ANTITRUST AND COMPETITION
The European Commission Fines Apple EUR 1.8 billion for Abusing Its Dominant Position in the Music Streaming Sector
On 4 March 2024, the European Commission (Commission) fined Apple EUR 1.8 billion for abusing its dominant position under Article 102 of the Treaty on the Functioning of the European Union (TFEU). The Commission began an informal investigation in 2019 after Spotify, a Swedish-based music streaming app, filed a complaint accusing Apple of anti-competitive behavior in connection with its App store policies. The Commission opened the formal investigation against Apple in June 2020.
The Commission found an abuse through the imposition of anti-steering provisions on music streaming app developers that prevented them from promoting their apps outside the Apple App Store. The Commission noted that these anti-steering provisions prevented music streaming app developers from:
- informing their users about alternative and cheaper music subscription services available on the internet outside Apple’s App Store;
- informing their users about the price differences between in-app subscriptions and those available on the internet outside the App Store;
- including links in their apps to their own websites on which alternative (and cheaper) subscriptions could be bought; and
- directly contacting their own in-app subscribers outside the Apple App ecosystem to inform them about alternative pricing options once the users set up an account with Apple's App Store.
The Commission found that the imposition of these anti-steering provisions by Apple amounted to the imposition of unfair trading conditions by a dominant company under Article 102(a) of the TFEU, which could not be objectively justified, as (i) they were neither necessary nor proportionate for the protection of the company´s commercial interests in relation to the app store; and (ii) negatively affected the interests of iOS users, who were prevented from making informed and effective decisions on where and how to purchase music streaming subscriptions for use on their Apple iOS device.
A prerequisite of the Commission's findings was the establishment of a dominant position by Apple. The Commission had previously taken the position that Apple's iOS and Google's Android were separate markets and thus the Commission easily established that Apple's App store was dominant, given that it was the only App Store operating in the iOS ecosystem.
While the Commission reconfirmed the established precedent that dominant companies have a special responsibility not to abuse such a position by restricting competition, the case is novel in two respects.
First, it marks a significant enforcement shift towards exploitative abuses. Exclusionary abuses (abuses that exclude competitors), were considered as more harmful to competition, as they led to the anticompetitive foreclosure of smaller competitors from the marketplace. Exploitative abuses such as unfair terms and conditions or high prices were traditionally considered more innocuous, as there was a general view that such abuses would be corrected by normal market forces, i.e., entry or expansion by other competitors.
Second, this is the first case where the Commission imposed a fine of EUR 1.8 billion just for deterrence, even though the base amount of the fine calculated by reference to the value of the affected music streaming sales in the relevant EU market only amounted to EUR 40 million. As indicated by Financial Times, Vice President M. Vestager considered the base amount "quite small, not even a speeding ticket, parking ticket", and therefore, the Commission took the unprecedented step to increase the fine by EUR 1.8 billion to increase the deterrence effect, based on Apple's market capitalization and global revenues. This confirms the highly unpredictable and political nature of the Commission's fining policy, particularly when it comes to violations committed by very large companies such as Apple.
Apple has already announced that it will appeal the Commission decision. Its view is that Apple's App store has enabled rather than hindered the development of music streaming providers, and we certainly expect that they will also contest the EUR 1.8 billion fine imposed for deterrence.
DIGITAL AFFAIRS
The European Parliament Gives Its Final Approval to the Artificial Intelligence Act
On 13 March 2024, the Parliament voted in plenary to adopt the Artificial Intelligence Act (EU AI Act) with 523 MEPs voting in favor, 46 against, and 49 abstentions.
The Parliament's formal adoption in plenary follows favorable committee votes in the Parliament and Council in February, whereby EU Member States' representatives and the Parliament reaffirmed approval of the provisional political agreement reached on 9 December 2023. Next, the EU AI Act will undergo a corrigendum procedure in April, whereby EU lawyer-linguists will finalize the legal language employed in the text. The Council is then expected to officially adopt the text in April 2024, followed by its publication in the Official Journal of the European Union.
Application and Implementation
The EU AI Act applies to providers, manufacturers, importers, distributors, and deployers of AI systems, as well as EU institutions, agencies, and bodies. The regulation applies when AI systems or the output of such systems are employed in the European Union, regardless of the locations of the AI system or system's operator, bringing both EU and non-EU companies alike within its scope whenever individuals in the European Union could be affected.
