European Commission issues first DMA gatekeeper designations

The Commission announced the first DMA gatekeeper designations on 6 September 2023, applying the regulation to Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft across 22 core platform services. Designated firms now face a six-month deadline to comply with obligations such as data silos between services, bans on self-preferencing, fair ranking, and interoperability with third-party software and hardware.

Designated Gatekeepers and Services

Alphabet was designated for Google Search, Google Play, Google Maps, Google Shopping, Google Chrome browser, Google Android operating system, YouTube, and Google's online advertising services. The breadth of designations reflects Google's central role across search, mobile, and advertising ecosystems.

Amazon received designations for Amazon Marketplace and Amazon's advertising services, triggering obligations around seller data use, buy-box algorithms, and private label practices that have been subjects of antitrust scrutiny.

Apple was designated for iOS, Safari browser, and the App Store, requiring changes to app distribution practices, payment processing requirements, and browser engine restrictions that have constrained third-party developers.

ByteDance received a single designation for TikTok, making it the only non-Western gatekeeper in the initial cohort and extending DMA obligations to short-form video content recommendation algorithms.

Meta was designated for Facebook, Instagram, WhatsApp, Messenger, and Meta's advertising services. The messaging designations carry significant interoperability implications for encrypted communications.

Microsoft received designations for Windows, LinkedIn, and its online advertising services. The Windows designation triggers requirements around pre-installed applications and default settings.

Core Obligations

Data combination restrictions prohibit gatekeepers from combining personal data across designated services without explicit user consent. This "data silo" requirement forces separation of advertising profiles, search histories, and social media data that platforms currently merge for targeted advertising.

Self-preferencing bans require gatekeepers to treat third-party services no less favorably than their own in rankings, search results, and marketplace displays. Compliance requires algorithmic transparency and objective criteria for rankings that do not systematically advantage platform-owned offerings.

Interoperability mandates require messaging services to enable communication with third-party messaging platforms, operating systems to permit alternative app stores and payment processors, and browsers to allow third-party search engines as defaults.

Business user rights include access to aggregated performance data, prohibition of most-favored-nation clauses, and requirements for transparent terms and conditions with advance notice of changes.

Compliance Timeline

Designated gatekeepers have until March 2024 to achieve full compliance with DMA obligations. During the six-month setup period, gatekeepers must submit compliance reports detailing measures taken to address each obligation, engage with Commission technical experts on setup approaches, and establish mechanisms for business user and end user complaints.

The Commission may extend compliance deadlines for specific obligations where technical setup requires additional time, particularly for interoperability requirements that involve coordination with third parties or significant engineering efforts.

Enforcement Framework

Non-compliance penalties can reach 10% of global annual turnover for initial violations and 20% for repeat offenses. The Commission can also impose periodic penalty payments of up to 5% of daily turnover for ongoing violations. In cases of systematic non-compliance, the Commission may impose behavioral or structural remedies, including divestitures.

Market investigations may be opened to assess whether additional services should be designated or whether gatekeepers are bypassing obligations through technical measures or business structure changes.

Business User and Competitor Implications

Business users of designated platforms should prepare to exercise new rights, including data access requests, appeals of ranking decisions, and complaints about unfair terms. App developers should assess opportunities from alternative distribution channels and payment processing options.

Competitors can prepare interoperability requests for messaging services, plan integrations with newly open APIs, and document instances of continued self-preferencing for regulatory complaints. The DMA's private enforcement provisions enable direct actions in national courts for harm caused by gatekeeper non-compliance.