Competition Stories: January 2025 – June 2025

,

Welcome to the Competition Stories led by Alice Setari and Mario Siragusa at Cleary Gottlieb Steen & Hamilton. This issue presents recent developments in EU competition law enforcement in digital markets. It examines the European Commission’s first non-compliance decisions under the Digital Markets Act (DMA) against Apple and Meta, as well as its decision concerning coordination in the online food delivery sector. The analysis focuses on how these cases illustrate the Commission’s emerging approach to gatekeeper obligations and to competition risks arising from minority shareholdings and labor market conduct.

***

1. DMA’s first non-compliance decisions: fines against Apple and Meta

On April 23, 2025, the Commission once again made headlines with multi-million-euro fines on two Tech giants: EUR 500 million for Apple and EUR 200 million for Meta. Yet this time was different. Fines did not follow the familiar script of lengthy investigations under decades-old antitrust rules. Instead, the Commission wielded a new weapon. For the first time ever, the Commission enforced the obligations set out in the Digital Markets Act (DMA), the regulatory tool introduced by the EU in 2022 to ensure fairness and contestability in the digital markets.

The DMA represented the EU’s response to the perception that traditional antitrust rules were insufficient for digital markets. This sector-specific regulation targets key digital economy players – gatekeepers that provide core platform services (CPSs) with significant market impact. The DMA safeguards fair competition through an ex ante regulatory process: first identifying gatekeepers, then granting them six months to comply with specific obligations, and finally monitoring compliance and sanctioning infringements.

Last April, the Commission completed this third step by adopting its first non-compliance decisions under Articles 29(1), 30(1), and 31(1) of the DMA, against Apple and Meta. As found by the Commission, Apple –with its App Store CPS– failed to comply with the obligation set out in Article 5(4) to allow business users to freely communicate and contract with their end users, while Meta –with its Meta Ads CPS– breached the prohibition on processing, combining, or cross-using personal data without users’ consent under Article 5(2).

These decisions sent a clear message: DMA enforcement will be real, fast, and firm. Yet their significance extends beyond the fines imposed. Through these first non-compliance decisions, the Commission has highlighted a fundamental point that will be central to future DMA enforcement. Far from constituting a set of specific, self-explanatory, and self-executing rules that gatekeepers can simply implement independently, the DMA’s obligations and prohibitions contain significant gaps and ambiguities that require interpretation. From the outset, the Commission has demonstrated its clear intention to establish the interpretative standards for these provisions.

Apple and steering (again)

Apple was designated as a gatekeeper on September 5, 2023, for three CPSs: online intermediation services (App Store), operating systems (iOS and, since April 29, 2024, iPadOS), and web browsers (Safari). Apple had six months to comply with the DMA obligations and submitted its compliance report on March 7, 2024.

The Commission did not wait long to step in. Only eighteen days later, on March 25, 2024, formal proceedings were opened to verify Apple’s compliance with Article 5(4). But what exactly were the Commission’s fears?

The Commission’s concerns focused on Apple’s restrictions on app developers’ ability to “steer” users: that is, to direct already acquired users toward offers within or outside their app in order to conclude contracts. These concerns were far from new. Only a few days earlier, the Commission had fined Apple over EUR 1.8 billion for abusing its dominant position on the market for the distribution of music streaming apps to iOS users, precisely by imposing “anti-steering” provisions on app developers (App Store Practices (music streaming)).

In this case, the applicable rule was Article 5(4) of the DMA, which requires gatekeepers to “allow business users, free of charge, to communicate and promote offers, including under different conditions, to end users acquired via its core platform service or through other channels, and to conclude contracts with those end users, regardless of whether, for that purpose, they use the CPS of the gatekeeper.” This prohibits the imposition of an “anti-steering” obligation: gatekeepers must allow business users to use their CPSs to communicate and conclude contracts with end users, even if purchases occur elsewhere.

