Key Developments in Europe

Reforming the regulatory framework

The past decade has shown that regulation has been unable to keep up with the rapid pace of development in the digital and technology sectors, impacting the enforcement capabilities of the European Commission (EC) and national governments. The pace of new technology has fast surpassed existing regulatory frameworks leaving governments to play catch up.

In order to avoid being caught in this situation again, they are keen to ensure a broad ability to regulate and enforce to try and keep pace with rapidly evolving technology. The EC in particular has recognised the need for a systemic overhaul and have embarked on an ambitious plan to enact both the Digital Markets Act (DMA) and Digital Services Act (DSA) in the coming year.

Before analysing these and other impactful new pieces of regulation, there are a number of important key themes to recognise relating to the regulation and enforcement, particularly of competition legislation in the technology sector.

Increasing responsibility put on digital service providers

Regulators have made significant strides aimed at making digital and technology players take greater responsibility for user safety and the content they make available online. Under the e-Commerce Directive from 2000,^[2] platforms were disincentivised from taking proactive measures to combat illegal content at the risk of losing their safe harbour protection. The huge success of platforms built on this foundation led to significant user safety risks and rightsholder remuneration demands. As a result, governments have begun trying to rebalance the status quo by placing more onerous duties on platforms in ‘exchange’ for their safe harbour protection.

Broader scope of regulation

The race towards innovative, impactful and cutting-edge technology has put the digital sector in the crosshairs of governments and politicians, with particular focus on:

• the significance of ‘the cloud’ for the public and private sectors, and related questions around the security of networks;
• increasing reliance by digital actors on algorithms, AI and robotics;
• roll-out of impactful technologies like facial recognition or predictive and data-driven law enforcement and justice initiatives, and relating privacy issues; or
• the impact of technology on children, including increased focus on digital and technology players developing services geared towards children (notably in light of covid-19 and the significant regulating digitalisation of education) along with concerns about child online safety.

Legislative blueprint

The EC finds itself in a perfect storm of competing pressures while attempting to legislate on the digital and technology sectors. The issues at play can be largely grouped into three themes: human rights impact, national security interests and preserving corporate value as illustrated by the diagram below.

Coupled with this is the task of navigating the geopolitical sensitivities of each Member State as well as the varying levels of scrutiny different countries have to new technology and its place in their society. As a result, some member states, notably Germany, are taking matters into their own hands and enacting national legislation, which has the potential to disrupt the harmonisation efforts of the EC.

A blueprint has begun to emerge across the new digital and tech-focused regulation, which consists of:

• accountability: making digital services providers responsible for harm or third-party infringement;
• transparency: increased reporting requirements placed on digital services providers; and
• proactive obligations: filtering, blocking and gating requirements placed on digital services providers.

Notably, these regulatory proposals also feature the potential for higher penalties, calculated as a percentage of worldwide turnover.

Digital Markets Act (DMA) and Digital Services Act (DSA)

The DMA and DSA are two of the potentially most impactful pieces of EU regulation, aiming to create a ‘safer digital space in which the fundamental rights of all users of digital services are protected’^[3] and ‘to establish a level playing field to foster innovation, growth and competitiveness, both in the European Single Market and globally’. The DSA and DMA represent the most significant pieces of technology regulation to date and will require extensive technology builds and process updates to ensure compliance.

Digital Markets Act

The DMA provides for a set of specific obligations which apply to certain categories of services (core platform services (CPSs) which include search engines, social media networks, web browsers, operating systems, online intermediation services, etc.) provided by very large digital companies identified through thresholds and other metrics as ‘gatekeepers’. The stated goal of the DMA is to contribute to the proper functioning of the internal market by ensuring contestable and fair markets in the digital sector.

The DMA will enter into force on 1 November 2022,^[4] and will start applying as of 2 May 2023. Gatekeepers will then need to comply with the behavioural rules for their CPSs, starting in the first quarter of 2024.

The obligations contained in the DMA relate to a mix of practices that are traditionally subject to competition rules or have recently been on the competition authorities’ radar (e.g., exclusivity, tying and self-preferencing) and others that clearly fall outside of that prerogative (e.g., data collection, usage and portability, transparency and alternative dispute resolution). These obligations will likely require gatekeepers to undertake significant changes to the design and operation of some of their key services to ensure compliance.

