ANTITRUST AND COMPETITION

The European Commission's Merger Simplification Package Enters Into Force

On 20 April 2023, the European Commission (Commission) adopted a new legislative package that entered into force on 1 September 2023 consisting of: (i) an implementing regulation, (ii) a notice on simplified procedure (Notice), and (iii) a communication on the transmission of documents (Communication) (collectively, the Merger Simplification Package). The objective of the Merger Simplification Package is to streamline and expand the scope of the simplified review process for unproblematic transactions as well as to reduce burden on companies with respect to certain information requirements when notifying transactions.

Under the simplified procedure, merging companies have to provide less information and are able to obtain clearance faster than under the standard procedure. In this respect, the Notice now includes two new categories with the result that the simplified procedure also applies when, under all plausible market definitions: (i) the individual or combined upstream market share of the merging parties is below 30%, and their combined purchasing share of the upstream inputs is below 30%; or (ii) the individual or combined upstream and downstream market shares of the merging parties are below 50%, the market concentration index (known as the "HHI delta") is below 150, and the company with the smaller market share is the same in the upstream and downstream markets.

The Notice introduces flexibility clauses, which allow the Commission, at the request of the notifying party, to review transactions under the simplified procedure even when the criteria for a simplified procedure are not met. The Merger Simplification Package also provides for the "super-simplified" procedure for transactions relating to extra European Economic Area joint ventures and all transactions where there are neither horizontal overlaps nor vertical relationships between the merging parties' activities. The parties can file these transactions directly without any pre-notification contact with the Commission.

The Merger Simplification Package generally provides for a more streamlined approach regarding the information requirements. It includes a revised set of filing forms (consisting of Form CO, Short Form CO, Form RS, and Form RM) with a number of welcome changes that will reduce the burden on merging parties in transactions with no substantive concerns. For instance, the new Short Form CO introduces a "tick-the-box format" with multiple-choice questions. Both the Form CO and Short Form CO also contain several tables and template language aimed at streamlining the information to be provided by the parties. However, the parties still need to provide information on all "plausible" markets, which may involve a complex and burdensome data collection exercise. Moreover, the parties must disclose information on pipeline products and may be required to provide additional information on noncontrolling shareholdings. Finally, the Communication provides for electronic submissions of documents by default.

The Merger Simplification Package also introduces a number of positive changes and is expected to result in additional 14% and 19% of all horizontal and vertical transactions, respectively, to be reviewed under the simplified procedure. However, some of the issues with the previous information requirements remain, including the introduction of additional information requirements, so that it remains to be seen whether the Merger Simplification Package will indeed reduce red tape and enable the Commission's resources to be efficiently allocated on the more problematic and complex transactions.

When the GDPR and Competition Law Cross Paths

On 4 July 2023, the Court of Justice of the European Union (CJEU) issued a preliminary ruling on a number of questions raised by the Higher Regional Court of Düsseldorf regarding the interaction between data protection and competition rules.

This case involved two tech companies (and their subsidiaries) part of the same group (Company 1 and Company 2, together Companies). Company 1, by operating the online social network of Company 2, was found by the German Federal Cartel office to have abused its dominant position by collecting data about users' activities on and off this social network through acceptance of its policies and associating it with the user's Company 2 account. This data, related to Company 2 user's browsing of third-party webpages and applications and their collection, enabling Company 1 to create targeted advertisements to Company 2 users.

In its decision, the German Federal Cartel Office notably prohibited the processing of private users' off- Company 2 data without their consent, and it concluded that since the processing carried out by Company 1 did not conform to the General Data Protection Regulation (GDPR), such processing constituted an abuse of Company 1's dominant position on the German online social networking market.

The German Federal Cartel Office's decision was appealed before the Higher Regional Court of Düsseldorf, which asked the CJEU: (i) to determine whether a national competition authority is allowed to examine if a data processing operation complies with the GDPR, and (ii) to interpret the application of certain provisions of the GDPR to the processing of data by the operator of an online social network.

