The final text of the Digital Markets Act (DMA)
Article 3, Designation of gatekeepers
1. An undertaking shall be designated as a gatekeeper if:
(a) it has a significant impact on the internal market;
(b) it provides a core platform service which is an important gateway for business users to reach end users; and
(c) it enjoys an entrenched and durable position, in its operations, or it is foreseeable that it will enjoy such a position in the near future.
2. An undertaking shall be presumed to satisfy the respective requirements in paragraph 1:
(a) as regards paragraph 1, point (a), where it achieves an annual Union turnover equal to or above EUR 7,5 billion in each of the last three financial years, or where its average market capitalisation or its equivalent fair market value amounted to at least EUR 75 billion in the last financial year, and it provides the same core platform service in at least three Member States;
(b) as regards paragraph 1, point (b), where it provides a core platform service that in the last financial year has at least 45 million monthly active end users established or located in the Union and at least 10 000 yearly active business users established in the Union, identified and calculated in accordance with the methodology and indicators set out in the Annex;
(c) as regards paragraph 1, point (c), where the thresholds in point (b) of this paragraph were met in each of the last three financial years.
3. Where an undertaking providing core platform services meets all of the thresholds in paragraph 2, it shall notify the Commission thereof without delay and in any event within 2 months after those thresholds are met and provide it with the relevant information identified in paragraph 2. That notification shall include the relevant information identified in paragraph 2 for each of the core platform services of the undertaking that meets the thresholds in paragraph 2, point (b). Whenever a further core platform service provided by the undertaking that has previously been designated as a gatekeeper meets the thresholds in paragraph 2, points (b) and (c), such undertaking shall notify the Commission thereof within 2 months after those thresholds are satisfied.
Where the undertaking providing the core platform service fails to notify the Commission pursuant to the first subparagraph of this paragraph and fails to provide within the deadline set by the Commission in the request for information pursuant to Article 21 all the relevant information that is required for the Commission to designate the undertaking concerned as gatekeeper pursuant to paragraph 4 of this Article, the Commission shall still be entitled to designate that undertaking as a gatekeeper, based on information available to the Commission.
Where the undertaking providing core platform services complies with the request for information pursuant to the second subparagraph of this paragraph or where the information is provided after the expiration of the deadline referred to in that subparagraph, the Commission shall apply the procedure set out in paragraph 4.
4. The Commission shall designate as a gatekeeper, without undue delay and at the latest within 45 working days after receiving the complete information referred to in paragraph 3, an undertaking providing core platform services that meets all the thresholds in paragraph 2.
5. The undertaking providing core platform services may present, with its notification, sufficiently substantiated arguments to demonstrate that, exceptionally, although it meets all the thresholds in paragraph 2, due to the circumstances in which the relevant core platform service operates, it does not satisfy the requirements listed in paragraph 1.
Where the Commission considers that the arguments submitted pursuant to the first subparagraph by the undertaking providing core platform services are not sufficiently substantiated because they do not manifestly call into question the presumptions set out in paragraph 2 of this Article, it may reject those arguments within the time limit referred to in paragraph 4, without applying the procedure laid down in Article 17(3).
Where the undertaking providing core platform services does present such sufficiently substantiated arguments manifestly calling into question the presumptions in paragraph 2 of this Article, the Commission may, notwithstanding the first subparagraph of this paragraph, within the time limit referred to in paragraph 4 of this Article, open the procedure laid down in Article 17(3).
If the Commission concludes that the undertaking providing core platform services was not able to demonstrate that the relevant core platform services that it provides do not satisfy the requirements of paragraph 1 of this Article, it shall designate that undertaking as a gatekeeper in accordance with the procedure laid down in Article 17(3).
6. The Commission is empowered to adopt delegated acts in accordance with Article 49 to supplement this Regulation by specifying the methodology for determining whether the quantitative thresholds laid down in paragraph 2 of this Article are met, and to regularly adjust that methodology to market and technological developments, where necessary.
7. The Commission is empowered to adopt delegated acts in accordance with Article 49 to amend this Regulation by updating the methodology and the list of indicators set out in the Annex.
8. The Commission shall designate as a gatekeeper, in accordance with the procedure laid down in Article 17, any undertaking providing core platform services that meets each of the requirements of paragraph 1 of this Article, but does not satisfy each of the thresholds in paragraph 2 of this Article.
For that purpose, the Commission shall take into account some or all of the following elements, insofar as they are relevant for the undertaking providing core platform services under consideration:
(a) the size, including turnover and market capitalisation, operations and position of that undertaking;
(b) the number of business users using the core platform service to reach end users and the number of end users;
(c) network effects and data driven advantages, in particular in relation to that undertaking’s access to, and collection of, personal data and non-personal data or analytics capabilities;
(d) any scale and scope effects from which the undertaking benefits, including with regard to data, and, where relevant, to its activities outside the Union;
(e) business user or end user lock-in, including switching costs and behavioural bias reducing the ability of business users and end users to switch or multi-home;
(f) a conglomerate corporate structure or vertical integration of that undertaking, for instance enabling that undertaking to cross subsidise, to combine data from different sources or to leverage its position; or
(g) other structural business or service characteristics.
In carrying out its assessment under this paragraph, the Commission shall take into account foreseeable developments in relation to the elements listed in the second subparagraph, including any planned concentrations involving another undertaking providing core platform services or providing any other services in the digital sector or enabling the collection of data.
Where an undertaking providing a core platform service that does not satisfy the quantitative thresholds of paragraph 2 fails to comply with the investigative measures ordered by the Commission in a significant manner, and that failure persists after that undertaking has been invited to comply within a reasonable time limit and to submit observations, the Commission may designate that undertaking as a gatekeeper on the basis of the facts available to the Commission.
9. For each undertaking designated as a gatekeeper pursuant to paragraph 4 or 8, the Commission shall list in the designation decision the relevant core platform services that are provided within that undertaking and which individually are an important gateway for business users to reach end users as referred to in paragraph 1, point (b).
10. The gatekeeper shall comply with the obligations laid down in Articles 5, 6 and 7 within 6 months after a core platform service has been listed in the designation decision pursuant to paragraph 9 of this Article.
Contact us
Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60
Email: george.lekatis@cyber-risk-gmbh.com
Web: https://www.cyber-risk-gmbh.com
We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.
Understanding Cybersecurity in the European Union.
2. The European Cyber Resilience Act
3. The Digital Operational Resilience Act (DORA)
4. The Critical Entities Resilience Directive (CER)
5. The Digital Services Act (DSA)
6. The Digital Markets Act (DMA)
7. The European Health Data Space (EHDS)
10. European Data Governance Act (DGA)
11. The Artificial Intelligence Act
12. The European ePrivacy Regulation
13. The European Cyber Defence Policy