effective complementary role of the private enforcement in ensuring compliance” (page 67). The EC acknowledges the potential for fragmentation that may arise from private enforcement, without recognising that some judicial outcomes already can pre-empt the direction of gatekeeper compliance strategies with the DMA.

Aside from that, the EC’s review of the regulation does not touch upon an additional aspect of (the failure of) harmonisation. Designated gatekeepers have the power to fragment the internal market (and the global market) further through their compliance solutions, as they have done with narrowly defined relevant markets in antitrust cases. For instance, Google implemented a technical solution for its compliance with Article 5(4) DMA that ranks European users depending on their nationality, so that developers will have to pay more for steering a German user than a Polish one. Similarly, Apple decided when the DMA was adopted that it would roll out two different versions of the iOS: a version for the EU and a version for the rest of the World, increasing overhead costs for all developers wishing to enjoy the business opportunities unlocked by the DMA.

By leaving out most of the developments happening in the field that can erode the DMA’s harmonisation objective, the EC’s review secures a clean sheet, whilst business users face the music of exercising their rights pursuant to the DMA in an increasingly fragmented digital landscape.

Room for improvement in enforcement (and uncertainty)

The DMA was adopted based on the premise of quick and effective enforcement. And this is something that the review does not remark on, but it is certainly one of the core principles inspiring the EC’s DMA actions. The need for speed in terms of digital rule-making was a particularly convincing argument when the enforcer had found six undertakings met the gatekeeper requirements and the obligations had not yet kicked in.

At that time, to ramp up gatekeeper compliance and DMA compliance, the EC decided to take a far-from-orthodox stance: it nailed down all remaining details relating to enforcement in the form of templates (e.g., the EC’s Templates on Requests for Specification Dialogues, Suspension Requests and Exemption Requests, as well as the Compliance Report Template Form or the Consumer Profiling Report Template, all available here). The DMA establishes that the EC can adopt implementing acts to flesh out different aspects of enforcement. However, the EC decided to issue these templates instead. Needless to say, the templates did not follow the same procedure as the DMA’s Implementing Regulation nor where they published on the Official Journal of the European Union when they were finally approved. As a matter of fact, the EC recognises on the header of each Template that it “may regularly update this template”, i.e., via the publication of a new version of the Template on the EC’s website (for my criticism of this approach, see here).

According to the EC, this approach is to be commended and further expanded to cover the deficiencies of its current enforcement because it “facilitate(s) the process and (…) set(s) expectations on the extent of information to be reported” (page 38). In fact, the Commission plans to review the Compliance Report Template Form to streamline reporting obligations, reduce any unnecessary information requirements and provide more specificity, particularly regarding compliance indicators (page 61). This is one of the few aspects included in the EC’s forward-looking stance towards the DMA, and it is grounded on a practice that lies well outside the regulation’s framework.

On the contrary, the EC also seeks to transform a wrong into a right by enhancing third-party participation in DMA enforcement. As documented by Cseres and de Korte, the regulation does not grant any formal role to third parties in its supervision or enforcement mechanisms and limits their participation to that of passive informants. Although the EC has not put pen to paper, it at least recognises in the DMA’s review that it will “further reflect on whether to revise the Implementing Regulation to take on board the suggestions made by stakeholders to further improve its proceedings and ensure wider access to information for third parties” (page 62).

Are amendments to the DMA necessary to cover the gaping holes of cloud and AI?

The short answer is maybe.

For the particular case of AI services, all options are open, since the EC recognises that it “will continue monitoring developments in the area (of AI) as a matter of priority, ensuring full compliance with the DMA where AI technologies or services are either an integral part of designated CPS or a distinct service potentially warranting designation” (page 11 of the Report). In other words, the EC can either continue with its current enforcement strategy of addressing AI-related concerns by considering that AI features are embedded into existing CPSs or, it can decide that an amendment is necessary to complete the DMA’s scope of application. The latter option seems more distant from the EC’s current priorities, since it recognises that “the DMA will not be able to tackle every competition issue in the AI value chain” (page 48 of the Staff Working Document). This might signal that the EC has less of an appetite to leave it in the EP’s and Council’s hands to integrate AI correctly into the regulation. For cloud computing services, the EC is much more cautious in signalling its preliminary stance, given that the market investigation is still ongoing and will not be complete for some time now (e.g., in page 43, the enforcer simply notes the distinct competitive dynamics of cloud services).

Key takeaways

The EC’s review paints an overly flattering picture of the regulation’s first two years, given that it selectively highlights positive outcomes whilst ignoring the many shortcomings of the DMA’s enforcement. The enforcer is right to commend certain developments that have been achieved via the regulation, but one cannot assess regulatory effectiveness on cherry-picked wins alone. Regulations become future-proof and gain resilience when enforcers account for what has not worked. On that front, the DMA review has a long way to go.