The Digital Services and Digital Markets Acts – the Next Steps Towards the European Future

One of the main goals of the European Union is to expand digitalization as a means to promoting a dynamic economy and efficient governance while also attaining the environmental targets of the Member States. Consistent concrete steps to be made in that respect are outlined in the digital strategy of the EU: Another, further step was made in early 2022 towards the adoption of two key regulations that would govern, respectively, the digital markets and digital services. Those measures are related to other legislative proposals, e.g., the draft Regulation on Artificial Intelligence, or already adopted pieces of legislation, e.g., the amendments to the supply of digital services and digital content consumer protection regime.

Despite some similarities between the two regulations, their goals and scope should be clearly outlined. To that end, they will be reviewed separately below in the context of the issues that need to be dealt with within the realm of digital markets and digital services.

The Digital Markets Act (proposal for a Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector) was proposed by the European Commission in response to the need to regulate the special role of part of the providers of specific digital services. Such providers, termed ‘gatekeepers’ in the proposal, may, through their conduct, harm free competition beyond the purview of their own services while also creating unnecessary obstacles to users’ access to certain core digital services. The easiest and most glaring example in that respect are providers of operating systems like Microsoft Windows or Android, who can bundle their software with other applications for which significantly greater competition exists in the market. Examples in that regard are the bundling of Microsoft Windows at first with Internet Explorer (now Microsoft Edge) or the Google-based applications that come bundled with the Android operating system.

The European Commission has already taken opportunities to point out that such bundling violates free competition in the software applications market and has undertaken the respective anti-trust measures. As a continuation of these measures, the proposed Digital Markets Regulation is aimed at defining the specific services involving such risks while introducing measures to guarantee free and fair access to these markets.

The draft proposes that subject to regulation should be service providers that supply core platform services, i.e., online intermediation services; online search engines; online social networking services; video-sharing services; number-independent interpersonal electronic communication services; operating systems; cloud computing services; as well as related advertising services. To define an entity as a gatekeeper, however, the following criteria must be satisfied: said entity must have a significant impact on the internal market; it must operate a core platform service through which business users reach out to their customers; it must enjoy or is expected to enjoy an entrenched and durable position in the respective market. In numeric terms, to have a significant impact on the internal market an entity must either have had over EUR 6.5 billion annual turnover in the last three financial years, or an average market capitalization in excess of EUR 65 billion in the last financial year, and must provide services in the territories of at least 3 Member States. To ascertain that a given platform service is indeed used by businesses to reach out to their customers, it must have at least 45 million active end users per month and at least 10,000 active business users per annum.

When an entity satisfies these criteria, it is mandated to notify the European Commission within 3 months from the moment it has exceeded all relevant thresholds. The draft also provides a mechanism for the European Commission to ascertain that fact by itself.

A number of obligations are to be imposed on gatekeepers. The draft Regulation envisions these as the only measures aimed at ensuring fair and accessible digital markets, with the Member States being barred, as a rule, from imposing additional measures to that end. The draft lists the following obligations for gatekeepers:

– a restriction on combining personal data sourced from core platform services with personal data from any other services offered by the same provider;

– an obligation to allow the offering of services that are competitive to those of the gatekeeper;

– an obligation to allow business users to connect to the core platform service via their own applications;

– an obligation to refrain from preventing or restricting business users from raising issues with any relevant public authority relating to any practice of the gatekeeper;

– a restriction on requiring business users to use identification services provided by the gatekeeper;

– a restriction on requiring business users to register for additional core platform services as a precondition for access to a service of their choice;

– an obligation to supply information about service prices to advertisers and publishers using the core platform service.

Some additional obligations are included that can be specified further at a later point in time: e.g., a restriction on using, in competition with business users, of any data not publicly available, which is generated by a business user; a guaranteed option for users to un-install software applications that are not essential for the functioning of the operating system; an obligation to allow the installation and operation of third-party software and other similar measures that guarantee users a free choice of software for their needs. This, in turn, means that business users will enjoy a significantly greater freedom in offering their own services and competing with gatekeepers on more equitable terms.

The Digital Markets Regulation provides a verification procedure for enforcing compliance with these obligations, as well as the relevant sanctions for non-compliance. Additionally, the draft includes arrangements to provisionally suspend the application of specific obligations for overriding reasons of public interest or for ensuring the economic viability of the gatekeeper’s operation.

By way of comparison, the proposed Digital Services Regulation is aimed at harmonizing the rules for providing intermediary digital services on the internal market.

Such harmonization is aimed at several very specific areas. Firstly, the proposed draft explicitly states that providers of a ‘mere conduit’ service cannot be held liable for the content of the transmitted data if such data transmission was not initiated by them in the first place, if the recipient was not selected by them and the data transmitted has not been modified by them. Such a limitation of liability is also provided for the automatic, intermediate and transient storage (caching) of data, as long as the service provider complies with the terms of access to such information, does not modify it, observes the rules for updating it, does not interfere with the use of data usage tracking technology and acts to remove stored content that has been blocked for whatever reason. For hosting services (storage of user-supplied content), the waiver of liability applies in either of two alternative scenarios: either the service provider is unaware that such content is associated with illegal activity; or upon obtaining such knowledge or awareness, the service provider acts expeditiously to remove or to disable access to the illegal content.

The proposed legislation explicitly provides that a waiver of liability will apply even in cases where the service provider is voluntarily conducting an own-initiative investigation. Accordingly, no imperative obligation is imposed on the provider to actively inspect the data used.

In addition, mechanisms are provided for processing reports of violation of third-party rights, in-house systems for handling customer complaints about removing or disabling access to their content, and measures to ensure transparency of advertising. For very large platforms the proposed legislation also provides an obligation to take action with respect to systemic risks associated with their operation: to conduct audits, to ensure transparency of recommender systems, additional transparency for advertising, etc. The language of the digital markets and digital services regulations is yet to be finalized; they are expected to take effect in early 2023. In any case, it is clear that the available solutions in the areas of digital markets and digital services will be explicitly codified within the framework of the policies already stated by the European Union for ensuring a level playing field for all players on the internal market while also ensuring freedom for the provision of services and respect for intellectual property rights, the security and protection of EU citizens.