The CJEU addressed this point by confirming that a national competition authority, when assessing a suspected abuse of dominant position, may, where appropriate, examine whether a company's conduct complies with rules other than competition law, such as the GDPR. The CJEU further stated that the exclusive purpose of such assessment of compliance with GDPR must be related to determining the existence of potential abuse of a dominant position. In doing so, national competition authorities are bound by a duty of "sincere cooperation" and are therefore expected to consult and cooperate with the authorities competent to apply the GDPR and to verify whether such conduct or other similar conduct has already been treated by the competent authority or by the CJEU. In case data protection authorities do not provide an answer within a reasonable period of time, national competition authorities may pursue their own investigation.

Furthermore, the CJEU asserted that visiting a website or an app cannot be considered as manifestly making a user's data public in the sense of the GDPR. In any event, the user must explicitly choose beforehand to make his or her data publicly available to an unlimited number of persons.

In addition, according to the CJEU, the use of personalized advertising to finance Company 2 social network cannot constitute a legitimate interest within the meaning of Article 6 (f) of the GDPR. The CJEU here upheld the three cumulative conditions necessary for the lawful processing of personal data in the sense of Article 6 (f) of the GDPR: (i) the pursuit of a legitimate interest by the data controller or by a third party, (ii) the need to process data in this interest, and (iii) the lack of overriding interests or fundamental rights of the data subject. The CJEU decided that users' interest and fundamental rights prevail over the interests of the controller, as this personal data is processed in circumstances that the data subjects would not reasonably expect. Therefore, data processing cannot be grounded on the controller's legitimate interest.

Moreover, the CJEU ruled that the processing of personal data on online social media is lawful where it is based on a necessity for the performance of a contract, provided that such processing is essential for the proper performance of the contract. According to the CJEU, the personalization of content did not appear to be objectively indispensable to the service provision of online social networks, given that these services could also be provided to users by alternative means that do not require personalized content.

Finally, the CJEU indicated that an online social network operator holding a dominant position on the social network market may validly receive consent from users to the processing of their personal data, provided that such consent is validly and freely given, which is incumbent on the operator to prove.

ECONOMIC AND FINANCIAL AFFAIRS

Investment Funds: EU Parliament and Council Reach Political Agreement on the Alternative Investment Fund Managers Directive and the Directive on Undertaking for Collective Investments in Transferable Securities

On 19 July 2023, the European Parliament (Parliament) and the Council of the European Union (Council) reached a provisional agreement on amendments to the Alternative Investment Fund Managers Directive and to the Directive on Undertaking for Collective Investments in Transferable Securities.

The review, initiated by the Commission in 2021, aims to modernize the existing set of rules for investment funds. The amendments include:

Enhanced authorization procedures

Funds' managers will have to provide more detailed information for their authorization, including statements on their own resources.

A strengthened oversight of delegation arrangements to third parties

Funds' managers will need to report to national competent authorities (NCAs) the amount and percentage of their delegated assets under management. NCAs will further communicate the figures to the European Securities and Markets Authority (ESMA), which will draft regulatory technical standards outlining the content, forms, and procedures for the transmission of delegation notifications. Additionally, ESMA will undertake peer reviews of EU supervisory practices to prevent the creation of letterbox entities.

The introduction of a loan originating funds (LOFs) regime

This includes a commonly agreed definition of LOFs in two parts: (i) a fund having an investment strategy to originate loans that (ii) accounts for at least 50% of its net asset value. A risk retention rule will require investment funds to retain 5% of the notional value of an originated loan, while they will need to adopt a close-ended structure when engaging in loan originating to a significant extent (60%). Finally, funds' managers with an open-ended structure will need to possess further liquidity risk tools to face exceptional circumstances.

The implementation to liquidity risk management requirements

This includes pre-contractual disclosures to investors regarding the fund's liquidity risk management framework. NCAs will be empowered to require EU funds' managers to activate or deactivate a liquidity risk management tool, allowing swift regulatory response to systemic risks. ESMA will contribute by drafting additional regulatory technical standards in this sector.

