Chapter III – Practices of Gatekeepers that limit contestability or are unfair (Art. 5-15)
Art. 5 DMA - Obligations for gatekeepers arrow_right_alt
- The gatekeeper shall comply with all obligations set out in this Article with respect to each of its core platform services listed in the designation decision pursuant to Article 3(9).
- The gatekeeper shall not do any of the following:
- process, for the purpose of providing online advertising services, personal data of end users using services of third parties that make use of core platform services of the gatekeeper;
- combine personal data from the relevant core platform service with personal data from any further core platform services or from any other services provided by the gatekeeper or with personal data from third-party services;
- cross-use personal data from the relevant core platform service in other services provided separately by the gatekeeper, including other core platform services, and vice versa; and
- sign in end users to other services of the gatekeeper in order to combine personal data,
unless the end user has been presented with the specific choice and has given consent within the meaning of Article 4, point (11), and Article 7 of Regulation (EU) 2016/679.
Where the consent given for the purposes of the first subparagraph has been refused or withdrawn by the end user, the gatekeeper shall not repeat its request for consent for the same purpose more than once within a period of one year.
This paragraph is without prejudice to the possibility for the gatekeeper to rely on Article 6(1), points (c), (d) and (e) of Regulation (EU) 2016/679, where applicable.
- The gatekeeper shall not prevent business users from offering the same products or services to end users through third-party online intermediation services or through their own direct online sales channel at prices or conditions that are different from those offered through the online intermediation services of the gatekeeper.
- The gatekeeper shall allow business users, free of charge, to communicate and promote offers, including under different conditions, to end users acquired via its core platform service or through other channels, and to conclude contracts with those end users, regardless of whether, for that purpose, they use the core platform services of the gatekeeper.
- The gatekeeper shall allow end users to access and use, through its core platform services, content, subscriptions, features or other items, by using the software application of a business user, including where those end users acquired such items from the relevant business user without using the core platform services of the gatekeeper.
- The gatekeeper shall not directly or indirectly prevent or restrict business users or end users from raising any issue of non-compliance with the relevant Union or national law by the gatekeeper with any relevant public authority, including national courts, related to any practice of the gatekeeper. This is without prejudice to the right of business users and gatekeepers to lay down in their agreements the terms of use of lawful complaints-handling mechanisms.
- The gatekeeper shall not require end users to use, or business users to use, to offer, or to interoperate with, an identification service, a web browser engine or a payment service, or technical services that support the provision of payment services, such as payment systems for in-app purchases, of that gatekeeper in the context of services provided by the business users using that gatekeeper’s core platform services.
- The gatekeeper shall not require business users or end users to subscribe to, or register with, any further core platform services listed in the designation decision pursuant to Article 3(9) or which meet the thresholds in Article 3(2), point (b), as a condition for being able to use, access, sign up for or registering with any of that gatekeeper’s core platform services listed pursuant to that Article.
- The gatekeeper shall provide each advertiser to which it supplies online advertising services, or third parties authorised by advertisers, upon the advertiser’s request, with information on a daily basis free of charge, concerning each advertisement placed by the advertiser, regarding:
- the price and fees paid by that advertiser, including any deductions and surcharges, for each of the relevant online advertising services provided by the gatekeeper,
- the remuneration received by the publisher, including any deductions and surcharges, subject to the publisher’s consent; and
- the metrics on which each of the prices, fees and remunerations are calculated.
In the event that a publisher does not consent to the sharing of information regarding the remuneration received, as referred to in point (b) of the first subparagraph, the gatekeeper shall provide each advertiser free of charge with information concerning the daily average remuneration received by that publisher, including any deductions and surcharges, for the relevant advertisements.
- The gatekeeper shall provide each publisher to which it supplies online advertising services, or third parties authorised by publishers, upon the publisher’s request, with free of charge information on a daily basis, concerning each advertisement displayed on the publisher’s inventory, regarding:
- the remuneration received and the fees paid by that publisher, including any deductions and surcharges, for each of the relevant online advertising services provided by the gatekeeper;
- the price paid by the advertiser, including any deductions and surcharges, subject to the advertiser’s consent; and
- the metrics on which each of the prices and remunerations are calculated.
In the event an advertiser does not consent to the sharing of information, the gatekeeper shall provide each publisher free of charge with information concerning the daily average price paid by that advertiser, including any deductions and surcharges, for the relevant advertisements.
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
Recital 31
To safeguard the contestability and fairness of core platform services provided by gatekeepers, it is necessary to provide in a clear and unambiguous manner for a set of harmonised rules with regard to those services. Such rules are needed to address the risk of harmful effects of practices by gatekeepers, to the benefit of the business environment in the services concerned, of users and ultimately of society as a whole. The obligations correspond to those practices that are considered as undermining contestability or as being unfair, or both, when taking into account the features of the digital sector and which have a particularly negative direct impact on business users and end users. It should be possible for the obligations laid down by this Regulation to specifically take into account the nature of the core platform services provided. The obligations in this Regulation should not only ensure contestability and fairness with respect to core platform services listed in the designation decision, but also with respect to other digital products and services into which gatekeepers leverage their gateway position, which are often provided together with, or in support of, the core platform services.
Recital 32
For the purpose of this Regulation, contestability should relate to the ability of undertakings to effectively overcome barriers to entry and expansion and challenge the gatekeeper on the merits of their products and services. The features of core platform services in the digital sector, such as network effects, strong economies of scale, and benefits from data have limited the contestability of those services and the related ecosystems. Such a weak contestability reduces the incentives to innovate and improve products and services for the gatekeeper, its business users, its challengers and customers and thus negatively affects the innovation potential of the wider online platform economy. Contestability of the services in the digital sector can also be limited if there is more than one gatekeeper for a core platform service. This Regulation should therefore ban certain practices by gatekeepers that are liable to increase barriers to entry or expansion, and impose certain obligations on gatekeepers that tend to lower those barriers. The obligations should also address situations where the position of the gatekeeper may be entrenched to such an extent that inter-platform competition is not effective in the short term, meaning that intra-platform competition needs to be created or increased.
Recital 33
For the purpose of this Regulation, unfairness should relate to an imbalance between the rights and obligations of business users where the gatekeeper obtains a disproportionate advantage. Market participants, including business users of core platform services and alternative providers of services provided together with, or in support of, such core platform services, should have the ability to adequately capture the benefits resulting from their innovative or other efforts. Due to their gateway position and superior bargaining power, it is possible that gatekeepers engage in behaviour that does not allow others to capture fully the benefits of their own contributions, and unilaterally set unbalanced conditions for the use of their core platform services or services provided together with, or in support of, their core platform services. Such imbalance is not excluded by the fact that the gatekeeper offers a particular service free of charge to a specific group of users, and may also consist in excluding or discriminating against business users, in particular if the latter compete with the services provided by the gatekeeper. This Regulation should therefore impose obligations on gatekeepers addressing such behaviour.
Recital 34
Contestability and fairness are intertwined. The lack of, or weak, contestability for a certain service can enable a gatekeeper to engage in unfair practices. Similarly, unfair practices by a gatekeeper can reduce the possibility of business users or others to contest the gatekeeper’s position. A particular obligation in this Regulation may, therefore, address both elements.
Recital 35
The obligations laid down in this Regulation are therefore necessary to address identified public policy concerns, there being no alternative and less restrictive measures that would effectively achieve the same result, having regard to the need to safeguard public order, protect privacy and fight fraudulent and deceptive commercial practices.
Recital 36
Gatekeepers often directly collect personal data of end users for the purpose of providing online advertising services when end users use third-party websites and software applications. Third parties also provide gatekeepers with personal data of their end users in order to make use of certain services provided by the gatekeepers in the context of their core platform services, such as custom audiences. The processing, for the purpose of providing online advertising services, of personal data from third parties using core platform services gives gatekeepers potential advantages in terms of accumulation of data, thereby raising barriers to entry. This is because gatekeepers process personal data from a significantly larger number of third parties than other undertakings. Similar advantages result from the conduct of (i) combining end user personal data collected from a core platform service with data collected from other services; (ii) cross-using personal data from a core platform service in other services provided separately by the gatekeeper, notably services which are not provided together with, or in support of, the relevant core platform service, and vice versa; or (iii) signing-in end users to different services of gatekeepers in order to combine personal data. To ensure that gatekeepers do not unfairly undermine the contestability of core platform services, gatekeepers should enable end users to freely choose to opt-in to such data processing and sign-in practices by offering a less personalised but equivalent alternative, and without making the use of the core platform service or certain functionalities thereof conditional upon the end user’s consent. This should be without prejudice to the gatekeeper processing personal data or signing in end users to a service, relying on the legal basis under Article 6(1), points (c), (d) and (e), of Regulation (EU) 2016/679, but not on Article 6(1), points (b) and (f) of that Regulation.
