On 14 November, the EU Commission published a proposal to address competition concerns in maintenance services related to SAP’s Enterprise Resource Planning (“ERP”) business.

This revisits a very long-standing antitrust question. Way back in 2003-5, the prominent battle by Oracle to purchase PeopleSoft went through not only the US federal courts, but the EU Commission (as it now is) as well. That time, Oracle was allowed to consolidate the ERP market, but not before a remarkably heated battle had played out in U.S. v. Oracle.

Now it is SAP’s turn to be in the hot seat, and this time the action is in Brussels. The new case revolves around allegations that there is undue difficulty in switching between maintenance providers. Now that the Commission has published proposed Commitments – essentially a form of settlement – the main question is whether these go far enough to address those concerns.

There is a one-month period to comment on the proposed worldwide settlement.

SAP in the Cloud: How Licensing Shifts Are Reshaping Support and Competition

Over the past decade, SAP has been quietly transforming not just its technology but its entire business model. For many organisations, this change is invisible until renewal or migration time, when familiar perpetual licences and independent support options give way to tightly bundled cloud subscriptions. What was once a market rich with options – multiple deployment models, negotiable support terms, and competing maintenance providers – is becoming increasingly concentrated around SAP itself.

For lawyers advising on technology contracts, outsourcing, or competition issues, this shift raises important questions about control, flexibility, and competition law. Above all: how far should the law intervene to open up the maintenance market for SAP systems?

Modern ERP discussions focus on cloud-based systems. The upfront decision to move to the cloud often de facto loses support choice down the road. For instance, moving HR systems to the cloud-based provider Workday implies using a certified partner with support generally coming from Workday Service Partners for Application Management Services (AMS).

The biggest competition impact of all would be for third party maintenance providers such as Rimini Street and Spinnaker Support to be able to support cloud deployments hosted on the SAP first party cloud. Despite the competitive potential of such a change, the Commission’s investigation appears to have ruled this out of scope by focusing only on on-premises deployments.

It will be interesting to see how that is justified in the eventual public documents. For now, there are just a handful of public documents, and they do not yet explain why the concern is specific to on-premise systems.

The perception seems to be that on-premise consumers lack competition for service, even though no such issue arises in integrated offerings in the cloud. If that is to be the case scope, how does it compare with what is happening in cloud-based services?

From Perpetual Ownership to Subscription Access

Traditionally, SAP sold its software under perpetual licences. Customers paid once for the right to use the product indefinitely, and then paid annual maintenance for updates and support. This structure gave businesses ownership and flexibility: they could decide when to upgrade, whether to buy support from SAP or a third party, and how to host the system.

Now, SAP is steadily replacing this with subscription-based models, most visibly through its flagship “RISE with SAP” offering and S/4 HANA Cloud. Under these deployment models, the customer doesn’t buy the software; they are purchasing access to it, usually hosted in SAP’s own cloud or in a managed “private edition” on infrastructure such as AWS or Azure. The subscription typically bundles the software, infrastructure, updates, and support into a single, SAP-controlled contract.

On the surface, this simplifies things: predictable costs, regular updates, and less infrastructure to manage. But from a legal and commercial perspective, it also narrows the field. The customer no longer “owns” the software or controls the environment. That has significant implications for support, competition, and long-term negotiation leverage.

Where the Software Lives Now

At the time of writing, there are three main deployment models.

On-premise systems still exist, typically at larger or more risk-sensitive organisations. Here, the customer runs SAP on their own servers and retains control of the software. This can be performed in a traditional datacentre deployment or on public-cloud providers like AWS or Azure. In this model, the customer controls and owns the infrastructure.

Private cloud setups, often through RISE “private edition,” are hosted on public-cloud providers like AWS or Azure. In this model, SAP owns and manages the AWS account where RISE with SAP is deployed, and is responsible for the AWS services used to enable the SAP deployment. In this model, SAP controls and owns the infrastructure.

