Digital Market Act 2022/1925 EN

BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf

2022/1925 EN cercato: 'required' . Output generated live by software developed by IusOnDemand srl

expand index required:

1 Article 3 Designation of gatekeepers

3 Article 13 Anti-circumvention

2 Article 21 Requests for information

2 Article 23 Powers to conduct inspections

4 Article 30 Fines

2 Article 31 Periodic penalty payments

1 Article 53 Review

Article 54 Entry into force and application

whereas required:

definitions:

cloud tag:

and the number of total unique words without stopwords is: 1034

Article 3

Designation of gatekeepers

1. An undertaking shall be designated as a gatekeeper if:

(a)	it has a significant impact on the internal market;

(b)	it provides a core_platform_service which is an important gateway for business_users to reach end_users; and

(c)	it enjoys an entrenched and durable position, in its operations, or it is foreseeable that it will enjoy such a position in the near future.

2. An undertaking shall be presumed to satisfy the respective requirements in paragraph 1:

(a)

as regards paragraph 1, point (a), where it achieves an annual Union turnover equal to or above EUR 7,5 billion in each of the last three financial years, or where its average market capitalisation or its equivalent fair market value amounted to at least EUR 75 billion in the last financial year, and it provides the same core_platform_service in at least three Member States;

(b)

as regards paragraph 1, point (b), where it provides a core_platform_service that in the last financial year has at least 45 million monthly active end_users established or located in the Union and at least 10 000 yearly active business_users established in the Union, identified and calculated in accordance with the methodology and indicators set out in the Annex;

(c)	as regards paragraph 1, point (c), where the thresholds in point (b) of this paragraph were met in each of the last three financial years.

3. Where an undertaking providing core_platform_services meets all of the thresholds in paragraph 2, it shall notify the Commission thereof without delay and in any event within 2 months after those thresholds are met and provide it with the relevant information identified in paragraph 2. That notification shall include the relevant information identified in paragraph 2 for each of the core_platform_services of the undertaking that meets the thresholds in paragraph 2, point (b). Whenever a further core_platform_service provided by the undertaking that has previously been designated as a gatekeeper meets the thresholds in paragraph 2, points (b) and (c), such undertaking shall notify the Commission thereof within 2 months after those thresholds are satisfied.

Where the undertaking providing the core_platform_service fails to notify the Commission pursuant to the first subparagraph of this paragraph and fails to provide within the deadline set by the Commission in the request for information pursuant to Article 21 all the relevant information that is required for the Commission to designate the undertaking concerned as gatekeeper pursuant to paragraph 4 of this Article, the Commission shall still be entitled to designate that undertaking as a gatekeeper, based on information available to the Commission.

Where the undertaking providing core_platform_services complies with the request for information pursuant to the second subparagraph of this paragraph or where the information is provided after the expiration of the deadline referred to in that subparagraph, the Commission shall apply the procedure set out in paragraph 4.

4. The Commission shall designate as a gatekeeper, without undue delay and at the latest within 45 working days after receiving the complete information referred to in paragraph 3, an undertaking providing core_platform_services that meets all the thresholds in paragraph 2.

5. The undertaking providing core_platform_services may present, with its notification, sufficiently substantiated arguments to demonstrate that, exceptionally, although it meets all the thresholds in paragraph 2, due to the circumstances in which the relevant core_platform_service operates, it does not satisfy the requirements listed in paragraph 1.

Where the Commission considers that the arguments submitted pursuant to the first subparagraph by the undertaking providing core_platform_services are not sufficiently substantiated because they do not manifestly call into question the presumptions set out in paragraph 2 of this Article, it may reject those arguments within the time limit referred to in paragraph 4, without applying the procedure laid down in Article 17(3).

Where the undertaking providing core_platform_services does present such sufficiently substantiated arguments manifestly calling into question the presumptions in paragraph 2 of this Article, the Commission may, notwithstanding the first subparagraph of this paragraph, within the time limit referred to in paragraph 4 of this Article, open the procedure laid down in Article 17(3).

If the Commission concludes that the undertaking providing core_platform_services was not able to demonstrate that the relevant core_platform_services that it provides do not satisfy the requirements of paragraph 1 of this Article, it shall designate that undertaking as a gatekeeper in accordance with the procedure laid down in Article 17(3).

