From the Digital Services package to the Digital Markets Act: the road to a (more) secure, open, and fundamental rights-friendly digital space

Inês Neves (Lecturer at the Faculty of Law, University of Porto | Researcher at CIJ - Centre for Legal Research | Member of the Jean Monnet Module team DigEUCit)

Aware of the shortcomings arising from the lack of changes to the European Union’s legal framework governing online platforms and digital services, practically since the adoption of the Directive on electronic commerce[1] of 2000, the European Commission presented the Digital services Act package[2] in December 2020. It seeks to ensure and strengthen European digital sovereignty in terms that guarantee fundamental rights and the affirmation of the Union (also on the international stage) as a community of values and rights whose applicability should not depend on the online vs. offline divide. To this end, the options initially pursued, favouring non-interference, minimal regulation,or even the immunisation of intermediaries from any liability, soon proved insufficient to respond to the new digital challenges.

The imperative to provide European citizens and businesses with a secure digital space, respectful of fundamental rights, as well as open, contestable, and fair, is therefore at the origin of a fundamental paradigm shift of increasing responsibility that marks the genetic identity of the digital services package. The vision of a “minimal” European Union is thus replaced by the imposition of a set of obligations on platform service providers, according to a model of ex-ante regulation.

This is the context and motivation common to the Digital Services Act[3] (‘DSA’) and the Digital Markets Act[4] (‘DMA’). Despite its common origins, the digital services package would later unfold in two distinct acts, specialised in different dimensions of this shared objective. While the Digital Services Act takes responsibility for ensuring a safer, more predictable and reliable online environment and digital space that respects and protects users’ fundamental rights, addressing, above all, the social risks of the dissemination of illegal content online, the Digital Markets Act’s mission is to address issues of fairness and contestability in digital markets, for a more competitive and fairer digital sector that promotes growth and innovation (regardless of the economic power and advantages associated with winner-takes-all or winner-takes-most markets).

In both cases, the companies covered are burdened with obligations that act as a “framework” for their performance in the digital space. Some differences exist, however, between the liability models – with the DSA opting for an asymmetric application of the obligations, depending on the nature of the services and the size and impact of intermediaries, and the DMA, in contrast (perhaps because it applies, from the outset, only to digital services of widespread use and to a “limited” set of (giant) companies – the gatekeepers), opting for a one-size-fits-all approach. The differentiation in unity does not allow us to see them as strangers or even autonomous or independent from one another. On the contrary, both Acts are designed to act in complementarity, presenting themselves as a coherent whole.

In terms of applicability, whereas the DSA will only apply (with exceptions) from 17 February 2024 (Article 93(2) of the DSA), the DMA applies (also with exceptions) from 2 May 2023 (Article 54 of the DMA), with a first Implementing Regulation on detailed arrangements for the conduct of certain proceedings by the Commission[5] having already been adopted. In both cases, these acts are binding in their entirety and directly applicable in all Member States.

Precisely to celebrate its applicability, it is essential to focus our attention on the Digital Markets Act, addressed to gatekeepers ofdigital markets, and seeking to ensure “for all businesses, contestable and fair markets in the digital sector across the Union where gatekeepers are present, to the benefit of business users and end users” (Article 1(1) of the DMA).

There is no doubt about the importance – to varying degrees – of digital services and online platforms. Problems arise, however, when in digital markets – because of their identity idiosyncrasies, such as economies of scale, network effects, the multifunctionality of services, vertical integration, data benefits, lack of multi-homing or even lock-in effects, not to speak of the state of dependency of end users and business users – companies with considerable economic power emerge to provide essential platform services… in terms that rule out any expectation of ‘creative destruction’. It is precisely to ensure the contestability of the markets where gatekeepers are present, as well as to prevent them from adopting unfair practices, that the DMA “presents itself” as a sui generis instrument, complementary to competition rules. Its assumed purpose is to operate as a “super-instrument” in charge of – and in addition to the protection of competition – safeguarding other rights and interests, such as the protection of privacy or the fight against fraudulent and deceptive commercial practices (recital 35). It seeks to do so through a centralised enforcement model (in the European Commission), preventing Member States from adopting national rules falling within its scope and based on the same objectives.