Finally, there is the SAP multi-tenant cloud, where SAP manages the entire platform as a software-as-a-service (SaaS) product.

The shift from the traditional on-premise deployment model to private cloud and SaaS is where competitive dynamics have changed substantially.

Support: Once a Market, now a Monopoly?

In the traditional, on-premise world, customers could buy maintenance directly from SAP or switch to an independent support provider. Companies such as Rimini Street and Spinnaker Support, mentioned above, built businesses offering maintenance, security updates, and compliance help at a lower cost than SAP’s own maintenance fees. They serve as an important competitive check and may well be “more efficient competitors” in competition law terms because their price point is frequently much lower (under half is not uncommon).

The EU Commission’s investigation highlighted several concerns in SAP’s practices:

1. All-requirements contracts for on-premise maintenance. Requiring customers to buy all of their maintenance and support needs for SAP on-premise ERP software under similar conditions. Especially for larger systems, this might well prevent moving some of the maintenance business to other providers.
2. Sleeping licences can’t get to sleep. Unused licence issues are a typical IT contracting issue, because neither party wants to take all risks to do with growth or contraction of customer needs. SAP is accused of not allowing customers to terminate maintenance and support for unused licences.
3. Resetting the Initial Term clock. Adding licences resets an Initial Term which prevents termination of maintenance and support services.
4. Reinstatement fees. Coming back to SAP after trying alternatives triggers a reinstatement and back-maintenance fee, perhaps as much as simply staying put in the first place.

How would the Commitments approach these issues, if accepted in their current form?

Commitment 1: Reinstatement fees

SAP would waive the current Reinstatement Fee for a returning customer, and would reduce the Back-Maintenance Payment so that it will be capped at the lower of (1) 50% of the off-support period or (2) six months’ worth of SAP maintenance fees.

Back fees are not unusual – Oracle charges them too – but it is still somewhat remarkable to charge people for a service they have not had. One view would be that the fee should be 0%, not 50%, but that may understate the costs of on-boarding and off-boarding systems.

In practice, few are likely to move back and thereby trigger the fee; that is the point of switching. This is somewhat of a tension in the case – if it is worthwhile to open up switching, that would be because the options are good, but currently blocked. Why then worry about switch-backs? There is a risk that a discount to come back might actually be a form of competition, just with the new vendor; so care is needed here.

Commitment 2: All-requirement contracts

The issue with all-requirements contracts is that they can require very large and complex systems to migrate en masse for switching to occur. The market context of lower prices from rivals would seem to imply that there are difficulties in switching, or it would already take place to harness the lower prices, thereby prompting a match (so-called Bertrand competition).

Less theoretically, there is also the issue that IT leaders live and die by the adage of finding a “single neck to hang” if things go wrong.

Seen in this way, another possibility is that customers value the integration and reliability of the established vendor. That would explain the higher price, but on a pro-consumer basis. There are no easy answers here, and customer views will be pivotal.

The current proposal here is to allow unbundling at the level of a viable system, called a Commercial Installation, and to move them one at a time.

SAP would clarify contracts to allow these so-called “landscape splits” by which requirements for maintenance of the customer’s overall SAP “landscape” of systems can be hived off to different providers.

If approved:

• Customers could split up the systems into Commercial Installations provided that they meet the defined term – that is, a defined system with its own installation number.
• For each Commercial Installation, the customer can then choose to have SAP or others serve requirements – or simply not take maintenance and support at all.
• However, if taking support from SAP, then all licences for that Commercial Installation must be obtained from SAP on an all-or-nothing basis.

It will be interesting to see whether this is seen to be enough. In essence, if approved this would allow customers to break down systems into smaller components provided that the Commercial Installation definition is still met, and then move the maintenance requirements to rivals, or to forego it, on a per-Installation basis.

Significantly, therefore, different SAP Support Models can therefore apply to different Installations so-defined, but tendering must still occur on an Installation-wide basis.