Recital 37
The less personalised alternative should not be different or of degraded quality compared to the service provided to the end users who provide consent, unless a degradation of quality is a direct consequence of the gatekeeper not being able to process such personal data or signing in end users to a service. Not giving consent should not be more difficult than giving consent. When the gatekeeper requests consent, it should proactively present a user-friendly solution to the end user to provide, modify or withdraw consent in an explicit, clear and straightforward manner. In particular, consent should be given by a clear affirmative action or statement establishing a freely given, specific, informed and unambiguous indication of agreement by the end user, as defined in Regulation (EU) 2016/679. At the time of giving consent, and only where applicable, the end user should be informed that not giving consent can lead to a less personalised offer, but that otherwise the core platform service will remain unchanged and that no functionalities will be suppressed. Exceptionally, if consent cannot be given directly to the gatekeeper’s core platform service, end users should be able to give consent through each third-party service that makes use of that core platform service, to allow the gatekeeper to process personal data for the purposes of providing online advertising services.
Lastly, it should be as easy to withdraw consent as to give it. Gatekeepers should not design, organise or operate their online interfaces in a way that deceives, manipulates or otherwise materially distorts or impairs the ability of end users to freely give consent. In particular, gatekeepers should not be allowed to prompt end users more than once a year to give consent for the same processing purpose in respect of which they initially did not give consent or withdrew their consent. This Regulation is without prejudice to Regulation (EU) 2016/679, including its enforcement framework, which remains fully applicable with respect to any claims by data subjects relating to an infringement of their rights under that Regulation.
Recital 38
Children merit specific protection with regard to their personal data, in particular as regards the use of their personal data for the purposes of commercial communication or creating user profiles. The protection of children online is an important objective of the Union and should be reflected in the relevant Union law. In this context, due regard should be given to a Regulation on a single market for digital services. Nothing in this Regulation exempts gatekeepers from the obligation to protect children laid down in applicable Union law.
Recital 39
In certain cases, for instance through the imposition of contractual terms and conditions, gatekeepers can restrict the ability of business users of their online intermediation services to offer products or services to end users under more favourable conditions, including price, through other online intermediation services or through direct online sales channels. Where such restrictions relate to third-party online intermediation services, they limit inter-platform contestability, which in turn limits choice of alternative online intermediation services for end users. Where such restrictions relate to direct online sales channels, they unfairly limit the freedom of business users to use such channels. To ensure that business users of online intermediation services of gatekeepers can freely choose alternative online intermediation services or direct online sales channels and differentiate the conditions under which they offer their products or services to end users, it should not be accepted that gatekeepers limit business users from choosing to differentiate commercial conditions, including price. Such a restriction should apply to any measure with equivalent effect, such as increased commission rates or de-listing of the offers of business users.
Recital 40
To prevent further reinforcing their dependence on the core platform services of gatekeepers, and in order to promote multi-homing, the business users of those gatekeepers should be free to promote and choose the distribution channel that they consider most appropriate for the purpose of interacting with any end users that those business users have already acquired through core platform services provided by the gatekeeper or through other channels. This should apply to the promotion of offers, including through a software application of the business user, and any form of communication and conclusion of contracts between business users and end users. An acquired end user is an end user who has already entered into a commercial relationship with the business user and, where applicable, the gatekeeper has been directly or indirectly remunerated by the business user for facilitating the initial acquisition of the end user by the business user. Such commercial relationships can be on either a paid or a free basis, such as free trials or free service tiers, and can have been entered into either on the core platform service of the gatekeeper or through any other channel. Conversely, end users should also be free to choose offers of such business users and to enter into contracts with them either through core platform services of the gatekeeper, if applicable, or from a direct distribution channel of the business user or another indirect channel that such business user uses.
Recital 41
The ability of end users to acquire content, subscriptions, features or other items outside the core platform services of the gatekeeper should not be undermined or restricted. In particular, a situation should be avoided whereby gatekeepers restrict end users from access to, and use of, such services via a software application running on their core platform service. For example, subscribers to online content purchased outside a software application, software application store or virtual assistant should not be prevented from accessing such online content on a software application on the core platform service of the gatekeeper simply because it was purchased outside such software application, software application store or virtual assistant.
Recital 42
To safeguard a fair commercial environment and protect the contestability of the digital sector it is important to safeguard the right of business users and end users, including whistleblowers, to raise concerns about unfair practices by gatekeepers raising any issue of non-compliance with the relevant Union or national law with any relevant administrative or other public authorities, including national courts. For example, it is possible that business users or end users will want to complain about different types of unfair practices, such as discriminatory access conditions, unjustified closing of business user accounts or unclear grounds for product de-listings. Any practice that would in any way inhibit or hinder those users in raising their concerns or in seeking available redress, for instance by means of confidentiality clauses in agreements or other written terms, should therefore be prohibited. This prohibition should be without prejudice to the right of business users and gatekeepers to lay down in their agreements the terms of use including the use of lawful complaints-handling mechanisms, including any use of alternative dispute resolution mechanisms or of the jurisdiction of specific courts in compliance with respective Union and national law. This should also be without prejudice to the role gatekeepers play in the fight against illegal content online.
Recital 43
Certain services provided together with, or in support of, relevant core platform services of the gatekeeper, such as identification services, web browser engines, payment services or technical services that support the provision of payment services, such as payment systems for in-app purchases, are crucial for business users to conduct their business and allow them to optimise services. In particular, each browser is built on a web browser engine, which is responsible for key browser functionality such as speed, reliability and web compatibility. When gatekeepers operate and impose web browser engines, they are in a position to determine the functionality and standards that will apply not only to their own web browsers, but also to competing web browsers and, in turn, to web software applications. Gatekeepers should therefore not use their position to require their dependent business users to use any of the services provided together with, or in support of, core platform services by the gatekeeper itself as part of the provision of services or products by those business users. In order to avoid a situation in which gatekeepers indirectly impose on business users their own services provided together with, or in support of, core platform services, gatekeepers should also be prohibited from requiring end users to use such services, when that requirement would be imposed in the context of the service provided to end users by the business user using the core platform service of the gatekeeper. That prohibition aims to protect the freedom of the business user to choose alternative services to the ones of the gatekeeper, but should not be construed as obliging the business user to offer such alternatives to its end users.
Recital 44
The conduct of requiring business users or end users to subscribe to, or register with, any other core platform services of gatekeepers listed in the designation decision or which meet the thresholds of active end users and business users set out in this Regulation, as a condition for using, accessing, signing up for or registering with a core platform service gives the gatekeepers a means of capturing and locking-in new business users and end users for their core platform services by ensuring that business users cannot access one core platform service without also at least registering or creating an account for the purposes of receiving a second core platform service. That conduct also gives gatekeepers a potential advantage in terms of accumulation of data. As such, this conduct is liable to raise barriers to entry and should be prohibited.
Recital
The conditions under which gatekeepers provide online advertising services to business users, including both advertisers and publishers, are often non-transparent and opaque. This opacity is partly linked to the practices of a few platforms, but is also due to the sheer complexity of modern day programmatic advertising. That sector is considered to have become less transparent after the introduction of new privacy legislation. This often leads to a lack of information and knowledge for advertisers and publishers about the conditions of the online advertising services they purchase and undermines their ability to switch between undertakings providing online advertising services. Furthermore, the costs of online advertising services under these conditions are likely to be higher than they would be in a fairer, more transparent and contestable platform environment. Those higher costs are likely to be reflected in the prices that end users pay for many daily products and services relying on the use of online advertising services. Transparency obligations should therefore require gatekeepers to provide advertisers and publishers to whom they supply online advertising services, when requested, with free of charge information that allows both sides to understand the price paid for each of the different online advertising services provided as part of the relevant advertising value chain.
This information should be provided, upon request, to an advertiser at the level of an individual advertisement in relation to the price and fees charged to that advertiser and, subject to an agreement by the publisher owning the inventory where the advertisement is displayed, the remuneration received by that consenting publisher. The provision of this information on a daily basis will allow advertisers to receive information that has a sufficient level of granularity necessary to compare the costs of using the online advertising services of gatekeepers with the costs of using online advertising services of alternative undertakings. Where some publishers do not provide their consent to the sharing of the relevant information with the advertiser, the gatekeeper should provide the advertiser with the information about the daily average remuneration received by those publishers for the relevant advertisements. The same obligation and principles of sharing the relevant information concerning the provision of online advertising services should apply in respect of requests by publishers. Since gatekeepers can use different pricing models for the provision of online advertising services to advertisers and publishers, for instance a price per impression, per view or any other criterion, gatekeepers should also provide the method with which each of the prices and remunerations are calculated.
Art. 6 DMA - Obligations for gatekeepers susceptible of being further specified under Article 8 arrow_right_alt
- The Gatekeeper shall comply with all obligations set out in this Article with respect to each of its core platform services listed in the designation decision pursuant to Article 3(9).
- The gatekeeper shall not use, in competition with business users, any data that is not publicly available that is generated or provided by those business users in the context of their use of the relevant core platform services or of the services provided together with, or in support of, the relevant core platform services, including data generated or provided by the customers of those business users.
For the purposes of the first subparagraph, the data that is not publicly available shall include any aggregated and non-aggregated data generated by business users that can be inferred from, or collected through, the commercial activities of business users or their customers, including click, search, view and voice data, on the relevant core platform services or on services provided together with, or in support of, the relevant core platform services of the gatekeeper.