In terms of systematics, the Digital Markets Act is divided into six chapters: subject matter, scope, and definitions (Articles 1 and 2); gatekeepers (Articles 3 and 4); practices of gatekeepers that limit contestability or are unfair (Articles 5 to 15); market investigation (Articles 16 to 19); investigative, enforcement and monitoring powers (Articles 20 to 43), and final provisions (Articles 44 to 46).

As regards its subjective scope, we already anticipated that it refers to gatekeepers. An undertaking shall be designated as a gatekeeper if i) it has a significant impact on the internal market; ii) it provides a core platform service which is an important gateway for business users to reach end usersand iii) it enjoys an entrenched and durable position, in its operations, or it is foreseeable that it will enjoy such a position in the near future (Article 3 DMA). The DMA then establishes presumptions of the fulfilment of each of these criteria through quantitative thresholds relating to annual Union turnover, average market capitalisation, fair market value, the number of monthly active end users and yearly active business users established (or located) in the Union as well as the number of Member States in which the core platform service is provided.

For companies reaching all of these thresholds, the process is relatively straightforward – they must notify the Commission of this fact without delay, after which the Commission will designate them as gatekeepers, with the consequence of being subject to the obligations under the DMA’s provisions. It should be noted that companies cannot put forward any “efficiency” justifications to legitimise prohibited behaviours or avoid conduct imposed by the DMA. The only possibility left to them is to rebut the presumption of “significant impact on the internal market”, by demonstrating that, although they meet the quantitative thresholds set out, they do not fulfil the requirements to be designated as a gatekeeper. As these are only indicative thresholds, companies that do not meet (all) of them may still be designated as gatekeepers following a market investigation. In any case, the designation decision may be reviewed, due to a substantial change in any of the facts on which it was based (which is to be expected, given the dynamism of digital markets). Another note of “humility” on the part of the European legislator applies as regards updating obligations for gatekeepers following an in-depth investigation (see Article 12).

Moving on to the list of obligations to which gatekeepers aresubject, the DMA presents us with two sets of obligations: those applicable without being subject to specification, corresponding, therefore, to conducts definitively proscribed or required to gatekeepers, without any possibility of dialogue (Article 5), and the obligations susceptible of being further specified (Articles 6 and 7). Other “elements of proportionality” should be emphasised in line with this possibility of additional specification. It is the case of the possibilities of suspension (Article 9) and exemption (Article 10), in whole or in part from a specific obligation (in the second case, only for grounds of public health and public security).

Regarding their content, the obligations imposed on gatekeepers, under the form of prohibitions or duties of doing (‘facere’), are subject to some questioning by legal scholars[6]. In fact, they may risk presenting themselves as dead at birth. Most of them are obligations that merely crystallise conducts and behaviours sanctioned to some Big Tech, which were scrutinised in investigations conducted under competition rules, especially in the context of abuse of dominant position (Article 102 TFEU). This is the case of the prohibition on combining personal data from the relevant core platform service with personal data from any further core platform services or from any other services provided by the gatekeeper or with personal data from third-party services (Article 5(2)(b) of the DMA), related to the problems raised in the context of WhatsApp takeover by Facebook.[7] It is also the case regarding the prohibition on restricting the ability of business users from offering the same products or services to end users through third-party online intermediation services or through their own direct online sales channel at prices or conditions that are different from those offered through the online intermediation services of the gatekeeper (Article 5(3) of the DMA), which reminds us of the investigation relating to a number of clauses in Amazon’s distribution agreements with e-book publishers.[8]

On the same vein, the obligation for the access controller to allow business users, free of charge, to communicate and promote offers, including under different conditions, to end users acquired via its core platform service or through other channels, and to conclude contracts with those end users, regardless of whether, for that purpose, they use the core platform services of the gatekeeper (Article 5(4) of the DMA) seems to be linked to investigations on the mandatory use of Apple’s own proprietary in-app purchase system.[9] To these one can add obligations regarding risks arising from the gatekeeper’s ‘dual role’ (Article 6(2) of the DMA), which were also addressed in investigations by the Commission,[10] as well as the issue of pre-installation and de-installation of software applications (Article 6(3) of the DMA), which led the European Commission to fine Google €4.34 billion for illegal practices regarding Android mobile devices.[11]