6. The Commission is empowered to adopt delegated acts in accordance with Article 49 to supplement this Regulation by specifying the methodology for determining whether the quantitative thresholds laid down in paragraph 2 of this Article are met, and to regularly adjust that methodology to market and technological developments, where necessary.

7. The Commission is empowered to adopt delegated acts in accordance with Article 49 to amend this Regulation by updating the methodology and the list of indicators set out in the Annex.

8. The Commission shall designate as a gatekeeper, in accordance with the procedure laid down in Article 17, any undertaking providing core_platform_services that meets each of the requirements of paragraph 1 of this Article, but does not satisfy each of the thresholds in paragraph 2 of this Article.

For that purpose, the Commission shall take into account some or all of the following elements, insofar as they are relevant for the undertaking providing core_platform_services under consideration:

(a)	the size, including turnover and market capitalisation, operations and position of that undertaking;

(b)	the number of business_users using the core_platform_service to reach end_users and the number of end_users;

(c)	network effects and data driven advantages, in particular in relation to that undertaking’s access to, and collection of, personal data and non-personal data or analytics capabilities;

(d)	any scale and scope effects from which the undertaking benefits, including with regard to data, and, where relevant, to its activities outside the Union;

(e)	business_user or end_user lock-in, including switching costs and behavioural bias reducing the ability of business_users and end_users to switch or multi-home;

(f)	a conglomerate corporate structure or vertical integration of that undertaking, for instance enabling that undertaking to cross subsidise, to combine data from different sources or to leverage its position; or

(g)	other structural business or service characteristics.

In carrying out its assessment under this paragraph, the Commission shall take into account foreseeable developments in relation to the elements listed in the second subparagraph, including any planned concentrations involving another undertaking providing core_platform_services or providing any other services in the digital_sector or enabling the collection of data.

Where an undertaking providing a core_platform_service that does not satisfy the quantitative thresholds of paragraph 2 fails to comply with the investigative measures ordered by the Commission in a significant manner, and that failure persists after that undertaking has been invited to comply within a reasonable time limit and to submit observations, the Commission may designate that undertaking as a gatekeeper on the basis of the facts available to the Commission.

9. For each undertaking designated as a gatekeeper pursuant to paragraph 4 or 8, the Commission shall list in the designation decision the relevant core_platform_services that are provided within that undertaking and which individually are an important gateway for business_users to reach end_users as referred to in paragraph 1, point (b).

10. The gatekeeper shall comply with the obligations laid down in Articles 5, 6 and 7 within 6 months after a core_platform_service has been listed in the designation decision pursuant to paragraph 9 of this Article.

Article 13

Anti-circumvention

1. An undertaking providing core_platform_services shall not segment, divide, subdivide, fragment or split those services through contractual, commercial, technical or any other means in order to circumvent the quantitative thresholds laid down in Article 3(2). No such practice of an undertaking shall prevent the Commission from designating it as a gatekeeper pursuant to Article 3(4).

2. The Commission may, when it suspects that an undertaking providing core_platform_services is engaged in a practice laid down in paragraph 1, require from that undertaking any information that it deems necessary to determine whether that undertaking has engaged in such a practice.

3. The gatekeeper shall ensure that the obligations of Articles 5, 6 and 7 are fully and effectively complied with.

4. The gatekeeper shall not engage in any behaviour that undermines effective compliance with the obligations of Articles 5, 6 and 7 regardless of whether that behaviour is of a contractual, commercial or technical nature, or of any other nature, or consists in the use of behavioural techniques or interface design.

5. Where consent for collecting, processing, cross-using and sharing of personal data is required to ensure compliance with this Regulation, a gatekeeper shall take the necessary steps either to enable business_users to directly obtain the required consent to their processing, where that consent is required under Regulation (EU) 2016/679 or Directive 2002/58/EC, or to comply with Union data protection and privacy rules and principles in other ways, including by providing business_users with duly anonymised data where appropriate. The gatekeeper shall not make the obtaining of that consent by the business_user more burdensome than for its own services.