- The gatekeeper shall allow and technically enable end users to easily un-install any software applications on the operating system of the gatekeeper, without prejudice to the possibility for that gatekeeper to restrict such un-installation in relation to software applications that are essential for the functioning of the operating system or of the device and which cannot technically be offered on a standalone basis by third parties.
The gatekeeper shall allow and technically enable end users to easily change default settings on the operating system, virtual assistant and web browser of the gatekeeper that direct or steer end users to products or services provided by the gatekeeper. That includes prompting end users, at the moment of the end users’ first use of an online search engine, virtual assistant or web browser of the gatekeeper listed in the designation decision pursuant to Article 3(9), to choose, from a list of the main available service providers, the online search engine, virtual assistant or web browser to which the operating system of the gatekeeper directs or steers users by default, and the online search engine to which the virtual assistant and the web browser of the gatekeeper directs or steers users by default.
- The gatekeeper shall allow and technically enable the installation and effective use of third-party software applications or software application stores using, or interoperating with, its operating system and allow those software applications or software application stores to be accessed by means other than the relevant core platform services of that gatekeeper. The gatekeeper shall, where applicable, not prevent the downloaded third-party software applications or software application stores from prompting end users to decide whether they want to set that downloaded software application or software application store as their default. The gatekeeper shall technically enable end users who decide to set that downloaded software application or software application store as their default to carry out that change easily.
The gatekeeper shall not be prevented from taking, to the extent that they are strictly necessary and proportionate, measures to ensure that third-party software applications or software application stores do not endanger the integrity of the hardware or operating system provided by the gatekeeper, provided that such measures are duly justified by the gatekeeper.
Furthermore, the gatekeeper shall not be prevented from applying, to the extent that they are strictly necessary and proportionate, measures and settings other than default settings, enabling end users to effectively protect security in relation to third-party software applications or software application stores, provided that such measures and settings other than default settings are duly justified by the gatekeeper.
- The gatekeeper shall not treat more favourably, in ranking and related indexing and crawling, services and products offered by the gatekeeper itself than similar services or products of a third party. The gatekeeper shall apply transparent, fair and non-discriminatory conditions to such ranking.
- The gatekeeper shall not restrict technically or otherwise the ability of end users to switch between, and subscribe to, different software applications and services that are accessed using the core platform services of the gatekeeper, including as regards the choice of Internet access services for end users.
- The gatekeeper shall allow providers of services and providers of hardware, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same hardware and software features accessed or controlled via the operating system or virtual assistant listed in the designation decision pursuant to Article 3(9) as are available to services or hardware provided by the gatekeeper. Furthermore, the gatekeeper shall allow business users and alternative providers of services provided together with, or in support of, core platform services, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same operating system, hardware or software features, regardless of whether those features are part of the operating system, as are available to, or used by, that gatekeeper when providing such services.
The gatekeeper shall not be prevented from taking strictly necessary and proportionate measures to ensure that interoperability does not compromise the integrity of the operating system, virtual assistant, hardware or software features provided by the gatekeeper, provided that such measures are duly justified by the gatekeeper.
- The gatekeeper shall provide advertisers and publishers, as well as third parties authorised by advertisers and publishers, upon their request and free of charge, with access to the performance measuring tools of the gatekeeper and the data necessary for advertisers and publishers to carry out their own independent verification of the advertisements inventory, including aggregated and non-aggregated data. Such data shall be provided in a manner that enables advertisers and publishers to run their own verification and measurement tools to assess the performance of the core platform services provided for by the gatekeepers.
- The gatekeeper shall provide end users and third parties authorised by an end user, at their request and free of charge, with effective portability of data provided by the end user or generated through the activity of the end user in the context of the use of the relevant core platform service, including by providing, free of charge, tools to facilitate the effective exercise of such data portability, and including by the provision of continuous and real-time access to such data.
- The gatekeeper shall provide business users and third parties authorised by a business user, at their request, free of charge, with effective, high-quality, continuous and real-time access to, and use of, aggregated and non-aggregated data, including personal data, that is provided for or generated in the context of the use of the relevant core platform services or services provided together with, or in support of, the relevant core platform services by those business users and the end users engaging with the products or services provided by those business users. With regard to personal data, the gatekeeper shall provide for such access to, and use of, personal data only where the data are directly connected with the use effectuated by the end users in respect of the products or services offered by the relevant business user through the relevant core platform service, and when the end users opt in to such sharing by giving their consent.
- The gatekeeper shall provide to any third-party undertaking providing online search engines, at its request, with access on fair, reasonable and non-discriminatory terms to ranking, query, click and view data in relation to free and paid search generated by end users on its online search engines. Any such query, click and view data that constitutes personal data shall be anonymised.
- The gatekeeper shall apply fair, reasonable, and non-discriminatory general conditions of access for business users to its software application stores, online search engines and online social networking services listed in the designation decision pursuant to Article 3(9).
For that purpose, the gatekeeper shall publish general conditions of access, including an alternative dispute settlement mechanism.
The Commission shall assess whether the published general conditions of access comply with this paragraph.
- The gatekeeper shall not have general conditions for terminating the provision of a core platform service that are disproportionate. The gatekeeper shall ensure that the conditions of termination can be exercised without undue difficulty.
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
Recital 46
In certain circumstances, a gatekeeper has a dual role as an undertaking providing core platform services, whereby it provides a core platform service, and possibly other services provided together with, or in support of, that core platform service to its business users, while also competing or intending to compete with those same business users in the provision of the same or similar services or products to the same end users. In those circumstances, a gatekeeper can take advantage of its dual role to use data, generated or provided by its business users in the context of activities by those business users when using the core platform services or the services provided together with, or in support of, those core platform services, for the purpose of its own services or products. The data of the business user can also include any data generated by or provided during the activities of its end users. This can be the case, for instance, where a gatekeeper provides an online marketplace or a software application store to business users, and at the same time provides services as an undertaking providing online retail services or software applications. To prevent gatekeepers from unfairly benefitting from their dual role, it is necessary to ensure that they do not use any aggregated or non-aggregated data, which could include anonymised and personal data that is not publicly available to provide similar services to those of their business users. That obligation should apply to the gatekeeper as a whole, including but not limited to its business unit that competes with the business users of a core platform service.
Recital 47
Business users can also purchase online advertising services from an undertaking providing core platform services for the purpose of providing goods and services to end users. In this case, it can happen that the data are not generated on the core platform service, but are provided to the core platform service by the business user or are generated based on its operations through the core platform service concerned. In certain instances, that core platform service providing advertising can have a dual role as both an undertaking providing online advertising services and an undertaking providing services competing with business users. Accordingly, the obligation prohibiting a dual role gatekeeper from using data of business users should apply also with respect to the data that a core platform service has received from businesses for the purpose of providing online advertising services related to that core platform service.
Recital 48
In relation to cloud computing services, the obligation not to use the data of business users should extend to data provided or generated by business users of the gatekeeper in the context of their use of the cloud computing service of the gatekeeper, or through its software application store that allows end users of cloud computing services access to software applications. That obligation should not affect the right of the gatekeeper to use aggregated data for providing other services provided together with, or in support of, its core platform service, such as data analytics services, subject to compliance with Regulation (EU) 2016/679 and Directive 2002/58/EC, as well as with the relevant obligations in this Regulation concerning such services.
Recital 49
A gatekeeper can use different means to favour its own or third-party services or products on its operating system, virtual assistant or web browser, to the detriment of the same or similar services that end users could obtain through other third parties. This can for instance happen where certain software applications or services are pre-installed by a gatekeeper. To enable end user choice, gatekeepers should not prevent end users from un-installing any software applications on their operating system. It should be possible for the gatekeeper to restrict such un-installation only when such software applications are essential to the functioning of the operating system or the device. Gatekeepers should also allow end users to easily change the default settings on the operating system, virtual assistant and web browser when those default settings favour their own software applications and services. This includes prompting a choice screen, at the moment of the users’ first use of an online search engine, virtual assistant or web browser of the gatekeeper listed in the designation decision, allowing end users to select an alternative default service when the operating system of the gatekeeper directs end users to those online search engine, virtual assistant or web browser and when the virtual assistant or the web browser of the gatekeeper direct the user to the online search engine listed in the designation decision.
Recital 50
The rules that a gatekeeper sets for the distribution of software applications can, in certain circumstances, restrict the ability of end users to install and effectively use third-party software applications or software application stores on hardware or operating systems of that gatekeeper and restrict the ability of end users to access such software applications or software application stores outside the core platform services of that gatekeeper. Such restrictions can limit the ability of developers of software applications to use alternative distribution channels and the ability of end users to choose between different software applications from different distribution channels and should be prohibited as unfair and liable to weaken the contestability of core platform services. To ensure contestability, the gatekeeper should furthermore allow the third-party software applications or software application stores to prompt the end user to decide whether that service should become the default and enable that change to be carried out easily.
