EU Digital Services Act and Digital Markets Act
What are the implications?
21 January 2021
The debate about how to regulate and ensure “digital” competition and guarantee a fair market is a global one. Jurisdictions around the world are grappling with how to handle the new tech environment – which includes the tricky issue of how to regulate the tech giants. Europe has decided to be a pioneer in the regulation of digital platforms and marketplaces with a proposed digital package – the first major overhaul of EU rules for online players for two decades.
Paris-based Clifford Chance Partner Dessislava Savova, who specialises in tech and commercial law and leads the Clifford Chance Continental Europe Tech Group, says: “The proposed digital package is a major milestone in building Europe’s digital future and strategy. What Europe does now is likely to serve as a reference for other jurisdictions.” In this briefing Clifford Chance experts explore what is covered in the proposals – and what is not, what is the scope of the regulation, and what this could mean for businesses.
What is the Digital Package?
The Digital Package is built on two pillars:
The Digital Markets Act (DMA). This will introduce new rules (a list of obligations and prohibitions, “do’s and don’ts”) for large online platforms that are considered gatekeepers. “What is the rationale for the DMA proposal? European antitrust enforcement has not been entirely effective, because it often simply takes too long. At its core, the DMA is about introducing new rules upfront and not intervening after the fact,” says Savova. Several initiatives have already been taken at the national level, but these initiatives are inevitably limited to the national territory (and gatekeepers typically operate cross-border, globally). Without action at the EU level, national legislation has the potential to lead to increased regulatory fragmentation and this is what the European Commission is seeking to avoid.
The Digital Services Act (DSA). This will update the e-commerce directive from 2000 and introduce new rules and enhanced responsibilities for online intermediaries and platforms. “The world is a very different place compared with 20 years ago. Since the adoption of the e-commerce directive, new and innovative services have emerged, changing the lives of citizens and shaping and transforming the way they communicate, connect, consume and do business on a daily basis,” Savova says. At the same time, this has given rise to new risks and challenges for society, fundamental human rights and individuals. Updating the e-commerce directive by adopting the DSA is aimed at addressing these issues and equipping the EU with modernised rules.
Why the DSA and the DMA are game-changers
- They will mark the end of a fragmented approach in Europe. The new regulations will apply directly in the Member States.
- They contain “GDPR-like” provisions which are likely to deeply transform the digital market; for example, extraterritorial reach, very high sanctions, strong EU-wide enforcement mechanisms.
- They provide new and extensive obligations for digital players.
- They contain targeted rules to address issues raised by “very large platforms” (DSA) and “gatekeepers” (DMA).
- The DSA and the DMA also raise new challenges and questions for businesses, including their scope, impact and interaction with other existing legislation in EU.
Determining who are digital gatekeepers
The draft DMA targets so-called digital “gatekeepers.” The question of who should be deemed a gatekeeper is at the centre of the DMA and the Commission has chosen to define gatekeepers around four main elements:
- They are active in one of eight so-called Core Platform Services. These include, amongst other things, app stores, search engines, marketplaces, digital advertising, and social media.
- They have a significant impact on the market. They are very large companies active across at least three Member States and have a large number of users.
- They control an important gateway for other businesses to reach customers creating a degree of dependency.
- They have a durable, stable presence on the market or are on their way to getting there in the near future.
A big driver of the DMA has been speed and, to make it simple to identify who is a gatekeeper, the Commission, in the first instance, applies a rebuttable presumption. A company is presumed to be a gatekeeper once it meets certain straightforward measurable thresholds – these relate to turnover, market capitalisation, number of users, and stability of market presence.
Stavroula Vryna, a Senior Associate, working between Brussels and London, specialising in advising tech companies on EU competition law and regulation, says: “What is clear is that these thresholds have been set low enough to catch more than just Google, Facebook, Apple, Amazon and Microsoft. The Commission expects approximately 20 companies to be captured. Some will undoubtedly see those criteria as overly inclusive, and this will definitely have an effect on the amount of lobbying pressure throughout the legislative process.” She adds that companies that do not meet the quantitative criteria are not off the hook. “The Commission can still designate these companies as gatekeepers, but only after a market investigation which will look at a set of qualitative metrics.”
So far, all that is known about the qualitative metrics is that the Commission will look at key market characteristics, such as barriers to entry created due to network effects and data advantages, economies of scale, and factors contributing to users being locked in. “There’s a clear need for the Commission to give some robust guidance to the market, perhaps even some safe harbours, because right now there is not enough in the DMA itself for companies to assess their level of risk with sufficient confidence,” says Vryna.