6. The gatekeeper shall not degrade the conditions or quality of any of the core_platform_services provided to business_users or end_users who avail themselves of the rights or choices laid down in Articles 5, 6 and 7, or make the exercise of those rights or choices unduly difficult, including by offering choices to the end-user in a non-neutral manner, or by subverting end_users’ or business_users' autonomy, decision-making, or free choice via the structure, design, function or manner of operation of a user interface or a part thereof.

7. Where the gatekeeper circumvents or attempts to circumvent any of the obligations in Article 5, 6, or 7 in a manner described in paragraphs 4, 5 and 6 of this Article, the Commission may open proceedings pursuant to Article 20 and adopt an implementing act referred to in Article 8(2) in order to specify the measures that the gatekeeper is to implement.

8. Paragraph 6 of this Article is without prejudice to the powers of the Commission under Articles 29, 30 and 31.

Article 21

Requests for information

1. In order to carry out its duties under this Regulation, the Commission may, by simple request or by decision, require from undertakings and associations of undertakings to provide all necessary information. The Commission may also, by simple request or by decision, require access to any data and algorithms of undertakings and information about testing, as well as requesting explanations of them.

2. When sending a simple request for information to an undertaking or association of undertakings, the Commission shall state the legal basis and purpose of the request, specify what information is required and fix the time limit within which the information is to be provided, as well as the fines provided for in Article 30 applicable for supplying incomplete, incorrect or misleading information or explanations.

3. Where the Commission requires undertakings and associations of undertakings to supply information by decision, it shall state the legal basis and purpose of the request, specify what information is required and fix the time limit within which the information is to be provided. Where the Commission requires undertakings to provide access to any data, algorithms and information about testing, it shall state the purpose of the request and fix the time -limit within which it is to be provided. It shall also indicate the fines provided for in Article 30 and indicate or impose the periodic penalty payments provided for in Article 31. It shall further indicate the right to have the decision reviewed by the Court of Justice.

4. The undertakings or associations of undertakings or their representatives shall supply the information requested on behalf of the undertaking or the association of undertakings concerned. Lawyers duly authorised to act may supply the information on behalf of their clients. The latter shall remain fully responsible if the information supplied is incomplete, incorrect or misleading.

5. At the request of the Commission, the competent authorities of the Member States shall provide the Commission with all necessary information in their possession to carry out the duties assigned to it by this Regulation.

Article 23

Powers to conduct inspections

1. In order to carry out its duties under this Regulation, the Commission may conduct all necessary inspections of an undertaking or association of undertakings.

2. The officials and other accompanying persons authorised by the Commission to conduct an inspection are empowered to:

(a)	enter any premises, land and means of transport of undertakings and associations of undertakings;

(b)	examine the books and other records related to the business, irrespective of the medium on which they are stored;

(c)	take or obtain in any form copies of or extracts from such books or records;

(d)	require the undertaking or association of undertakings to provide access to and explanations on its organisation, functioning, IT system, algorithms, data-handling and business practices and to record or document the explanations given by any technical means;

(e)	seal any business premises and books or records for the duration of, and to the extent necessary for, the inspection;

(f)	ask any representative or member of staff of the undertaking or association of undertakings for explanations of facts or documents relating to the subject-matter and purpose of the inspection, and to record the answers by any technical means.

3. To carry out inspections, the Commission may request the assistance of auditors or experts appointed by the Commission pursuant to Article 26(2), as well as the assistance of the national competent authority of the Member State, enforcing the rules referred to in Article 1(6) in whose territory the inspection is to be conducted.

4. During inspections the Commission, auditors or experts appointed by it and the national competent authority of the Member State, enforcing the rules referred to in Article 1(6) in whose territory the inspection is to be conducted may require the undertaking or association of undertakings to provide access to and explanations on its organisation, functioning, IT system, algorithms, data-handling and business conducts. The Commission and auditors or experts appointed by it and the national competent authority of the Member State, enforcing the rules referred to in Article 1(6) in whose territory the inspection is to be conducted may address questions to any representative or member of staff.