The EU AI Act will enter into force 20 days after its publication in the Official Journal of the European Union. Following its entry into force:
- Unacceptable AI systems, under the prohibited practices listed in Article 5 EU AI Act, will be banned within six months (circa November 2024);
- The obligations on providers of general purpose AI (GPAI) models will apply after one year (circa May 2025);
- The obligations for high-risk AI systems listed in Annex III will apply after two years (for AI systems not already deployed - circa May 2026 202) and three years (for AI systems already deployed - circa May 2027).
In addition, a new string of unfair commercial terms will be voided in contractual relationships with small and medium-sized enterprises and startups.
The Commission will develop guidelines on the implementation of the EU AI Act addressing the requirements and obligations related to high-risk AI systems, responsibilities along the AI value chain, prohibited practices, transparency obligations, the consistency of the regulation's enforcement with specific legislation, and the application of the definition of an AI system. With the need to enforce the new rules on GPAI models at the EU level, an AI Office will be created within the Commission to oversee GPAI models, provide input on standards and testing practices, and ensure enforcement in the Member States.
At the EU level, one year after the EU AI Act's entry into force, the Commission will review the list of prohibited practices, and provide amendments if necessary. Within 18 months, the Commission will adopt an implementing act on post-market monitoring.
The Commission will also review the list of high-risk AI systems, and, if necessary, amend the list through implementing acts. Three years after the EU AI Act's entry into force, AI systems which are safety components of a product, or the product itself, that are required to undergo a third-party conformity assessment because they are covered by EU harmonization legislation enumerated in Annex II, will be considered a high risk.
At the local level, Member States will need to implement rules on penalties, including administrative fines, and establish at least one operational AI regulatory sandbox within two years from the EU AI Act entry into force (circa May 2026).
Co-legislators Reach Provisional Agreement Reached on the EU Cyber Solidarity Act
On 5 March 2024, the Parliament and the Council reached a provisional agreement on the Cyber Solidarity Act which aims to strengthen the preparedness, detection, and response to cyberthreats and incidents across the European Union. This proposed Regulation responds to calls from Member States to strengthen the EU's cyber resilience.
The main features of the EU Cyber Security Act include the following:
- The establishment of a European Cybersecurity Alert System composed of national and cross-border cyber centres to enhance common real-time detection and response to cyber threats.
- The creation of a Cybersecurity Emergency Mechanism designed to improve preparedness and response capabilities of the Member States, as well as EU institutions, bodies, and agencies, in the event of major and large-scale cybersecurity incidents. This mechanism will implement preparedness actions, in particular by testing entities operating in critical sectors (e.g., health, energy, transport, etc.), will ensure mutual assistance between Member States by providing financial support when they assist each other to face a significant or large-scale cybersecurity incident, and create an EU cybersecurity reserve made up of incident response services provided by trusted suppliers prepared to intervene at the request of a Member State or any EU institution, body or agency.
- The setting up of a European Cybersecurity Incident Review Mechanism to deliver recommendations to strengthen the EU's cybersecurity posture following a major or large-scale incident.
The next step is formal adoption of the provisional agreement by the Parliament and Council. Once formally adopted, the Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
SANCTIONS
The European Union Adopts 13th Package of Sanctions Against Russia
On 23 February 2024, the Council adopted a thirteenth package of restrictive measures against Russia.
The package includes individual listings, by which the Council imposed restrictive measures on an additional 106 individuals and 88 entities, making them subject to travel bans, asset freezes and prohibiting EU operators from making funds available to them. With the latest round of listings, the European Union has in total sanctioned well over 2000 individual and entities responsible for, or involved in, the actions undermining or threatening the territorial integrity, sovereignty, and independence of Ukraine.
In terms of export restrictions, the package adds 27 additional companies involved in the development, production, and supply of electronic components (notably used in connection with drone production) to the list of entities associated to Russia's military-industrial complex or which otherwise support Russia's defense and security sector. Out of these 27 companies, 17 are Russian and 10 are non-Russian, with four companies registered in China and one registered in Kazakhstan, India, Serbia, Thailand, Sri Lanka, and Turkey, respectively. These entities will be subject to enhanced export restrictions regarding dual-use goods and technology, as well as goods and technology which might contribute to the technological enhancement of Russia's defense and security sector.