In the Commission’s view, three specific sets of terms and conditions adopted by Apple to govern its relationships with app developers were likely to breach Article 5(4):

  • Original Business Terms: under App Store’s original terms, app developers could only offer in-app purchases using Apple’s payment system (subject to a 15–30% commission). “Steering” users outside the app or within the app without using Apple’s payment service was not allowed;
  • New Business Terms: under the new terms introduced by Apple to comply with the DMA, app developers willing to “steer” users were allowed to direct them outside the app through a “link-out”, but only under restrictive conditions (e.g., only via a single link to the app developer’s website) and subject to a commission fee on end users’ purchases made within seven days after the link-out. All other forms of “steering” remained prohibited;
  • New Music Streaming Business Terms: under the specific set of optional terms for music services introduced by Apple for the EEA, app developers were allowed to “steer” end users through a link-out, subject to restrictive conditions and to a commission fee on end users’ purchases made within seven days after the link-out (including each subsequent auto-renewal).

On April 23, 2025, the Commission adopted its first non-compliance decision under the DMA, concluding that all three App Store business term sets infringed Article 5(4). The Commission found that the Original Business Terms patently prohibited any form of “steering”, while both the New Business Terms and New Music Streaming Business Terms imposed heavy restrictions that prevented app developers from freely communicating with end users and charged commission fees that violated the “free of charge” requirement.

In enforcing Article 5(4) for the first time, the Commission established important benchmarks for the “anti-steering” rule:

  • Compliance cannot be averaged across business terms: each set of business terms must individually comply with the DMA;
  • The relevant test to establish compliance is not whether “steering” is theoretically permitted by business terms and conditions, but whether the gatekeeper allows it in practice, including through contractual or technical means;
  • The “free of charge” requirement set out in Article 5(4) applies both to communication and promotion, and to the conclusion of contracts;
  • Gatekeepers may be remunerated by business users, but only for facilitating the initial acquisition of an end user (so-called “matchmaking”). Therefore, commission fees charged on a recurrent basis for an indefinite period of time (and for transactions concluded by already acquired end users) infringe Article 5(4);
  • Security considerations can only justify restrictions on “steering” if they are objectively necessary and proportionate to protect end users’ security.

The Commission imposed a EUR 500 million fine on Apple, finding the undertaking acted at least negligently. The Commission considered the gravity and duration of the infringement, with mitigation for this being the first DMA non-compliance decision. To ensure effective enforcement, the Commission also ordered Apple to cease and desist from non-compliance within 60 days or face periodic penalty payments of up to 5% of its average daily worldwide turnover.

Thus, another fine for Apple – again for obstructing steering, which naturally raises the question: does such overlapping enforcement of traditional antitrust prohibitions and the DMA risk breaching the principle of ne bis in idem? The concern is well-founded. As the Apple cases illustrate, the DMA creates fertile ground for potential double jeopardy issues vis-à-vis Article 102 TFEU. It is therefore likely that, by applying both legal frameworks in parallel, the Commission will prompt EU courts to examine the scope of this principle and its possible limitations in light of the bpost, Nordzucker, and Volkswagen case law.  This will give EU courts an opportunity to test whether –as claimed– the DMA and Article 102 TFEU are truly complementary, and whether (and how) the Commission, acting as the sole enforcer of both regimes, can effectively coordinate its proceedings and resulting sanctions to ensure that undertakings are not subject to an excessive burden.

Meta: Consent or pay?

In many ways, Meta’s case followed the same script as Apple’s. As with Apple, the Commission wasted no time in opening its investigation.

Meta was designated as a gatekeeper on September 5, 2023, for four CPSs: online social networking services (Facebook and Instagram), online advertising services (Meta Ads), number-independent interpersonal communications services (WhatsApp and Messenger), and online intermediation services (Marketplace). Meta submitted its compliance report on March 6, 2024, and the Commission opened proceedings nineteen days later.

The Commission’s initial concerns –later confirmed in its preliminary findings of July 1, 2024– focused on Meta’s online advertising CPS (Meta Ads) and specifically on the advertising model introduced for Facebook and Instagram users in the European region to comply with DMA obligations: the so-called “Consent or Pay” model.