Finally, there are also obligations on interoperability, data portability, and the provision of information to advertisers and publishers. Article 14 of the DMA, in turn, provides for the obligation for the gatekeepers to inform the Commission of any intended concentration, where the merging entities or the target of concentration provide core platform services or any other services in the digital sector or enable the collection of data, irrespective of whether it is notifiable to the Commission or to a competent national competition authority. Although the recitals mention the goal of ensuring “the effectiveness of the review of gatekeeper status, as well as the possibility to adjust the list of core platform services provided by a gatekeeper’ (Recital 71), the obligation seems (also or mainly) to address the problem of ‘killer acquisitions’, operations by which gatekeepers manage to kill competition at birth, through the acquisition of competitors which, as they are nascent, allow the evasion of preventive merger control at EU or national level, due to the non-fulfilment of the applicable thresholds.

It is through this set of obligations, imposed ex-ante on gatekeepers, that the DMA seeks to mitigate some of the problems of digital markets, complementing the competition approach and accommodating issues that go beyond it, as they respect legal values that the former is not, prima facie, equipped to ensure and protect. Not, at least, without an adaptation of its operating frameworks and concepts. It is expected that, as the first major regulation of (or attempt to regulate…) digital markets, the DMA will allow the affirmation of the European Union as a beacon to the world, if only by the voluntary compliance by gatekeepers, in all places where they operate, thus harmonising their global or pan-European business models.

This bright side does not allow us to ignore some of the DMA’s problems: its bad and ugly sides. First of all, we can criticise the designation of gatekeepers based on their economic power, and the presumption of harm or danger of their presence in digital markets. Besides, the one-size-fits-all approach implies the submission of all gatekeepers to all obligations provided for in the DMA. This is agnostic to their business models and respective economic incentives and ignores that – precisely because they are a reproduction of past cases or a synopsis of investigations in competition cases – those obligations may not succeed in detaching themselves from a particular and concrete constraint. In other words, by superimposing the goals of celerity and efficiency to the guarantees of due process and the gatekeepers’ rights of defence, the designation process may risk confusing the economic dimension with the nature of gatekeepers.

This is all the more serious when no (or hardly any) possibility is open to the gatekeepers of demonstrating, i) efficiencies associated to certain practices, ii) the practical unfeasibility of complying with certain obligations, or even, iii) the respective negative repercussions on consumer welfare, innovation and competition itself. In sum, the “participation” of the target companies is minimal, and the escape valves arelimited to minimums that may violate the “prohibition of insufficiency”.

On a second front, questions remain as to the truly “different” nature of the DMA vis-à-vis competition rules, primarily in light of the list of obligations crystallised therein which are the repository of past cases and competition investigations. It should be noted that, even if it presents itself as a different “animal”, its application without prejudice to Articles 101 and 102 of the TFEU and corresponding national competition rules may always bring – in addition to burdens for companies and social costs arising from overlapping regulation – risks in terms of ne bis in idem. Finally, while we acknowledge the advantages of a list of obligations and prohibitions applicable ex-ante – even for companies themselves, in terms of legal certainty – we believe that the dynamism of digital markets creates gaps that would be better filled through general clauses. In fact, these have allowed for a flexible application of competition law[12].

The list of criticisms or doubts is not exhaustive. However, neither does it serve to remove the merits, the importance of the mission, and the need for a regulation of digital markets in light of their challenges. Challenges that a strictly liberal approach cannot accommodate. Since we are facing a problem that, more than economic, is also political and legally relevant, the intervention of the law and its specific tools is justified. However, if this is the case, the regulatory frameworks must comply with the imperatives of proportionality – not least due to the scope of obligations imposed on the companies covered.

