The European Union and the EU members have set the transformation towards an increasingly digitalised environment by 2030 as one of the main objectives for the European Institutions. This institution is a pioneer in using technology and data while respecting individuals’ and companies’ rights and guarantees.

We can view this paradigm shift toward a new environment from various perspectives. We’ve identified four action pillars to deploy legislative activity over the coming years. The European Commission calls these four pillars the ‘digital compass’:

  • Increasing citizens’ digital skills
  • Improving the security and sustainability of infrastructures
  • Digital transformation of businesses and public services

As you can imagine, this transition requires a significant legislative effort. It affects different actors (citizens, businesses, infrastructures, and public services) and requires a harmonised and congruent regulatory development. However, this new digital strategy already has its first regulations, including the Data Governance Act, approved on April 6th, and the Digital Services Act and the Digital Markets Act, approved on July 5th.

Digital Services Act (DSA) and Digital Markets Act (DMA)

Digital Services Act

As we mentioned, these new rules aim to transform the European digital services market by creating a safer space and environment for users, respecting their individual rights and guaranteeing their freedoms, and allowing a more competitive and open setting.

One of the DSA’s main objectives is to transform and modernise the current E-Commerce Directive (Directive 2000/31/EC). Setting new obligations to Internet service providers will benefit the entire market, including individuals, companies, and society. The four main target groups are as follows:

This regulation establishes new obligations that will apply to these platforms depending on their activity and size. A greater business volume means greater control exercised over them, regardless of whether they’re in or out of the EU. All companies have common obligations

  • They must present transparency reports
  • Specify service conditions requirements
  • Cooperate with public administration offices when an order is issued
  • Establish contact points and legal representatives.

These obligations mainly apply to online platforms, big or small, whose main objective is to increase transparency and security around their services and many others focused on respecting and guaranteeing users’ and consumers’ rights. This highlights the need to establish codes of conduct, reinforce risk management and rapid response mechanisms, and implement external and independent auditing processes. On the other hand, companies must set a strategy for different actions:

  • Handle complaints and out-of-court dispute resolutions.
  • Increase transparency for online advertising while prohibiting targeted ads for minors and those based on users’ special characteristics
  • Provide customers with the possibility to limit recommendations based on profiling.

Finally, the regulation proposes fines for companies that fail to comply with these obligations. These fines can be up to 6% of the company’s annual turnover (Art. 42.3 draft DSA) or 1% if the information is not provided or is incorrect when required.

Digital Markets Act

The European regulator has proposed an additional rule, the Digital Markets Act (DMA), intended to limit Big Techs’ power and give smaller companies equal competing conditions. The DMA describes tech giants as “gatekeepers” because they’ve enjoyed an entrenched and long-lasting position that reinforces existing barriers to market access. This inequality clearly undermines free market competition and is particularly relevant in “core platform services”, including but not limited to intermediation services, search engines, social networks, and advertising services.

A service provider is considered a gatekeeper when it has these features:

  • Have a significant impact on the internal market (with an  annual turnover equal to or greater than EUR 65 billion in the last three financial years, a market capitalisation of the same amount, or provide a core service in at least 3 EU members);
  • Operate one of the core services mentioned above and which constitutes a gateway between professionals and end-consumers (serving more than 45 million monthly active end-users and more than 10.000 professional users established in the EU);
  • Have an established and sustainable position (where the above threshold was exceeded during the last three financial years).

Any company with the above requirements qualifies as a gatekeeper, meaning it must comply with several obligations and prohibitions to ensure greater competitiveness and fairness in the market. Gatekeepers must respect all these obligations and prohibitions, which include: 

  • Correct use of the data generated through their activity
  • Refraining from cross-referencing with user data from other services or third parties
  • Allowing professionals to offer services on the platform under equal conditions
  • Providing data portability to users who effectively require it, etc.

Similar to the DSA, this regulation has heavy non-compliance penalties with incorporated obligations and prohibitions, which may reach 10% of the company’s total annual turnover, or 20%, in the case of repeated infringements. In addition to other coercive measures, such as forcing the company to dispose of a production unit or assets.

So what’s the bottom line?

The main objective is to guarantee a single, harmonised digital market for the European Union, allowing consumers and businesses to be in harmony and ensuring their rights while increasing competitiveness with other countries. How? By restricting large companies’ potential to limit new digital service providers’ development and expansion.