5. The officials and other accompanying persons authorised by the Commission to conduct an inspection shall exercise their powers upon production of a written authorisation specifying the subject matter and purpose of the inspection and the fines provided for in Article 30 applicable in the event that the production of the required books or other records related to the business is incomplete or where the answers to questions asked under paragraphs 2 and 4 of this Article are incorrect or misleading. In good time before the inspection, the Commission shall give notice of the inspection to the national competent authority of the Member State enforcing the rules referred to in Article 1(6) in whose territory it is to be conducted.

6. Undertakings or associations of undertakings are required to submit to an inspection ordered by a Commission decision. That decision shall specify the subject matter and purpose of the inspection, set the date on which it is to begin and indicate the fines and periodic penalty payments provided for in Articles 30 and 31 respectively, and the right to have that decision reviewed by the Court of Justice.

7. Officials of, and the persons authorised or appointed by, the national competent authority of the Member State enforcing the rules referred to in Article 1(6) in whose territory the inspection is to be conducted shall, at the request of that authority or of the Commission, actively assist the officials and other accompanying persons authorised by the Commission. To this end, they shall enjoy the powers set out in paragraphs 2 and 4 of this Article.

8. Where the officials and other accompanying persons authorised by the Commission find that an undertaking or association of undertakings opposes an inspection ordered pursuant to this Article, the Member State concerned shall afford them the necessary assistance, requesting, where appropriate, the assistance of the police or of an equivalent enforcement authority, so as to enable them to conduct their inspection.

9. If, according to national rules, the assistance provided for in paragraph 8 of this Article requires authorisation from a judicial authority, the Commission or the national competent authority of the Member State enforcing the rules referred to in Article 1(6) or officials authorised by those authorities shall apply for it. Such authorisation may also be applied for as a precautionary measure.

10. Where authorisation referred to in paragraph 9 of this Article is applied for, the national judicial authority shall verify that the Commission decision is authentic and that the coercive measures envisaged are neither arbitrary nor excessive having regard to the subject matter of the inspection. In its control of the proportionality of the coercive measures, the national judicial authority may ask the Commission, directly or through the national competent authority of the Member State, enforcing the rules referred to in Article 1(6), for detailed explanations in particular on the grounds the Commission has for suspecting infringement of this Regulation, as well as on the seriousness of the suspected infringement and on the nature of the involvement of the undertaking concerned. However, the national judicial authority may not call into question the necessity of the inspection nor demand that it be provided with the information in the file of the Commission. The lawfulness of the Commission decision shall be subject to review only by the Court of Justice.

Article 30

Fines

1. In the non-compliance decision, the Commission may impose on a gatekeeper fines not exceeding 10 % of its total worldwide turnover in the preceding financial year where it finds that the gatekeeper, intentionally or negligently, fails to comply with:

(a)	any of the obligations laid down in Articles 5, 6 and 7;

(b)	measures specified by the Commission in a decision adopted pursuant to Article 8(2);

(c)	remedies imposed pursuant to Article 18(1);

(d)	interim measures ordered pursuant to Article 24; or

(e)	commitments made legally binding pursuant to Article 25.

2. Notwithstanding paragraph 1 of this Article, in the non-compliance decision the Commission may impose on a gatekeeper fines up to 20 % of its total worldwide turnover in the preceding financial year where it finds that a gatekeeper has committed the same or a similar infringement of an obligation laid down in Article 5, 6 or 7 in relation to the same core_platform_service as it was found to have committed in a non-compliance decision adopted in the 8 preceding years.

3. The Commission may adopt a decision, imposing on undertakings, including gatekeepers where applicable, and associations of undertakings, fines not exceeding 1 % of their total worldwide turnover in the preceding financial year where they intentionally or negligently:

(a)	fail to provide within the time limit information that is required for assessing their designation as gatekeepers pursuant to Article 3 or supply incorrect, incomplete or misleading information;

(b)	fail to comply with the obligation to notify the Commission according to Article 3(3);

(c)	fail to notify information or supply incorrect, incomplete or misleading information that is required pursuant to Article 14;

(d)	fail to submit the description or supply incorrect, incomplete or misleading information that is required pursuant to Article 15;

(e)	fail to provide access to data, algorithms or information about testing in response to a request made pursuant to Article 21(3);

