Reigning in the vast power of digital platforms through regulation has been top of the agenda of global policymakers for the last half decade, but as political and economic realities have shifted, the regulatory paths of major economies have diverged.

EU – first mover starting to bite

While the EU has not produced tech giants to rival those in the US and China, the EU has taken a leading role in setting rules for the digital economy. In September this year, the Commission designated six large tech companies – five US and one from China – as gatekeepers under the DMA. There is now plenty of work to be done (for gatekeepers, the Commission and other interested parties) before the gatekeepers publish their compliance reports in March 2024 – not least on the five designation appeals launched in the week before we went to press. While Germany’s regime for undertakings of “paramount significance” has already been in force for several years and has seen some significant cases, the DMA is a much broader (and blunter) instrument with effect across the EU27. But the DMA is not the only show in town, the Digital Services Act is already in force for designated “very large” platforms since August 2023 and due to come into full effect in 2024. And there is a suite of other incoming regulatory changes including on platform workers, data and privacy.

There is much talk of whether the “Brussels effect” will shape the global digital economy but we have already seen EU regulations slow or even stop rollout of new technologies in Europe. Could regulation lead to new business models for both gatekeepers themselves and challengers “growing up” in Europe?

UK – renewed impetus and regulatory flex

The UK’s digital regulation proposal, slow-tracked thanks to Brexit, Covid and political chaos, came back with a bang, with publication of the DMCC bill in April 2023. The draft legislation will empower the UK’s Digital Markets Unit (DMU), which has been operating in “shadow” form since 2021, to designate firms as having strategic market status, impose bespoke codes of conduct for each firm, and then to enforce those codes, as well as the power to take “pro competition interventions”. The Bill will make the DMU incredibly powerful with enormous discretion (that has the scope to go much further than the DMA). However, it remains to be seen whether the DMU will have the desire or political support to be a world-leader in actual intervention.

US – bipartisan agreement remains elusive

Over the past years, legislative proposals to regulate big tech companies have largely stalled in Congress. While there was once some bipartisan support for regulation of digital competition, oversight proceedings under new leadership saw accusations that the FTC and DOJ had been colluding with UK and European regulators to expand the scope of digital regulation over US companies. Meanwhile, efforts have turned to a focus on consumer protection as US Senators proposed a bipartisan bill to establish the “Digital Protection Commission”, which would act alongside the FTC to ensure fair competition and consumer protection in digital services in the US.

China – moderation after strict crackdown

Alibaba was the first of the Chinese tech giants to bear the brunt of increased oversight, with an investigation into anticompetitive practices resulting in a $2.8 billion fine in 2021. Thereafter the government also announced new privacy laws, amended regulations for international data transfer, and regulated the gaming and streaming industry. In 2023, there have been indications that the heightened scrutiny of the tech sector is moderating, as public enforcement agencies in China seek to promote healthy growth in its tech sector and wider economy.

As regulation grows, what is left for antitrust enforcement?

The Commission’s answer, if the Google AdTech press release is anything to go by: a big one. The Commission announced that it provisionally considered the break-up of Google’s ad tech stack as necessary to prevent it from abusing its dominant position. This will no doubt be a heavily litigated case (if it reaches that point), but the pursuit of this remedy signals that there is still a role for detailed, complex antitrust analysis in the post-DMA world. There are also practices (e.g. tying) which are not directly covered in the DMA which are likely to continue to prompt antitrust tech cases going forward, and there are many technologies that are not “core platform services” and therefore outside the scope of the DMA – e.g. generative AI. And the Court of Justice will set precedent on “self-preferencing” when it delivers the Google Shopping judgment next year. In the UK, a spate of opt-out class actions in the tech sector could see the UK’s Competition Appeal Tribunal making entirely new law in a number of cases that stretch the bounds of antitrust law.

From court rooms on the other side of the Atlantic, the first wave of tech antitrust cases are making their way through US courtrooms. The most advanced is the first of the DOJ’s cases against Google alleging that the search giant struck anticompetitive deals with Apple and other companies for prime placement of its search engine. The case has gone to an extended high-profile trial, with the court hearing testimony from both Alphabet and Microsoft CEOs. The outcome will set defining precedent in US antitrust laws for tech enforcement to come.

In China private actions and courts are also increasingly active, including in relation to extra-territorial effect. This year Guangzhou court accepted an allegation that Amazon abused its dominance in the European e-commerce market towards the China based plaintiff, who is a merchant on Amazon’s European platform. The case is still at an early stage, but worth paying attention to for tech companies interacting with Chinese suppliers and customers outside China.