A set of rules concerning the disclosure of costs and charges

Similar to the retail investment strategy, fund managers will be required to report annually all direct and indirect fees and charges incurred. ESMA will work to develop a common understanding of "undue costs."

The provisional agreement now awaits formal adoption by the co-legislators. Following translation into all EU official languages, the text will be published in the Official Journal of the European Union and become applicable upon transposition into national law by all EU member states, with a 24-month implementation period.

The Commission Urges Businesses to Adopt Stricter Due Diligence Measures to Prevent Circumvention of Sanctions Against Russia

On 7 September 2023, the Commission published a new guidance note to help businesses identify, assess, and reduce the possible risks of sanctions circumvention (Due Diligence Guidance).

Businesses established in the European Union, businesses from outside the European Union with respect to activities carried out in the European Union, and EU citizens (collectively, EU Operators) are required to comply with the European Union's sanctions imposed in relation to Russia, including the prohibition to engage in activities amounting to circumvention of the EU sanctions. This requires them to exercise due diligence calibrated according to the specificities of their business and the related risk exposure.

This is not new, and the due diligence requirements for the purposes of preventing sanctions circumvention reflect the requirements for general sanctions due diligence. They comprise: (i) a risk assessment, and (ii) enhanced due diligence where relevant.

The Due Diligence Guidance is helpful in that it provides examples on the products, business partners, and transactions, which pose a heightened risk of participation in circumvention. For example, businesses urged to exercise particular vigilance include EU manufacturers of semiconductor devices or goods, which may be often and easily miscategorized under an Harmonized System (HS) code not subject to sanctions. The Due Diligence Guidance also provides a list of circumvention red flags, including, for example, when new customers are located in countries the Commission refers to as "circumvention hubs" or if complex corporate or trust structures with links to countries, which are friendly with Russia, are involved.

In addition to the Due Diligence Guidance itself, the following lists can help EU Operators identify compliance risks:

  • The Commission's list of sanctioned high-priority battlefield items.
  • The Commission's list of economically critical goods.
  • Annex IV of Council Regulation (EU) 833/2014, which lists entities in third countries posing a heightened risk of circumvention.

The Commission further recommends that EU Operators trading in restricted goods should include clauses in contracts with third-country business partners prohibiting the re-export of sanctioned items to Russia and Belarus, as well as providing for possible ex post verifications.

The Due Diligence Guidance was published in the context of the Commission's growing emphasis on enforcing EU sanctions against Russia and tackling what it refers to as "various and increasingly elaborate schemes and techniques to circumvent" EU sanctions. It is not exhaustive, but businesses may wish to use it to review their trade compliance programs and ensure that the relevant staff is familiar with the red flags list and other examples of fact patterns that the Commission believes call for enhanced due diligence.

DIGITAL AFFAIRS

The Commission Designates First Six Gatekeepers

On 6 September 2023, the Commission designated the first six gatekeepers under the Digital Markets Act (DMA), a new regulatory instrument aimed at ensuring contestable and fair markets in the digital sector. According to the DMA, the Commission can in fact designate digital platforms as gatekeepers when they provide an important gateway between businesses and consumers in relation to their core platform services (22 core platform services in total for all the designated gatekeepers).

The designations follow a 45-day review process initiated after the notification to the Commission by seven entities of their self-assessed potential status as gatekeepers.

Beyond the designations themselves, the Commission has also opened four market investigations to further assess potential gatekeepers' submissions, arguing that, despite meeting the thresholds, some of their core platform services do not qualify as gateways. The investigations are due to be finalized within five months.

Finally, the Commission opened a market investigation to further assess whether additional core platform service of one of the gatekeepers should be designated, despite not meeting the thresholds. This investigation is due to be completed within a year.

The six designated gatekeepers will now have six months to ensure full compliance with the DMA obligations for each of their designated core platform services. After the six-month period, they will have to submit a detailed compliance report in which they outline how they comply with the obligations provided under the DMA, such as rules on data access and usage, bundling, or interoperability.

In the meantime, some of the obligations will start applying as of the date of designation, such as the obligation to inform the Commission of any intended concentrations.