Presumed gatekeepers are allowed to argue against the rebuttable presumption, but the Commission has not indicated what it expects successful arguments to include. We can perhaps draw some inspiration from the economic literature and precedents on abuse of dominance. For instance, a company could try and rebut the presumption that it controls an important gateway by showing that, while it has a large number of users, it operates in a multi-sided market where users multihome on both sides, or that switching costs are in fact low. One clarification the Commission has given is that it won’t accept arguments based on efficiencies, i.e. where a gatekeeper admits to being a gatekeeper, but claims that this has countervailing benefits to customers.
The designation process
For a company to be liable under the DMA, there needs to be a Commission decision designating it as a gatekeeper. The designation will tie to a specific service, not to the company as a whole. However, that does not mean that the gatekeeper’s obligations do not touch services for which it is not designated a gatekeeper – in fact the gatekeeper will need to take a closer look at the ecosystem around the gatekeeper service and the ancillary services involved. It remains to be confirmed whether it will be the Directorate General for Competition or some other part of the Commission that will have the competence to designate gatekeepers. In practice, companies who self-assess that they meet the quantitative thresholds must notify the Commission; and once the Commission has all the information it needs, in principle, the designation is a relatively quick process, finalised within 60 days. For companies that don’t meet the quantitative thresholds, the Commission needs to open a market investigation and decide within 12 months. The Commission will keep these designations under review and will revisit them at least every two years.
A comparison with the DSA criteria
The DSA has a much broader scope than the DMA and it captures companies primarily based on their activity rather than on their market significance. It establishes four tiers of obligations. Vryna says: “Imagine them like four concentric circles: On the outer layer, we have a few basic obligations for all online intermediary services (which range from Internet providers to social media). Further in, we have obligations for the subset of hosting services (such as cloud providers). In the third circle, we have obligations for online platforms, such as app stores and social media; and finally, at the centre of the circle, we have the most extensive obligations which apply to so-called Very Large Online Platforms with more than 45 million users in the EU.”
What rules does the DMA impose on gatekeepers?
The Commission has drawn the prohibitions and obligations in the DMA from existing antitrust precedent as well as on its currently open investigations. “It’s clear the rules are based mainly on concerns about conduct by the Google, Amazon, Facebook and Apple (GAFA). One can basically go through the list of do’s and don’ts and assign nearly each rule to conduct by one of the GAFA about which concerns have been expressed,” says Brussels-based Partner and co-chair of Clifford Chance’s global competition practice, Thomas Vinje. The DMA proposal contains a list of 18 “do’s and don’ts.” Those that could have a real impact on the market include:
- Article 5(a). This prohibits combining personal data sourced from a core platform service with data from other services offered by the gatekeeper or from third-party services. This will affect primarily companies active in digital advertising, particularly Google and Facebook, who use the combination of data to gain an advantage in targeted advertising. For example, Google combines data about users’ searches, data derived from Android devices about users’ locations and activities, data derived from its cookies about users’ activities on 80% of the world’s commercial web sites, data from users’ YouTube viewing, and much more. But, as currently drafted, Article 5(a) would still allow such data combination if users consent to it, which – depending on how this consent provision is interpreted – might mean this article ends up being meaningless.
- Article 6(j). This obliges search engine gatekeepers to provide their rivals with access on fair, reasonable and nondiscriminatory terms to user-generated search data. So Google would be required to share virtually all data generated by its users on its search engine, including the data about users’ long-tail searches. This could have a dramatic impact on search engine competition. • Article 5(c). This obliges gatekeepers to allow business users (1) to advertise to customers “acquired via the core platform service” and (2) to transact with them without needing to use the gatekeeper’s own mechanisms – for example, its payments systems. This seems inspired by the European Commission’s current investigations into Apple’s App Store rules and would require Apple to allow companies such as Spotify to communicate with iOS users – for example regarding promotions. And it would allow such companies to contract with their customers without being forced to use Apple’s In-App Purchase mechanism. This will also become relevant to Google given the latest amendments to the Google Play rules, which bring them closer to the Apple approach.
- Article 5(f). This prohibits tying by gatekeepers. It prohibits a gatekeeper from conditioning access to a gatekeeping core service upon registering for or subscribing to, any other core platform. This would prohibit, for example, Google from tying access to YouTube to use of its demand-side platform adtech services.