The DMA provides for an extensive toolkit for the EC to monitor and enforce compliance with the new obligations. Gatekeepers are obliged to annually report on the measures they have taken to comply with the obligations. The EC can impose fines up to 10 per cent of worldwide consolidated turnover, which can increase to 20 per cent in case of repeat infringement, as well as behavioural and structural remedies if they find shortcomings in these efforts leading to violation of these obligations.

The EC will also have the power to launch market investigations into systemic non-compliance by particular gatekeepers or to assess whether further digital services should be added to the list of CPSs. Additionally, gatekeepers are required to inform the EC of all intended concentrations (within the meaning of the EU Merger Regulation) in the digital sector prior to their implementation.

Digital Services Act

The DSA largely maintains the safe harbours set out in the e-Commerce Directive but adds on significant new duties on each of the four newly defined online service categories.

New online service categories

The DSA proposes four categories of online services: ‘intermediary’, ‘hosting service’, ‘online platform’ and ‘very large online platform’ (VLOP). Each category is now subject to expanded obligations, with the highest stakes and fines likely to impact VLOPs.

Safe harbours

The e-Commerce Directive safe harbours will be largely replicated in the DSA, with the addition of a ‘Good Samaritan’ provision for intermediaries who carry out investigations to detect illegal content or undertake measures to comply with the DSA. This is a welcome change that has long been advocated for by the technology industry. However, the defences under the DSA will be narrowed to exclude consumer law violations where it is reasonable for consumers to believe the intermediary is providing the information, goods or services they received. In other words, clarity as to with whom a consumer is engaging will become paramount, and going forward this will impact product and customer contracting strategies and related business structures.

Notice and takedown

The DSA aims to harmonise notice and takedown mechanisms for the first time in the EU. However, the mechanisms proposed are fairly general and in practice are unlikely to materialise in significant changes for the majority of platforms and marketplaces, most of which already have sophisticated processes for notice and takedown in place. The most significant change proposed is to require a statement of reasons to be provided to explain why a host has removed or disabled content. These statements will then have to be made publicly available, which mirrors a parallel obligation in the P2B, but with much wider potential impact.

Another proposed change is the recognition of ‘trusted flaggers’, who will be appointed by the newly established Digital Service Coordinators in Member States, on the basis of their expertise in flagging illegal content. However, given some of the current political tensions within the EU relating to divergent views on the rule of law, there will likely be material variance between Member State approaches to trusted flagging, with no EC-level harmonisation mechanism.

Know-your-trader requirements

In an effort to clamp down on illegal and harmful goods and services available online, the EC has proposed ‘know your trader’ requirements, requiring online platforms to obtain proof-of-trader identities and to actively verify their accuracy. While some of this information is already collected by platforms in their ordinary course of business, the legal duty to verify this information has not been seen before outside of where anti-money laundering requirements are applicable. These requirements echo proposals in other jurisdictions, including the US, and are a bid by the EC to force marketplaces to take greater responsibility for their platform without – automatically – bearing liability for the actual listings.

VLOPs and ‘systematic risks’

The DSA proposes a requirement for VLOPs to carry out an annual review to identify what ‘systemic risks’ stem from the use and provision of their services and then to take measures to address these risks. This approach invokes the spirit of self-regulation, but with sharper legal teeth, including the possibility of an independent audit.

Transparency reporting

One of the strongest themes emanating from the DSA is the push for greater transparency. While many intermediaries already provide some, or even much, of the information the DSA is asking for, the DSA requires more. All intermediaries must publish transparency reports at least once a year that include the number of orders by Member States to remove content, notice and takedown requests, the time it takes to remove them, and what content moderation measures have been implemented.

VLOPs will also be required to publish details of any automated means used for content moderation, the number of disputes submitted to out-of-court dispute bodies and suspensions imposed for misuse of the notice and takedown procedure. This extensive transparency reporting will be required every six months through a specifically appointed compliance officer appointed by the VLOP responsible for compliance with the DSA. For context, this is a significantly expanded requirement to what is expected of a Data Protection Officer under the GDPR.