In order to ensure that third-party software applications or software application stores do not endanger the integrity of the hardware or operating system provided by the gatekeeper, it should be possible for the gatekeeper concerned to implement proportionate technical or contractual measures to achieve that goal if the gatekeeper demonstrates that such measures are necessary and justified and that there are no less-restrictive means to safeguard the integrity of the hardware or operating system. The integrity of the hardware or the operating system should include any design options that need to be implemented and maintained in order for the hardware or the operating system to be protected against unauthorised access, by ensuring that security controls specified for the hardware or the operating system concerned cannot be compromised. Furthermore, in order to ensure that third-party software applications or software application stores do not undermine end users’ security, it should be possible for the gatekeeper to implement strictly necessary and proportionate measures and settings, other than default settings, enabling end users to effectively protect security in relation to third-party software applications or software application stores if the gatekeeper demonstrates that such measures and settings are strictly necessary and justified and that there are no less-restrictive means to achieve that goal. The gatekeeper should be prevented from implementing such measures as a default setting or as pre-installation.
Recital 51
Gatekeepers are often vertically integrated and offer certain products or services to end users through their own core platform services, or through a business user over which they exercise control which frequently leads to conflicts of interest. This can include the situation whereby a gatekeeper provides its own online intermediation services through an online search engine. When offering those products or services on the core platform service, gatekeepers can reserve a better position, in terms of ranking, and related indexing and crawling, for their own offering than that of the products or services of third parties also operating on that core platform service. This can occur for instance with products or services, including other core platform services, which are ranked in the results communicated by online search engines, or which are partly or entirely embedded in online search engines results, groups of results specialised in a certain topic, displayed along with the results of an online search engine, which are considered or used by certain end users as a service distinct or additional to the online search engine.
Other instances are those of software applications which are distributed through software application stores, or videos distributed through a video-sharing platform, or products or services that are given prominence and display in the newsfeed of an online social networking service, or products or services ranked in search results or displayed on an online marketplace, or products or services offered through a virtual assistant. Such reserving of a better position of gatekeeper’s own offering can take place even before ranking following a query, such as during crawling and indexing. For example, already during crawling, as a discovery process by which new and updated content is being found, as well as indexing, which entails storing and organising of the content found during the crawling process, the gatekeeper can favour its own content over that of third parties. In those circumstances, the gatekeeper is in a dual-role position as intermediary for third-party undertakings and as undertaking directly providing products or services. Consequently, such gatekeepers have the ability to undermine directly the contestability for those products or services on those core platform services, to the detriment of business users which are not controlled by the gatekeeper.
Recital 52
In such situations, the gatekeeper should not engage in any form of differentiated or preferential treatment in ranking on the core platform service, and related indexing and crawling, whether through legal, commercial or technical means, in favour of products or services it offers itself or through a business user which it controls. To ensure that this obligation is effective, the conditions that apply to such ranking should also be generally fair and transparent. Ranking should in this context cover all forms of relative prominence, including display, rating, linking or voice results and should also include instances where a core platform service presents or communicates only one result to the end user. To ensure that this obligation is effective and cannot be circumvented, it should also apply to any measure that has an equivalent effect to the differentiated or preferential treatment in ranking. The guidelines adopted pursuant to Article 5 of Regulation (EU) 2019/1150 should also facilitate the implementation and enforcement of this obligation.
Recital 53
Gatekeepers should not restrict or prevent the free choice of end users by technically or otherwise preventing switching between or subscription to different software applications and services. This would allow more undertakings to offer their services, thereby ultimately providing greater choice to the end users. Gatekeepers should ensure a free choice irrespective of whether they are the manufacturer of any hardware by means of which such software applications or services are accessed and should not raise artificial technical or other barriers so as to make switching impossible or ineffective. The mere offering of a given product or service to consumers, including by means of pre-installation, as well as the improvement of the offering to end users, such as price reductions or increased quality, should not be construed as constituting a prohibited barrier to switching.
Recital 54
Gatekeepers can hamper the ability of end users to access online content and services, including software applications. Therefore, rules should be established to ensure that the rights of end users to access an open internet are not compromised by the conduct of gatekeepers. Gatekeepers can also technically limit the ability of end users to effectively switch between different undertakings providing internet access service, in particular through their control over hardware or operating systems. This distorts the level playing field for internet access services and ultimately harms end users. It should therefore be ensured that gatekeepers do not unduly restrict end users in choosing the undertaking providing their internet access service.
Recital 55
A gatekeeper can provide services or hardware, such as wearable devices, that access hardware or software features of a device accessed or controlled via an operating system or virtual assistant in order to offer specific functionalities to end users. In that case, competing service or hardware providers, such as providers of wearable devices, require equally effective interoperability with, and access for the purposes of interoperability to, the same hardware or software features to be able to provide a competitive offering to end users.
Recital 56
Gatekeepers can also have a dual role as developers of operating systems and device manufacturers, including any technical functionality that such a device may have. For example, a gatekeeper that is a manufacturer of a device can restrict access to some of the functionalities in that device, such as near-field-communication technology, secure elements and processors, authentication mechanisms and the software used to operate those technologies, which can be required for the effective provision of a service provided together with, or in support of, the core platform service by the gatekeeper as well as by any potential third-party undertaking providing such service.
Recital 57
If dual roles are used in a manner that prevents alternative service and hardware providers from having access under equal conditions to the same operating system, hardware or software features that are available or used by the gatekeeper in the provision of its own complementary or supporting services or hardware, this could significantly undermine innovation by such alternative providers, as well as choice for end users. The gatekeepers should, therefore, be required to ensure, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same operating system, hardware or software features that are available or used in the provision of its own complementary and supporting services and hardware. Such access can equally be required by software applications related to the relevant services provided together with, or in support of, the core platform service in order to effectively develop and provide functionalities interoperable with those provided by gatekeepers. The aim of the obligations is to allow competing third parties to interconnect through interfaces or similar solutions to the respective features as effectively as the gatekeeper’s own services or hardware.
Recital 58
The conditions under which gatekeepers provide online advertising services to business users, including both advertisers and publishers, are often non-transparent and opaque. This often leads to a lack of information for advertisers and publishers about the effect of a given advertisement. To further enhance fairness, transparency and contestability of online advertising services listed in the designation decision, as well as those that are fully integrated with other core platform services of the same undertaking, gatekeepers should provide advertisers and publishers, and third parties authorised by advertisers and publishers, when requested, with free of charge access to the gatekeepers’ performance measuring tools and the data, including aggregated and non-aggregated data, necessary for advertisers, authorised third parties such as advertising agencies acting on behalf of a company placing advertising, as well as for publishers to carry out their own independent verification of the provision of the relevant online advertising services.
Recital 59
Gatekeepers benefit from access to vast amounts of data that they collect while providing the core platform services, as well as other digital services. To ensure that gatekeepers do not undermine the contestability of core platform services, or the innovation potential of the dynamic digital sector, by restricting switching or multi-homing, end users, as well as third parties authorised by an end user, should be granted effective and immediate access to the data they provided or that was generated through their activity on the relevant core platform services of the gatekeeper. The data should be received in a format that can be immediately and effectively accessed and used by the end user or the relevant third party authorised by the end user to which the data is ported. Gatekeepers should also ensure, by means of appropriate and high quality technical measures, such as application programming interfaces, that end users or third parties authorised by end users can freely port the data continuously and in real time. This should apply also to any other data at different levels of aggregation necessary to effectively enable such portability. For the avoidance of doubt, the obligation on the gatekeeper to ensure effective portability of data under this Regulation complements the right to data portability under the Regulation (EU) 2016/679. Facilitating switching or multi-homing should lead, in turn, to an increased choice for end users and acts as an incentive for gatekeepers and business users to innovate.
Recital 60
Business users that use core platform services provided by gatekeepers, and end users of such business users provide and generate a vast amount of data. In order to ensure that business users have access to the relevant data thus generated, the gatekeeper should, upon their request, provide effective access, free of charge, to such data. Such access should also be given to third parties contracted by the business user, who are acting as processors of this data for the business user. The access should include access to data provided or generated by the same business users and the same end users of those business users in the context of other services provided by the same gatekeeper, including services provided together with or in support of core platform services, where this is inextricably linked to the relevant request. To this end, a gatekeeper should not use any contractual or other restrictions to prevent business users from accessing relevant data and should enable business users to obtain consent of their end users for such data access and retrieval, where such consent is required under Regulation (EU) 2016/679 and Directive 2002/58/EC. Gatekeepers should also ensure the continuous and real time access to such data by means of appropriate technical measures, for example by putting in place high quality application programming interfaces or integrated tools for small volume business users.
Recital 61
The value of online search engines to their respective business users and end users increases as the total number of such users increases. Undertakings providing online search engines collect and store aggregated datasets containing information about what users searched for, and how they interacted with, the results with which they were provided. Undertakings providing online search engines collect these data from searches undertaken on their own online search engine and, where applicable, searches undertaken on the platforms of their downstream commercial partners. Access by gatekeepers to such ranking, query, click and view data constitutes an important barrier to entry and expansion, which undermines the contestability of online search engines. Gatekeepers should therefore be required to provide access, on fair, reasonable and non-discriminatory terms, to those ranking, query, click and view data in relation to free and paid search generated by consumers on online search engines to other undertakings providing such services, so that those third-party undertakings can optimise their services and contest the relevant core platform services. Such access should also be given to third parties contracted by a provider of an online search engine, who are acting as processors of this data for that online search engine. When providing access to its search data, a gatekeeper should ensure the protection of the personal data of end users, including against possible re-identification risks, by appropriate means, such as anonymisation of such personal data, without substantially degrading the quality or usefulness of the data. The relevant data is anonymised if personal data is irreversibly altered in such a way that information does not relate to an identified or identifiable natural person or where personal data is rendered anonymous in such a manner that the data subject is not or is no longer identifiable.