Finally, the package adds components used for the development and production of drones (e.g., electric transformers, static converters, inductors, and aluminum capacitors) to the list of export controlled advanced technology items that may contribute to Russia's military and technological enhancement or to the development of its defense and security sector.
FINANCIAL AFFAIRS
The Council Adopts New Rules for Alternative Investment Funds and Regulation on Instant Payments
On 26 February, the Council formally adopted the amendments to the Alternative Investment Fund Managers Directive (AIFMD) and the Instant Payments Regulation.
Key areas of change under AIFMD include delegation arrangements of alternative investment funds (AIFs) to third country-based entities. Among other provisions, while AIFs will continue to benefit from the delegation regime, they will be subject to stricter rules, including being required to report to national competent authorities (NCAs) the amount and percentage of their delegated assets under management. NCAs will further communicate these figures to the European Securities and Markets Authority (ESMA), which will also be competent to draft regulatory technical standards outlining the content, forms and procedures for the transmission of delegation notifications.
The AIFMD will also include provisions regulating the regime for loan origination activities, including loan-originating funds (LOFs). AIFs granting loans will need to implement effective policies and procedures, assessing credit risk and monitoring their credit portfolios. AIFs with an open-ended structure will need to possess new liquidity risk tools to face exceptional circumstances. Re-investment disclosure requirements to investors are strengthened, with additional information related to the conditions of using liquidity management tools (LMTs) and fees borne by the funds. NCAs will be empowered to require activation or deactivation of relevant liquidity management tools, while non-EU AIFs will now need to indicate that they are not located in a country deemed "uncooperative" for tax purposes.
The provisions on the Instant Payment Regulation, which concerns instant credit transfers in euro, will notably require EU banks and other payment service providers (PSPs) to offer instant payment services to their clients, at no extra cost and under strict deadlines. Importantly, fintech companies (e.g. payment and e-money institutions) will be able to access the European Central Bank's payments infrastructure.
The implementation of the new rules differs between Eurozone and non-Eurozone PSPs: the former will have nine months after the entry into force of the Regulation to set their instant payments systems, while they will have 18 months after the entry into force to allow clients to send money instantly. Non-Eurozone PSPs will have 33 months after the entry into force to get their systems ready and 39 months to offer instant payments.
The new rules under the Instant Payments Regulation will be directly applicable once published in the Official Journal of the European Union. For AIFMD, Member States will have up to 24 months to transpose the revised rules into national law.
ENVIRONMENTAL, SOCIAL, AND GOVERNANCE AFFAIRS
The European Union Gives Final Approval to the Directive on Empowering Consumers for the Green Transition
On 6 March 2024, the Directive to Empower Consumers for the Green Transition, which is intended to prevent misleading green claims, was published in the Official Journal of the European Union.
The directive will amend the Unfair Commercial Practices Directive (UCPD) and the Consumer Rights Directive (CRD) to align them with the objectives of the green transition and circular economy.
Under the UCPD, misleading commercial practices are generally prohibited. The directive will extend the list of commercial practices which are considered to be misleading to include false claims about a product's environmental and social characteristics and aspects linked to circularity (such as durability, reparability, or recyclability). Making an environmental claim relating to future environmental performance will also be considered misleading unless traders comply with specific conditions on transparency and steps for practical implementation, as will advertising benefits to consumers that are irrelevant and do not result from any feature of the product or business.
The directive will add 12 commercial practices to the "blacklist" of commercial practices which are considered unfair in all circumstances, and therefore prohibited, including:
- Displaying a sustainability label that is not based on a certification scheme established by public authorities;
- Making unfounded generic environmental claims (such as 'environmentally friendly', 'green', 'climate friendly', 'carbon friendly', 'energy efficient');
- Claiming a neutral, reduced or positive impact in terms of greenhouse gas emissions based on the offsetting of greenhouse gas emissions;
- Presenting a software update as necessary when it only enhances functionality features;
- Inducing consumers to replace consumables of a good earlier than necessary; and
- Withholding information concerning the impairment of the functionality of a good when consumables, spare parts or accessories not supplied by the original producer are used.
