This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 4 minutes read

DMCC Act: The new digital markets competition regime for SMS firms

The DMCC Act introduces a digital markets competition regime giving the CMA a range of new powers in relation to firms with significant market status (SMS).  Our previous article in this Spotlight series discussed how firms will be designated as having SMS.  In this article, we explore the new rules that will apply to these firms.  

The new statutory powers include: conduct requirements, pro-competition interventions and merger reporting obligations.  Alongside these statutory powers, the CMA’s draft guidance (currently under consultation) sets out how the regime will apply in practice. The guidance also notes that the CMA may continue to use its existing tools in digital markets, such as opening an investigation under the Competition Act or using its consumer protection powers.   

The rules are backed up with a raft of enforcement powers.  These include fines of up to 10% of the company’s global annual turnover, as well as the possibility of private enforcement. CMA decisions on fines will be subject to the usual full merits review, although other decisions will only be subject to the more limited judicial review standard. This was one of the key battle lines as the DMCC Bill passed through Parliament with competing interests in the need for an adequate review of the legality of the CMA’s decisions and the need to deal promptly with concerns in digital markets without the delays caused by lengthy appeals.   

Conduct requirements 

The DMCC Act enables the CMA to impose a bespoke set of conduct requirements (CRs) tailored to the issues that arise for each SMS firm. The CMA can impose CRs either to remedy/mitigate existing issues or prevent potential future ones. The legislation includes an exhaustive list of permitted types of CRs which can be imposed if proportionate for the purposes of either: fair dealing; open choices; or trust and transparency. The full list of permitted CRs is included in Section 20 of the DMCC Act.  Examples include requirements to trade on fair and reasonable terms or provide clear, relevant, accurate and accessible information to users or potential users. The legislation also requires the CMA to have regard to consumer benefits, which must be set out in the notice imposing a CR on an SMS firm.  

The CMA has indicated that the development of CRs, including information gathering and consulting, can run in parallel with an SMS investigation, meaning that the CMA will typically impose an initial set of CRs at the same time as an SMS designation or shortly afterwards. Following this, the CMA can impose further CRs, as well as varying or revoking existing ones. 

The CMA has indicated in its draft guidance that it will prefer outcome-focused CRs, if these are measurable and easy to assess. Where action-focused CRs are necessary, there will be a preference for higher-level requirements which allow for greater flexibility in the specific steps needed for compliance (which may support innovation and involve less risk of unintended consequences). The CMA will also seek to provide sufficient flexibility so that the CRs will remain effective given any reasonably foreseeable market developments.  

Pro-competition interventions 

The CMA can also impose pro-competition interventions (PCIs) – which can include structural as well as behavioural interventions – where proportionate to remedy, mitigate or prevent an adverse effect on competition (an AEC). An AEC will arise where a factor or combination of factors prevents, restricts or distorts competition in connection with the relevant digital activity in the United Kingdom.  

This part of the regime is similar to interventions under the CMA’s existing market investigation regime. PCI’s may therefore include, for example, a prohibition on combining user data collected from different activities, or requirements to make a service interoperable, supply a competitor with user data, or even impose divestment of a particular business activity. The CMA can also make non-binding recommendations to other public bodies such as the government or another independent regulator.  

The statutory period to carry out PCI investigations is only nine months, which is likely to raise challenges given the complexity of digital markets. By way of comparison, the CMA has an 18-month period to complete a market investigation under the Enterprise Act 2002. The CMA’s draft guidance suggests that, given the tight timetable, remedies will be considered alongside assessing whether there is an AEC (without prejudging that assessment). In addition, the CMA expects that in most cases, it will not accept commitments offered by the SMS firm at a late stage of an investigation.   

Merger reporting obligation 

Finally, the DMCC Act introduces a new mandatory merger reporting obligation on SMS firms in relation to deals of a certain size which will result in the SMS group having “qualifying status” in any business that carries on activities in the UK or supplies goods and services in the UK. We will explore these rules in our next article in this Spotlight series which will give an overview of all the merger control changes under the DMCC Act. 


The new powers of the CMA under the DMCC Act are broad, including the ability to consider parts of the SMS firm’s business that are not designated. For example, the CMA could impose CRs to address cases where the non-designated activity redirects users to the designated activity. Similarly, the CMA may make a PCI in any part of an SMS firm’s business to address an AEC (although it is a requirement that the AEC relates to the digital activity).  

The powers are also flexible with the inclusion of bespoke conduct requirements drawn up in line with three key objectives: fair dealing; open choices; and trust and transparency. Requirements will be drafted with a measure of future-proofing in mind and kept under review by the CMA who has the power to vary or revoke them as necessary. 

This provides an ambitious scope of work for the Digital Markets Unit at the CMA which has already carried out significant preparations in readiness for the new regime which is expected to come into effect later in 2024. The CMA will most likely focus initially on introducing conduct requirements, alongside designating SMS firms. Following that, we may see the CMA turn its attention to PCIs, although these are likely to be more complex and involved for both the CMA and those firms designated with SMS. It remains to be seen how much the CMA’s overall approach will differ from that in Europe under the Digital Markets Act – there are distinct differences in the frameworks established in the UK and Europe but one might expect some convergence in the requirements for compliance under each regime. 


spotlighton-dmccact, dmccact, digital transformation, it and digital, article