Online Safety Bill^[5] (OSB)

In light of the UK’s exit from the European Union, the DSA will not apply in the UK. The UK government has therefore drafted its own piece of legislation with the aim of making ‘the UK the safest place in the world to be online while defending free expression’.^[6] The OSB has been most recently amended in July ^[7] with the expectation that it will pass into law later this year or early 2023. The Bill has been criticised for failing to protect freedom of expression and it looked as if this could derail the whole Bill but former prime minister Liz Truss confirmed the intention to water down some of the obligations to moderate such concerns and push the Bill into force.^[8]

The OSB will bring in a new statutory duty of care on online platforms that host or publish user-generated content. Services in scope of the OSB will therefore include social media networks, search engines and video-sharing platforms. Companies will be under a duty to put systems and processes in place, which protect users by limiting or removing any harmful or illegal content. The greatest obligations will fall on Category 1 companies with less burdensome obligations on Category 2 companies, which will generally be smaller companies whose user base does not exceed a certain number.

The OSB aims to prevent the spread of illegal content by requiring platforms to remove this content as soon as they see it. This priority illegal content includes terrorism and child sexual exploitation. A key aim of the government is also to protect children by ensuring they are not exposed to inappropriate online content. The Bill therefore requires stricter age-verification processes and the obligation to monitor private chats for child sexual abuse. Unlike the DSA, the OSB draws a distinction between ‘harmful’ and ‘illegal’ content, which has caused concerns around how this should be identified. In light of this, the Secretary of State has been empowered to regulate this type of content through secondary legislation.

Ofcom will enforce the Bill and will be able to impose fines of up to £18 million or 10 per cent of a company’s annual global revenue. Ofcom are also expected to be empowered to impose criminal sanctions on senior managers and directors for serious breaches of duty.

AI Act^[9]

AI technologies present a multitude of benefits to society but also raise certain risks such as the possibility of categorising individuals based on appearance or behaviour. According to the EC, its proposed AI Act will be the first legal framework to address and regulate AI. The extent of regulatory intervention within the Act is based on the level of threat posed by the respective use of an AI system to the fundamental rights and security of citizens.

The Act uses a risk-based approach, defining the following risk categories:

• The unacceptable risk category includes systems that pose a threat to individual’s rights and safety and are therefore banned.
• The high-risk category sets out obligations for the providers and users of such systems to abide by, including (but not limited to) appropriate human oversight and adequate risk assessment. Within the limited risk category, AI systems are required to be transparent, notifying users that they are interacting with a machine (e.g., chatbots).
• Finally, where there is minimal or no risk, the Act allows liberal use.

The Act proposes GDPR level penalties and is to be enforced by Member States and the proposed European Committee on Artificial Intelligence. The draft of the Act also proposes AI regulatory sandboxes at a national level, allowing businesses to experiment with AI products under the supervision of a regulator.

Data Act

In February 2022, the EC published a proposal for the Data Act,^[10] with the stated aim of maximising the value of data (both personal and non-personal) in the digital economy. The Data Act will impose several new obligations on digital players:

• Providers of connected devices and any related services (including virtual assistants) must make data generated by their use available to users (both businesses and consumers). Users can also ask these providers to make data available to third parties (so that they can, for example, access a wider range of after-sales services, such as repair and maintenance).
• Where data holders are required to make data available to third parties acting in a professional capacity (either under the Data Act or other EU legislation), they must do so on fair, reasonable and non-discriminatory terms. Any terms concerning data that are unilaterally imposed on micro-, small- and medium-sized enterprises will be subject to a fairness test, similar in some respects to the fairness test for terms in consumer contracts under the Unfair Contract Terms Directive.^[11]
• Data holders must make data available to public sector and EU bodies where those bodies can demonstrate an exceptional need to use the data requested (e.g., in the case of public health emergencies or major cybersecurity incidents).
• Cloud services providers must take measures to ensure customers can switch to another data processing service of the same type offered by a third party provider, ensuring continuity of service during transition. They must also take reasonable steps to prevent unlawful access to non-personal data by third country governments (similar in some respects to the international transfer provisions of the GDPR).^[12]

Regulatory framework in competition law

As a response to the changing nature and increasing importance of digital services and products, the EC has initiated an evaluation and review exercise of many of its existing regulatory frameworks to adapt to the new economic reality of the digital economy.^[13] For instance, DG COMP has been since 2021 in the process of revising the Market Definition Notice issued in 1997,^[14] which was found not to reflect factors such as globalisation, multi-sided markets, digital ecosystems, treatment of data and zero monetary price services.^[15]