Recital 62
For software application stores, online search engines and online social networking services listed in the designation decision, gatekeepers should publish and apply general conditions of access that should be fair, reasonable and non-discriminatory. Those general conditions should provide for a Union based alternative dispute settlement mechanism that is easily accessible, impartial, independent and free of charge for the business user, without prejudice to the business user’s own cost and proportionate measures aimed at preventing the abuse of the dispute settlement mechanism by business users. The dispute settlement mechanism should be without prejudice to the right of business users to seek redress before judicial authorities in accordance with Union and national law. In particular, gatekeepers which provide access to software application stores are an important gateway for business users that seek to reach end users. In view of the imbalance in bargaining power between those gatekeepers and business users of their software application stores, those gatekeepers should not be allowed to impose general conditions, including pricing conditions, that would be unfair or lead to unjustified differentiation.
Pricing or other general access conditions should be considered unfair if they lead to an imbalance of rights and obligations imposed on business users or confer an advantage on the gatekeeper which is disproportionate to the service provided by the gatekeeper to business users or lead to a disadvantage for business users in providing the same or similar services as the gatekeeper. The following benchmarks can serve as a yardstick to determine the fairness of general access conditions: prices charged or conditions imposed for the same or similar services by other providers of software application stores; prices charged or conditions imposed by the provider of the software application store for different related or similar services or to different types of end users; prices charged or conditions imposed by the provider of the software application store for the same service in different geographic regions; prices charged or conditions imposed by the provider of the software application store for the same service the gatekeeper provides to itself. This obligation should not establish an access right and it should be without prejudice to the ability of providers of software application stores, online search engines and online social networking services to take the required responsibility in the fight against illegal and unwanted content as set out in a Regulation on a single market for digital services.
Recital 63
Gatekeepers can hamper the ability of business users and end users to unsubscribe from a core platform service that they have previously subscribed to. Therefore, rules should be established to avoid a situation in which gatekeepers undermine the rights of business users and end users to freely choose which core platform service they use. To safeguard free choice of business users and end users, a gatekeeper should not be allowed to make it unnecessarily difficult or complicated for business users or end users to unsubscribe from a core platform service. Closing an account or un-subscribing should not be made be more complicated than opening an account or subscribing to the same service. Gatekeepers should not demand additional fees when terminating contracts with their end users or business users. Gatekeepers should ensure that the conditions for terminating contracts are always proportionate and can be exercised without undue difficulty by end users, such as, for example, in relation to the reasons for termination, the notice period, or the form of such termination. This is without prejudice to national legislation applicable in accordance with the Union law laying down rights and obligations concerning conditions of termination of provision of core platform services by end users.
Art. 7 DMA - Obligation for gatekeepers on interoperability of number-independent interpersonal communications services arrow_right_alt
- Where a gatekeeper provides number-independent interpersonal communications services that are listed in the designation decision pursuant to Article 3(9), it shall make the basic functionalities of its number-independent interpersonal communications services interoperable with the number-independent interpersonal communications services of another provider offering or intending to offer such services in the Union, by providing the necessary technical interfaces or similar solutions that facilitate interoperability, upon request, and free of charge.
- The gatekeeper shall make at least the following basic functionalities referred to in paragraph 1 interoperable where the gatekeeper itself provides those functionalities to its own end users:
- following the listing in the designation decision pursuant to Article 3(9):
- end-to-end text messaging between two individual end users;
- sharing of images, voice messages, videos and other attached files in end to end communication between two individual end users;
- within 2 years from the designation:
- end-to-end text messaging within groups of individual end users;
- sharing of images, voice messages, videos and other attached files in end-to-end communication between a group chat and an individual end user;
- within 4 years from the designation:
- end-to-end voice calls between two individual end users;
- end-to-end video calls between two individual end users;
- end-to-end voice calls between a group chat and an individual end user;
- end-to-end video calls between a group chat and an individual end user.
- following the listing in the designation decision pursuant to Article 3(9):
- The level of security, including the end-to-end encryption, where applicable, that the gatekeeper provides to its own end users shall be preserved across the interoperable services.
- The gatekeeper shall publish a reference offer laying down the technical details and general terms and conditions of interoperability with its number-independent interpersonal communications services, including the necessary details on the level of security and end-to-end encryption. The gatekeeper shall publish that reference offer within the period laid down in Article 3(10) and update it where necessary.
- Following the publication of the reference offer pursuant to paragraph 4, any provider of number-independent interpersonal communications services offering or intending to offer such services in the Union may request interoperability with the number-independent interpersonal communications services provided by the gatekeeper. Such a request may cover some or all of the basic functionalities listed in paragraph 2. The gatekeeper shall comply with any reasonable request for interoperability within 3 months after receiving that request by rendering the requested basic functionalities operational.
- The Commission may, exceptionally, upon a reasoned request by the gatekeeper, extend the time limits for compliance under paragraph 2 or 5 where the gatekeeper demonstrates that this is necessary to ensure effective interoperability and to maintain the necessary level of security, including end-to-end encryption, where applicable.
- The end users of the number-independent interpersonal communications services of the gatekeeper and of the requesting provider of number-independent interpersonal communications services shall remain free to decide whether to make use of the interoperable basic functionalities that may be provided by the gatekeeper pursuant to paragraph 1.
- The gatekeeper shall collect and exchange with the provider of number-independent interpersonal communications services that makes a request for interoperability only the personal data of end users that is strictly necessary to provide effective interoperability. Any such collection and exchange of the personal data of end users shall fully comply with Regulation (EU) 2016/679 and Directive 2002/58/EC.
- The gatekeeper shall not be prevented from taking measures to ensure that third-party providers of number-independent interpersonal communications services requesting interoperability do not endanger the integrity, security and privacy of its services, provided that such measures are strictly necessary and proportionate and are duly justified by the gatekeeper.
- 64
Recital 64
The lack of interoperability allows gatekeepers that provide number-independent interpersonal communications services to benefit from strong network effects, which contributes to the weakening of contestability. Furthermore, regardless of whether end users ‘multi-home’, gatekeepers often provide number-independent interpersonal communications services as part of their platform ecosystem, and this further exacerbates entry barriers for alternative providers of such services and increases costs for end users to switch. Without prejudice to Directive (EU) 2018/1972 of the European Parliament and of the Council (14) and, in particular, the conditions and procedures laid down in Article 61 thereof, gatekeepers should therefore ensure, free of charge and upon request, interoperability with certain basic functionalities of their number-independent interpersonal communications services that they provide to their own end users, to third-party providers of such services.
Gatekeepers should ensure interoperability for third-party providers of number-independent interpersonal communications services that offer or intend to offer their number-independent interpersonal communications services to end users and business users in the Union. To facilitate the practical implementation of such interoperability, the gatekeeper concerned should be required to publish a reference offer laying down the technical details and general terms and conditions of interoperability with its number-independent interpersonal communications services. It should be possible for the Commission, if applicable, to consult the Body of European Regulators for Electronic Communications, in order to determine whether the technical details and the general terms and conditions published in the reference offer that the gatekeeper intends to implement or has implemented ensures compliance with this obligation.
In all cases, the gatekeeper and the requesting provider should ensure that interoperability does not undermine a high level of security and data protection in line with their obligations laid down in this Regulation and applicable Union law, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC. The obligation related to interoperability should be without prejudice to the information and choices to be made available to end users of the number-independent interpersonal communication services of the gatekeeper and the requesting provider under this Regulation and other Union law, in particular Regulation (EU) 2016/679.
Art. 8 DMA - Compliance with obligations for gatekeepers arrow_right_alt
- The gatekeeper shall ensure and demonstrate compliance with the obligations laid down in Articles 5, 6 and 7 of this Regulation. The measures implemented by the gatekeeper to ensure compliance with those Articles shall be effective in achieving the objectives of this Regulation and of the relevant obligation. The gatekeeper shall ensure that the implementation of those measures complies with applicable law, in particular Regulation (EU) 2016/679, Directive 2002/58/EC, legislation on cyber security, consumer protection, product safety, as well as with the accessibility requirements.
- The Commission may, on its own initiative or at the request of a gatekeeper pursuant to paragraph 3 of this Article, open proceedings pursuant to Article 20.
The Commission may adopt an implementing act, specifying the measures that the gatekeeper concerned is to implement in order to effectively comply with the obligations laid down in Articles 6 and 7. That implementing act shall be adopted within 6 months from the opening of proceedings pursuant to Article 20 in accordance with the advisory procedure referred to in Article 50(2).
When opening proceedings on its own initiative for circumvention pursuant to Article 13, such measures may concern the obligations laid down in Articles 5, 6 and 7.
- A gatekeeper may request the Commission to engage in a process to determine whether the measures that that gatekeeper intends to implement or has implemented to ensure compliance with Articles 6 and 7 are effective in achieving the objective of the relevant obligation in the specific circumstances of the gatekeeper. The Commission shall have discretion in deciding whether to engage in such a process, respecting the principles of equal treatment, proportionality and good administration.