There is still a lot to play for.

There is significant alignment between global regulators about the specific competitive harms that may arise in tech deals. But there remains outcome critical divergence on both substance and remedies. In 2023 this proved fatal for Booking/Etraveli (appeal pending), and remedies divergence looked set to derail Microsoft/Activision before an unprecedented turnaround by the CMA.

We said it last year and it remains true: in an uncertain world parties need to pay careful attention at the outset to risk allocation and ensure merger control strategy is flexible.

Theories of Harm – Same but different

Techy buzzwords now roll off the tongue easily – killer acquisitions and ecosystem concerns – but what different authorities mean exactly by these concepts and how theories will play out in practice remains challenging to predict. The recent European Commission decision to prohibit the acquisition of Etraveli by Booking.com marks a key divergence not only between authorities (the CMA cleared the transaction unconditionally at Phase I) but also with previous EC practice. The EC’s main theories of harm are novel: this is a conglomerate case but the concern is not about leveraging dominance into new or nascent markets but about adding functionalities that protect the acquirer´s market position in its core market. Some critics have described it as an “efficiency offence” theory of harm where intervention takes place because a leading player offers a better product (here an integrated flight and hotel booking service) rather than because they foreclose rivals. Amid reports of friction within the EC hierarchy, Booking.com’s appeal and the EC seemingly stepping into the CMA’s shoes as the more interventionist regulator (see here), the EU’s merger regime looks less certain than at any time in the recent past.

Uncertainty is also growing in the US as the agencies have released their long-awaited draft revised Merger Guidelines. The release follows a number of well publicised court defeats for US regulators in the tech sector, and are positioned as aspirational, seeking to pull the courts into alignment with the authorities. The guidelines update the merger assessment for the digital economy, with additional guidance on multisided markets. A renewed focus on presumptions of harm for acquisitions by dominant firms and further guidance on “incipient harms to competition” also seems levelled at the tech sector. Test cases are likely to begin in 2024. In parallel, sweeping procedural changes will require merger parties to submit substantially more data and narrative on the competitive effects of transactions, giving authorities scope to dive deeper into substance especially on tech deals.

In China, the authority is working on draft horizontal guidelines. The guidelines are early stage but, in line with peer authorities highlight the importance of considering the multisided nature of digital platforms and data and privacy issues. Meanwhile, the authority continues to consider tech mergers from both competition and industrial policy angles and is mindful of the different competition and regulatory dynamics in China. These have led to divergent outcomes, where cases unconditionally cleared elsewhere are subject to remedies in China, such as Intel/SK hynix, Maxlinear/Silicon Motion, or subject to more remedies than in other jurisdictions, such as (probably) Broadcom/VMware (ongoing). 

Remedies – a less hostile environment for behavioural remedies?

Before Microsoft/Activision it was often argued that the EC and China stood on one side of the fence, open to considering non-structural solutions to competition problems and in particular prepared to accept access remedies (e.g. Meta/Kustomer), while the rest of the world stood on the other. The view from the "other” side was, summed up by the CMA’s former Executive Director for Markets and Mergers “the case against behavioural remedies is simple and [empirical]: they are more likely to go wrong”.

But following the CMA’s prohibition decision in April 2023 and its unprecedented about turn resulting in conditional phase I clearance of a restructured deal just four months later, where do we stand? Whilst the remedy actually accepted by the CMA was purely behavioural (relating to the terms of the sale to Ubisoft and making these enforceable by the CMA), the sale to Ubisoft itself was set up to occur prior to closing and therefore the CMA was considering a transaction in which Microsoft was not acquiring cloud gaming rights outside the EEA. Does this nonetheless suggest a softening on behavioural remedies, perhaps especially for tech firms where the DMU’s regulatory powers will put it in a better position to monitor and enforce ongoing behavioural remedies? Possible, but in our view unlikely.

Outside the EEA, despite some hints of softening towards behavioural remedies at the FTC (Amgen, Quantum), it seems unlikely that the agencies will soften their stance in most deals under current leadership. The US is likely to continue to align its approach more closely with the UK, setting up challenges based on increasingly novel theories of harm without accepting flexible remedy measures to address them.

In China, the authority continues to be open to behavioural remedies, including to address conglomerate concerns or supply security concerns. Divestitures to a buyer preferred for China purposes may face difficulties in obtaining other approvals (such as CFIUS) so may be less attractive.

