The Digital Markets Act’s Unrealistic Deadlines Set Companies up to Fail
In their rush to tame the ‘tech giants’ through the proposed Digital Markets Act (DMA), EU lawmakers are de facto setting the targeted ‘gatekeepers’ up to fail. That in turn could harm European businesses and consumers that benefit from their digital tools and technologies.
Under the European Commission’s proposal, once a company is designated as a ‘gatekeeper’, it has to comply with the obligations and prohibitions laid down in the DMA immediately, and the Commission can start designating gatekeepers within a short period, namely 6 months after the legislation is passed.
This is an astonishingly short time. Companies were given 24 months to comply with the General Data Protection Regulation (GDPR), a regulation for which compliance is much less onerous. It is also incredibly short given the penalties available to the Commission for breach.
The maximum amount of a fine is 10% of the total worldwide annual turnover of the gatekeeper in the case of a material breach of the obligations under the DMA, and a maximum 1% in the case of a less serious breach of obligations under the DMA. The Commission is also entitled to order periodic penalty payments of up to 5% of the average daily turnover in certain cases defined in the DMA. These fines are set regardless of any actual harm done, thus increasing compliance risk and deterring anything but the strictest adherence to the letter of the somewhat ambiguous and unprecedented set of prohibitions and obligations.
To be fair, the 10% rate is consistent with European antitrust enforcement. In cartel and abuse of dominance cases the Commission can levy similar fines, but only after it shows that they are proportionate to the harm caused following a case-by-case, effects-based assessment.
And yet, as differing groups of parliamentarians seek to gain the spotlight, amendments to the draft report by the Internal Market Committee (IMCO) – which is leading the European Parliament’s consideration of the new rules – seek to further shorten the deadlines for companies to comply with obligations.
The European People’s Party, the right-of-centre grouping of parliamentarians from across Europe, is pushing to shorten the compliance horizon even further, bringing the obligation into force in 4 months instead of 6 months. Not to be outdone, the left-leaning Socialists and Democrats group wants to cut this down to a mere two months, and increase fines to as much as 30% of total turnover!
Privately some European Commission officials acknowledge that the European Parliament wants to enact this swiftly with short deadlines and high deterrent fines for political reasons. Yet the Commission itself has serious concerns that bringing in too short deadlines could upend the entire process. Industry stakeholders have been raising the flag for months, trying to ensure an effective and proportionate regulation that companies can comply with from day one.
But while regulators acknowledge that companies need to change business practices in sometimes far-reaching ways, the scale of the task is hard for non-engineers to comprehend. The amount of technical changes required is orders of magnitude greater than that required by the GDPR, and will demand thousands of engineering work hours diverted from improvements to existing services and the development of innovative new ones.
The Brussels bubble may feign not to care about the scale of changes demanded by the DMA, nor on the unreasonable legal risk that companies would be forced to accept if they continued supplying their existing services in Europe. Deep pockets make attractive targets, and many think that these companies will continue to pay fines as a mere cost of doing business. But that is terribly shortsighted, and as regulatory scrutiny continues to ramp up (nearly €1.5 billion in fines issued in the last few months alone, with many more cases pending), the threat of parallel proceedings under the DMA might be too much.
Companies want to comply with the DMA from day one, but the proposed short deadlines and blunt and far-reaching obligations are setting them up to fail. Ultimately, without adequate regulatory safeguards in place, designated gatekeepers may have no choice but to switch off their services, if only to stop the bleeding. If this happens, it will be the European businesses and end-users that suffer.
Hopefully, EU lawmakers will appreciate that a successful DMA also means giving companies a fair chance to comply.