In its request, the gatekeeper shall provide a reasoned submission to explain the measures that it intends to implement or has implemented. The gatekeeper shall furthermore provide a non-confidential version of its reasoned submission that may be shared with third parties pursuant to paragraph 6.
- Paragraphs 2 and 3 of this Article are without prejudice to the powers of the Commission under Articles 29, 30 and 31.
- With a view of adopting the decision under paragraph 2, the Commission shall communicate its preliminary findings to the gatekeeper within 3 months from the opening of the proceedings under Article 20. In the preliminary findings, the Commission shall explain the measures that it is considering taking or that it considers the gatekeeper concerned should take in order to effectively address the preliminary findings.
- In order to effectively enable interested third parties to provide comments, the Commission shall, when communicating its preliminary findings to the gatekeeper pursuant to paragraph 5 or as soon as possible thereafter, publish a non-confidential summary of the case and the measures that it is considering taking or that it considers the gatekeeper concerned should take. The Commission shall specify a reasonable timeframe within which such comments are to be provided.
- In specifying the measures under paragraph 2, the Commission shall ensure that the measures are effective in achieving the objectives of this Regulation and the relevant obligation, and proportionate in the specific circumstances of the gatekeeper and the relevant service.
- For the purposes of specifying the obligations under Article 6(11) and (12), the Commission shall also assess whether the intended or implemented measures ensure that there is no remaining imbalance of rights and obligations on business users and that the measures do not themselves confer an advantage on the gatekeeper which is disproportionate to the service provided by the gatekeeper to business users.
- In respect of proceedings pursuant to paragraph 2, the Commission may, upon request or on its own initiative, decide to reopen them where:
- there has been a material change in any of the facts on which the decision was based; or
- the decision was based on incomplete, incorrect or misleading information; or
- the measures as specified in the decision are not effective.
- 65
- 89
Recital 65
To ensure the effectiveness of the obligations laid down by this Regulation, while also making certain that those obligations are limited to what is necessary to ensure contestability and tackling the harmful effects of the unfair practices by gatekeepers, it is important to clearly define and circumscribe them so as to allow the gatekeeper to fully comply with them, whilst fully complying with applicable law, and in particular Regulation (EU) 2016/679 and Directive 2002/58/EC and legislation on consumer protection, cyber security, product safety and accessibility requirements, including Directive (EU) 2019/882 and Directive (EU) 2016/2102 of the European Parliament and of the Council (1). The gatekeepers should ensure the compliance with this Regulation by design. Therefore, the necessary measures should be integrated as much as possible into the technological design used by the gatekeepers.
It may in certain cases be appropriate for the Commission, following a dialogue with the gatekeeper concerned and after enabling third parties to make comments, to further specify some of the measures that the gatekeeper concerned should adopt in order to effectively comply with obligations that are susceptible of being further specified or, in the event of circumvention, with all obligations. In particular, such further specification should be possible where the implementation of an obligation susceptible to being further specified can be affected by variations of services within a single category of core platform services. For this purpose, it should be possible for the gatekeeper to request the Commission to engage in a process whereby the Commission can further specify some of the measures that the gatekeeper concerned should adopt in order to effectively comply with those obligations.
The Commission should have discretion as to whether and when such further specification should be provided, while respecting the principles of equal treatment, proportionality, and good administration. In this respect, the Commission should provide the main reasons underlying its assessment, including any enforcement priorities. This process should not be used to undermine the effectiveness of this Regulation. Furthermore, this process is without prejudice to the powers of the Commission to adopt a decision establishing non-compliance with any of the obligations laid down in this Regulation by a gatekeeper, including the possibility to impose fines or periodic penalty payments. The Commission should be able to reopen proceedings, including where the specified measures turn out not to be effective. A reopening due to an ineffective specification adopted by decision should enable the Commission to amend the specification prospectively. The Commission should also be able to set a reasonable time period within which the proceedings can be reopened if the specified measures turn out not to be effective.
(1)Directive (EU) 2016/2102 of the European Parliament and of the Council of 26 October 2016 on the accessibility of the websites and mobile applications of public sector bodies (OJ L 327, 2.12.2016, p. 1).
Recital 89
When preparing non-confidential summaries for publication in order to effectively enable interested third parties to provide comments, the Commission should give due regard to the legitimate interest of undertakings in the protection of their business secrets and other confidential information.
Art. 9 DMA - Suspension arrow_right_alt
- Where the gatekeeper demonstrates in a reasoned request that compliance with a specific obligation laid down in Article 5, 6 or 7 for a core platform service listed in the designation decision pursuant to Article 3(9) would endanger, due to exceptional circumstances beyond the gatekeeper’s control, the economic viability of its operation in the Union, the Commission may adopt an implementing act setting out its decision to exceptionally suspend, in whole or in part, the specific obligation referred to in that reasoned request (‘the suspension decision’). In that implementing act, the Commission shall substantiate its suspension decision by identifying the exceptional circumstances justifying the suspension. That implementing act shall be limited to the extent and the duration necessary to address such threat to the gatekeeper’s viability. The Commission shall aim to adopt that implementing act without delay and at the latest 3 months following receipt of a complete reasoned request. That implementing act shall be adopted in accordance with the advisory procedure referred to in Article 50(2).
- Where suspension is granted pursuant to paragraph 1, the Commission shall review its suspension decision every year, unless a shorter interval is specified in that decision. Following such a review the Commission shall either wholly or partly lift the suspension, or decide that the conditions in paragraph 1 continue to be met.
- In cases of urgency, the Commission may, acting on a reasoned request by a gatekeeper, provisionally suspend the application of a specific obligation referred to in paragraph 1 to one or more individual core platform services already prior to the decision pursuant to that paragraph. Such a request may be made and granted at any time pending the assessment of the Commission pursuant to paragraph 1.
- In assessing the request referred to in paragraphs 1 and 3, the Commission shall take into account, in particular, the impact of the compliance with the specific obligation on the economic viability of the operation of the gatekeeper in the Union as well as on third parties, in particular SMEs and consumers. The suspension may be made subject to conditions and obligations to be defined by the Commission in order to ensure a fair balance between those interests and the objectives of this Regulation.
- 66
Recital 66
As an additional element to ensure proportionality, gatekeepers should be given an opportunity to request the suspension, to the extent necessary, of a specific obligation in exceptional circumstances that lie beyond the control of the gatekeeper, such as an unforeseen external shock that has temporarily eliminated a significant part of end user demand for the relevant core platform service, where compliance with a specific obligation is shown by the gatekeeper to endanger the economic viability of the Union operations of the gatekeeper concerned. The Commission should identify the exceptional circumstances justifying the suspension and review it on a regular basis in order to assess whether the conditions for granting it are still viable.
Art. 10 DMA - Exemption for grounds of public health and public security arrow_right_alt
- The Commission may, acting on a reasoned request by a gatekeeper or on its own initiative, adopt an implementing act setting out its decision, to exempt that gatekeeper, in whole or in part, from a specific obligation laid down in Article 5, 6 or 7 in relation to a core platform service listed in the designation decision pursuant to Article 3(9), where such exemption is justified on the grounds set out in paragraph 3 of this Article (‘the exemption decision’). The Commission shall adopt the exemption decision within 3 months after receiving a complete reasoned request and shall provide a reasoned statement explaining the grounds for the exemption. That implementing act shall be adopted in accordance with the advisory procedure referred to in Article 50(2).
- Where an exemption is granted pursuant to paragraph 1, the Commission shall review its exemption decision if the ground for the exemption no longer exists or at least every year. Following such a review, the Commission shall either wholly or partially lift the exemption, or decide that the conditions of paragraph 1 continue to be met.
- An exemption pursuant to paragraph 1 may only be granted on grounds of public health or public security.
- In cases of urgency, the Commission may, acting on a reasoned request by a gatekeeper or on its own initiative, provisionally suspend the application of a specific obligation referred to in paragraph 1 to one or more individual core platform services already prior to the decision pursuant to that paragraph. Such a request may be made and granted at any time pending the assessment of the Commission pursuant to paragraph 1.
- In assessing the request referred to in paragraphs 1 and 4, the Commission shall take into account, in particular, the impact of the compliance with the specific obligation on the grounds in paragraph 3, as well as the effects on the gatekeeper concerned and on third parties. The Commission may subject the suspension to conditions and obligations in order to ensure a fair balance between the goals pursued by the grounds in paragraph 3 and the objectives of this Regulation.
- 67
Recital 67
In exceptional circumstances, justified on the limited grounds of public health or public security laid down in Union law and interpreted by the Court of Justice, the Commission should be able to decide that a specific obligation does not apply to a specific core platform service. If harm is caused to such public interests that could indicate that the cost to society as a whole of enforcing a certain obligation is, in a specific exceptional case, too high and thus disproportionate. Where appropriate, the Commission should be able to facilitate compliance by assessing whether a limited and duly justified suspension or exemption is justified. This should ensure the proportionality of the obligations in this Regulation without undermining the intended ex ante effects on fairness and contestability. Where such an exemption is granted, the Commission should review its decision every year.