By amending the CRD, the directive will require that traders provide clear and comprehensive information on the existence of the legal guarantee of conformity for goods, digital content and digital services; information about any longer guarantee period if offered by the producer; where applicable, the existence and conditions of after-sales services; for goods with digital elements, digital content and digital service, and the minimum period during which software updates will be provided. For online sales, the trader should also provide information on payment and delivery terms, including environmentally friendly delivery options where applicable.
The Commission is mandated to adopt implementing acts setting out the content and layout of the relevant information notices and labels.
The text of the directive was published in the Official Journal of the European Union and has entered into force on 26 March 2024. EU Member States will have 24 months to transpose the directive into national law. The new rules will apply to businesses from September 2026 (30 months after the date of entry into force of the directive).
In parallel, the legislative process on the proposed Green Claims Directive is ongoing. The proposed Green Claims Directive would complement the Directive on Empowering Consumers for the Green Transition by introducing new rules to stop companies from making misleading claims about the environmental merits of their products and services.
The Council and the Parliament Agree on Deadline Extension for Sector-Specific and Non-EU ESRS
On 7 February 2024, the Council and Parliament agreed on a deadline extension for the adoption of sector-specific and non-EU European Sustainability Reporting Standards (ESRS). The Commission introduced a proposal on 17 October 2023, along with other initiatives seeking to decrease reporting requirements by 25% and in line with the strategy to boost EU's long-term competitiveness.
The original text of the Corporate Sustainability Reporting Directive (CSRD) mandated the Commission to adopt sector-specific and non-EU ESRS by 30 June 2024. To facilitate the implementation of the first set of ESRS, applicable since 1 January 2024 for financial years beginning on or after that date, the Commission proposed to postpone the adoption of the second set to 30 June 2026. The postponement aims at allowing companies to focus on complying with the existing horizontal standards, while providing additional time to the European Financial Reporting Advisory Group (EFRAG), the entity mandated to draft the standards.
The co-legislators agreed to postpone the deadline date but modified the proposal under several points. In particular, the new text specifies that the Commission is required to publish sector specific ESRS as soon as they are available. These standards are expected to cover oil and gas; coal and mining; road transport; agriculture; motor vehicles; energy production and utilities; food and beverages; and textiles. Importantly, the postponement only covers the adoption deadline. Companies will be required to include information related to the specific sector they operate once the delegated act will be enforceable (i.e., the end of 2026), while the initial reporting requirements for non-EU companies, starting from financial year 2028, is maintained.
Now that the new rules have been agreed, they will be formalised and published in the Official Journal of the European Union. Member States are not required to transpose the revised Directive since the amendments only cover the Commission's ability to adopt delegated acts.
EU Member States Approve the Corporate Sustainability Due Diligence Directive
On 15 March 2024, Member States agreed on an amended text of the Corporate Sustainability Due Diligence Directive following controversial discussions. This Directive focuses on enhancing the sustainability of corporate activities and it introduces a harmonised obligation of due diligence upon EU and non-EU companies.
While the Council and Parliament reached a deal on the legislative file in December 2023, the Council's Permanent Representative Committee (COREPER) subsequently failed to approve the compromise text due to a large blocking minority of Member States, notably including Germany, Italy, and others.
As a result, the Belgian Presidency of the Council put forward significant amendments to gain Member States' backing. Among other changes, the approved amendments raised the thresholds determining which companies are in scope, resulting in a reduction of companies covered by the CS3D. In addition, the Belgian Presidency successfully introduced a revised timeline for the application of the Directive following its entry into force, based on companies' size, whereby the first group of companies will fall in scope within three years, the second group within four years, and the remaining companies within five years.
On 19 March 2024, the newly amended text obtained approval from the Parliament's Committee on Legal Affairs. To formalize the agreement, the Parliament is scheduled to vote on the text in plenary on 25 April 2024, after which the Council will conclude the legislative procedure with a final vote on CS3D. As the current parliamentary mandate will end soon, it is likely that the file will undergo the "corrigendum procedure" following the Parliament and Council's approval of the text under the current mandate, whereby an additional vote in the next institutions' mandate will be held to incorporate corrections or revisions to the text by lawyer-linguists, thus delaying the entry into force of the Directive.
Petr Bartoš, Vittoriana Todisco, Rebecca Halbach, Kathleen Keating, and Covadonga Corell Perez de Rada contributed to this article.