NortonLifeLock and Avast offer buyers cybersecurity software programs under a wide range of different brand names. Products include antivirus software programs (also known as endpoint security software), privacy software (such as VPNs), and identity protection software programs. The companies unveiled plans to merge in August 2021 in a £6bn deal.

In its Phase 1 preliminary investigation, the Competition and Markets Authority (CMA) concluded that the transaction raised a practical prospect of significantly reducing competition and referred the merger for an in-depth Phase 2 investigation. Issues to review in more detail in March 2022.

In a Phase 2 investigation, the legal standard for assessing whether or not a deal creates problems with competitors is higher to reflect the particularly intense scrutiny that goes into a Phase 2 investigation. By applying this particularly rigorous test, the CMA tentatively concluded in August 2022 that the deal does not significantly displace competitors in the UK and cannot be expected to do so sooner or later. Following a consultation that ended on August 24, 2022, the CMA confirmed its preliminary findings and approved the transaction.

The CMA's Phase 2 investigation found that the delivery of cybersecurity software programs to consumers is rapidly evolving. Free and paid business providers are constantly developing and improving their products to meet the diverse and changing needs of customers.

While the CMA's Phase 1 decision raised concerns about the extent of competition the combined entity would face, a particularly detailed analysis of the transaction has revealed that the merged entities face vigorous competition. This comes from McAfee, their main competitor, as well as a number of different vendors who currently have a smaller market position in the UK.

The CMA also noted that security applications from Microsoft, which occupies a new position in the market as the owner of the Windows operating system, offer consumers increasingly important choices.

In recent years, Microsoft has improved its built-in, built-in security utility so that it now offers protection as good as many specialty vendor products. Additionally, the apps Microsoft recently released for its customers bring its cybersecurity offering closer to that of the merging companies and should further strengthen Microsoft as a future competitor.

On this basis, the CMA believes that the merging companies will continue to face sufficient competition after the transaction is completed and has concluded that the merger does not raise any competition concerns.

Kirstin Baker, Chair of the CMA Research Group, said:

Millions of people across the UK trust cybersecurity companies to keep them safe online.

Notes to the editor:

For media inquiries, please contact the CMA press office on 020 3738 6460 or [email protected].

A Phase 2 investigation has a unique legal test for Phase 1. In its assessment of Phase 1 mergers, the CMA must assess whether or not the merger creates a "reasonable prospect" of a significant reduction in competition ( SLC). In phase 2, the CMA applies a "match odds" threshold. The Phase 1 Practical Outlook Threshold is intentionally a lower and more conservative threshold for an SLC finding than that applied by the CMA after a more extensive Phase 2 investigation.

The CMA held a three-week consultation on the preliminary findings through August 24, 2022, open to input from any of the CMAs. Responses will be posted on the Merger Inquiries page.