On 25 April 2023, the same day on which the European Commission (EC) adopted its first designation decisions under its Digital Services Act (DSA), the United Kingdom (UK) Parliament published its long-awaited Digital Markets, Competition and Consumers Bill (the "DMCC Bill"). The DMCC Bill will now proceed through the parliamentary process, with the declared objective of boosting competition in digital markets in the UK. However, these regulatory developments are only two of the latest examples of the growing regulatory burden, both in Europe and further afield, that companies active in the digital sector, and their investors, are facing. This is particularly true for the "Big Tech" giants who, in light of their perceived power and influence, are viewed by governments and regulators alike (including competition1 authorities) as having the ability to significantly impact economies and society as a whole. It is therefore essential for Big Tech companies to remain on top of recent and anticipated regulatory developments and to develop an internal strategy for dealing with, and ensuring future compliance with, new regulations. The current regulatory environment means that, to be effective, compliance strategies now need to factor in antitrust, data privacy/protection, national security/foreign investment and broader government engagement considerations and strategies. While many in the tech industry may argue that the pendulum has now swung too far the other way, resulting in a period of over enforcement and regulation that will have the unintended consequence of chilling competition and innovation, and suppressing product developments, governments and regulators show no sign in slowing down their efforts to further regulate the sector.

Recent legislative measures specifically targeted at the digital sector and Big Tech

Following the lead of equivalent measures introduced in the EC and Germany, the DMCC Bill seeks to establish a new regulatory regime in the UK targeted at reining in the power of Big Tech firms or, more precisely, those that are ultimately designated as having "strategic market status" (SMS) in light of their substantial and entrenched market power and a position of strategic significance in at least one digital activity. A revenue threshold applies so that only firms with global turnover exceeding £25 billion, or UK turnover exceeding £1 billion, will be within scope (likely excluding currently, the likes of, Spotify and Epic Games). The DMCC Bill will, inter alia, introduce a mandatory code of conduct and provide new investigative and enforcement powers to the UK Competition and Markets Authority's (CMA) Digital Markets Unit (DMU) (whose role for the last two years has been largely limited to working in the background to prepare for this new regulatory regime, due to a delay in the government deciding to initiate the parliamentary process).

The DMU will develop tailored Codes of Conduct to regulate each SMS firm's behaviour in relation to the activities for which they have been designated, following a public consultation. The DMCC Bill sets out "permitted" types of conduct requirements based on principles of fair trading, open choices and trust and transparency. While it is likely that the Codes of Conduct will include many of the same requirements as in the EU Digital Markets Act (DMA), certain aspects of the UK regime will likely go beyond the DMA interventions in respect of some firms. The precise content of the Codes of Conduct will not be finalised until the time of designation (early 2025), but there will be public consultation on the proposed requirements before that.

Companies in breach of the new rules could face fines of up to 10% of global turnover. In addition, the DMCC Bill also introduces a specific reporting obligation with a five-day "waiting period" for certain transactions undertaken by companies designated as having SMS, which would then prevent such transactions from closing until this period expires or the UK CMA consents.2 The CMA will publish a notice setting out the form and content of the report, but it will be significantly more limited than a full merger notice and its purpose is only to give the CMA sufficient information to determine if it wants to open a full investigation under the regular merger control regime.

While the noise currently emanating from the UK government is relatively promising, in that the stated intention is for the new regime to be more openly applied than the EU's equivalent DMA and for the DMCC Bill to create a collaborative and ongoing regulatory dialogue between companies and the DMU, the UK CMA's recent decision to veto Microsoft's proposed acquisition of Activision calls into question whether the DMU will put into practice what is currently being conveyed by the UK government (or may it instead seek to apply the new regime against Big Tech in an aggressive and restrictive manner).

From an EU perspective, the recently adopted DSA sets out responsibilities for all the actors involved in the digital sphere. Intermediaries of digital services (e.g., hosting providers, online platforms) will have to comply with a transparency and accountability regime. Special rules are envisaged for "Very Large Online Platforms" (VLOPs) and "Very Large Online Search Engines" (VLOSEs) with more than 45 million monthly active users which, following the EC adopting its first designation decisions,3 will now have to comply, within four months, with the new obligations under the DSA. In parallel, the DMA introduces strict obligations (dos and don'ts) on companies with more than 45 million monthly active end users and 10,000 yearly active business users in the EU, and which also exceed a (relatively high) turnover or market capitalisation/fair market value threshold.4 Large digital companies providing core platform services have until 3 July 2023 to provide the EC with relevant information for their identification as "gatekeepers", with the final designation deadline set for 6 September 2023. It goes without saying that those indicated as VLOPs in such first EC's designation decisions under the DSA may find themselves designated as gatekeepers under the DMA.