A detailed Annex 2 provides a list of integrated/non-integrated services, to support the definition of Installation. The package confirms that the Initial Term does not restrict system splits. There is a degree of licence price abuse protection for existing system splits and the reallocation of their licences. A major focus of the market testing will be whether those protections suffice.

Commitment 3: Initial term

This simpler provision would simply require that the Initial Term does not restart with each new licence term.

Suppose a business buys 1,000 licences in year 1.

In year 2, it buys 500 more.

At the moment, there is a reset of the Initial Term for maintenance. That is an indicator of weak customer bargaining power, as the marginal users do not usually incur the same risks. Treating them the same as brand new users is something of a stretch and will tend to lock-in systems.

If there are legitimate concerns such as onboarding costs to consider, they might simply feature in the contractual price and not its term.

Commitment 4: Partial termination policies

A series of already-existing SAP partial termination options relating to unused licences will have to be made “more transparent” to customers by distributing information about them via a series of communication channels, to be included in the overall suite of communications about the Commitments in Annex 5.

Commitment 5: Single metric contracts

Few can fully predict how many licences they will need. Negotiation over who is responsible for unused licences is frequent, and it arises with many vendors. Some rule limiting exposure to the customer’s business risks is normal.

There is however scope to abuse the metric if insisting on payment for predictably unusable licences. In such an instance, the predictably unused licence is effectively a price increase.

Consequently, there is a delicate balance to be had here between helpful market allocation of risk, and excessive demands.

The major change here would be a so-called Single Metric Contract, which is one that allows a single metric (e.g., number of employees) to determine the base for the maintenance contract.

The new Single Metric Contract becomes available for contract sizes >EUR 500,000.

In principle, this limits use of the new contracts by smaller customers. They may also face easier switching, because their requirements are smaller. Indeed, for a smaller customer a new SAP contract may very well not be the right answer. Much depends here on whether a customer at the >EUR 500,000 level would save money by switching.

What happens after take-off?

The above fault lines will play out in the coming weeks as the market test occurs. Much of the rest of the package sets out a typical mechanism by which a so-called monitoring trustee administers the use of the Commitments. This is not a trustee in the legal sense of holding property for another, but rather being entrusted with administration.

The term would be ten years, but paragraph 48 contains a mechanism for early release.

Currently, that would only need a “reasoned request” of “material change” before it can be released. Further, there is no need to put this to the market.

A stronger provision would specifically require proof that the issue has been addressed, and would specifically require wider market consultation before release.

Clouds on the horizon?

Cloud subscriptions are changing the picture and in somewhat similar ways, but do not seem to be under close consideration in the EU’s case.

Under SAP’s multi-tenant model for cloud-based systems, customers have no access to the underlying system code or infrastructure. Updates and patches are applied centrally by SAP, on SAP’s schedule. Third parties cannot intervene because they have no technical or contractual ability to alter the system. In effect, SAP becomes both the vendor and the sole maintainer.

If the concern about on-premise systems was a form of functional monopoly over support, then the same might yet arise for the cloud-based systems if similar terms come to be applied.

From a competition law perspective, this has echoes of familiar concerns. Bundling can be a helpful strategy where it reflects customer demand. It often lowers costs and allows efficient margin control. But bundling software, hosting, and support together without an unbundled option could well also foreclose competition in downstream maintenance services in the same way perceived in the on-premises market.

Independent support providers argue that this “vendor lock-in loop” removes the customer’s freedom to choose and inflates prices. While it is always challenging to increase case scope once Commitments are in play, those with evidence of cloud-based concerns may yet wish to make their views known.

Moreover, those who want to be offered unbundled service will be able to point to the Commitments as a proof of concept that system-wide competition restrictions carry risks.

Why This Matters

These developments are not just technical; they reshape risk and negotiating power across several dimensions.

Contractually, cloud subscriptions reduce flexibility. Terms are often standardised, renewals automatic, and exit options limited. Customers must pay close attention to data retention, transition assistance, and the right to retrieve or archive data after termination.