Art. 11 DMA - Reporting arrow_right_alt
- Within 6 months after its designation pursuant to Article 3, and in accordance with Article 3(10), the gatekeeper shall provide the Commission with a report describing in a detailed and transparent manner the measures it has implemented to ensure compliance with the obligations laid down in Articles 5, 6 and 7.
- Within the deadline referred to in paragraph 1, the gatekeeper shall publish and provide the Commission with a non-confidential summary of that report.
The gatekeeper shall update that report and that non-confidential summary at least annually.
The Commission shall make a link to that non-confidential summary available on its website.
- 68
- 89
Recital 68
Within the timeframe for complying with their obligations under this Regulation, gatekeepers should inform the Commission, through mandatory reporting, about the measures they intend to implement or have implemented in order to ensure effective compliance with those obligations, including those measures concerning compliance with Regulation (EU) 2016/679, to the extent they are relevant for compliance with the obligations provided under this Regulation, which should allow the Commission to fulfil its duties under this Regulation. In addition, a clear and comprehensible non-confidential summary of such information should be made publicly available while taking into account the legitimate interest of gatekeepers in the protection of their business secrets and other confidential information. This non-confidential publication should enable third parties to assess whether the gatekeepers comply with the obligations laid down in this Regulation. Such reporting should be without prejudice to any enforcement action by the Commission at any time following the reporting. The Commission should publish online a link to the non-confidential summary of the report, as well as all other public information based on information obligations under this Regulation, in order to ensure accessibility of such information in a usable and comprehensive manner, in particular for small and medium enterprises (SMEs).
Recital 89
When preparing non-confidential summaries for publication in order to effectively enable interested third parties to provide comments, the Commission should give due regard to the legitimate interest of undertakings in the protection of their business secrets and other confidential information.
Art. 12 DMA - Updating obligations for gatekeepers arrow_right_alt
- The Commission is empowered to adopt delegated acts in accordance with Article 49 to supplement this Regulation with regard to the obligations laid down in Articles 5 and 6. Those delegated acts shall be based on a market investigation pursuant to Article 19 that has identified the need to keep those obligations up to date in order to address practices that limit the contestability of core platform services or that are unfair in the same way as the practices addressed by the obligations laid down in Articles 5 and 6.
- The scope of a delegated act adopted in accordance with paragraph 1 shall be limited to:
- extending an obligation that applies only in relation to certain core platform services, to other core platform services listed in Article 2, point (2);
- extending an obligation that benefits certain business users or end users so that it benefits other business users or end users;
- specifying the manner in which the obligations laid down in Articles 5 and 6 are to be performed by gatekeepers in order to ensure effective compliance with those obligations;
- extending an obligation that applies only in relation to certain services provided together with, or in support of, core platform services to other services provided together with, or in support of, core platform services;
- extending an obligation that applies only in relation to certain types of data to apply in relation to other types of data;
- adding further conditions where an obligation imposes certain conditions on the behaviour of a gatekeeper; or
- applying an obligation that governs the relationship between several core platform services of the gatekeeper to the relationship between a core platform service and other services of the gatekeeper.
- The Commission is empowered to adopt delegated acts in accordance with Article 49 to amend this Regulation with regard to the list of basic functionalities identified in Article 7(2), by adding or removing functionalities of number-independent interpersonal communications services.
Those delegated acts shall be based on a market investigation pursuant to Article 19 that has identified the need to keep those obligations up to date in order to address practices that limit the contestability of core platform services or that are unfair in the same way as the practices addressed by the obligations laid down in Article 7.
- The Commission is empowered to adopt delegated acts in accordance with Article 49 to supplement this Regulation in respect of the obligations in Article 7 by specifying the manner in which those obligations are to be performed in order to ensure effective compliance with those obligations. Those delegated acts shall be based on a market investigation pursuant to Article 19, which has identified the need to keep those obligations up to date in order to address practices that limit the contestability of core platform services or that are unfair in the same way as the practices addressed by the obligations laid down in Article 7.
- A practice as referred to in paragraphs 1, 3 and 4 shall be considered to limit the contestability of core platform services or to be unfair where:
- that practice is engaged in by gatekeepers and is capable of impeding innovation and limiting choice for business users and end users because it:
- affects or risks affecting the contestability of a core platform service or other services in the digital sector on a lasting basis due to the creation or strengthening of barriers to entry for other undertakings or to expand as providers of a core platform service or other services in the digital sector; or
- prevents other operators from having the same access to a key input as the gatekeeper; or
- there is an imbalance between the rights and obligations of business users and the gatekeeper obtains an advantage from business users that is disproportionate to the service provided by that gatekeeper to those business users.
- that practice is engaged in by gatekeepers and is capable of impeding innovation and limiting choice for business users and end users because it:
- 69
- 77
- 78
- 79
- 80
- 97
- 98
Recital 69
The obligations of gatekeepers should only be updated after a thorough investigation into the nature and impact of specific practices that may be newly identified, following an in-depth investigation, as unfair or limiting contestability in the same manner as the unfair practices laid down in this Regulation while potentially escaping the scope of the current set of obligations. The Commission should be able to launch an investigation with a view to determining whether the existing obligations need to be updated, either on its own initiative or following a justified request of at least three Member States. When presenting such justified requests, it should be possible for Member States to include information on newly introduced offers of products, services, software or features which raise concerns of contestability or fairness, whether implemented in the context of existing core platform services or otherwise. Where, following a market investigation, the Commission deems it necessary to modify essential elements of this Regulation, such as the inclusion of new obligations that depart from the same contestability or fairness issues addressed by this Regulation, the Commission should advance a proposal to amend this Regulation.
Recital 77
The services in the digital sector and the types of practices relating to these services can change quickly and to a significant extent. To ensure that this Regulation remains up to date and constitutes an effective and holistic regulatory response to the problems posed by gatekeepers, it is important to provide for a regular review of the lists of core platform services, as well as of the obligations provided for in this Regulation. This is particularly important to ensure that a practice that is likely to limit the contestability of core platform services or is unfair is identified. While it is important to conduct a review on a regular basis, given the dynamically changing nature of the digital sector, in order to ensure legal certainty as to the regulatory conditions, any reviews should be conducted within a reasonable and appropriate timeframe. Market investigations should also ensure that the Commission has a solid evidentiary basis on which it can assess whether it should propose to amend this Regulation in order to review, expand, or further detail, the lists of core platform services. They should equally ensure that the Commission has a solid evidentiary basis on which it can assess whether it should propose to amend the obligations laid down in this Regulation or whether it should adopt a delegated act updating such obligations.
Recital 78
With regard to conduct by gatekeepers that is not covered by the obligations set out in this Regulation, the Commission should have the possibility to open a market investigation into new services and new practices for the purposes of identifying whether the obligations set out in this Regulation are to be supplemented by means of a delegated act falling within the scope of the empowerment set out for such delegated acts in this Regulation, or by presenting a proposal to amend this Regulation. This is without prejudice to the possibility for the Commission to, in appropriate cases, open proceedings under Article 101 or 102 TFEU. Such proceedings should be conducted in accordance with Council Regulation (EC) No 1/2003 (1). In cases of urgency due to the risk of serious and irreparable damage to competition, the Commission should consider adopting interim measures in accordance with Article 8 of Regulation (EC) No 1/2003.
(1) Council Regulation (EC) No 1/2003 of 16 December 2002 on the implementation of the rules on competition laid down in Articles 81 and 82 of the Treaty (OJ L 1, 4.1.2003, p. 1).
Recital 79
In the event that gatekeepers engage in a practice that is unfair or that limits the contestability of the core platform services that are already designated under this Regulation but without such practices being explicitly covered by the obligations laid down by this Regulation, the Commission should be able to update this Regulation through delegated acts. Such updates by way of delegated act should be subject to the same investigatory standard and therefore should be preceded by a market investigation. The Commission should also apply a predefined standard in identifying such types of practices. This legal standard should ensure that the type of obligations that gatekeepers could at any time face under this Regulation are sufficiently predictable.
Recital 80
In order to ensure effective implementation and compliance with this Regulation, the Commission should have strong investigative and enforcement powers, to allow it to investigate, enforce and monitor the rules laid down in this Regulation, while at the same time ensuring the respect for the fundamental right to be heard and to have access to the file in the context of the enforcement proceedings. The Commission should dispose of these investigative powers also for the purpose of carrying out market investigations, including for the purpose of updating and reviewing this Regulation.
Recital 97
In order to ensure contestable and fair markets in the digital sector across the Union where gatekeepers are present, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission in respect of amending the methodology for determining whether the quantitative thresholds regarding active end users and active business users for the designation of gatekeepers are met, which is contained in an Annex to this Regulation, in respect of further specifying the additional elements of the methodology not falling in that Annex for determining whether the quantitative thresholds regarding the designation of gatekeepers are met, and in respect of supplementing the existing obligations laid down in this Regulation where, based on a market investigation, the Commission has identified the need for updating the obligations addressing practices that limit the contestability of core platform services or are unfair, and the update considered falls within the scope of the empowerment set out for such delegated acts in this Regulation.
Recital 98
When adopting delegated acts under this Regulation, it is of particular importance that the Commission carries out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making (1). In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council should receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.
