NortonLifeLock and Avast both offer cyber safety software to consumers under a variety of different brands. Products include antivirus software (also known as endpoint security software), privacy software (such as VPNs) and identity protection software. The companies announced plans to merge in a £6 billion deal in August 2021.
In its initial Phase 1 investigation, the Competition and Markets Authority (CMA) concluded that the deal raised a realistic prospect of a substantial lessening of competition, and referred the merger for an in-depth Phase 2 investigation to consider those concerns in more detail in March 2022.
In a Phase 2 investigation, the legal standard to assess whether a deal raises competition concerns is higher, to reflect the more extensive investigation that takes place in a Phase 2 inquiry. When applying that more stringent test, the CMA provisionally concluded, in August 2022, that the deal does not substantially reduce competition in the UK and may not be expected to do so in the future. Following a consultation that ended on 24 August 2022, the CMA has upheld its provisional findings and cleared the deal.
The CMA’s Phase 2 investigation has found that the supply of cyber safety software to consumers is rapidly evolving. Providers of paid-for and free services are continually developing and improving their products to meet different and changing customer needs.
While the CMA’s Phase 1 decision raised concerns about the extent of competition that the merged business would face, a more detailed analysis of the deal has found that the merging businesses face significant competition. This comes from McAfee – their main rival – plus a range of other suppliers that currently have a smaller market position in the UK.
The CMA also found that security applications provided by Microsoft, which holds a unique position in the market as the owner of the Windows operating system, offer increasingly important alternatives for consumers.
In recent years, Microsoft has improved its built-in, bundled security application so that it now offers protection which is as good as many of the products offered by specialist suppliers. In addition, applications recently launched by Microsoft for its customers bring its cyber safety offering closer to those of the merging businesses and are likely to further strengthen Microsoft as a competitor going forward.
On this basis, the CMA considers that the merging businesses will continue to face sufficient competition after the deal completes and has concluded that the merger does not raise competition concerns.
Kirstin Baker, chair of the CMA inquiry group, said:
Millions of people across the UK rely on cyber safety services to keep them safe online.
Phase 2 investigations allow us to explore concerns identified in our initial review in more detail, as we gather further information from the companies involved and other industry players. After reviewing the evidence in an in-depth review, we are now satisfied that this deal won’t worsen the options available to consumers. As such, we have concluded that the deal can go ahead.
For more information, visit the NortonLifeLock / Avast merger inquiry page.
Notes to editor:
For media enquiries, contact the CMA press office on 020 3738 6460 or [email protected].
A Phase 2 inquiry has a different statutory test to Phase 1. In its assessment of mergers at Phase 1, the CMA is required to assess whether the merger creates a ‘realistic prospect’ of a substantial lessening of competition (SLC). At Phase 2, the CMA applies a ‘balance of probabilities’ threshold. The realistic prospect threshold at Phase 1 is intentionally a lower and more cautious threshold for an SLC finding than that applied by the CMA after more extensive investigation at Phase 2.
The CMA ran a 3-week consultation on the provisional findings up to 24 August 2022, during which time anyone could make submissions to the CMA. The responses are published on the merger inquiry page.