(f)	fail to supply the information requested within the time limit fixed pursuant to Article 21(3) or supply incorrect, incomplete or misleading information or explanations that are requested pursuant to Article 21 or given in an interview pursuant to Article 22;

(g)	fail to rectify within a time limit set by the Commission, incorrect, incomplete or misleading information given by a representative or a member of staff, or fail or refuse to provide complete information on facts relating to the subject-matter and purpose of an inspection, pursuant to Article 23;

(h)	refuse to submit to an inspection pursuant to Article 23;

(i)	fail to comply with the obligations imposed by the Commission pursuant to Article 26;

(j)	fail to introduce a compliance function in accordance with Article 28; or

(k)	fail to comply with the conditions for access to the Commission’s file pursuant to Article 34(4).

4. In fixing the amount of a fine, the Commission shall take into account the gravity, duration, recurrence, and, for fines imposed pursuant to paragraph 3, delay caused to the proceedings.

5. When a fine is imposed on an association of undertakings taking account of the worldwide turnover of its members and that association is not solvent, it shall be obliged to call for contributions from its members to cover the amount of the fine.

Where such contributions have not been made to the association of undertakings within a time limit set by the Commission, the Commission may require payment of the fine directly by any of the undertakings whose representatives were members of the decision-making bodies concerned of that association.

After having required payment in accordance with the second subparagraph, the Commission may require payment of the balance by any of the members of the association of undertakings, where necessary to ensure full payment of the fine.

However, the Commission shall not require payment pursuant to the second or the third subparagraph from undertakings which show that they have not implemented the decision of the association of undertakings that infringed this Regulation, and either were not aware of its existence, or have actively distanced themselves from it before the Commission opened proceedings under Article 20.

The financial liability of each undertaking in respect of the payment of the fine shall not exceed 20 % of its total worldwide turnover in the preceding financial year.

Article 31

Periodic penalty payments

1. The Commission may adopt a decision imposing on undertakings, including gatekeepers where applicable, and associations of undertakings periodic penalty payments not exceeding 5 % of the average daily worldwide turnover in the preceding financial year per day, calculated from the date set by that decision, in order to compel them:

(a)	to comply with the measures specified by the Commission in a decision adopted pursuant to Article 8(2);

(b)	to comply with the decision pursuant to Article 18(1);

(c)	to supply correct and complete information within the time limit required by a request for information made by decision pursuant to Article 21;

(d)	to ensure access to data, algorithms and information about testing in response to a request made pursuant to Article 21(3) and to supply explanations on those as required by a decision pursuant to Article 21;

(e)	to submit to an inspection which was ordered by a decision taken pursuant to Article 23;

(f)	to comply with a decision ordering interim measures taken pursuant to Article 24;

(g)	to comply with commitments made legally binding by a decision pursuant to Article 25(1);

(h)	to comply with a decision pursuant to Article 29(1).

2. Where the undertakings, or associations of undertakings, have satisfied the obligation which the periodic penalty payment was intended to enforce, the Commission may adopt an implementing act, setting the definitive amount of the periodic penalty payment at a figure lower than that which would arise under the original decision. That implementing act shall be adopted in accordance with the advisory procedure referred to in Article 50(2).

Article 53

Review

1. By 3 May 2026, and subsequently every 3 years, the Commission shall evaluate this Regulation and report to the European Parliament, the Council and the European Economic and Social Committee.

2. The evaluations shall assess whether the aims of this Regulation of ensuring contestable and fair markets have been achieved and assess the impact of this Regulation on business_users, especially SMEs, and end_users. Moreover, the Commission shall evaluate if the scope of Article 7 may be extended to online_social_networking_services.

3. The evaluations shall establish whether it is required to modify rules, including regarding the list of core_platform_services laid down in Article 2, point (2), the obligations laid down in Articles 5, 6 and 7 and their enforcement, to ensure that digital markets across the Union are contestable and fair. Following the evaluations, the Commission shall take appropriate measures, which may include legislative proposals.

4. The competent authorities of Member States shall provide any relevant information they have that the Commission may require for the purposes of drawing up the report referred to in paragraph 1.

