The Digital Markets, Competition and Consumers Act 2024 (DMCC) was passed in May 2024, just before the Rishi Sunak government called a general election.  

As well as its consumer and competition law provisions, it creates a new pro-competition regime for digital markets. But what does this mean, and what do all the acronyms like DMU, SMS, CRs, PCIs mean?

The DMCC gives the Competition and Markets Authority (CMA) the power to designate undertakings as having strategic market status (SMS) for a digital activity. It will be able to impose so-called conduct requirements on designated undertakings and, after investigating, make pro-competition interventions. Organisations designated as having SMS will have to report certain mergers and to produce compliance reports. The DMCC also gives the CMA new investigatory and enforcement powers. The CMA had already established a shadow Digital Markets Unit (DMU) in anticipation of the DMCC and now the DMU will get busy! 

What is an undertaking with SMS?

The CMA’s DMU will decide if a company has SMS.  This will depend on whether a company:

  • Engages in digital activity because it provides services via the internet, or digital content.
  • Is linked to the UK because it has a significant number of UK users, its digital activity is conducted in the UK or is likely to affect trade in the UK.
  • Has a worldwide turnover of over £25 billion or over £1 billion in the UK.
  • Has substantial and entrenched market power in the relevant market and is forecast to have this over a period of at least five years.
  • Has a position of strategic significance in the market due to its size or scale, or because it is used by a significant number of other undertakings, or because its position would facilitate it extending its market power to other activities or mean it could influence how other undertakings conduct themselves.

The DMCC requires the CMA to decide if a digital company should be designated as having SMS. The CMA says that it will start its first designation investigations in 2024 and plans to designate the first companies in the middle of 2025. It’s unlikely that many companies will be designated with SMS – in practice it will be the very largest and most influential organisations. 

However, the CMA does intend to start investigating SMS this year and has already been looking at sectors such as cloud services, app distribution, mobile operating systems and devices and digital advertising.  It is also likely that it has been keeping an eye on the European Commission’s work in designating gatekeepers under the Digital Markets Act.

What happens once a firm is designated SMS?

A company with SMS will have to comply with a bespoke set of conduct requirements (CRs). These create a framework for an SMS firm’s behaviour so that the firm cannot use its market power in a way that would either exploit consumers or undermine fair competition. 

CRs must be a “permitted type” but they are defined broadly and so the CMA has a significant level of discretion to decide an SMS firm’s obligations. The CMA might require behaviours such as trading on fair and reasonable terms, having effective complaints and dispute resolution systems and providing clear and accessible information.

Pro-competitive interventions

As well as CRs, the CMA may also make “pro-competitive interventions” (PCIs). These are not directly set out in the DMCC, but may include a range of structural and behavioural remedies.

Requirement to act proportionately

The CMA may not impose a CR or PCI unless it is proportionate to do so (to achieve fair dealing, open choices and/or trust and transparency) and there is strong evidence for the PCI or CR.

Does the Act change the CMA’s investigatory powers?

Yes it does. The CMA’s evidence gathering powers are strengthened. For example, it can interview and question any individual who has information relevant to a digital markets investigation (so not just those connected with an organisation that is under investigation).  There is also be a duty to preserve documents if an investigation is or may be carried out.

When it comes to dawn raids, the CMA has expanded powers to seize documents and devices from domestic premises to reflect home working practices.

What happens if a SMS firm does not comply?

The DMCC Act provides that the CMA can impose fines of up to 10% of global turnover for breaches of the CRs, or as a PCI. It can also impose daily fines of up to 5% of global turnover for continued breaches. 

The CMA must publish a statement of policy in relation to the exercise of powers to impose a penalty and a party can appeal such a penalty on the merits.  In addition, it is a criminal offence for a person (or body corporate) to destroy or falsify information, or knowingly or recklessly to provide false or misleading information to the CMA.

Private enforcement rights

A person who has been affected by a breach of a CR or PCI has private enforcement rights – that is, third parties may challenge the commercial actions of designated companies, as well as claiming damages for losses caused by breaches.

How does this work with the EU’s Digital Markets Act?

There are significant differences in approach, but Ofcom and the European Commission have signed a cooperation arrangement regarding online safety, so the CMA and European Commission may also sign one for digital markets and it is likely that the CMA will have an eye on enforcement under the DMA.

When does this all come into force?

Most substantive parts of the DMCC Act will come into force following secondary legislation. This was due to be in the autumn of 2024, but timings may be affected by the outcome of the election on 4 July. The CMA is likely to publish its final guidance when the substantive parts commence.

The CMA has also been consulting on guidance about how it intends to exercise its new powers granted by the DMCC Act to regulate competition in digital markets.  It extends to 188 pages! The consultation ends on 12 July.