While the impact of the above regulatory developments is likely to be far reaching, these developments are unlikely to be the end of the matter or even result in a temporary reprieve for Big Tech, with the growing concerns being voiced around Artificial Intelligence (AI) likely to accelerate the timeline associated with agreeing the final text of the EU AI Act and equivalent UK regulatory framework.

More aggressive merger control enforcement against transactions involving Big Tech and/or impacting the digital sector

Competition authorities across the globe have for a number of years now been adopting an increasingly aggressive approach when it comes to reviewing transactions in the digital sector, particularly deals involving Big Tech. As summarised below, this has been evidenced by both the theories of harm that the authorities have been willing to pursue and the growing number of authorities that have, or are seeking, the ability to review transactions that historically would have fallen below their traditional jurisdictional thresholds. This is a trend that is set to continue, with Big Tech firms now firmly in the cross hairs of competition authorities after what the authorities perceive to have been a period of under enforcement on their part against deal-making by Big Tech.

As noted above, a number of competition authorities (including the EC, the UK CMA and Department of Justice (DOJ)/Federal Trade Commission (FTC)) have shown an ever increasing willingness to explore new and innovative theories of harm when reviewing transactions impacting the digital sector. For example, there have been a number of high-profile cases where a key focus of the relevant review process was on the potential for a transaction to lead to a substantial lessening of competition in light of its impact on "future innovation" and/or as a result of "big data" considerations. As regards the latter, Big Tech companies are now very familiar with having to consider the following types of questions when evaluating potential deal risk: is data likely to be considered to be a key input in related markets? Is there anything inherently unique (e.g., in terms of variety, velocity, volume, veracity and value—the "Five Vs") or sensitive about the target's data set? And do other market participants have comparable datasets?

The greatest scrutiny has typically been reserved for strategic acquisitions by large market incumbents of innovative start-ups with high growth potential but often with no, or only limited, existing revenues. With a number of competition authorities in practice effectively operating a (potentially difficult to rebut) presumption that the rationale for all such transactions on the acquirer's part must be the elimination of the target as a possible source of future competition (a so-called "killer acquisition") or the elimination of the acquirer as a potential competitor post-acquisition as it forgoes innovation in competition with the target (a so-called "reverse acquisition"). Historically such transactions often escaped review as the limited revenue of the target meant that they typically fell below traditional revenue-based jurisdictional thresholds. However, a number of leading competition authorities across the globe have expanded, or are in the process of expanding, the scope of their regimes so as to permit them to review "below threshold" transactions of this nature. For example, in 2017, the German and Austrian authorities both introduced alternative transaction-value based thresholds and since then the likes of South Korea (2021) and India (2023) have followed suit.

This is a trend that appears to be here to stay, with the Australian competition authority having recently affirmed its intention to seek to switch to a mandatory and suspensory regime for transactions above a certain threshold—yet to be set, but likely to be transaction-value based—paired with a call-in power for below threshold transactions that the authority considers still raise competition issues (the latter of which is a power that China's State Administration for Market Regulation (SAMR) also gained in August 2022). Other antitrust authorities have adopted differing approaches to achieve the same aim. For example, in 2022 the Turkish authority revised its regime to effectively disapply the local revenue limb of its jurisdictional threshold for transactions involving a "technology undertaking" target. In the UK, the CMA has interpreted its 25% share of supply test broadly to capture transactions where the target has no existing UK revenue or marketed products (e.g., by establishing jurisdiction based on the number of UK employees engaged in a particular activity). It should not need to do this once the additional acquirer-side UK jurisdictional threshold included in the DMCC Bill enters into force, aimed at capturing "killer acquisitions" and other non-horizontal mergers where the acquirer is a significant player in the UK.5 This threshold will likely capture all acquisitions by SMS firms that are subject to the mandatory reporting referenced above.

Furthermore, the EC is now claiming jurisdiction over acquisitions of targets with low EU revenues, having clarified that its Article 22 mechanism—which allows member states to refer up to the EC for review certain transactions that do not meet the EC's jurisdictional threshold (i.e., those which potentially affect trade between Member States and threaten to significantly affect competition within the territory of the Member State making the request)—can be invoked by member states that lack jurisdiction under their own domestic merger control regimes (see, most notably, Illumina/GRAIL, in which the EC invited member states to make an upward referral request and then vetoed the transaction despite GRAIL having no existing sales in the EU).

Therefore, Big Tech companies should be acutely aware that going forward their transactions are likely to require competition approvals in a growing number of jurisdictions (including some where the deal may have only a relatively limited nexus) and that this will have a real impact on the timing and resources that have to be devoted to deals. However, at least to-date, we have not seen these additional antitrust filings result in authorities seeking to extract their pound of flesh in each and every deal.