Article 54

Entry into force and application

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from 2 May 2023.

However, Article 3(6) and (7) and Articles 40, 46, 47, 48, 49 and 50 shall apply from 1 November 2022 and Article 42 and Article 43 shall apply from 25 June 2023.

Nevertheless, if the date of 25 June 2023 precedes the date of application referred to in the second paragraph of this Article, the application of Article 42 and Article 43 shall be postponed until the date of application referred to in the second paragraph of this Article.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Strasbourg, 14 September 2022.

For the European Parliament

The President

R. METSOLA

For the Council

The President

M. BEK

(1) OJ C 286, 16.7.2021, p. 64.

(2) OJ C 440, 29.10.2021, p. 67.

(3) Position of the European Parliament of 5 July 2022 (not yet published in the Official Journal) and decision of the Council of 18 July 2022.

(4) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ( General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).

(5) Regulation (EU) 2019/1150 of the European Parliament and of the Council of 20 June 2019 on promoting fairness and transparency for business_users of online_intermediation_services (OJ L 186, 11.7.2019, p. 57).

(6) Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (OJ L 201, 31.7.2002, p. 37).

(7) Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council (‘Unfair Commercial Practices Directive’) (OJ L 149, 11.6.2005, p. 22).

(8) Directive 2010/13/EU of the European Parliament and of the Council of 10 March 2010 on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the provision of audiovisual media services (Audiovisual Media Services Directive) (OJ L 95, 15.4.2010, p. 1).

(9) Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment_services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, p. 35).

(10) Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC (OJ L 130, 17.5.2019, p. 92).

(11) Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services (OJ L 151, 7.6.2019, p. 70).

(12) Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts (OJ L 95, 21.4.1993, p. 29).

(13) Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services (OJ L 241, 17.9.2015, p. 1).

(14) Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code (OJ L 321, 17.12.2018, p. 36).

(15) Directive (EU) 2016/2102 of the European Parliament and of the Council of 26 October 2016 on the accessibility of the websites and mobile applications of public sector bodies (OJ L 327, 2.12.2016, p. 1).

(16) Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission's exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).

(17) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).

(18) Council Regulation (EC) No 1/2003 of 16 December 2002 on the implementation of the rules on competition laid down in Articles 81 and 82 of the Treaty (OJ L 1, 4.1.2003, p. 1).

(19) OJ L 123, 12.5.2016, p. 1.

(20) Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law (OJ L 305, 26.11.2019, p. 17).

(21) Directive (EU) 2020/1828 of the European Parliament and of the Council of 25 November 2020 on representative actions for the protection of the collective interests of consumers and repealing Directive 2009/22/EC (OJ L 409, 4.12.2020, p. 1).

(22) OJ C 147, 26.4.2021, p. 4.

(23) Council Regulation (EC) No 139/2004 of 20 January 2004 on the control of concentrations between undertakings (the EC Merger Regulation) (OJ L 24, 29.1.2004, p. 1).

(24) Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).

ANNEX

A. ‘ General’

This Annex aims at specifying the methodology for identifying and calculating the ‘active end_users’ and the ‘active business_users’ for each core_platform_service listed in Article 2, point (2). It provides a reference to enable an undertaking to assess whether its core_platform_services meet the quantitative thresholds set out in Article 3(2), point (b) and would therefore be presumed to meet the requirement in Article 3(1), point (b). Such reference will therefore equally be of relevance to any broader assessment under Article 3(8). It is the responsibility of the undertaking to come to the best approximation possible in line with the common principles and specific methodology set out in this Annex. Nothing in this Annex precludes the Commission, within the time limits laid down in the relevant provisions of this Regulation, from requiring the undertaking providing core_platform_services to provide any information necessary to identify and calculate the ‘active end_users’ and the ‘active business_users’. Nothing in this Annex should constitute a legal basis for tracking users. The methodology contained in this Annex is also without prejudice to any of the obligations laid down in this Regulation, notably in Article 3(3) and (8) and Article 13(3). In particular, the required compliance with Article 13(3) also means identifying and calculating ‘active end_users’ and ‘active business_users’ based either on a precise measurement or on the best approximation available, in line with the actual identification and calculation capacities that the undertaking providing core_platform_services possesses at the relevant point in time. Those measurements or the best approximation available shall be consistent with, and include, those reported under Article 15.

