Vikram Jeet Singh and Ayan Sharma
Part I – Who is Regulated, and How?
1. Background
The rise of ‘Big Tech’ companies over the past two decades has led to an understandable clamor to regulate them. India is no exception, with the Government constituting the ‘Committee on Digital Competition Law’ (“CDCL”) in 2023 to examine and report on the need for a separate law to regulate competition in digital markets.
After more than a year’s deliberations, the CDCL submitted its report to the Indian Parliament in the second week of March 2024, along with the Digital Competition Bill, 2024 (“DCB”). This draft is now out for public consultation, until May 15, 2024. The DCB, in essence, is an ex-ante regulatory framework that aims to prevent anti-competitive conduct from occurring.
To be clear, the current Competition Act, 2002 also has some ex ante provisions – combinations that adversely affect competition, for example, require prior approval. But the new law is aimed to enable the Competition Commission of India (“CCI”) to intervene even before anti-competitive practices occur.
2. What are “Anti-Competitive Practices?
The CDCL in its report identified ten (10) anti-competitive practices relevant to digital enterprises in India. These are briefly explained below:
Sr. No. | Anti-Competitive Practices | Explanation |
1. | Anti-steering | Exclusionary behaviour that hinders business users and consumers from switching to third party service providers. |
2. | Platform neutrality / Self preferencing | A digital enterprise providing favourable treatment to its own products on its own platform, thus creating a conflict of interest. |
3. | Bundling and tying | Combining or bundling core or essential services with complementary apps, thus forcing users to buy related services. |
4. | Data usage (use of non-public data) | Using personal data for consumer preference to offer targeted online services and products, thus raising data privacy concerns. |
5. | Pricing / Deep discounting | Predatory pricing strategies, or intentionally setting prices below cost price to exclude competitors. |
6. | Exclusive tie-ups | Exclusive agreements with business users or sellers, thus preventing them from dealing with other enterprises. |
7. | Search and ranking preferencing | Controlling search ranking to prioritise sponsored or own products and reducing the visibility of other products.. |
8. | Restricting third party applications | Restricting users from accessing or utilising third-party applications. |
9. | Advertising Policies | There appears to be increasing market concentration, consolidation, and integration across many levels in the ad-tech supply chain which gives the incumbent platform an unfair edge over the market. |
3. Key Features of the Digital Competition Bill, 2024
3.1 Scope and Applicability
The Draft Digital Competition Bill (DCB) is to apply to ‘Core Digital Services’, with the Central Government having the authority to update the list periodically. The proposed list in Schedule I of the Bill encompasses online search engines, online social networking services, video-sharing platforms, interpersonal communications services, operating systems, web browsers, cloud services, advertising services, and online intermediation services.
3.2 Systemically Significant Digital Enterprises (SSDE)
An enterprise offering a Core Digital Service in India with a significant presence in the Indian market will be designated as an SSDE by the CCI. The designation is based on a two-fold test of financial and user thresholds: (1) the core digital service provided by the enterprise has more than 1 crore (10 million) end-users in India, or (2) The core digital service provided by the enterprise has more than 10,000 business users in India. The manner for calculating these numbers will be specified in subsequent regulations. Where the enterprise is a part of a group, all the above metrics shall be computed for the entire group.
Enterprises must self-report their status: An enterprise is obligated to notify CCI within ninety (90) days of meeting the above thresholds in respect of one or more of its Core Digital Services. This includes notifying CCI about other enterprises within the group the enterprise belongs to, which are directly or indirectly involved in the provision of the Core Digital Service. The CCI may then pass an order designating the enterprise as an SSDE and identifying its Core Digital Services. The CCI may also ask any enterprise to furnish details concerning the above thresholds if the enterprise hasn’t voluntarily done so and designate it as an SSDE if it meets the above thresholds.
CCI has the power to designate any other enterprise as well: The CCI can designate any enterprise as an SSDE even if it does not meet the above financial and user thresholds if the CCI believes that such enterprise has a significant presence in respect of a Core Digital Service on an assessment of the information available with it and based factors like economic power of the enterprise, integration with other markets, dependence of end-users on the enterprise, barriers to entry, lock-in effects, network effects, social costs, etc. (The enterprise will be allowed to explain why it should not be designated as an SSDE.)
Designation of Associate Digital Enterprise (“ADE”): If an enterprise being designated as an SSDE is part of a group, and one or more other enterprises within such group are directly or indirectly involved in the provision of the Core Digital Service in India, the CCI may designate these enterprises as ADEs.
Validity and renewal of designation: An enterprise shall be designated as an SSDE or an ADE for a period of three (3) years, which will be automatically renewed unless the SSDE submits an application for revocation of designation due to no longer meeting the thresholds or if there is a significant change in market dynamics.
3.3 Obligations of SSDEs
Systemically Significant Digital Enterprises/SSDEs and their Associate Digital Enterprises/ADEs are required to comply with the following obligations with respect to their Core Digital Services:
No self-preferencing: An SSDE should not, directly or indirectly, favour its own products or services, those of its related parties, or those of third parties with whom it has arrangements for the manufacture and sale of products or provision of services over the products and services offered by third-party business users on its platform.
No restrictions on usage of third-party applications: An SSDE cannot restrict or impede the ability of its users to download, install, operate or use third-party applications or other software on its platform and should allow users to choose, set and change the default settings.
No anti-steering policies: An SSDE should not restrict business users from, directly or indirectly, communicating with or promoting offers to their end users, or directing their end users to their own or third-party services, unless such restrictions are integral to the provision of the Core Digital Service of the SSDE.
No tying and bundling: An SSDE should not require or incentivise business users or end users to use one or more of the SSDE’s other products or services, those of its related parties, or those of third parties with whom the SSDS has arrangements, alongside the use of the identified Core Digital Service offered by the SSDE, unless the use of such products or services is integral to the provision of the Core Digital Service.
Fair and Transparent Dealing: An SSDE should operate in a fair, non-discriminatory, and transparent manner with end users and business users.
Data usage obligations:
No using of non-public data of business users to compete with them: An SSDE should not, directly or indirectly, use or rely on non-public data of business users operating on its platform to compete with such business users on the platform. Non-public data includes any aggregated and non-aggregated data generated by business users that can be collected through the commercial activities of business users or their end users on the SSDE’s platform.
No cross-use of personal data without consent: An SSDE is also not allowed to, without the consent of the end users or business users, intermix or cross-use the personal data of end users or business users collected from different services offered by the SSDE or permit usage of such data by any third party.
Enabling data portability: An SSDE should allow business users and end users of its platform to easily port their data, in a format and manner as may be specified.
The above obligations don’t apply the same way to all the Core Digital Services. The CCI will specify the obligations as applicable to each Core Digital Service through regulations.