From a competition and regulatory standpoint, the consolidation of support within SAP’s own ecosystem has invited scrutiny under abuse-of-dominance principles. There are risks from effectively excluding competing providers from bringing benefits to end users.

Commercially, the rhythm of costs and control changes. Under perpetual licensing, customers could defer upgrades or seek cheaper support. Under subscriptions, both the pace of innovation and the cost of maintenance are set by SAP. Customers gain simplicity but lose autonomy.

Looking Ahead

SAP’s strategy mirrors a broader industry trend; major enterprise software providers are migrating to subscription-based cloud ecosystems where they control the entire lifecycle of service. The model offers efficiency and predictable revenues – but at the cost of the range of unbundled supply.

For now, third-party support exists mainly for organisations running SAP on-premise or in a self-managed private cloud. As more companies migrate to SAP’s cloud under RISE, that competitive pressure will fade; so in a sense, the Commitments risk fighting the last war. Increasingly, customers are being pushed to private cloud and SaaS options.

However, as long as perpetual licensing is sold by SAP and on-premise hosting is an option, there is an element of possible switching.

But if demand moves principally onto the cloud, then the competitive pressure from the on-premises switching diminishes. In that scenario, the Commitments would not offer customers any direct switching support: the Commitments do not directly address cloud-based deployments, and that would be so even though any competition from the on-premise market would then be less vibrant.

The shift to the cloud is not just a technical evolution but a structural one. It merges what were once separate markets (software, hosting, and support) into a single, vendor-controlled bundle. That has direct implications for contract design, procurement strategy, and potentially for regulatory oversight.

Han-Ley Tang, Managing Director, Trinity Advisors
Stephen Dnes, Founding Partner, Dnes & Felver PLLC

14 November 2025

There’s more to life than cookies, but a triple chocolate cookie is a great place to start

The long-running debate on cookie withdrawal from Chrome is moving towards its peace conference after Google’s u-turns this past year.

As with all battles, the terms coming out of the peace conference are pivotal.

This important chapter will do much to set the terms of individual-level identifiers in data-rich systems.

Comment submissions are open until July 4th. Will it be independence day for the cookie? Or independence day for Google? That depends on the quality of the evidence submitted now.

What just happened?

On Tuesday April 22^nd, Google announced that it would shelve its plan to deprecate so-called third-party cookies as part of the Google Chrome Privacy Sandbox.

Then, on June 13^th, the UK Competition and Markets Authority published a proposal to release the Chrome Commitments on the basis that the cookie would be kept after all. (It remains to be seen whether the CMA will agree with the proposal.)

The result is significant, and not only for cookies, because it sets a clear precedent against withdrawing valuable data unless there is objective analysis of both privacy risks and consumer welfare impacts.

Here, that had been lacking, because neither Google’s asserted privacy improvements nor the consumer welfare impacts had been established on objective evidence.

What prompted the u-turn on cookies?

Dnes & Felver PLLC played an important role in helping to bring evidence to the debate. Please see our blog posts and press coverage summarizing key chapters:

• August 2023: Good cookies and bad cookies: What’s next for online match keys?
• July 2024: 3 Ways Forward for 3^rd Party Cookies.
• February 2025: Stephen Dnes was quoted as the last word on the cookie prompt debate by AdExchanger: The latest on Chrome’s Cookie Choice Prompt: It’s gonna be global.

The firm drew on its in-house expertise in the economics and market research so pivotal to antitrust cases to develop an ultimately winning strategy.

The essence of this strategy was to move the case towards a much sharper focus on what web consumers want. The inconvenient truth for the Sandbox proposals was that most consumers do not mind allowing advertising optimization for free content. Sensitive data is hardly ever engaged, and when it is, there are more tailored measures to improve signals on sensitivity, rather than curtailing non-sensitive data.

A simple example is incognito mode.

Better signals would address the approximately 20% of consumers concerned about rich data use, while not curtailing value for the 2/3 who are happy to for rich data use to fund content.