Article 2, points (20) and (21) set out the definitions of ‘ end_user’ and ‘ business_user’, which are common to all core_platform_services.

In order to identify and calculate the number of ‘active end_users’ and ‘active business_users’, this Annex refers to the concept of ‘unique users’. The concept of ‘unique users’ encompasses ‘active end_users’ and ‘active business_users’ counted only once, for the relevant core_platform_service, over the course of a specified time period (i.e. month in case of ‘active end_users’ and year in case of ‘active business_users’), no matter how many times they engaged with the relevant core_platform_service over that period. This is without prejudice to the fact that the same natural or legal person can simultaneously constitute an ‘active end_user’ or an ‘active business_user’ for different core_platform_services.

B. ‘Active end_users’

The number of ‘unique users’ as regards ‘active end_users’ shall be identified according to the most accurate metric reported by the undertaking providing any of the core_platform_services, specifically:

It is considered that collecting data about the use of core_platform_services from signed-in or logged-in environments would prima facie present the lowest risk of duplication, for example in relation to user behaviour across devices or platforms. Hence, the undertaking shall submit aggregate anonymized data on the number of unique end_users per respective core_platform_service based on signed-in or logged-in environments, if such data exists.

In the case of core_platform_services which are also accessed by end_users outside signed-in or logged-in environments, the undertaking shall additionally submit aggregate anonymized data on the number of unique end_users of the respective core_platform_service based on an alternate metric capturing also end_users outside signed-in or logged-in environments, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags, provided that those addresses or identifiers are objectively necessary for the provision of the core_platform_services.

The number of ‘monthly active end_users’ is based on the average number of monthly active end_users throughout the largest part of the financial year. The notion ‘the largest part of the financial year’ is intended to allow an undertaking providing core_platform_services to discount outlier figures in a given year. Outlier figures inherently mean figures that fall significantly outside the normal and foreseeable figures. An unforeseen peak or drop in user engagement that occurred during a single month of the financial year is an example of what could constitute such outlier figures. Figures related to annually recurring occurrences, such as annual sales promotions, are not outlier figures.

C. ‘Active business_users’

The number of ‘unique users’ as regards ‘active business_users’ is to be determined, where applicable, at the account level with each distinct business account associated with the use of a core_platform_service provided by the undertaking constituting one unique business_user of that respective core_platform_service. If the notion of ‘business account’ does not apply to a given core_platform_service, the relevant undertaking providing core_platform_services shall determine the number of unique business_users by referring to the relevant undertaking.

D. ‘ Submission_of_information’

The undertaking submitting to the Commission pursuant to Article 3(3) information concerning the number of active end_users and active business_users per core_platform_service shall be responsible for ensuring the completeness and accuracy of that information. In that regard:

a.	The undertaking shall be responsible for submitting data for a respective core_platform_service that avoids under-counting and over-counting the number of active end_users and active business_users (for example, where users access the core_platform_services across different platforms or devices).

The undertaking shall be responsible for providing precise and succinct explanations about the methodology used to arrive at the information and for any risk of under-counting or over-counting of the number of active end_users and active business_users for a respective core_platform_service and for the solutions adopted to address that risk.

c.	The undertaking shall provide data that is based on an alternative metric when the Commission has concerns about the accuracy of data provided by the undertaking providing core_platform_services.

For the purpose of calculating the number of ‘active end_users’ and ‘active business_users’:

The undertaking providing core_platform_service(s) shall not identify core_platform_services that belong to the same category of core_platform_services pursuant to Article 2, point (2) as distinct mainly on the basis that they are provided using different domain names, whether country code top-level domains (ccTLDs) or generic top-level domains (gTLDs), or any geographic attributes.

The undertaking providing core_platform_service(s) shall consider as distinct core_platform_services those core_platform_services, which are used for different purposes by either their end_users or their business_users, or both, even if their end_users or business_users may be the same and even if they belong to the same category of core_platform_services pursuant to Article 2, point (2).