Another, more recent initiative is the evaluation of Regulation 1/2003 and its implementing regulation, Regulation 773/2004 (together to be considered as the EC’s antitrust procedural regulations). This is considered necessary because of the changing economic landscape, such as the digitalisation of the global economy.^[16] As the consultation is still at an early stage,^[17] there are limited details on as to what it will entail, but focus is already set on (1) changing investigative powers considering increased digitisation of business,^[18] and (2) strengthening enforcement powers to intervene more quickly in digital enforcement. An interesting development will be how the EC will amend the rules on interim measures, which have often proven to be too restrictive and cumbersome.^[19] In only one case under Regulation 1/2003 has the EC successfully relied on it, namely the 2019 Broadcom case.^[20]

Key areas of focus in technology cases

In antitrust enforcement, competition authorities are often interested in the characteristics of the digital ecosystem model and resulting competition law concerns.

A first, common concern is the dual or hybrid role played by online platforms, both as the provider of the marketplace, advertising space or app store, but also as a competitor of the third-party seller, advertiser or app developer.^[21] These third parties are often disadvantaged while largely depending on dual platforms to reach end-users. As a result of vertical integration, dual platforms can also have access to enormous datasets, including non-public seller data, or data about consumer behaviour.

Other concerns include quasi-monopolistic positions on aftermarkets of the ecosystem, where the platform does not allow for or restrict competing products. For example, not allowing alternative app stores, payment methods or gaming platforms, or refusing to supply access to their operating system to third-party technologies.

Finally, ecosystems can cause user lock-in because of high (technological and financial) switching barriers, and lack of interoperability with other products and services. In addition, large technology companies can leverage the power they have in different layers of their ecosystem to adjacent markets.

To illustrate recent antitrust enforcement of digital ecosystems, Apple provides a strong example and possible precedent for future cases. The EC is currently investigating Apple on multiple fronts, with both its App Store and mobile wallet practices (Apple Pay) being under scrutiny.

After the EC issued a Statement of Objections to Apple in April 2021 with the preliminary view it has infringed competition law rules in the music streaming industry, a second investigation was launched into Apple Pay in May 2022.^[22] The EC expressed concerns that Apple had been abusing its dominant position in the market for mobile wallets on its iOS system. In particular, the EC objected to Apple restricting competing mobile wallet developers’ access to near-field communication technology (NFC), which is the standard technology used for contactless payments with mobile devices.^[23]

However, the EC is not alone in its investigations into Apple’s practices. In June 2022, the Bundeskartellamt initiated a proceeding into Apple’s third-party app tracking rules,^[24] the CMA is still ongoing in its investigation into the App Store.^[25] More specifically, the ACM stated that the obligation for app developers to use the Apple’s IAP, as well as the imposed anti-steering provisions deprived app developers of their freedom of choice and were unfairly disadvantaging them by imposing conditions that are unlikely to be accepted if app developers were not dependant on the App Store to reach an user base.

The ACM therefore ordered Apple to change its conditions to allow alternative payment methods for dating apps on iOS. After taking approximately five months to comply, Apple addressed the ACM’s concerns and changed its payment policy for dating apps in the Dutch market. The ACM ordering Apple to change its payment conditions for online dating apps in the Netherlands is a far-reaching remedy, because it touches upon the core of Apple’s App Store monetisation strategy and thus its business model. It forms a precedent for other competition authorities raising concerns with the conditions Apple imposed on app developers that depend on its platform to use iOS.

The same concerns on closed ecosystems, as well as concerns regarding the dual role of platforms, can be found in recent data cases. The increasing scrutiny of data intensive markets is illustrated by various EC investigations:

• On 14 July 2022, Amazon proposed commitments in hopes of addressing the EC’s concerns about its Buy Box and Prime, regarding the use of non-public data from independent retailers selling in its marketplace. The EC found that relying on non-public independent seller data to calibrate business decisions could distort fair competition, and favour Amazon’s Buy Box and Prime services.
• On 11 March 2022, the EC opened an investigation into a possible anti­competitive agreement between Google and Meta, as the agreement might reflect ‘efforts to exclude ad tech services competing with Google’s Open Bidding programme, and therefore restrict or distort competition in markets for online display advertising’.^[26]
• On 22 June 2021, the EC opened an investigation into Google’s display advertising. Throughout its ecosystem Google has access to a large dataset of its users. The EC investigates whether Google distorts competition by imposing obligations to exclusively use Google’s advertising technologies and restricting access to user data by third parties for advertising purposes, while favouring its own online display advertising.^[27]