The proliferation of foreign investment regimes adding an additional layer of potential scrutiny

The proliferation and expansion of foreign investment regimes, particularly in Europe, in response to shifting national security risk profiles, technological developments and the pandemic now means that merger control is not the only regulatory approval process that tech companies need to have on their radar when contemplating potential acquisitions, disposals and joint ventures (JVs)/alliances or when seeking potential equity investors (both of a controlling and a minority nature). This is because data and data infrastructure, quantum technologies, AI, advanced robotics and related technologies (particularly to the extent they may give rise to dual-use considerations) are all sectors/activities that are commonly deemed "sensitive" by these broadly (and often deliberately vague) foreign investment regimes. This would not only be the case in the likes of the UK, the United States (US), Austria, France, Germany, Italy, Denmark and Spain, but also in Japan, Australia and Canada.

The level of scrutiny in the foreign investment context is only going to increase further in the coming years, likely leading to additional delays to deal/investment timelines and greater regulatory uncertainty and risk. This is particularly so because, in contrast to typical merger control processes, the foreign investment regimes are more opaque in nature and subject to changes in the prevailing geopolitical winds. As such, screening investors, buyers and targets for foreign investment risk should now form a key part of all contemplated transactions and investment strategies.

Advice to technology companies and their investors

While the developments outlined above will no doubt increase the, already large, regulatory burden that technology companies and their investors may face, if a suitable engagement and compliance strategy is put in place, in most instances they should not present an insurmountable obstacle to deal making in the sector or current/future business operations and developments.

Engaging appropriate antitrust and foreign investment counsel early on in any merger and acquisition (M&A) or investment process is a must, even in the context of transactions/investments where historically this may have been viewed as being unnecessary. Akin provides a composite merger control, antitrust and foreign investment platform, getting deals through all of the relevant authorities in a streamlined and cost-effective manner. As noted above, authorities are no longer focused solely on traditional theories of harm and even a very remote nexus to a particular jurisdiction can be sufficient to trigger a filing obligation or a call-in. Involving counsel early on can help when it comes to managing timing expectations, ensuring adequate contractual protections are put in place to address regulatory risks and with devising a coherent filing strategy that manages the sequencing of filings and substantive arguments in such a way as to maximise the likelihood of a positive outcome.

Of equal importance is cultivating an open and transparent relationship with the relevant authorities. This applies not only when potential transactions/investments are being contemplated, where we consider there to be real merit in engaging with regulators early on to explain on the front foot the nature of, and rationale for, the transaction and the procompetitive benefits that will follow (it can often be hard to change preconceived notions held be regulators), but also more generally as part of a broader engagement/lobbying strategy. We consider the latter to be important so as to seek to rectify the historic distrust that certain regulators have of Big Tech and its motives and also to help educate the regulators as to how these often nascent and rapidly developing markets truly function and are likely to develop over time. Importantly, any engagement strategy must not be focused solely on antitrust in isolation and instead should be multi-faceted and encompass, inter alia, national security/foreign investment, data privacy/protection and wider governmental policy considerations.

We also encourage firms to double-down on their own internal compliance efforts in order to avoid the creation of "bad" documents including words such as "killing competition" or "creating a dominant player," and providing significant market shares. In addition to educating all staff (regardless of their level of seniority) on the importance of avoiding poorly worded emails, presentations and other materials, the acquirer's employees also need to be trained (and reminded) to avoid taking steps to implement a transaction prior to receiving antitrust approvals (so-called gun-jumping). Akin lawyers can assist in creating or updating compliance programmes, provide training and otherwise help minimise antitrust/competition infringements, as well as increasing the chances of deals being approved on time and under budget.

Footnotes

1. We use the terms competition and antitrust interchangeably in this Alert.

2. SMS firms will be required to report transactions which result in an entity in the SMS group having "qualifying status" i.e., shares/voting rights increase from less than 15% to 15% or more; 25% or less to more than 25%; and 50% or less to more than 50%; in a "UK-connected body corporate" i.e., an undertaking that carries on activities in the UK, or supplies goods and services to person(s) in the UK; for a consideration of at least £25 million.

3. The list of companies designated as VLOPs and as VLOSEs by the EC on 25 April 2023 can be found here: https://ec.europa.eu/commission/presscorner/detail/en/ip_23_2413.

4. An undertaking providing a core platform service (i.e., an important gateway for business users to reach end users) shall be designated as a gatekeeper if it has a significant impact on the internal market, with a presumption applying in case it achieves an annual EU turnover equal to or above €7.5 billion in each of the last three financial years, or where its average market capitalisation or its equivalent fair market value amounted to at least €75 billion in the last financial year, and it provides the same core platform service in at least three Member States.

5. This new threshold will be met if one of the parties supplies at least 33% of goods or services in the UK and has UK turnover of over £350 million, and the other party is a UK business, carries on at least part of its activities in the UK, or supplies goods and services in the UK.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.