Under this model, Meta required its end users to choose between two options for managing their personal data in connection with the provision of advertising services on its non-ads CPSs and distinct services (jointly, its Non-Ads Services – primarily, Facebook and Instagram):

  • Consenting to the processing and combination of their personal data obtained from Meta’s Non-Ads Services and from third parties, with other personal data collected through their interactions with Meta’s online advertisement CPS (Meta Ads), in order to receive personalized advertising on the Non-Ads Services; or
  • Paying a monthly subscription fee to access an ad-free version of the same services.

Users who refused both options were blocked from accessing Facebook and Instagram.

In the Commission’s preliminary view, this model may have deprived users of genuine freedom of choice regarding the processing of their personal data within Meta’s social networks, thereby conflicting with the prohibition set out in Article 5(2) of the DMA.

This provision, designed to mitigate the risk that gatekeepers’ data accumulation advantages raise entry barriers and hinder contestability, requires gatekeepers not to (a) process, (b) combine, or (c) cross-use end users’ personal data, in particular for the purpose of providing online advertising services, “unless the end user has been presented with the specific choice and has given consent within the meaning of Article 4, point (11), and Article 7 of Regulation (EU) 2016/679” (GDPR).  As clarified by Recital 36, “gatekeepers should enable end users to freely choose to opt-in to such data processing […] by offering a less personalised but equivalent alternative, and without making the use of the core platform service or certain functionalities thereof conditional upon the end user’s consent.” Such alternatives, as explained by Recital 37, “should not be different or of degraded quality compared to the service provided to the end users who provide consent, unless a degradation of quality is a direct consequence of the gatekeeper not being able to process such personal data or signing in end users to a service.”

In its final decision, the Commission had to tackle key interpretative questions regarding the interplay between the DMA and data privacy before confirming its preliminary findings:

  • The “specific choice” requirement set out in Article 5(2), as detailed in Recitals 36 and 37, is separate from, and additional to, the notion of “consent” under the same provision (as interpreted in light of the GDPR). Accordingly, the two criteria must be assessed separately and cumulatively, and the interpretative standards (as well as the case law) developed under the GDPR apply only to the notion of “consent”;
  • When assessing whether the gatekeeper offers an alternative that is genuinely equivalent for the end user, the conditions of access to such an alternative play a fundamental role, as they have a direct impact on end users’ choices;
  • Given the reference to Articles 4(11) and 7 of the GDPR contained in Article 5(2) with regard to the notion of “consent,” and in view of the Commission’s duty to cooperate with the supervisory authorities responsible for monitoring the GDPR’s application, the analysis of the “consent” requirement must take into account the standards set out by the European Data Protection Board.

The Commission concluded that Meta’s model breached Article 5(2) for two reasons: i) it failed to provide end users with the “specific choice” of an equivalent version of its services, as the ad-free option had different access conditions and means of remuneration (namely, the subscription fee); and ii) the Consent or Pay model did not enable valid GDPR consent due to power imbalance between Meta and its users, the negative consequences for users refusing consent and the absence of any further free of charge alternative option without personalized advertising.

Meta ultimately faced the same fate as Apple.  On the same day Apple was fined, the Commission handed Meta a EUR 200 million fine, with the Commission considering the gravity and duration of the infringement, and mitigation for this being the first DMA non-compliance decision, and the complex regulatory environment. Meta was also ordered to cease non-compliance within 60 days or face periodic penalty payments of up to 5% of its average daily worldwide turnover.

