Europe's Digital Strategy: Rebooting Rules for Tech Giants

Legislators in Europe have presented two new pieces of legislation, initiating a significant overhaul of policies designed to modernize regulations for the digital economy and address the influence of major technology companies.

The Digital Services Act (DSA) aims to modernize the European Union’s existing e-commerce regulations while expanding the scope of responsibilities concerning content management—specifically, how platforms are required to address unlawful material and potentially hazardous products from third parties, utilizing standardized reporting and verification procedures.

According to the Commission, the DSA seeks to align online regulations with those already in place for traditional businesses. It will be broadly applicable to various service types, with increased transparency and accountability expected from the largest platforms (those with approximately 45 million or more monthly users, representing 10% of the EU population), who will be obligated to perform risk assessments to prevent misuse of their services.

The second legislative initiative, the Digital Markets Act (DMA), proposes a framework for identifying certain key Internet companies as ‘gatekeepers,’ subjecting them to specific additional obligations—with the primary objective of promoting competition within digital markets, which are often characterized by ‘winner-takes-all’ scenarios.

The DMA is anticipated to affect large technology corporations such as Amazon and Google, although the Commission refrained from identifying specific companies today.

This action represents the EU’s response to concerns that current competition regulations have been unable to effectively address the substantial market power wielded by a limited number of large Internet companies focused on data collection and user attention—leading to the implementation of ex ante regulations that restrict practices like self-preferencing and data utilization, and mandate support for interoperability.

The proposed fines for violations under these proposals reach up to 6% (under the DSA) and 10% (under the DMA) of a company’s global annual revenue—exceeding the current maximum of 4% permitted under the EU’s General Data Protection Regulation (though it is unlikely these maximums will be fully applied, as they have not been under GDPR, but they attract attention).

A previously considered concept—introducing a new competition instrument for digital markets to prevent market dominance—does not appear to have been included in the final legislative proposals.

The Commission has been developing this comprehensive plan to update the EU’s digital rulebook since before President Ursula von der Leyen began her term a year ago. Executive Vice President Margrethe Vestager stated to the European Parliament in October 2019 that new regulations are necessary to foster trust in digital services, supporting the EU’s strategic initiative for digitalization to drive economic growth in the coming decades.

Vestager and Internal Markets Commissioner Thierry Breton are leading the development of this digital policy package. Extensive public consultations on the proposals were conducted throughout the year. However, internal debates and disagreements within the EU regarding the precise methods for regulating digital services contributed to some delays—though the commissioners denied that these issues caused a last-minute postponement of today’s announcement (which had already been delayed twice from earlier dates in the month).

europe lays out its plan to reboot digital rules and tame tech giants

Today’s announcement initiates a lengthy process for the Commission to gain approval and finalize the legislative proposals with the other EU institutions—the Council and the Parliament—a process expected to take several months.

It could take years for the DSA and DMA to become law and be implemented (although the Commission intends to establish short implementation periods of three and six months, respectively, once adopted).

The enforcement of existing EU digital regulations has not been consistently effective. Therefore, questions remain regarding the practical implementation of the planned requirements for platforms, both large and small, and the creation of a streamlined operational system. Enforcement of the DSA and DMA will be the responsibility of Member State-level agencies, with the Commission monitoring progress and retaining the authority to intervene if necessary.

Breton asserted that the proposed enforcement framework will differ from GDPR—but it is anticipated that it may encounter some of the same challenges.

Large technology companies have a history of utilizing legal resources to challenge European regulations that threaten their business interests—and it is likely they will employ similar strategies to avoid being designated as ‘gatekeepers’ and facing a set of ‘dos and don’ts.’

One certainty is that increased European regulation of the digital economy and Big Tech is forthcoming, regardless of its ultimate impact. The UK also announced further details of a national plan to regulate online harms today, proposing fines of up to 10% of turnover and the introduction of an Online Safety Bill next year.

The European Commission is also pursuing other legislative proposals as part of its broader digital strategy—including a Data Governance Act and an upcoming data act to establish a regulatory framework for encouraging the reuse of industrial data, as well as plans for risk-based regulations for artificial intelligence, scheduled to be unveiled next year following the publication of a white paper in February.

Further details regarding the DSA and DMA proposals from today’s Commission briefing are provided below.

The Digital Services Act

The DSA introduces novel responsibility requirements for digital services, mandating the prompt removal of unlawful material and simultaneously requiring a clear account of actions taken and their rationale – alongside providing avenues for user complaints.

Online marketplaces will also be subject to a new ‘Know Your Customer’ requirement – designed to combat the sale of fake or hazardous goods – which will necessitate verifying seller identities prior to enabling trade on their platforms.

Another key provision centers on transparency and explainability regarding algorithms – meaning that (larger) platforms must clarify the basis for their ranking and prioritization systems, including featured or recommended items.

However, these platforms will not be obligated to disclose the algorithms’ underlying code.

Providing researchers with access to essential data (a requirement also applicable to larger platforms) is a further component of the Act.

The Digital Markets Act

The DMA will impose additional, proactive (ex ante) requirements on major companies possessing substantial market influence. These companies, acting as intermediaries between a specific number of other businesses (10,000 annually) and a large user base (over 45 million monthly active users), will be designated as ‘gatekeepers.’

The intention is to build upon current EU competition regulations, with Commissioner Vestager noting that the DMA’s development was informed by numerous antitrust investigations targeting companies such as Google and Amazon in recent years.

She further compared it to regulatory frameworks already established in industries like finance and energy.

According to the commissioner, being classified as a gatekeeper will be determined by factors including company size (considering both revenue and market capitalization); their position within the market; and the stability of their market presence over time.

Gatekeepers will also need to operate within multiple EU Member States.

Vestager briefly outlined three key obligations gatekeepers will be expected to fulfill: their handling of data; interoperability standards; and avoiding self-preferencing practices.

“You are prohibited from utilizing the data belonging to your competitors simply due to your capabilities – you must maintain data separation,” she stated, clarifying that the regulations surrounding data usage are designed to foster “fairness in the marketplace” by equalizing the risks faced by businesses that are not gatekeepers when introducing new services, compared to large data-collecting companies with extensive market intelligence.

In addition to potential financial penalties, she affirmed that structural solutions – including the possibility of business divestitures – remain an option, particularly in instances of repeated violations of the DMA’s stipulations.

Gatekeepers will also be obligated to inform regulatory bodies of their intent to acquire even smaller companies, even if such acquisitions would not typically necessitate a notification.