The DMA is a success, it should be strengthened and expanded

Add new core platform services to the DMA

Last week, the European Commission asked the public to provide ideas about how to improve the EU’s Digital Markets Act (DMA). Together with EDRi member Free Software Foundation Europe (FSFE), we submitted a response to the Commission with a clear message: strengthen enforcement, drastically increase transparency around what gatekeepers must do and have already done, and expand the DMA to cover additional core platforms services and industries suffering from concentrated gatekeeping power.

Concretely, we recommend to the Commission to include “Generative AI” services to the scope of the DMA. While some of these services are currently covered – for example as part of a search engine or a “virtual assistant” as Alexa – the laws’s wording makes it unclear to what extent services like ChatGPT or Copilot would currently fall under the gatekeeper rules.

Moreover, the difficulties around the effective enforcement of the DMA’s rules in the context of operating systems like Windows, iOS, and Android demonstrate a regulatory gap, especially when gatekeepers control an entire mobile stack, including hardware, firmware, operating system, app store, and default apps.

Despite the DMA’s attempt to increase market contestability, there are no signs of improvement on the mobile operating system (OS) market. To the contrary: Google and Apple are pushing back hard by circumventing their obligations, and, in the case of Google, further locking down its previously relatively open Android system.

We therefore propose to apply the DMA also to digital end-user devices in order to enforce device neutrality for gatekeepers: No gatekeeper should be in a position to control which software, apps, operating system, firmware, etc. end-users wish to install and run on their devices.

Fine-tune and strengthen current gatekeeper rules

The DMA gives users the right to uninstall preloaded apps they do not want to use. Google tries to circumvent this provision by claiming that allowing users to deactivate those apps is enough to comply with the law. We disagree and recommend the Commission to specify the respective provision to make sure gatekeepers like Google cannot simply re-define common words. “Uninstall” means to remove, not to deactivate and app.

We also urge the Commission to strengthen the DMA’s app freedom provision to prevent circumvention by Apple and Google. Currently, the DMA forces gatekeepers to allow the use of alternative app stores. But both Google and Apple try to retain full control over apps stores by introducing identification obligations and fees for app developers—even where their apps never appear in the gatekeepers app store. If we accept this to happen under the DMA, those companies will continue to gatekeep people’s app choices and digital lives.

The rise of alternative, decentralised social media offerings in the past years demonstrates the benefits of open social networking standards. We strongly recommend the Commission to finally introduce a clear interoperability mandate for all gatekeeper platforms like Facebook, Instagram, and Tiktok. This would reduce the infamous network effect that gatekeeper social media platforms currently exploit, and facilitate the migration of users who wish to use alternative social media networks like Mastodon or Bluesky. It would also help reunite today’s incredibly fractured public discussion space online.

Massively increase transparency and enforcement

Lastly, in our submission, we call on the Commission to substantially improve the transparency around gatekeeper compliance. At the moment, there is no way for the public and civil society watchdogs such as EDRi and FSFE to review what measures gatekeepers have taken, what changes were made to the user interface, or what other parts of products and services have been implemented and with what effects. There is zero public data about how many users have been affected by such changes and how the market or user behaviour has changed as a result.

That is why the DMA should task the Commission with the creation of a public compliance database that provides raw data with technical details about every single compliance measure any of the gatekeeper have taken. The database should also include information about what product or service and which version has been changed in view of compliance, highlighting which DMA provision this change attempted to comply with. Evidence of such modifications should be made public (including screenshots or pictures where applicable), along with information on when they were rolled out and to whom benefit. Additionally, gatekeepers should be required to provide regular updates about the impact they measure for each of the changes.

Without additional transparency, gatekeepers will continue to be in a position allowing them to circumvent their obligations while hiding their conduct from the public, and civil society will be seriously hampered in their attempt to support enforcement of the DMA.

The DMA is under threat, it must be hardened in response

In the past two years, we have seen an unprecedented level of attacks against the EU’s tech laws. Those attacks have been spearheaded by the same Big Tech corporations these laws try to tame, and since Donald Trump is back in power, they are being aided by the full power of the White House. If the EU is serious about digital sovereignty, we must strengthen our laws now and make sure they protect every part of the tech stack and every corner of the digital industry against gatekeeper power and monopolisation.