This proved to be an inescapable argument for the Sandbox. It was not possible to show why consumers benefited from the proposed global data diminution, rather than an improvement in risk-based signals and stronger private browsing modes.

The direction of travel changed markedly upon Dnes & Felver’s involvement. This inflection point was noticed by others. For instance, Alan Chapell’s Monopoly Report with Garrett McGrath of Magnite identified a sudden change in the CMA’s tone and lines of questioning from January 2024 (27 November 2024).

Something had changed in the Sandbox analysis: it was now based on consumer welfare, and the unanswerable question was why content funding should be harmed when most consumers are happy.

All of a sudden, the CMA stopped signing off on the Google reports.

Why no cookie prompt?

The CMA apparently demanded that Google retain at least a portion of data rich traffic for those users happy to accept personalisation.

However, no neutral prompt could ultimately be agreed; much less one that could apply on a global basis.

Further, many happy consumers ought not to be prompted at all: excessive pop ups undermine the user experience.

As survey evidence shows users happy with syncing of preferences across devices, if there were to be any personalisation prompt it would surely have to apply fairly, and not only to competing traffic.

So, any prompting regime removing data would have to apply to Google as well.

This created another unanswerable argument – this time, against prompting bias. This addressed the well-known issue with biased prompts common to the Sandbox and other data diminution initiatives, notably Apple ATT.

A simple visual comparison of owned-and-operated vs Sandbox prompts and demonstrated substantial anti-consumer prompting discrimination. The answer in Google’s latest quarterly report was remarkably weak: that the same data protection rules apply to all prompting systems – which is hardly the point.

The real question is why the prompts were different for Google and for others, whereas the Commitments required non-discrimination in feature diminution.

These very pointed observations from the CMA seemed to prompt a rethink by Google: would insisting on increased data integration in the open web necessarily be such a good idea? Might it accentuate arguments that competition is weak in the long tail? Could data diminution à la Sandbox even be an own goal that would primarily help Apple, and not Google?

So, it was not only the CMA that came to see the matter differently – the new strategy seemed to influence Google too. That helped to create a landing zone.

Ultimately, a precedent was set against the loss of rich data absent objective analysis of risk and consumer benefits:

• Shortly thereafter, the CMA’s analysis of benefits from Apple’s ATT in the Mobile Browsers case also became more sceptical.
• In March, the French competition authority fined Apple for bias in its ATT prompts.
• And this April, Google accepted that it would keep the third-party cookie after all.

On June 13^th, the CMA published an important report on the history of testing the Sandbox. The essential problem was that value continued to diminish. The so-called Privacy Enhancing Technologies (PETs) in the Sandbox simply were not up to the task of replacing the cookie. This contravened expectations from the 2019-20 CMA Market Study, which had expected the performance gap to close.

So ultimately, the position is driven by the fact that competitive content funding still needs access to decentralized data sources such as the ability to write information to local storage as with the third-party cookie.

It remains to be seen whether this is truly a “tombstone” to the case – but either way, it is a clear warning shot to any firm considering the impairment of a rich data system from which consumers derive value. This would be important for any future Apple ATT-like prompting system, or any possible restrictions to the Google Android MAID identifier.

Joshua Koran, an advertising technology expert, stated: “People’s privacy rights are important. Mere pretextual privacy improvement claims are not helpful to identifying nor implementing effective solutions to genuine privacy concerns. Recent clarifications from both the UK Information Commissioner’s Office and the European Commission have emphasized the importance of mitigating risks related to the context in which personal data is used, instead of where it is stored or processed—such as adopting appropriate deidentification measures.”

Senior Economic Counsel Antony Dnes has published a blog on the UK ICO’s cost-benefit analysis of proposed new Guidance on Storage and Access technologies.