- Notification of acquisitions. This provision has not received the attention it seems to deserve. Gatekeepers must inform the Commission of their intended acquisitions of any other digital services before closing the transactions, irrespective of whether the merger control thresholds for EU or national filings are met. This notification requirement should be seen in combination with the Commission’s announcement that from mid-2021 it will start accepting referrals of mergers by Member States for review even when these Member States lack jurisdiction themselves over those mergers. As a result, more tech deals are likely to be brought under the Commission’s jurisdiction. So, more smaller mergers might be reviewed by the Commission, whereas they previously might not have been reviewed by any antitrust authority. But the substantive merger control rules remain unchanged, so we might well not see any significant increase in the mergers actually prohibited or subjected to remedies.
The DMA obligations are split into two separate articles, Articles 5 and 6, which has caused a lot of confusion. Article 5 is entitled simply “Obligations for Gatekeepers.” But Article 6 is entitled “Obligations for gatekeepers susceptible of being further specified.” Vinje says: “One key point must be kept in mind here: Both Articles 5 and 6 are selfexecuting. They establish a duty of compliance for gatekeepers without any need for the Commission’s intervention. The difference between them is that the Commission deems the Article 5 rules to contain straightforward restrictions which are easy to implement. The Article 6 rules are deemed more complex, apparently as at least in some cases they don’t just require the gatekeeper to refrain from certain practices, but also to give rivals access to certain assets.” So, for Article 6, the Commission has reserved for itself the ability to open proceedings to specify the exact measures the gatekeeper needs to implement to comply. Gatekeepers may also request such guidance from the Commission – but they may not refrain from compliance while awaiting guidance. If the Commission has concerns about implementation of an Article 6 obligation or a gatekeeper requests Commission guidance, the DMA proposal envisions a “regulatory dialogue” between the gatekeeper and the Commission. If the Commission has opened proceedings, it will have six months to issue its decision.
Vinje says: “The Commission claims that the rules are “clear and unambiguous”. I have my doubts, in light of the breadth and arguable vagueness of some of the rules. The specification process envisioned by Article 6 seems implicitly to acknowledge that the Article 6 rules are not necessarily entirely clear. Especially as a lot of the do’s and don’ts were clearly inspired by specific cases and specific companies, one of the Commission’s biggest challenges will be to make them applicable to all gatekeepers, irrespective of business model. This will likely mean that significant time will be spent obtaining ad hoc clarifications.”
One question arising in this context is whether the rules might become clearer during the legislative process leading to a final text. Vinje noted that “we can hope for clarification on certain points, but in light of experience with numerous EU legislative processes, we should not count on it. As the renowned nineteenth century German statesman Otto von Bismarck noted, there are two things of which one does not wish to know how they are made: sausage and legislation. And Bismarck did not live to see the EU legislative process.”
How will these new rules operate and what is the scope of enforcement?
The procedural rules in Chapter V provide the Commission with a broad range of investigative, enforcement and monitoring powers. These powers appear to be broadly the same as under the competition rules, but in some aspects they are even more far-reaching. For example, the Commission can request access to a platform’s ‘crown jewels’ such as algorithms and data bases, adopt interim measures and, as a last resort, impose structural remedies in case of systematic non-compliance.
“As with the designation of gatekeepers, the enforcement of the procedural rules would be exclusively for the Commission,” says Düsseldorf-based Partner, Michael Dietrich, who advises clients on EU and German competition law with a particular focus on digital platforms and data. “But, if and to what extent this would prevent the Member States from applying their own rules in addition to the DMA is a question that will be subject to a lot of further debate.”
What can the Commission do?
For market investigations into the designation of gatekeepers and proceedings for example, regarding noncompliance, the Commission has two main investigation tools: unannounced inspections and information requests, though the latter will be by far the most important and most commonly used tool.
Under the DMA, the power to gather information appears to be limited mainly by the principle of proportionality. Within its boundaries, the Commission can basically request all information necessary for the application of the DMA, regardless of the ownership, format, storage medium or location of that information. Equally, information requests can not only be directed to the addressees of an investigation, but also to third parties, including any natural or legal person and public authority, body or agency within the EU Member States. To provide the addressees with the possibility to check that the requested information does not go beyond what is strictly necessary, the Commission has to indicate the purpose of the request, specify the information required and fix the time limit to respond along with the maximum penalties for the supply of incomplete, incorrect or misleading information.