The undertaking providing core_platform_service(s) shall consider as distinct core_platform_services those services which the relevant undertaking offers in an integrated way, but which:

(i)	do not belong to the same category of core_platform_services pursuant to Article 2, point (2); or

(ii)	are used for different purposes by either their end_users or their business_users, or both, even if their end_users and business_users may be the same and even if they belong to the same category of core_platform_services pursuant to Article 2, point (2).

E. ‘ Specific_definitions’

The table below sets out specific definitions of ‘active end_users’ and ‘active business_users’ for each core_platform_service.

Core platform services	Active end_users	Active business_users
Online intermediation services	Number of unique end_users who engaged with the online intermediation service at least once in the month for example through actively logging-in, making a query, clicking or scrolling or concluded a transaction through the online intermediation service at least once in the month.	Number of unique business_users who had at least one item listed in the online intermediation service during the whole year or concluded a transaction enabled by the online intermediation service during the year.
Online search engines	Number of unique end_users who engaged with the online_search_engine at least once in the month, for example through making a query.	Number of unique business_users with business websites (i.e. website used in commercial or professional capacity) indexed by or part of the index of the online_search_engine during the year.
Online social networking services	Number of unique end_users who engaged with the online_social_networking_service at least once in the month, for example through actively logging-in, opening a page, scrolling, clicking, liking, making a query, posting or commenting.	Number of unique business_users who have a business listing or business account in the online_social_networking_service and have engaged in any way with the service at least once during the year, for example through actively logging-in, opening a page, scrolling, clicking, liking, making a query, posting, commenting or using its tools for businesses.
Video-sharing platform services	Number of unique end_users who engaged with the video-sharing_platform_service at least once in the month, for example through playing a segment of audiovisual content, making a query or uploading a piece of audiovisual content, notably including user-generated videos.	Number of unique business_users who provided at least one piece of audiovisual content uploaded or played on the video-sharing_platform_service during the year.
Number-independent interpersonal communication services	Number of unique end_users who initiated or participated in any way in a communication through the number-independent interpersonal communication service at least once in the month.	Number of unique business_users who used a business account or otherwise initiated or participated in any way in a communication through the number-independent interpersonal communication service to communicate directly with an end_user at least once during the year.
Operating systems	Number of unique end_users who utilised a device with the operating_system, which has been activated, updated or used at least once in the month.	Number of unique developers who published, updated or offered at least one software_application or software program using the programming language or any software development tools of, or running in any way on, the operating_system during the year.
Virtual assistant	Number of unique end_users who engaged with the virtual_assistant in any way at least once in the month, such as for example through activating it, asking a question, accessing a service through a command or controlling a smart home device.	Number of unique developers who offered at least one virtual_assistant software_application or a functionality to make an existing software_application accessible through the virtual_assistant during the year.
Web browsers	Number of unique end_users who engaged with the web_browser at least once in the month, for example through inserting a query or website address in the URL line of the web_browser.	Number of unique business_users whose business websites (i.e. website used in commercial or professional capacity) have been accessed via the web_browser at least once during the year or who offered a plug-in, extension or add-ons used on the web_browser during the year.
Cloud computing services	Number of unique end_users who engaged with any cloud_computing_services from the relevant provider of cloud_computing_services at least once in the month, in return for any type of remuneration, regardless of whether this remuneration occurs in the same month.	Number of unique business_users who provided any cloud_computing_services hosted in the cloud infrastructure of the relevant provider of cloud_computing_services during the year.
Online advertising services	For proprietary sales of advertising space: Number of unique end_users who were exposed to an advertisement impression at least once in the month. For advertising intermediation services (including advertising networks, advertising exchanges and any other advertising intermediation services): Number of unique end_users who were exposed to an advertisement impression which triggered the advertising intermediation service at least once in the month.	For proprietary sales of advertising space: Number of unique advertisers who had at least one advertisement impression displayed during the year. For advertising intermediation services (including advertising networks, advertising exchanges and any other advertising intermediation services): Number of unique business_users (including advertisers, publishers or other intermediators) who interacted via or were served by the advertising intermediation service during the year.

whereas

keyboard_tab Digital Market Act 2022/1925 EN

Digital Market Act 2022/1925 EN