Where now?

Parties to international tech mergers need to consider how global competition concerns impact national and regional markets. Detailed consideration of local market conditions (including customer and competitor views, which may diverge between jurisdictions) are a must. A “one size fits all” remedy package will in many cases prove a forlorn hope. Prolonged pre-notification processes, flexible remedies proposals and staggered submissions to allow regulators to consider packages in unison may go some way to reducing risk, but early strategising and risk allocation will be critical.  

The era of increased FI regulation and enforcement is well and truly here. The latest OECD report noted a “historically unprecedented level” of attention on foreign investment control. This year has seen European countries (including Belgium, the Netherlands, and soon Sweden) continue to introduce or strengthen their foreign investment rules. That trend will continue through 2024 with all Member States expected to adopt similar legislation.

The desire for stronger foreign investment controls reflects the global political climate. Governments have been looking to protect critical technology inputs and their national capabilities, as they recognise the importance of certain technologies to their economies, national security, and domestic resilience.

FI rules biting tech deals 

This year has seen technology deals - amongst others - blocked by foreign investment authorities. Examples include Italy’s veto of a Russian-linked takeover of a cloud services company, and Germany’s block of a Chinese takeover of a satellite startup.

Semiconductors have become a particular focus area for foreign investment authorities, with demand for advanced semiconductors expected to have doubled by 2030. In November 2022, the UK government used its powers under the NSIA to order Chinese-owned Nexperia to sell its 86% stake in Newport Wafer Fab, the UK’s largest manufacturer of semiconductors. Two years later, it has been announced that Newport Wafer Fab will be acquired by US-owned Vishay Intertechnology, Nexperia has said it will continue to challenge the divestment order in the courts.  

Semiconductor deals represented 9% of cases reviewed in the EU in 2022, and in the US ‘Semiconductor and Other Electronic Component Manufacturing’ represented approximately 4% of the total Declarations (short-form filings) submitted and approximately 5% of the total Notices (long-form filings) submitted in 2022. The UK is also considering a separate mandatory category for semiconductors as part of its recent call for evidence.

Outbound investment

The outflow of technology knowhow, and domestic investment into critical technologies abroad, has increasingly been perceived to raise geo-political concerns and national security risks. This year, we have seen countries consider whether outbound investment regimes should be introduced – particularly with regards to investment into countries considered to be higher risk, with a focus on sensitives or emerging technologies.

The US remains ahead of the curve, having recently published a proposed outbound investment regime. On 9 August 2023, President Biden signed a long-expected executive order that will restrict outbound foreign investment to a designated ‘country of concern’. At present this is limited to investments into China (including Hong Kong and Macau), but there is scope to extend this to other countries in the future. The new regime will require notification for some transactions while prohibiting others, with an emphasis on three categories: 1) semiconductors and microelectronics, 2) quantum information technology, and 3) artificial intelligence. Notably, the regime can affect transactions where neither party is based in the United States. While draft rules are yet to be published, the Treasury consulted on 83 issues, so the implementation of the executive order is not expected for several months.

In line with this growing trend, in June the European Commission published its Joint Communication on a European Economic Strategy. The Communication sets out the strategy for developing a framework for the assessment and management of security risks raised by certain economic activities. Of particular interest was the proposal made by the Commission to develop an outbound investment review mechanism. Whilst no set proposals have yet been made, a dedicated group of Member States’ experts will examine the security risks that could result from outbound investments. The Strategy was followed in October by a list of 10 critical technology areas that the Commission recommended for further risk assessment. In particular, four technology areas were considered “highly likely to present the most sensitive and immediate risks related to technology security and technology leakage”: advanced semiconductors, artificial intelligence, quantum technologies and biotechnologies. The Commission’s recommendation is that these four areas should “as a matter of highest priority” be the subject of the Member States’ collective risk assessment, which should identify and analyse any security risks posed by outbound investment. This risk assessment is due by the end of 2023.

Moves by the US and EU towards screening outbound investments are likely to spur on other countries to follow suit. The UK government is currently considering the potential national security risks posed by outbound investment. This is certainly an area we expect to see more of in 2024. 

