With the recent publication of the Digital Markets Act (DMA) in the Official Journal of the European Union on 12 October 2022, you may wonder what the DMA is all about. This blog is here to help and explains and highlights the main elements of this new European law that are relevant for app developers. While the European institutions have finalised the high-level regulation, we are now moving into the implementation phase, during which it will be crucial for small developers to express their views, experiences, and concerns.
What is the DMA, and why does it matter to small developers?
The DMA is a new European Union (EU) law that aims to limit the market power of large online platforms. The DMA allows the European Commission (EC) to designate large online platforms as ‘gatekeepers‘ if they meet certain quantitative thresholds, and then subjects them to obligations and prescribes things they can and cannot do. By creating new obligations for ‘gatekeeping’ platforms, the DMA will have far-reaching consequences for the companies that operate on them, including small app developers and tech small and medium-sized enterprises (SMEs).
Whom does the DMA directly apply to?
The European Commission can only designate undertakings that provide a core platform service (CPS) and that meet three quantitative thresholds as a gatekeeper under the DMA.
Article 2(2) of the DMA defines CPS as:
Article 3(2) defines the following quantitative thresholds to qualify as a gatekeeper:
• a minimum of €7.5 billion in annual turnover in the European Economic Area (EEA)
• a minimum of €80 billion of market capitalisation
• a minimum of 45 million monthly users and 10,000+ business users in the last year
DMA flowchart
Obligations for designated gatekeepers and their negative consequences for the app ecosystem
Once the Commission designates a company as a gatekeeper, the company needs to comply with the DMA’s requirements that can apply to its product. Articles 5, 6, and 7 contain a total of 18 obligations, which apply immediately after a company’s gatekeeper designation. The Commission can further specify obligations in Articles 6 and 7 through regulatory dialogue with the gatekeeper. The most concerning provisions for app developers require gatekeepers to:
1. Allow the uninstallation of apps and change of default settings – Art. 6(3)
This requires a gatekeeper to prompt users to choose the default apps for online search engines, virtual assistants, or web browsers by offering a limited list of the most popular third-party alternatives. Such ‘choice screens’ give consumers the impression that only a few apps exist for a certain service when, in fact, there may be dozens or hundreds of alternatives.
Our opinion: The only developers that will benefit from this obligation are those large enough to be an option on the list of choice screens, making this an artificial choice for consumers. This obligation will almost certainly lock smaller developers out of the market as they are unlikely to be included in the list of choice screen options.
2. Enable the installation and effective use of third-party software apps or app stores on end users’ devices (mandated sideloading) – Art. 6(4)
Consumers are willing to trust apps they download from app stores because of years of positive experiences with safe and well-functioning apps. This provision will likely force mobile platform operators to allow unvetted, sideloaded software— which could include malware, spyware, and apps that only exist to cause harm—onto consumer devices by default.
Our opinion: Reducing security and trust in the app ecosystem will only ‘level the playing field’ for gatekeepers and large developers that have established brands, while further widening the gap between large and small actors. Small developers who rely on the platforms to gain consumer trust and who do not have the resources to compete with the big brands will suffer.
3. Offer free and effective interoperability with hardware and software features – Art. 6(7)
Providing access to a device’s core features to business users and providers of services and hardware without safeguards allows malicious third parties to reach sensitive device features. For example, bad actors could access cameras, contact lists, or virtual private networks without end-user permission, or track other devices in the same facility and hijack the functionality of other apps, risking end users’ security and privacy.
Our opinion: Our members rely on the safe environment that platforms provide to keep bad actors out of the app ecosystem, gain consumer trust, and innovate. This provision, thus, may unintentionally hurt them by making the app ecosystem less secure and decreasing consumer trust.
4. Provide interoperability for number-independent interpersonal communication services (NICS) – Art. 7
Interoperability between messenger services (such as WhatsApp, iMessage, or Facebook Messenger) raises concerns regarding data security, encryption, and data minimisation. For example, limiting data collection and data sharing is a key feature that providers of messenger services use to protect user privacy and differentiate themselves from gatekeepers’ services. Additionally, interoperability generally requires mirror features and common interfaces and protocols to achieve full interconnection.
Our opinion: This provision will lead to a degree of product homogenisation, limiting innovation in this field.
Can SMEs become gatekeepers?
In short, no. SMEs are specifically excluded from gatekeeper status although the EC may place some obligations on what it considers ‘emerging gatekeepers’.
However, if a company providing a CPS has a significant impact on the internal market and maintains a leading market position, or is likely to do so in the near future, it can be designated as an emerging gatekeeper, even if it does not currently meet the quantitative thresholds.
What’s next?
The DMA will enter into force on 1 November 2022 and will apply as of 2 May 2023. The designation of gatekeepers will take place in mid-2023, and companies will have to comply from March 2024. On 5 December 2022, the Commission will host its first technical workshop covering the effective regulation of the DMA. This session will focus on the practical application of the DMA’s self-preferencing ban (per Article 6(5) of the DMA).
If the DMA will affect your app, service, or product, contact us so we can help bring your feedback to the upcoming European Commission workshops and market testing that will be part of the DMA’s implementation phase. We will be sure to keep you informed on all relevant DMA updates, and please let us know if you have any questions in the meantime.