Conclusion

With its first non-compliance decisions of April 23, 2025, the Commission officially inaugurated the DMA enforcement era, demonstrating determination to apply the new regulatory framework even to familiar antitrust issues. In both the Apple and Meta cases, the Commission took a direct and uncompromising approach. The Commission moved swiftly to demonstrate that the DMA’s enforcement and sanctioning machinery represents a concrete risk that gatekeepers must take seriously. In doing so, while laying the foundations for future DMA enforcement, the Commission has partly defied early expectations. As the Director-General of DG Competition, Olivier Guersent, has stated, the rationale for the DMA is compliance, not punishment. Yet, for now, the Commission seems to have opted for deterrence over cooperation – an adversarial approach that has generated significant debate about the appropriate balance between regulatory enforcement and business flexibility in digital markets. These first enforcement actions signal that the Commission will prioritize swift deterrence over prolonged compliance dialogues, establishing a precedent that may define the regulatory relationship between EU authorities and digital gatekeepers for years to come.

However, the DMA story is only just beginning. As the Commission continues to open new non-compliance investigations, both Apple and Meta have appealed their decisions before the EU Courts, setting the stage for the first judicial reviews of DMA non-compliance decisions. The question now is whether the EU Courts will confirm the Commission’s first steps, or call a false start?

2. The Commission’s enforcement priorities in digital markets: the Delivery Hero and Glovo decision

Beyond the DMA’s gatekeeper-focused approach, the Commission has simultaneously pursued traditional antitrust enforcement in emerging digital sectors, recognizing that nascent markets require particular vigilance to prevent premature consolidation and preserve competitive dynamics.

In its recent public consultation on the Horizontal and Non-Horizontal Merger Guidelines (here), the Commission dedicates Topic E to “digitalisation”.  The Commission expresses particular interest in nascent markets driven by emerging, innovative technologies with the potential to disrupt established industries. The Commission notes that markets shaped by digitalisation are often characterised by “winner-takes-most” dynamics that benefit the leading companies with a certain degree of market power. These markets are prone to “tipping” in favour of whichever firm’s technology reaches critical mass adoption.

This focus on nascent digital markets has already been central to several recent behavioural cases. A clear example is the Food Delivery Services decision of 2 June 2025, where the Commission imposed fines totalling EUR 329 million on Delivery Hero and Glovo for coordinated conduct in the online food delivery sector. The decision marked a significant development in the Commission’s approach to minority shareholdings, labor and digital market enforcement.

Background to the case

Before delving into the broader implications, it is worth taking a closer look at the facts of the case. During Delivery Hero’s minority shareholding in Glovo from 2018 to 2022, the Commission found that the parties engaged in three forms of anticompetitive coordination: employee no-poach agreements, market division arrangements, and exchanges of commercially sensitive information.

The case arose from Delivery Hero’s acquisition of a 15% minority stake in Glovo in July 2018, a transaction not subject to merger control as it did not confer control. However, the Commission determined that this shareholding structure became a “forum for Delivery Hero and Glovo to coordinate their business conduct” (para. 19). The coordination operated through both formal mechanisms (board representation and voting rights) and informal channels (executive communications and information exchanges).

The Commission’s analysis identified three distinct violations of Article 101 TFEU:

  • Labor market cartel/no-poach agreement: The parties’ shareholding agreement contained reciprocal no-hire clauses that evolved into broader informal understandings against employee solicitation. The Commission found these arrangements constituted a labor market cartel by unlawfully restricting job mobility and hiring competition, marking the Commission’s first enforcement action in this area.
  • Information exchanges: The parties shared competitively sensitive information through multiple channels, including direct exchanges (emails, WhatsApp conversations), meeting-related documents (invitations, agendas), board materials, and in-person discussions. The exchanged data concerned pricing, capacity, commercial strategy, demand forecasts, and cost structures. The Commission concluded these exchanges removed strategic uncertainty between competitors and served no legitimate investor purpose.
  • Market allocation: The parties coordinated to avoid competing in EEA national markets, eliminating existing geographic overlaps and coordinating market entry decisions. The Commission found this market-sharing arrangement inherently harmful to competition.

The Commission concluded that the cross-ownership arrangement “aimed at progressively removing competitive constraints between the two undertakings and replacing competition with a multi-layered coordination to “partner-up” and “to be on the same side fighting off […] joint competitors”” (para. 87). The violation ended when Delivery Hero acquired full control over Glovo in July 2022, at which point competition law ceased to apply between the entities. Both parties received a 10% fine reduction under the settlement procedure.