EU Foreign Subsidies Regulation

The EU Foreign Subsidies Regulation (FSR) adds an extra layer of regulatory scrutiny to deals where parties have received a “subsidy” from a foreign (non-EU) country. There are three new powers: the first two involve mandatory pre-closing filings with the European Commission when certain thresholds are met adding a further layer of scrutiny to transactions. The third grants the Commission broad investigatory powers. As governments (and the EU) seek to incentivise near-shoring of critical technologies, this regime will become increasingly relevant for companies doing business in the EU that receive such incentives elsewhere. Illustrative of this dynamic, the Commission has already identified the semiconductor industry as a sector where scrutiny can be expected.

Regulators continue to probe digital spaces, and a complex matrix of overlapping online rules is taking shape. The consumer protection framework will impact all companies who interact with consumers, especially online. And with the penalties for getting these decisions wrong set to sharply increase in a number of jurisdictions, this is the moment for consumer facing businesses to consider the compliance environment holistically.

Casting the net wide on tech applications

Consumer regulation looks at every stage of interactions between customers and firms, from first contact, perhaps on a website, through advertising, sales processes, contract terms, and what happens if things go wrong and the consumer wants to cancel the contract. This impacts the way in which sites and apps are built. At EU level, the DSA's prohibition on "dark patterns" will impact online choice architecture and the CMA have conducted an extensive evidence review as well as investigating the use of price reduction (including reference pricing) and urgency claims in both the Emma Group and the Wowcher investigations. The use of urgency and price reduction claims, dark nudges, drip pricing, choice overload and default settings have all come under scrutiny, as authorities seek to ensure transparency and freedom of choice for consumers.

Fake reviews, including those generated by AI, have also come under scrutiny, in France, where the DGCCRF has published practical information, including current regulations, on fake reviews, the UK, where the Government is currently consulting on further rules to tackle fake reviews online, and Germany, where a sector inquiry into user ratings resulted in a deep-dive into over 60 websites across 16 sectors, and over 70 subsequent court cases to challenge the use of fake reviews.

Both host platforms and content owners will be caught by regulations. Platforms are responsible for ensuring transparency and monitoring dissemination of harmful materials in their ecosystem, as underlined by work completed by the EC with the new Platform-to-Consumer duties under the DSA, CMA, French DGCCRF and FCO. But content owners, including individuals can also be held responsible for actions such as posting hidden advertisements on social media or posting fake reviews. Platforms need to have robust monitoring mechanisms to detect infringements by businesses and individuals operating within their ecosystem.

Fines and enforcement risk set to increase

As the complexity of compliance obligations grows, so too does the risk of getting it wrong. A number of authorities will be getting higher fining powers in 2024 or have signalled their intention to utilise consumer protection powers in the tech sphere.

Ahead of the pack, is the Australian Competition and Consumer Commission (ACCC) who has been deploying its consumer protection powers, which are on a par with its competition powers, against Big Tech companies for some years now. In just the past 12 months, the ACCC has secured an AUD 21 million penalty against Uber for misleading representations, finished (and lost) a long court battle with Google over collection of user data, and continued its proceedings against Meta for publishing scam advertisements. But now it is gearing up for increased maximum penalties, with proposals for companies to be fined up to the greater of AUD 50 million, three times the value of the benefit obtained, or 30% of the company’s turnover during the breach period.  

The US FTC has also long had parallel enforcement responsibility for consumer protection matters alongside competition matters. Whilst still technically limited in its ability to seek fines absent an established order under both regimes, it has been aggressive in recent times in seeking penalties for violations of orders related to child privacy rules. After agreeing a settlement of $5 billion with Meta for alleged violations of a privacy order regarding data on children in 2019, the FTC sought more novel remedies this year in seeking to prohibit the company from profiting off data from users under 18 and requiring FTC approval of all new services.

In the UK, the CMA is set to get a new suite of consumer enforcement powers under the DMCC, which are likely to be in force from autumn 2024. The CMA will gain direct enforcement powers over a swathe of pre-existing consumer protection rules including broad prohibitions on unfair contract terms and unfair commercial practices. The reforms remove the cumbersome requirement to go to court that has stymied the current regime. Crucially, the CMA will get the power to fine infringers up to 10% of their global turnover, putting their consumer powers on a par with their competition powers, which we expect to result in much greater enforcement in this arena. Italy’s implementation of the Omnibus Directive also sees increasing fines, with maximum penalties for the use of unfair commercial practices and unfair contractual terms doubling from a maximum €5 million to €10 million. In France and Portugal, regulators have been keen to stress their intention to focus on commercial practices in the digital environment, indicating more enforcement in the sector to come.

