The European Union is close to agreeing the Digital Markets Act, which would require big tech firms to open up their services to wider competition
25 March 2022
The European Union has taken its latest shot at big technology companies with the Digital Markets Act (DMA), a proposed law that it says will open up the market to smaller competitors and give consumers more choice and freedom.
The EU has brought a number of cases against technology firms over the past two decades in the belief that they were acting in a monopolistic or unfair way: Google, Apple and Microsoft, among others, have faced lawsuits. The DMA aims to stamp out these alleged practices in one fell swoop.
What does the law say?
The final text hasn’t yet been released, but we already know it will be wide in scope – and have teeth. Tech companies will have to allow their services to be connected with those of competitors, so that people using WhatsApp or Facebook Messenger, which are both owned by Meta, can communicate seamlessly with Apple’s iMessage.
People will also be given the right to remove pre-installed software from devices they buy, so you could get rid of Google software from a laptop sold by Google, or Apple’s built-in apps from an iPhone.
Companies will also be banned from automatically cross-promoting their services, so Google’s web search, for instance, won’t be allowed to show its other services, such as YouTube Music, at the top of search results or demote competitors, such as Spotify.
Which firms will the law apply to?
Companies that meet a number of requirements: those with a value of €75 billion or over, those that have at least 45 million monthly users and those that operate via an app, website or social network. This captures obvious candidates such as Meta, Google and Apple, but also smaller companies like Booking.com. Any company found to have broken the law could be hit by fines of up to 10 per cent of its global turnover, and up to 20 per cent for repeated infringements.
When will these changes begin?
The draft text of the act was provisionally agreed by the European Parliament on 24 March, but will need to be formally approved by both the European Parliament and Council. Once that is done, there will be a buffer of 20 days before it becomes law, and the rules will start to apply six months later.
What will happen for people outside the EU?
Because of the complexity of offering different services in one country than another, the EU legislation is likely to be adopted as global by most companies, meaning that the benefits of more consumer choice won’t be confined to Europe. A similar thing happened with the EU’s General Data Protection Regulation, which is designed to protect consumers’ data. Some countries that deal with the EU a lot adopted similar laws to streamline trade, while some companies decided to introduce a more stringent policy globally for the sake of simplicity.
Are there any downsides?
The bulk of the proposals relate more to business practices than technology, but experts have warned that making messaging services interoperable is a large engineering hurdle. Neil Brown at UK law firm decoded.legal believes it carries the risk of compromising the end-to-end encryption currently offered to users of some services, such as WhatsApp. “I fear that those pushing for this don’t understand the implications of what they are going to compel service providers to do,” he says. “Or, worse, that they do understand the implications, and are pushing for it all the same.”
Can’t tech firms find a solution?
Keith Martin at Royal Holloway, University of London, says that almost all messaging services use the same basic approach to cryptography, a technique known as the Diffie-Hellman key exchange, but tend to add their own “bells and whistles”.
“In theory, you can still have end-to-end encryption if everyone is using absolutely compatible protocols, which they’re probably not at the moment,” says Martin. “There’s a lot of complexity around making the cryptography protocols broadly compatible. It’s not something that anyone could do quickly. I would imagine for the people implementing these apps, it’ll be a messy process.”
But Martin says the law could ultimately be beneficial for security. “I think standardisation and scrutinisation is a good thing,” he says. “I think possibly it would be a net gain for security if it meant that we had more high-profile, secure standards that everyone was using. There’s an argument that that’s a better world.”
More on these topics: