We explore how the Digital Markets Act (DMA) is likely to impact eIDAS and digital identity in Europe.
On November 1, 2022, the Digital Markets Act (DMA) entered into force, less than two years since the first draft was submitted, underscoring just how important the regulation is for the European Union and its member states.
What is the DMA?
The DMA aims to control dominant online platforms and ensure that they behave fairly. Together with the Digital Services Act (DSA), the DMA is one of the centerpieces of the European digital strategy. The objective of the DMA is to foster innovation, growth, fair competition, and facilitate the scaling up of smaller platforms, SMEs and start-ups. Furthermore, the DMA aims to rebalance and protect the European users, companies, and public authorities according to European values, which place citizens at the center.
What is the Digital Services Act?
The Digital Services Act (DSA), in addition to the DMA, introduces a new set of rules to control intermediary services. These services include internet infrastructure, hosting services as well as online platforms. While the DMA is focused on regulating market dominance to ensure fair competition, the DSA is focused on the operational obligations, which focus on data handling, data privacy, filtering fake news, and illegal content. The DSA was developed in parallel to the DMA, and the final version is expected to be agreed to shortly.
Who are the gatekeepers?
The DMA establishes a set of narrowly defined objective criteria for qualifying a large online platform as a so-called “gatekeeper”.
The European Commission uses the following high-level criteria to define a gatekeeper company:
- Has a strong economic position, significant impact on the internal market and is active in multiple EU countries
- Has a strong intermediation position, meaning that it links a large user base to a large number of businesses
- Has (or is about to have) an entrenched and durable position in the market, meaning that it is stable over time
In practice, the DMA classifies companies with a market capitalization of at least 75 billion euros or a turnover in the European economic area of at least 7.5 billion euros is a gatekeeper. The platforms concerned further must have 45 million monthly users in the EU and 10,000 active business users per year. Given the high requirements, mostly the largest tech giants, such as Alphabet (Google), Meta (Facebook), Amazon, Apple, or the travel platform Booking.com, among others, fall under the scrutiny of the DMA. The high bars were chosen to not put any burden on the smaller platforms but target the characteristics of dominant tech giants that tip the market.
What makes the DMA different from existing antitrust laws?
What makes the DMA special compared to existing antitrust laws is its proactive approach. While existing antitrust laws have been designed to maintain healthy markets, their countermeasures came under criticism as being too slow and reactive to cope with monopolistic markets driven by certain digital tech giants, specifically the gatekeepers. The DMA is looking to change that by proactively approaching unfair competition and market practices to prevent such platform providers in the future.
Further, the DMA includes the right to carry out investigations and sanction non-compliant behavior. The sanctions introduce a new level of penalties, such as periodic penalty payments of up to 5% of the average daily turnover and fines of up to 10% of the company’s total worldwide annual turnover. In the event of a repeat offense, the European Commission can impose a fine of up to 20% of its total worldwide turnover. In the past, penalties often have been too low to hurt the tech giants, given their enormous size and billions in revenues. The new penalties are meant to make a relevant impact that enable the European Union to enforce their market regulations.
What are the implications for eIDAS and digital identity in Europe?
The eIDAS regulation is one of the key pillars of digitalization of the European Union. Therefore, the DMA and DSA coming into force will also influence the realization of digital identity in Europe.
In practice, the DMA will further emphasize and enforce “interoperability,” a key theme of the eIDAS regulation including the proposal for a European digital identity framework (EUID). The DMA will function as a means to not only keep the gatekeepers in check, but also foster competition and innovation. This will allow smaller providers the ability to access and offer new ancillary services.
Such services now focus on the EUID and forthcoming e-Wallet proposal. After the success of mobile payment wallets, the tech giants, Apple and Google, are now expanding wallet’s functionality into the digital identity space. Apple recently introduced support for ISO 13018-5 mobile driver’s licenses in the USA, with the states Arizona and Georgia to first implement it and further states to follow. eIDAS and the DMA, on the other hand, go beyond collaborations with individual platform providers. The EUID Wallet initiative will support interactions with European Qualified Trust Service Providers (QTSPs), access to public administration, and enable the remote/local creation of Qualified Electronic Signatures (QES).
IDnow welcomes the objectives of the DMA as it will strengthen choice and offer better quality service through a competitive playing field not only for the European economy, but also the digital identity ecosystem.
Armin Bauer, CTO & Founder at IDnow
“We believe that digital identity and the related personal information is highly sensitive and therefore needs to stay within control of the European community, both on the oversight and the operational level. Further, we believe that the DMA in hand with eIDAS will foster the digital identity market and support us with building European market leaders that will serve the European citizens in their best interest,” added Mr Bauer.
While the exact implications of the DMA and DSA on eIDAS 2.0, the next version of eIDAS, are yet to be defined, both regulations will support the general objective of eIDAS to protect European users, their identities, and data sovereignty. Further, they will protect and strengthen the European trust service and digital identity ecosystem.
By
Rayissa Armata
Senior Head of Regulatory Affairs at IDnow
Connect with Rayissa on LinkedIn
KYC in banking – Trust through implementation.
Download to discover how to set up a KYC process that satisfies customers and improves conversion rates,
Get your free copy