(1) OJ L 123, 12.5.2016, p. 1.
Art. 13 DMA - Anti-circumvention arrow_right_alt
1. An undertaking providing core platform services shall not segment, divide, subdivide, fragment or split those services through contractual, commercial, technical or any other means in order to circumvent the quantitative thresholds laid down in Article 3(2). No such practice of an undertaking shall prevent the Commission from designating it as a gatekeeper pursuant to Article 3(4).
2. The Commission may, when it suspects that an undertaking providing core platform services is engaged in a practice laid down in paragraph 1, require from that undertaking any information that it deems necessary to determine whether that undertaking has engaged in such a practice.
3. The gatekeeper shall ensure that the obligations of Articles 5, 6 and 7 are fully and effectively complied with.
4. The gatekeeper shall not engage in any behaviour that undermines effective compliance with the obligations of Articles 5, 6 and 7 regardless of whether that behaviour is of a contractual, commercial or technical nature, or of any other nature, or consists in the use of behavioural techniques or interface design.
5. Where consent for collecting, processing, cross-using and sharing of personal data is required to ensure compliance with this Regulation, a gatekeeper shall take the necessary steps either to enable business users to directly obtain the required consent to their processing, where that consent is required under Regulation (EU) 2016/679 or Directive 2002/58/EC, or to comply with Union data protection and privacy rules and principles in other ways, including by providing business users with duly anonymised data where appropriate. The gatekeeper shall not make the obtaining of that consent by the business user more burdensome than for its own services.
6. The gatekeeper shall not degrade the conditions or quality of any of the core platform services provided to business users or end users who avail themselves of the rights or choices laid down in Articles 5, 6 and 7, or make the exercise of those rights or choices unduly difficult, including by offering choices to the end-user in a non-neutral manner, or by subverting end users’ or business users’ autonomy, decision-making, or free choice via the structure, design, function or manner of operation of a user interface or a part thereof.
7. Where the gatekeeper circumvents or attempts to circumvent any of the obligations in Article 5, 6, or 7 in a manner described in paragraphs 4, 5 and 6 of this Article, the Commission may open proceedings pursuant to Article 20 and adopt an implementing act referred to in Article 8(2) in order to specify the measures that the gatekeeper is to implement.
8. Paragraph 6 of this Article is without prejudice to the powers of the Commission under Articles 29, 30 and 31.
- 29
- 70
Recital 29
Gatekeepers should comply with the obligations laid down in this Regulation in respect of each of the core platform services listed in the relevant designation decision. The obligations should apply taking into account the conglomerate position of gatekeepers, where applicable. Furthermore, it should be possible for the Commission to impose implementing measures on the gatekeeper by decision. Those implementing measures should be designed in an effective manner, having regard to the features of core platform services and the possible circumvention risks, and in compliance with the principle of proportionality and the fundamental rights of the undertakings concerned, as well as those of third parties.
Recital 70
Given the substantial economic power of gatekeepers, it is important that the obligations are applied effectively and are not circumvented. To that end, the rules in question should apply to any practice by a gatekeeper, irrespective of its form and irrespective of whether it is of a contractual, commercial, technical or any other nature, insofar as the practice corresponds to the type of practice that is the subject of one of the obligations laid down by this Regulation. Gatekeepers should not engage in behaviour that would undermine the effectiveness of the prohibitions and obligations laid down in this Regulation. Such behaviour includes the design used by the gatekeeper, the presentation of end-user choices in a non-neutral manner, or using the structure, function or manner of operation of a user interface or a part thereof to subvert or impair user autonomy, decision-making, or choice. Furthermore, the gatekeeper should not be allowed to engage in any behaviour undermining interoperability as required under this Regulation, such as for example by using unjustified technical protection measures, discriminatory terms of service, unlawfully claiming a copyright on application programming interfaces or providing misleading information. Gatekeepers should not be allowed to circumvent their designation by artificially segmenting, dividing, subdividing, fragmenting or splitting their core platform services to circumvent the quantitative thresholds laid down in this Regulation.
Art. 14 DMA - Obligation to inform about concentrations arrow_right_alt
- A gatekeeper shall inform the Commission of any intended concentration within the meaning of Article 3 of Regulation (EC) No 139/2004, where the merging entities or the target of concentration provide core platform services or any other services in the digital sector or enable the collection of data, irrespective of whether it is notifiable to the Commission under that Regulation or to a competent national competition authority under national merger rules.
A gatekeeper shall inform the Commission of such a concentration prior to its implementation and following the conclusion of the agreement, the announcement of the public bid, or the acquisition of a controlling interest.
- The information provided by the gatekeeper pursuant to paragraph 1 shall at least describe the undertakings concerned by the concentration, their Union and worldwide annual turnovers, their fields of activity, including activities directly related to the concentration, and the transaction value of the agreement or an estimation thereof, along with a summary of the concentration, including its nature and rationale and a list of the Member States concerned by the concentration.
The information provided by the gatekeeper shall also describe, for any relevant core platform services, their Union annual turnovers, their numbers of yearly active business users and their numbers of monthly active end users, respectively.
- If, following any concentration referred to in paragraph 1 of this Article, additional core platform services individually meet the thresholds in Article 3(2), point (b), the gatekeeper concerned shall inform the Commission thereof within 2 months from the implementation of the concentration and provide the Commission with the information referred to in Article 3(2).
- The Commission shall inform the competent authorities of the Member States of any information received pursuant to paragraph 1 and publish annually the list of acquisitions of which it has been informed by gatekeepers pursuant to that paragraph.
The Commission shall take account of the legitimate interest of undertakings in the protection of their business secrets.
- The competent authorities of the Member States may use the information received under paragraph 1 of this Article to request the Commission to examine the concentration pursuant to Article 22 of Regulation (EC) No 139/2004.
- 71
Recital 71
To ensure the effectiveness of the review of gatekeeper status, as well as the possibility to adjust the list of core platform services provided by a gatekeeper, the gatekeepers should inform the Commission of all of their intended acquisitions, prior to their implementation, of other undertakings providing core platform services or any other services provided within the digital sector or other services that enable the collection of data. Such information should not only serve the review process regarding the status of individual gatekeepers, but will also provide information that is crucial to monitoring broader contestability trends in the digital sector and can therefore be a useful factor for consideration in the context of the market investigations provided for by this Regulation. Furthermore, the Commission should inform Member States of such information, given the possibility of using the information for national merger control purposes and as, under certain circumstances, it is possible for the national competent authority to refer those acquisitions to the Commission for the purposes of merger control. The Commission should also publish annually a list of acquisitions of which it has been informed by the gatekeeper. To ensure the necessary transparency and usefulness of such information for different purposes provided for by this Regulation, gatekeepers should provide at least information about the undertakings concerned by the concentration, their Union and worldwide annual turnover, their field of activity, including activities directly related to the concentration, the transaction value or an estimation thereof, a summary of the concentration, including its nature and rationale, as well as a list of the Member States concerned by the operation.
Art. 15 DMA - Obligation of an audit arrow_right_alt
- Within 6 months after its designation pursuant to Article 3, a gatekeeper shall submit to the Commission an independently audited description of any techniques for profiling of consumers that the gatekeeper applies to or across its core platform services listed in the designation decision pursuant to Article 3(9). The Commission shall transmit that audited description to the European Data Protection Board.
- The Commission may adopt an implementing act referred to in Article 46(1), point (g), to develop the methodology and procedure of the audit.
- The gatekeeper shall make publicly available an overview of the audited description referred to in paragraph 1. In doing so, the gatekeeper shall be entitled to take account of the need to respect its business secrets. The gatekeeper shall update that description and that overview at least annually.
- 72
Recital 72
The data protection and privacy interests of end users are relevant to any assessment of potential negative effects of the observed practice of gatekeepers to collect and accumulate large amounts of data from end users. Ensuring an adequate level of transparency of profiling practices employed by gatekeepers, including, but not limited to, profiling within the meaning of Article 4, point (4), of Regulation (EU) 2016/679, facilitates contestability of core platform services. Transparency puts external pressure on gatekeepers not to make deep consumer profiling the industry standard, given that potential entrants or start-ups cannot access data to the same extent and depth, and at a similar scale. Enhanced transparency should allow other undertakings providing core platform services to differentiate themselves better through the use of superior privacy guarantees.
To ensure a minimum level of effectiveness of this transparency obligation, gatekeepers should at least provide an independently audited description of the basis upon which profiling is performed, including whether personal data and data derived from user activity in line with Regulation (EU) 2016/679 is relied on, the processing applied, the purpose for which the profile is prepared and eventually used, the duration of the profiling, the impact of such profiling on the gatekeeper’s services, and the steps taken to effectively enable end users to be aware of the relevant use of such profiling, as well as steps to seek their consent or provide them with the possibility of denying or withdrawing consent. The Commission should transfer the audited description to the European Data Protection Board to inform the enforcement of Union data protection rules. The Commission should be empowered to develop the methodology and procedure for the audited description, in consultation with the European Data Protection Supervisor, the European Data Protection Board, civil society and experts, in line with Regulations (EU) No 182/2011 (1) and (EU) 2018/1725 (2) of the European Parliament and of the Council.
(1) Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).
(2) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).