Developments in antitrust cases

Competition authorities worldwide are taking a more unified stance in competition enforcement against digital players. International exchanges of information and cooperation between authorities have noticeably increased as digital products and services, and the anticompetitive practices associated with them, are often global in reach; therefore, their regulation benefits from such interaction between authorities. This evolution towards international cooperation was particularly notable when heads of DG COMP met with the US Federal Trade Commission (FTC), and the US Department of Justice (DOJ) to issue a Joint Statement in December 2021 on increased cooperation with respect to the technology sector in particular.^[28]

The expansion of digital enforcement has also brought renewed scrutiny on Microsoft, whose anticompetitive behaviour has brought it back under the microscope after seemingly escaping competition scrutiny for over a decade. During this period of rapid growth of digital services and products, Microsoft has avoided public scrutiny by regulators, unlike other digital giants such as Google, Apple, Meta (formerly Facebook) and Amazon, but it is now facing investigation by the EC for bundling and anticompetitive licensing practices in the cloud sector following several complaints from market participants in the cloud sector for bundling and anticompetitive licensing practices.^[29]

While competition enforcement in the digital space has increased in the EU, the EU courts continue to enforce the relevant legal tests with divergent results. A political victory first came at the end of 2021 for the EC, when the General Court upheld the EC’s 2017 decision on Google Shopping, which relied on a new theory of ‘self preferencing’ as abusive conduct.^[30] The decision was seen as a much-needed endorsement of DG COMP’s more expansive policy on digital enforcement, and instilled more confidence in how the European courts would rule in other ongoing appeals, such as the Google Android and Google AdSense cases.

However, this confidence boost was short-lived, when in January 2022, the General Court partially annulled the DG COMP decision imposing a €1.06 billion fine on Intel for abusing its dominant position in the global x86 processor market by granting certain exclusivity rebates. The General Court held that the EC’s analysis was incomplete and that DG COMP did not establish that the rebates Intel was giving were anticompetitive.^[31]

In June 2022, the General Court again annulled a decision of DG COMP that found that Qualcomm abused its dominant position on the global market for chipsets compatible with the Long Term Evolution (LTE) standard. The General Court found that there were procedural irregularities in the investigation and invalid analysis of the anticompetitive effects of the incentive payments.^[32] In August 2022, it was announced that the EC will not appeal the decision.^[33]

In September 2022, the General Court largely endorsed the EC’s finding of Google abusing its dominant position by imposing anticompetitive contractual restrictions on original equipment manufacturers (OEMs) and on mobile network operators. The fine, reduced only slightly, still remains the largest ever imposed in Europe, with Google having to pay €4.125 billion.^[34] The decision, which can be deemed as the new ‘Microsoft’ case in digital enforcement, is likely to have a significant impact on future global enforcement involving mobile ecosystems.

National Competition Authorities (NCAs) have continued to play an active role in antitrust enforcement in digital markets, launching an increased number of investigations and becoming through experience more comfortable with designing and monitoring more complex technical remedies. This trend is exemplified in the decisional practice of various NCAs. For example:

• In November 2021, the Italian competition authority (ICA) fined both Google and Apple €10 million for not providing clear enough information on the commercial use of data and using aggressive practices to push users to accept the commercial processing.^[35] In December 2021, the ICA fined Amazon €1.3 billion for abusing its dominant position in the Italian market for intermediation services on marketplaces. In particular, the ICA concluded that Amazon was giving sellers who used its logistics service, called ‘Fulfillment by Amazon’, advantages in terms of visibility and sales.^[36] In June 2022, the ICA launched an investigation into Google for allegedly hindering interoperability in sharing data on its platform with other platforms and, in particular, with the Weople APP, an operator that has developed an innovative data investment bank.^[37]
• On 5 January 2022, the German Federal Cartel Office (FCO) found Google to be of ‘paramount significance for competition across markets’ under the new Section 19(a) of the German Competition Act. This triggers a right of accelerated intervention against Google’s business practices.^[38] As a direct result, in June 2022, the FCO launched proceedings against Google for restricting the combination of its Google Maps service with third-party mapping services, including not embedding location data.^[39] Also under Section 19(a), in June 2022, the FCO launched proceedings against Apple to investigate whether its third-party app tracking rules also apply to Apple itself, raising suspicions of preferential treatment.^[40]
• On 24 January 2022, the Dutch Authority for the Consumer and Market (ACM) began imposing periodic fines on Apple for failing to amend the App Store rules that forced Dating-app users to only use Apple’s own payment method.^[41] Apple changed its rules, after the sum of all periodic fines had reached the maximum amount of €50 million.^[42]
• On 11 February 2022, the UK’s Competition and Markets Authority (CMA) accepted commitments offered by Google to ensure that its Privacy Sandbox browser proposals^[43] do not unduly restrict competition nor harm consumers while protecting privacy. A monitoring trustee working directly with the CMA will now closely monitor Google to ensure the Privacy Sandbox is developed in a way that benefits consumers and does not favour Google.^[44]
• In June 2022, the CMA launched an investigation into Google’s Play Store rules in the UK, whereby app developers are obliged to use Google’s own payment system (Google play Billing) for in-app purchases on Android devices.^[45]
• In June 2022, the French Competition Authority (FCA) accepted Google’s commitments to compensate French publishers for the use of journalistic content by negotiating in good faith and sharing advertising revenue information. It is noteworthy that the FCA required Google to withdraw the appeal against the initial decision.^[46] Also in June 2022, the FCA accepted Meta’s commitments to address concerns of a French online advertiser regarding: (1) the manner in which access criteria for a marketing programme were established, (2) disparagement practices and (3) the removal of access to a certain Meta API.^[47]
• Following the ongoing EC investigation, in July 2022, the CMA also started investigating suspected anticompetitive practices of Amazon, evaluating whether Amazon was distorting competition by advantaging its own retail business or sellers using its services, over third-party sellers on the Amazon UK marketplace.^[48]

New competition concerns on the horizon

Competition authorities are increasingly launching market investigations to familiarize themselves with the working and competitive landscape of a wide range of new digital services and products, such as mobile ecosystems, the internet of things (IoT), streaming platforms and cloud. These often prove to be of great interest to smaller competitors when facing anticompetitive behaviour in a closed ecosystem and an emerging ‘tipping’ digital market.

Mobile ecosystems

On 10 June 2022, the UK CMA published a final report of its market investigation into mobile ecosystems. In this report, the CMA found that Apple and Google had a considerable grip over their mobile ecosystem which resulted in reduced competition, and therefore identified a range of potential interventions.^[49] Given the number of concerns of market participants, the CMA also launched a consultation on a proposed market investigation reference into the supply of mobile browsers and browser engines, and the distribution of mobile cloud gaming services.^[50]

Internet of things

The EC recently took interest in another technology niche, launching a market investigation into the consumer internet of things (IoT). In January 2022, in its final report, the EC highlighted potential concerns regarding:

• exclusivity and tying practices in relation to voice assistants, as well as practices limiting the use of different voice assistants;
• the extensive access to and accumulation of data, which allow voice assistant providers to leverage more easily into adjacent markets;
• the lack of interoperability, leading to the ability of providers of voice assistants and operating systems to limit functionalities of third-party smart devices;
• the difficulty for emergent or small providers of smart device operating systems and voice assistants to compete effectively with leading vertically integrated companies (such as Amazon, Apple and Google) that have built their own ecosystems within and beyond the consumer IoT sector.^[51]

The findings of this sector inquiry have fed into the legislative debate on the scope of the Digital Markets Act (DMA), as it led to the inclusion of virtual assistants in the list of Core Platform Services (CPSs).^[52]

Music streaming

In July 2022, the CMA published its interim report of its market study into music and music streaming, which was launched in January 2022. The CMA concluded that while there was market concentration within recorded music and music streaming, there was no concrete evidence that this was causing harm to consumers. The CMA will continue its market study for the next six months, with a deadline to publish its final report by 26 January 2023.^[53]

Cloud

Concerns related to closed ecosystems and possible leverage of market power from other markets seem to also become a particular concern in the cloud sector following the increasing trend of competition authorities launching market investigations in the cloud sector.