Although based on legitimate grounds, the DMA underlies the automatic application of a set of obligations and prohibitions based on an unquestionable unconditional and absolute presumption of damage, and without the company having any possibility of demonstrating efficiencies. This model contrasts with the option followed in the United Kingdom. In fact, on 25 April 2023, the UK government published its Digital Markets, Competition and Consumers Bill,[13] proposing reforms to national competition and consumer protection legislation and including obligations for digital platforms with “strategic market status” (‘SMS’). Although relatively late compared to the DMA, it is a project with some relative advantages.

By way of example, it will be for the Competition and Markets Authority’s Digital Markets Unit to determine – considering several factors and early engagement with potential designees – whether a company holds strategic status, concerning a particular activity. The longer duration of this designation process may be offset by its “greater acceptability”, due to its participatory nature, perhaps resulting in less litigation than anticipated within the Union. Another advantage refers to the obligations imposed on the target companies. Contrary to the one-size-fits-all model of the DMA, the British project opts for personalised “codes of conduct”, moulded to the individual circumstances of the concrete company. Again, despite what may be lost in terms of simplicity or automaticity, the advantages of “proportional equality” are evident. Finally, the “justification of efficiencies”, which is excluded from the DMA, is present in the British project.

What is being put forward here does not serve to undermine the Digital Markets Regulation. It is believed to be possible to ensure its practical implementation in accordance with the Charter of Fundamental Rights (to which the DMA is subject). It is, therefore, possible to reach a compromise solution: a solution that guarantees more contestable and equitable digital markets but at the same time respects the principles of the rule of law. In sum, a European Union in which fundamental rights should always limit speed and administrative discretion. To this end, the fundamental rights of both end and business users, as well as of gatekeepers (regardless of their size), must be considered.

Because the entitlement of fundamental rights must not depend on the economic circumstances of their holders, situations of conflict and collision shall be resolved in the light of a judgment of practical concordance and not – it must be stressed – based on the abstract prevalence or preference of one freedom over another.

[1] Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’), Official Journal L 178, 17/07/2000. Available at:

[2] European Commission, “The Digital Services Act package”. Available at:

[3] Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act), Official Journal L 277, 27/10/2022. Available at:

[4] Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act), Official Journal L 265, 12/10/2022. Available at:

[5] Commission Implementing Regulation (EU) 2023/814 of 14 April 2023 on detailed arrangements for the conduct of certain proceedings by the Commission pursuant to Regulation (EU) 2022/1925 of the European Parliament and of the Council, Official Journal L 102, 17/04/2023. Available at:

[6] Inter alia, Cristina Caffarra and Fiona Scott Morton, “The European Commission Digital Markets Act: A translation”, 2021. Available at:; Torsten Körber “Digital Platforms as a Challenge to Competition Policy – Does Competition Law need a Digital Update? – Suggestions for an Update to Australian Competition Law”, 2022. Available at: and; Nicolas Petit, “The Proposed DMA (DMA): A Legal and Policy Review”, 2021. Available at:

[7] European Commission, “Mergers: Commission fines Facebook €110 million for providing misleading information about WhatsApp takeover”, Press Release, 18 May 2017. Available at:

[8] European Commission, “Antitrust: Commission accepts commitments from Amazon on e-books”, Press Release, 4 May 2017. Available at:

[9] European Commission, “Antitrust: Commission opens investigations into Apple’s App Store rules”, Press Release, 16 June 2020. Available at:

[10] European Commission, “Antitrust: Commission sends Statement of Objections to Amazon for the use of non-public independent seller data and opens second investigation into its e-commerce business practices”, Press Release, 10 November 2020. Available at:

[11] European Commission, “Antitrust: Commission fines Google €4.34 billion for illegal practices regarding Android mobile devices to strengthen dominance of Google’s search engine”, Press Release, 18 July 2018. Available at:

[12] Torsten Körber “Digital Platforms as a Challenge to Competition Policy …”.

[13] UK Parliament, “Digital Markets, Competition and Consumers Bill”, originated in the House of Commons, Session 2022-23. Available at:

Picture credits: PhotoMIX Company on

One thought on “From the Digital Services package to the Digital Markets Act: the road to a (more) secure, open, and fundamental rights-friendly digital space

  1. Pingback: ANALIZĂ Ce efecte va avea Regulamentul privind piețele digitale, actul care promite să schimbe Piața Unică europeană – Știri noi

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s