The blog can be accessed here: https://datacuriosity.substack.com/p/data-storage-and-access-an-economic

On Feb. 3., 2025, Stephen Dnes was quoted by Allison Schiff in AdExchanger. The piece used Stephen’s perspective on what is next for cookie withdrawal as the conclusion to its report on the IAB Senior Leadership summit in Palm Springs, at which Google confirmed that the proposed cookie consent dialogue will be a “one time global prompt”.

The piece concluded:

But perhaps the more important question is not what the prompt could look like but rather how it will apply in light of Google’s commitments to the CMA, which require nondiscrimination, says Stephen Dnes, a founding partner at Dnes & Felver in the UK.

Consumers differ on whether they like or dislike personalization, he says. Surveys consistently show that roughly two-thirds of people are okay with trading personal data in exchange for a service, while around 20% of people are against it.

“The key to resolving the current debate about cookies and prompts is to surface those differing preferences,” Dnes says. “By enriching these signals, rather than truncating the data, the world can move on from the stale debate about cookies.”

https://www.adexchanger.com/data-privacy-roundup/the-latest-on-chromes-cookie-choice-prompt-its-gonna-be-global/

In January 2025, Stephen Dnes was appointed national reporter for the UK by the Competition Law Association, which is the UK chapter of the International League of Competition Law. The League goes by its French initials, LIDC, and provides a forum for competition law enforcers around the world to share expertise.

Every year, the League commissions national reporters to address a topical question in competition law. For 2025, the reports will address the topic of relative market power in competition law, reflecting significant developments relative to large technology companies.

Stephen will report on the relevant UK developments including the CMA’s recently opened cases against Apple and Google regarding online search, operating systems, and web browsers. The reports will be presented at a conference of enforcers in Vienna in October.

There is much discussion of the recent App Store litigation between Epic, Apple and Google. Apparently divergent results highlight issues with evidence of market power and the need to apply consistent quantitative analysis, rather than to focus solely on contractual restrictions. This note provides an economic commentary on these prominent cases, and provides recommendations for future cases in which contractual restrictions and network effects interact.

The Epic Litigation

In January, the US Supreme Court declined to hear appeals by both Apple and Epic Games (developers of Fortnite) from antitrust decisions of the District Court for the Northern District of California (Epic Games v. Apple Inc., 559 F. Supp. 3d 898 (N.D. Cal. 2021)) and the 9th Circuit Court of Appeals (Epic Games, Inc. v. Apple, Inc., 73 F.4th 785 (9th Cir. 2023)). This denial leaves Apple held to have broken California’s Unfair Competition Law in relation to blocking without excuse a producer’s right to steer business to its own product.  These were bench trials.

Apple had delisted Fortnite from its iOS App Store and denied Epic’s paying affiliates access to developer tools after Epic included a link directing its gamers to a payment mechanism outside of Apple’s iOS App Store. The link evaded a maximum 30% commission to Apple for sales of Fortnite and subsequent in-app purchases.  Epic sought to lower charges to 12%.  In the District Court, Apple claimed that its marketing and technical support justified the difference in fees and pointed to a wide definition of the market to bolster its defense that it was a competitive large firm, not a monopolist. As part of wider accusations of monopolizing behavior, Epic focused on iOS as a specialist market within smartphone operating systems and claimed that Apple’s iOS fees were unnecessarily high.

The District Court was unpersuaded by Epic’s general case in antitrust (dominance, tying and other claims) and declined to reinstate Fortnite onto the App Store outside Apple’s contract terms, taking the view that Epic had breached its contract and made its own trouble. Judge Rogers did temporarily restrain Apple from blocking Epic’s affiliates’ access to developer tools. More significantly, Judge Rogers ruled for Epic on one antitrust claim: that Apple placed harmful anti-steering provisions in its contracts. The District Court permanently enjoined Apple from blocking all iOS developers’ links to payment mechanisms.

