The impact of EU regulations on M&A transactions

The impact of EU regulations on M&A transactions

M&A transactions in Europe are heavily influenced by a complex set of regulations that companies must know extremely well in order to protect themselves and ensure compliance. The European Union's antitrust and data protection laws are two of the most significant affecting M&A transactions, and their impact cannot be underestimated.

Antitrust rules

EU antitrust rules, governed primarily by the European Commission (EC), are designed to prevent business practices that may limit competition. These rules are strictly enforced in M&A transactions to prevent creating monopolies or significantly reducing competition in the market.

The key regulation in this area is Regulation (EC) No 139/2004 on the control of concentrations between undertakings, also known as the Merger Regulation. This regulation requires transactions above certain turnover thresholds to be notified to the EC prior to their implementation. For example, in 2023, 380 mergers were notified to the EC, of which 28 were subject to an in-depth investigation (Phase II).

A recent case exemplifying the stringency of these rules is the intended acquisition of Activision Blizzard by Microsoft in 2023. The EC launched an in-depth investigation due to concerns that the transaction could reduce competition in the video games and subscription services markets. This type of scrutiny reflects how antitrust rules can delay or even block high-profile transactions, underlining the importance of careful planning and early consultation with regulatory authorities.

Data protection

The General Data Protection Regulation (GDPR) is another regulatory pillar that significantly affects M&A transactions in Europe. It came into force in May 2018 and sets strict requirements on how companies must handle and protect personal data. Companies involved in M&A must ensure compliance with the GDPR to avoid significant fines and reputational damage.

One of the main concerns during an M&A transaction is the transfer of personal data. According to the GDPR, any transfer of personal data must be justified and have in place adequate security measures. An example of non-compliance is the fine imposed on Clearview AI in 2023, where the company was fined €20 million for privacy violations linked to the collection of biometric data without consent.

Addressing regulatory challenges

To address regulatory challenges in M&A effectively, companies should adopt several key strategies:

1.       Prior Assessment and Rigorous Due Diligence: Due diligence should not only focus on financial aspects, but also on regulatory risks. Identifying and mitigating these risks from the outset can avoid delays and penalties. It is crucial to have a legal advisory team with expertise in EU regulations. We are specialists at Confianz.

2.     Early Interaction with Regulatory Authorities: Involving regulatory authorities from the early stages can facilitate greater clarity and reduce the risk of protracted investigations. Early consultation with the EC can help identify antitrust concerns before they become significant obstacles.

3.     GDPR Compliance Planning and Documentation: Companies should ensure that they have robust procedures to manage personal data and to ensure that any transfer of data complies with the GDPR. This includes conducting Data Protection Impact Assessments (DPIAs) when necessary.

4.    Adaptability and Flexibility: M&A transactions often require adjustments to comply with regulations. This may include selling certain assets to obtain antitrust approval or implementing additional data security measures.

Companies should adopt a proactive and collaborative approach, involving trustworthy legal counsel such as Confianz and consulting regulatory authorities from the outset, to maximise the success of their M&A transactions.

Manuel Urrutia.