The procedural powers are rounded up by interim measures against gatekeepers if there is a risk of serious and irreparable harm for business users or end customers before a decision on noncompliance has been adopted. In addition, the Commission has the power to monitor remedies imposed on or accepted by gatekeepers to ensure effective compliance.
In a case of non-compliance with the obligations under the DMA, the Commission could impose fines on a gatekeeper up to a maximum of 10% of its total turnover for a violation of the obligations in Articles 5 and 6. Fines of up to 1% or periodic penalties of up to 5% of average daily turnover can be imposed for violations of formal requirements; for example, the supply of incomplete, incorrect or misleading information.
Companies do have the right to appeal a decision from the Commission at the EU Court of Justice which would also include the General Court as the court of first instance. We are not aware that the Commission has any plans to limit an appeal only to the Court of Justice. As under the competition rules, the European Courts would have unlimited jurisdiction to review decisions, i.e. they not only review the legality of the decision, but also if it is equitable and reasonable.
Will the DMA speed things up?
“How much faster is it really going to be? One of the main reasons for the DMA was speed. In my view it is primarily the time the Commission needs to adopt a decision in the first instance which would have a significant impact on speed. Unlike, let’s say, competition law which is an old farm horse, with all the fact specific evidence about market definition, theories of harm and evidence supporting the negative effects on competition which are required for the finding of an abuse of dominance, the DMA could turn out to be a racehorse,” says Dietrich. The requirements for a gatekeeper appear to be straightforward and, secondly, the decision making process under the DMA is well-known after decades of practical experience with competition law proceedings. “Initially, the biggest challenge will be the application of the gatekeeper obligations in Articles 5 and 6, since a lot of issues will be unclear at the beginning and, therefore, inevitably lead to quarrels with the Commission. However, over time and with an emerging body of decision practice, the teething problems of the DMA should be sorted out fairly quickly. Then, the Commission likely will be in a position to conclude at least straightforward market investigations and proceedings in less than 12 months. This would be a giant leap forward compared with the average time currently required to wrap up an Article 102 investigation in Brussels,” he says.
The Digital Services Act
The DSA has a much broader scope than the DMA. Its main goal is to introduce new rules and enhanced responsibilities for online intermediaries and platforms with regard to content, safety of users online, audit, reporting, traceability and transparency requirements for all digital providers, as well as certain specific rules for very large online platforms.
The Commission has decided that the existing EU e-Commerce Directive, which was adopted in 2000, is still fit for purpose and has decided to retain the key principles of the safe harbour regime. It protects intermediaries from liability for the content they host, so long as they act expeditiously to remove content once made aware, as well as maintaining the ban on a general monitoring obligation.
“That being said, the proposal does address a shortcoming under the previous regime whereby platforms faced the dilemma of being exposed to increased liability as a result of taking voluntary steps to monitor content. Strangely enough taking action which increases awareness also increased liability and therefore inaction incurred less liability – the less you knew the less you could be held accountable for,” says Amsterdam-based Senior Associate Andrei Mikes who specialises in tech regulatory matters.
That would change under the DSA proposal. In contrast to the previous regime, providers of intermediary services are still protected from liability even though they carry out voluntary own initiative investigations or other activities aimed at detecting and removing illegal content.
On the content side, the Commission has chosen to limit the DSA’s regulation to speech that’s illegal (e.g., hate speech, terrorist propaganda, child sexual exploitation, etc.) rather than trying to directly tackle the more opaque category of “legal but harmful” content (such as disinformation). “I think that’s really in an attempt to avoid inflaming concerns about impacts on freedom of expression.”
“The aim of the DSA is to keep the rulebook broad— and to complement already existing issue-specific instruments such as the Audiovisual Media Services Directive and the digital copyright reform that was passed in 2019,” he says.
The proposal also doesn’t define what is illegal — that has been left as a matter of EU and Member State law. The DSA is about streamlining reporting and establishing a system of oversight. This means that to further combat illegal content online, all online platforms which provide hosting services will be required to put in place user-friendly notice and action mechanisms, which allow third parties to notify the platform of illegal content on their services. Many, if not most, platforms have these type of mechanisms – the difference now being that they will become more standardised and thereby, the Commission hopes, more user-friendly.