A broader focus on online harms

The growth in consumer protection enforcement needs to be seen in the context of broader moves to tackle online harms including the EU’s Digital Services Act (DSA) and the UK’s Online Safety Act as well as moves to tackle privacy concerns. An army of regulators across the competition, financial, digital, data and communications spheres are moving together to develop new rules and are equipped with an ever-growing stick with which to challenge individuals and businesses who fail to comply. Whilst regulators are taking different approaches and have nuanced focusses, transparency and fairness remain central pillars across regimes globally. Businesses will need to take a flexible and holistic approach to the increasingly complex regulatory environment.  

Generative AI is bringing a new wave of digital change. Governments and regulators (including competition regulators) are feeling compelled to respond. AI specific regulations which have been introduced in China are the subject of President Biden's Executive Order in October 2023 and are being considered in numerous jurisdictions around the world including the draft EU AI Act. According to the OECD, Governments in 69 countries, territories and the EU have published national strategies on AI, and over 800 AI policy initiatives between them. Concerns range from the existential threat AI could pose to humanity to more immediate concerns around the spread of misinformation, biased outputs being created from biased data sets, and protecting privacy and intellectual property.

For competition authorities, the challenge is the same as it has always been: to ensure that development is pro-competitive, consumer-focussed and transparent; that emerging markets remain contestable and do not tip in favour of a single dominant player.

An emerging market – a stress test for the DMA and DMU?

Globally, the UK’s CMA has been one of the most active competition regulators on AI, publishing its report on AI Foundation models (FMs) in September this year. In its report, the CMA makes clear its preference – especially in fast-evolving markets – to guide rather than seek to force markets to evolve in a way that benefits competition and consumers.

The CMA explicitly acknowledges that overly burdensome regulation can make it difficult for competition and innovation to flourish (in particular, creating barriers to entry/expansion for smaller players), and emphasises that any regulation needs to be “proportionate and targeted at identified risks”. To provide that guidance, the CMA has proposed a set of seven principles, drawn from both its discussions with stakeholders and lessons learned from the evolution of other technology markets:

• Accountability: developers and deployers will be held accountable for outputs provided to consumers

• Access: ongoing ready access to key inputs, without unnecessary restrictions

• Diversity: sustained diversity of business models, including both open and closed models

• Choice: sufficient choice for businesses so they can decide how to use FMs

• Flexibility: having the flexibility to switch and/or use multiple FMs according to need

• Fair dealing: no anti-competitive conduct including anti-competitive self-preferencing, tying or bundling

• Transparency: consumers and businesses given information about the risks and limitations of FM-generated content so they can make informed choices.

The DMCC’s flexible approach will give the DMU powers to step in if the market appears to be developing in ways that cause concern. The DMA is inherently less flexible. AI / FMs are not a “core platform service” under the DMA. Prohibited conduct is specifically identified in the DMA itself with no scope for evolution other than legislative reform. Since AI is not specifically called out in the DMA, and with the surge in interest in generative AI occurring after the DMA was drafted, it calls into question whether the regulation (built to remedy the hands-off regulatory approach of yesterday), meets the needs of today still less those of tomorrow. But, of course, as discussed in our Dominance article above, there remains scope for traditional competition tools (bundling, self-preferencing, leveraging) still to bite.

Is intervention by competition regulators needed at all?

While there are strong arguments for using regulation to prevent wider societal harms from proliferation of AI, is intervention from competition regulators needed at this stage?

ChatGPT captured the public’s imagination because of its accessibility and ease of use with hyper growth from 0 to 100m users in two months. But it wasn’t the first GenAI product and tech companies have been developing AI for years. Big Tech companies are pouring billions into GenAI so there is fierce competition among them, and open source software creates a new dynamic which will impact competition assessments.

More generally, the race to lead in AI is causing major disruption in the sector. The GenX of tech is emerging in the form of new players who are using AI to reshape familiar markets. In cloud computing, Hewlett Packard Enterprise have already announced their market entry, a first step toward its domain-specific AI application plans down the line.

The need for data and processing capacity, the new oil of the 4th industrial revolution, have spurred massive investment in data centres with US$16bn invested in the first nine months of 2023. And high demand and limited supply of computing resources has led to disruptions in markets for chips and cloud services.  

With unprecedented market evolution on the way, new players will emerge to challenge incumbents. With the speed and scale of evolution, the challenge for regulators will be knowing if and when to intervene. They will need to walk the tightrope between innovation chilling intervention and pro-competitive stimulus.