SUSTAINABILITY

Sustainability Reporting: Commission Adopts First Set of Standards for all companies subject to the Sustainability Reporting Directive

On 31 July 2023, the Commission adopted the first set of European sustainability reporting standards (ESRS) for companies subject to the Corporate Sustainability Reporting Directive (CSRD).

The ESRS comprise 12 standards divided into two overarching categories: (i) two cross-cutting standards establishing comprehensive reporting and disclosure requirements, and (ii) 10 standards addressing environmental, social, and governance matters. Their implementation will occur gradually, with the first report to be submitted in 2025 for the financial year 2024.

The European Financial Reporting Advisory Group (EFRAG) drafted an initial version of the standards in November 2022. The Commission amended the first draft and sought feedback through a public consultation that closed on 7 July 2023.

The Commission's amended versions include the following elements, among others:

  • The extension of the materiality assessment across all standards (with the exception of the second ESRS standard), which are aimed at simplifying the procedures and compliance mechanisms for reporting entities.
  • The inclusion of additional requirements for companies reporting under other EU texts, prescribing to explicitly mention when a data point is not material under CSRD as it is already covered by other disclosure obligations.
  • The introduction of voluntary disclosure requirements that were initially mandatory, including biodiversity transition plans.
  • The addition of supplementary phase-in provisions for entities with fewer than 750 employees.

On 21 August 2023, the Commission submitted the draft delegated regulation to the Parliament and the Council for their scrutiny. The act is expected to be published in the Official Journal of the European Union by the end of October 2023. On 7 September 2023, Commissioner Mairead McGuinness announced before the Parliament's Committee on Legal Affairs the Commission's intention to delay the implementation of the second set of standards from 2024 to 2026, allowing companies to concentrate on the first set of ESRS.

On the same topic, EFRAG and the global reporting initiative confirmed the full interoperability of their standards, facilitating the reporting processes for companies. EFRAG is currently working on providing guidance for companies in their materiality assessment and in the identification of material impacts, risks, and opportunities in their value chain.

The Parliament Adopts Its Initial Position on CRMA

On 14 September 2023, the Parliament adopted its negotiating position on the Critical Raw Materials Act (CRMA) proposal for a regulation, thereby initiating trilogue discussions with the Council and the Commission. The report was adopted with 515 votes in favor, 34 against, and 28 abstentions.

The CRMA proposal for a regulation, presented by the Commission on 16 March 2023, lays down a regulatory framework to support the development of the European Union's production capacity and strengthen the European Union's sustainability and circularity of its critical raw material supply chains, many of which have been identified as vulnerable. To that end, it establishes a list of critical raw materials, including strategic raw materials, to ensure their secure and sustainable supply. Furthermore, the CRMA would be the first EU act to regulate critical raw materials and introduce the concept of strategic raw materials.

The Parliament position underscores the importance of securing strategic long-term partnerships between the European Union and third countries in order to diversify the EU's supply. Members of the Parliament also insist on the need to focus on research and innovation regarding substitute materials and production processes that could replace raw materials in strategic technologies.

With respect to circularity targets, whereas the Commission had proposed to set the European Union's benchmarks for domestic processing and recycling of critical raw materials at 40% and 15%, respectively, by 2030, the Council wants to increase these values to 50% and 20%, respectively. In its negotiating mandate, the Parliament agreed to set the processing of critical raw materials at 50%. However, the Parliament changed the recycling benchmark by referring to an EU recycling capacity in proportion to all strategic raw materials contained in waste. Thus, the Parliament's circularity target differs from the proposal's initial recycling benchmark, which was relative to the European Union's total consumption of each raw material, not how much ends up in the waste. Furthermore, the negotiating mandate sets circularity targets for recycling by including a benchmark for the European Union to develop 10% more volume of recycling capacity compared to the baseline for the period of 2020–2022 for each strategic raw material with a view to collect, sort, and process at least 45% its waste.

Following trilogue meetings between the Parliament, the Council, and the Commission, a provisional agreement on the text of the CRMA is expected by the end of 2023. A vote in both the Parliament and the Council would then take place to formally adopt the act.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.