Freedom of expression
“In general on content and content moderation, the Commission has had to walk a bit of a tightrope,” says Mikes. “The concern often voiced with these types of laws is that they run the inherent risk of over-incentivising platforms to just mindlessly automate take-downs to avoid liability. The need to protect freedom of expression is a constant refrain in the proposal. The Commission’s clear hope seems to be that by placing requirements on platforms to explain their decisions and provide the means to challenge decisions – that that will work to counterbalance any incentive to overremove content.”
He adds that the DSA proposal may change over time and that as it contains a whole set of completely new rules, well beyond liability and content moderation, these are likely to trigger intense debate and lobbying in the coming months.
New obligations under the DSA
The proposal introduces a whole package of new obligations, including all online platforms displaying advertisements online will be required to ensure that individuals using their services can identify “in a clear and unambiguous manner and in real time” that the information displayed is an ad; whose ad it is; and an explanation as to why you are seeing a particular advertisement.
Another notable requirement is the new obligation on traceability of business users in online market places. Under the proposal, all online platforms will be required to vet the credentials of thirdparty suppliers, which conclude distance contracts with consumers through their platform. Traders will be required to provide certain essential information to the online platform, including a selfcertification by the trader that it only offers goods or services which comply with EU law. This “KYC” principle for online marketplaces (which is a familiar feature in more heavily regulated sectors such as fintech) is aimed at making it harder for sellers of illegal products to set up within a marketplace under a new name.
Very Large Online Platforms (VLOPs) will also be subject to more burdensome requirements under the DSA proposal. They will have to adhere to transparency obligations on the ads they display as well as having to be open about the main parameters of algorithms used to offer content on their platforms (for example, how does a ranking mechanism work on a search engine, or recommendations on a booking platform?) and the options for the user to modify those parameters. The proposal states that an option must be provided to users that is not based on profiling. VLOPs are also required to perform risk assessments ahead of launching new services — with an accompanying obligation to mitigate identified risks. “It’s a thought-provoking notion to try to force major platforms to be proactive about societal risks. It looks inspired, at least in part, by elements of the GDPR — such as the requirement for data protection impact assessments. Though I expect plenty of devil will be in the detail — and especially how effective oversight proves to be,” says Mikes.
Finally, there is a set of other specific requirements on VLOPs which include having to designate a dedicated compliance officer, undergo an annual independent audit and in some instances even share data with authorities and academic researchers to assess the impact of services offered to society. “Some of which will undoubtedly cause some headaches for the major social media players as well as other very large online platforms,” he says.
Governance and sanctions under the DSA
The penalty mechanism proposed means that failure to comply can result in fines of up to 6% of the annual turnover of the provider or platform depending on the gravity, frequency and duration of the breach. The Member States or the Commission may also impose fines of up to 1% of the annual turnover for providing incorrect, incomplete or misleading information as under the DMA.
“However, a clear challenge exists,” says Michael Dietrich. “Since the DSA is a horizontal regulation, there’s no preexisting universal regulator across all Member States to take on DSA oversight. The fairly distinct issues, for example content/speech moderation versus e-commerce/marketplace requirements like the so-called “KYC”- requirements, and the application of the DSA to both tiny and giant businesses adds a further layer of complexity which exceeds the capacity of any single national body.”
The approach tabled is that EU Member States will each be required to appoint a ‘Digital Services Co-ordinator’, who will be responsible for ensuring compliance with the DSA, verifying platform user numbers in the EU and designating platforms as VLOPs at least every six months.
The Commission itself would be responsible for the enforcement of the subset of obligations that only apply to VLOPs. This has sparked some reactions from privacy advocates and academics who fear the Commission’s enforcement powers would be too great and even amount to a power grab for a body that they don’t see as an independent authority.
Finally, the DSA proposal includes a new oversight entity, namely the European Board for Digital Services (EBDS). Together with the relevant Member State agencies represented on the Board, it would co-ordinate joint investigations and work on setting standards led by the Commission as EBDS chair.
What happens next?
It is important to remember that these are proposals, put forward by the European Commission. They are not yet laws as they must first be adopted by the co-legislators; the European Parliament and the Council of the EU (where Member States are represented). This will be done according to the ordinary legislative procedure, previously known as co-decision. Under this process, both the Parliament and the Council must jointly agree the final texts. They can amend the Commission’s proposal and the changes can be fairly minor or rather major. Members of the European Parliament (MEPs) and Member States must agree the exact same wording of the final text before it can become law. They have up to three readings in which to do that, although we increasingly see new laws adopted in a single reading.