In January 2022, the FCA decided to start proceedings ex officio to assess the competitive situation of the cloud sector.^[54] As part of its investigation, the FCA is holding a public consultation to gather comments from stakeholders. Following this consultation, the FCA will issue final conclusions in early 2023.^[55]

In September 2022, the ACM published its market study into Cloud Services, whereby it concluded there is a high degree of concentration in the cloud sector. In particular, the ACM raised two major concerns: (1) user lock-in as result of switching barriers and lack of interoperability, and (2) the leverage of a strong position within the different layers of cloud. While highlighting the importance of European regulatory solutions (such as the DMA and Data Act), the ACM announced a follow-up investigation on switching barriers such as egress fees.^[56]

Developments in merger control

The EC and national competition authorities are continuing to refine their policies on ‘killer acquisitions’ in the technology sector. An interesting recent new development is the EU General Court giving the green light to below-threshold merger referrals from the Member States to the EC under Article 22 of the Merger Regulation and the new EC Guidance on the application of the referral mechanism.^[57]

Outside the EU, the Turkish Competition Authority introduced special thresholds for technology companies in March 2022.^[58] In April 2022, the UK government proposed, among other things, to introduce a new threshold allowing to the CMA to capture more technology deals.^[59] Further, a most recent development is the entry into force of Italy’s Annual Law for Competition in August 2022, which introduces the possibility for the ICA to request notification of below-thresholds mergers.^[60]

Not only do competition authorities have a greater hold on tech deals due to implementing new lower thresholds, but also as a result of society evolving where everyday products and services are becoming even more and more intertwined with technology.

The first example is the now established new norm of not watching a show or movie on television, but on a streaming service. An interesting example that revolved around a streaming platform was the investigation into Amazon’s acquisition of MGM, which also touched upon the provision of marketplace service products such as Amazon Prime Video.^[61]

The second example is the current ongoing evolution of not only buying or downloading a game, but streaming it. Recent examples in this sector is the ongoing in-depth investigation into the acquisition of Activision Blizzard King by Microsoft, which also touched upon evolutions such as cloud gaming.^[62]

A final example is that many industries, such as healthcare, are seeking to digitise their operations by placing them in the cloud. This has also led to follow-up merger investigations such as: Microsoft’s acquisition of Nuance,^[63] a transcription software company with strong focus on healthcare; and Oracle’s acquisition of Cerner,^[64] a provider of digital information systems used within hospitals and health systems.

We are currently seeing an increase in international cooperation and a new, more rigid policy toward digital enforcement, and in general a tougher stance is noticeable.

In February 2022, NVIDIA and SoftBank Group announced the termination of its proposed acquisition of Arm Limited because of significant regulatory challenges worldwide.^[65] Similarly, in May 2022, Ritchie Bros, the largest online auction provider for heavy machinery, abandoned its planned purchase of Euro Auctions after the CMA decided to refer the deal for an in-depth Phase 2 investigation and refused the undertakings offered by the parties to address the CMA’s competition concerns.^[66] The EC approved Meta’s acquisition of Kustomer but only after a Phase II investigation and the requirement of remedies to approve the transaction.^[67] While the CMA did not pursue a Phase II investigation of Meta/Kustomer,^[68] it did block the acquisition of Giphy after finding that the deal could harm social media users and UK advertisers.^[69] In 2022, the CMA is continuing to establish itself as a strict enforcer of technology deals, as evidenced by its recent announcement to launch a Phase II investigation into Microsoft’s acquisition of Activision Blizzard King.^[70]

However, as recent decisions have shown,^[71] competition authorities are often still receptive to clear technology acquisitions even as they often seek to advance their digital enforcement policies and evolve their approach to effective remedies in a digital context. Since these frequently involve new sorts of products and services, such as cloud and increasingly complex digital ecosystems such as mobile and online advertising, a more educative approach toward authorities, such as the use of several teach-in and contact moments with the business, is often deemed critical in technology investigations.

Digital companies are not passively submitting when faced with for instance a prohibition decision. In particular, when a competition authority is deemed to not fully respect the procedural rights of the parties involved. A clear example is Meta appealing the CMA’s decision to block its acquisition of Giphy. In June 2022, the Competition Appeal Tribunal (CAT) agreed with Meta’s procedural challenge with respect to the extensive redactions applied by the CMA in its preliminary findings report which harmed Meta’s rights of defence.^[72]

Notes