The UK authorities have approved the anticipated acquisition of Avast by NortonLifeLock following an in-depth merger investigation. Both cybersecurity providers announced plans to merge in a £6 billion deal in August 2021.

NortonLifeLock and Avast both offer cyber safety software to consumers under a variety of different brands. Products include antivirus software (also known as endpoint security software), privacy software (such as VPNs) and identity protection software.

In its initial Phase 1 investigation, the Competition and Markets Authority (CMA) concluded that the deal raised a realistic prospect of a substantial lessening of competition, and referred the merger for an in-depth Phase 2 investigation to consider those concerns in more detail in March 2022.

In a Phase 2 investigation, the legal standard to assess whether a deal raises competition concerns is higher, to reflect the more extensive investigation that takes place in a Phase 2 inquiry. When applying that more stringent test, the CMA provisionally concluded, in August 2022, that the deal does not substantially reduce competition in the UK and may not be expected to do so in the future. Following a consultation that ended on 24 August 2022, the CMA has upheld its provisional findings and cleared the deal.

The CMA’s Phase 2 investigation has found that the supply of cyber safety software to consumers is rapidly evolving. Providers of paid-for and free services are continually developing and improving their products to meet different and changing customer needs.

While the CMA’s Phase 1 decision raised concerns about the extent of competition that the merged business would face, a more detailed analysis of the deal has found that the merging businesses face significant competition. This comes from McAfee – their main rival – plus a range of other suppliers that currently have a smaller market position in the UK.

The CMA also found that security applications provided by Microsoft, which holds a unique position in the market as the owner of the Windows operating system, offer increasingly important alternatives for consumers.

In recent years, Microsoft has improved its built-in, bundled security application so that it now offers protection which is as good as many of the products offered by specialist suppliers. In addition, applications recently launched by Microsoft for its customers bring its cyber safety offering closer to those of the merging businesses and are likely to further strengthen Microsoft as a competitor going forward.

On this basis, the CMA considers that the merging businesses will continue to face sufficient competition after the deal completes and has concluded that the merger does not raise competition concerns.

Kirstin Baker, chair of the CMA inquiry group, said:

„Millions of people across the UK rely on cyber safety services to keep them safe online. Phase 2 investigations allow us to explore concerns identified in our initial review in more detail, as we gather further information from the companies involved and other industry players. After reviewing the evidence in an in-depth review, we are now satisfied that this deal won’t worsen the options available to consumers. As such, we have concluded that the deal can go ahead.”