Following adoption, the texts will be legally scrubbed, translated into the 24 official languages and then published in the Official Journal of the EU (OJEU). The legislative procedure can take anything from 18 months to several years. Some proposals never become laws, but are withdrawn because it becomes clear that political consensus is impossible.
Gail Orton, Clifford Chance’s Head of EU Public Policy, who is based between Brussels and Paris, says: “We know there is broad political support for updating the rules on e-commerce and for introducing new rules on online platforms. So we can expect the Parliament and Council to adopt an ambitious timeline, perhaps with the process taking between 18 months and two years. The legal scrubbing and publication in the Official Journal can take another couple of months so entry into force could be in Q4/2022 or Q1/2023.”
According to the current drafts, the DSA will apply three months after publication and the DMA six months after publication – unless the Parliament and Council change those timings. By way of context, the e-commerce directive was adopted rather quickly — it took 20 months from proposal by the Commission to publication in the OJEU. GDPR on the other hand took four years and four months from Commission proposal to publication in the OJEU.
“Both proposals will attract a lot of attention, a lot of lobbying. We should therefore expect the Parliament and Council to table hundreds of amendments. This will be one of the biggest shows in town for the next couple of years,” she says.
The European Parliament’s position
Last year the Parliament adopted three reports on the DSA package, one of which was by the Internal Market Committee (IMCO). IMCO is key to the process because it will likely take the lead on both the DMA and DSA. Its report set out in a fair amount of detail what MEPs wanted to see covered by the Commission proposal, including in relation to gatekeeper platforms, online advertising, use of algorithms, and how they wanted EU and national level authorities to cooperate and co-ordinate. “Following on from the storming of the US Capitol, which seems to an extent to have been organised on social media, MEPs are considering should the new rules only tackle illegal content? What do you do about harmful content?” says Orton.
What about jurisdictions outside of the EU?
EU Member States seem to be welcoming the proposed new enforcement tools for the Commission in the draft DMA. However, Member States with prominent competition authorities, such as France or Germany will be keen to ensure that they continue to play an active role in antitrust enforcement given that they have been deeply involved in the enforcement of competition law against large digital platforms.
This is particularly evident in Germany, with the adoption in January of a new competition law providing the Bundeskartellamt with additional powers to deal with anti-competitive behaviour by digital platforms. Michael Dietrich expects Germany to seek some sort of compromise about sharing responsibility for the enforcement of the rules applicable to large Internet platforms in Europe, echoing a call from the German Parliament on the European Commission to leave room for the application of national competition law provisions in parallel to the DMA.
France has the Council Presidency from January to June 2022 and it has said that it wants to finalise the discussions on these proposals under its Presidency.
As for the U.S., Thomas Vinje says, “I doubt there will be much appetite in the new Biden Administration for seeking to tone down the DMA. I would think this is especially true in light of the clear objective of the new Administration to restore cross-Atlantic ties. In any event, I doubt any eventual U.S. efforts to water down the DMA would be welcome or have any impact on this side of the Atlantic.”
The UK, post Brexit, is working on a new pro-competition regime for digital platforms. Stavroula Vryna says, “we don’t yet have a legislative proposal in the UK. But we can see the direction of travel, amongst other things, from the CMA’s recommendations to the government. There are obvious similarities with the DMA – the UK regime is also ex ante regulation to reign in powerful digital platforms.” However, she adds that there are also quite important differences:
- The UK targets companies with so-called Strategic Market Status, which is very close conceptually to the concept of the gatekeeper. However, there is expected to be no presumption of Strategic Market Status (SMS) in the UK regime based on quantitative thresholds. To identify gatekeepers the CMA will perform a more qualitative assessment of companies’ market power in a specific service.
- The UK is also envisaging a compulsory code of conduct for companies with Strategic Market Status. But contrary to the DMA, the code will be ad hoc, following a market study, and tailored to the company and the activity in question, which gives the CMA the flexibility to adapt it to different business models. It is a much more “effectsbased” approach.
- The UK regime also deals with merger control. It will oblige companies with SMS to make the CMA aware of all their transactions, and for those transactions that meet specific thresholds, a merger control notification will be mandatory and suspensory, while the ordinary UK merger control regime is voluntary/non-suspensory. It is important to note that this obligation is expected to apply, not only to the services for which a company has SMS, but to all the company’s activities. The UK regime could be adopted slightly earlier than the DMA, but still is more than a year away.