Enforcement implications

Executive Vice-President Ribera stated during a press conference, announcing the fine, that the “decision shows [the Commission’s] determination to take actions against all forms of cartels. It also shows [the Commission’s] willingness to have an active role in this consumer-facing sector” (Statement available here).

Examining the specific features of the Food Delivery Services decision, three key developments emerge that are likely to shape the Commission’s future enforcement approach.

  • Minority shareholding scrutiny: While the Commission acknowledged that “a cross-shareholding between competing undertakings is not illegal in itself under EU law” (para. 19), the decision establishes that minority stakes can create substantial antitrust risks. This represents the Commission’s first finding that a minority shareholding resulted in anticompetitive coordination, expanding enforcement beyond traditional merger control analysis of whether such stakes confer “control”.
  • Labor market enforcement: The decision represents the Commission’s inaugural enforcement action addressing labor market restrictions, establishing this area as an enforcement priority. This aligns with the Commission’s broader strategic focus on protecting competition for talent and fair working conditions, as outlined in its 2024 Competition Policy Brief on antitrust in Labour Markets.
  • High scrutiny in nascent digital markets. The decision demonstrates the Commission’s heightened focus on preserving competition in nascent digital markets. In rapidly evolving digital markets where network effects and winner-takes-all dynamics can quickly entrench market power, antitrust enforcement serves a crucial preventive function against “hidden consolidation” within digital ecosystems. This approach reflects the Commission’s recognition that early intervention is essential to prevent long-term market foreclosure in digital ecosystems.

These enforcement priorities are reflected in parallel developments at the national level:

  • Germany (2020) – The German Bundeskartellamt investigated the nascent virtual reality market, and initiated proceedings against Facebook’s requirement that users of its Oculus virtual reality glasses maintain Facebook accounts, leading to policy changes allowing VR headset use without social media account requirements (see Bundeskartellamt’s press release).
  • Italy (2021) – The Italian Competition Authority (ICA) investigated the nascent market in which the electric vehicles charging apps compete (see ICA’s decision of April 27, 2021), and imposed a EUR 102 million fine on Google for allegedly abusing its dominant position by denying interoperability between Enel X’s JuicePass app (which enables a wide range of services for recharging electric vehicles, ranging from finding a charging station to managing the charging session, reserving a place at the station and paying for the recharge) and Android Auto (a smartphone projection app developed for mobile devices using the Android operating system, with the goal to allow drivers to use this app to project certain other apps that run on their smartphone onto a vehicle’s embedded screen).
  • Netherlands (2021) – The Dutch Authority for Consumers and Markets (ACM) focused on the emerging market for online dating apps, and imposed a EUR 50 million fine on Apple for an alleged abuse of dominance (see ACM’s Summary of decisions on abuse of dominant position by Apple). Apple had required dating app providers to use its in-app payment system, prohibited references to external payment methods, and charged commissions up to 30% (or 15% for smaller providers). Most other app developers were not subject to these conditions, resulting in discriminatory treatment and limited freedom of choice for dating app providers.
  • Italy (2021) – The ICA investigated the Italian market for intermediation services on e-commerce marketplaces (which nearly doubled globally since the Covid-19 pandemic; see here) and imposed a record EUR 1.1 billion fine on Amazon for self-preferencing its logistics services on its e-commerce marketplace, leveraging its dominant position to distort competition in the logistics services market.

Conclusion

These cases demonstrate that companies in nascent digital markets face heightened regulatory scrutiny. The combination of limited market participants, strong network effects, and rapid concentration increases both incentives and risks for coordinated or exclusionary conduct. Competition authorities view early-stage intervention as essential to prevent market foreclosure and preserve innovation and consumer choice in digital ecosystems.

 

Mario Siragusa, Alice Setari, Francesco Trombetta, and Neri Conti