Economic analysis

From an economic perspective, the District Court identified many uncertainties concerning market definitions and the impact of market segments like iOS on other operating systems and monetized platforms.  Apple successfully claimed it was a competitor in a wide market including many alternative apps available from competitors such as Google and operating systems including Android. Stating a narrow view of the market as a specialist area that Apple had monopolized, Epic then ran into difficulties because its games are functional across platforms:

“[N]ot all games” feature cross-platform functionality, and some platforms have taken steps to limit it. Epic Games, Inc. v. Apple Inc., 559 F. Supp. 3d 898 (N.D. Cal. 2021). But when it comes to the games that do offer such cross-platform functionality, app-transaction platforms (like the App Store and Epic Games Store) “are truly competing against one another.” Id. (Epic Games, Inc. v. Apple, Inc., 73 F.4th 785, 787 (9th Cir. 2023)) 

Uncertainties over market definition are particularly intrusive in deconstructing modern, network-creating operating systems and highlight the need for much more investigative economic analysis to quantify the nature of these new markets. The Epic cases did not produce significant quantitative analysis of firm-to-firm marginal impacts, which usually require modeling, estimates of demand elasticities, mark-ups on costs and other variables key to traditional regulatory analysis. Detailed contractual arrangements in the new electronic data and gaming industries, as practiced, are also critical in assessing competition. These are significant gaps in analysis, and future cases would benefit from more detail on these critical economic effects.

The 9th Circuit subsequently affirmed the District Court’s enjoining of Apple’s anti-steering provision concerning all iOS developers.  The Court of Appeals found no abuse of discretion in granting the permanent injunction and regarded the required protection of all developers as necessary to correct the harm from anti-steering. Thus, the courts required Apple to take Fortnite back at its standard fees with the proviso that Epic and any other iOS developer may add payment links to storefronts. The 9th Circuit stayed the lower court’s mandate pending Apple’s appeal to the US Supreme Court, and so the mandate becomes immediately effective now that the Supreme Court has denied certiorari.  Apple’s pricing policy embodied a form of anti-steering considered unacceptable if shown to harm providers and consumers following earlier reasoning in Ohio v. American Express Co. (138 S. Ct. 2274 (2018)).

Consumer welfare impacts

The economics of information and restrictive agreements can be usefully applied to Apple’s delisting of Fortnite and the retaliatory measures targeted at Epic’s affiliates. More information is generally better than less for gamers particularly when the result is lower prices. However, unanswered questions remain:

• Will Epic’s own payment link increase traffic for Fortnite, or just reduce revenue for Apple while increasing benefits for Epic? That is, was there an effect on total output, or just a movement of output?
• Moreover, was the removal part of a wider restriction of competition as Epic claimed, or simply a consequence of contract express terms, as accepted in the District Court?
• Apple claimed, but could it show, that apparently unfair contractual requirements digging into in-app payments can have efficiency purposes, such as incentivizing Apple to do the marketing and keep its Apps and platforms working efficiently?

It seems that it was more Epic’s failure to persuade than contrary proof from Apple that led to the District Court’s decision and the 9^th Circuit’s affirmation. Future cases could helpfully examine these and other arguments using detailed economic modeling.

Ancillary restraints

Consistent with an ancillary restraints doctrine, the District Court and Court of Appeals applied a rule-of-reason standard to review Apple and Epic’s disputed agreement, which could be seen as subordinated to a separate transaction (marketing) and as reasonably necessary to achieving that transaction’s pro-competitive purpose (driving consumer benefits). A rule-of-reason approach amounts to a benefit-cost analysis.  Epic Games v. Apple Inc., 493 F. Supp. 3d 817, 836 (N.D. Cal. 2020) summarizes the required analysis:

“First, plaintiff must show “diminished consumer choices and increased prices” as “the result of a less competitive market due to either artificial restrains or predatory or exclusionary conduct” by the defendant. Then, “if a plaintiff successfully establishes a prima facie case … by demonstrating anticompetitive effect, then the monopolist may offer a ‘procompetitive justification’ for its conduct.” For example, the monopolist may show “that its conduct is … a form of competition on the merits because it involves, for example, greater efficiency or enhanced consumer appeal.” Finally, if defendant offers a non-pretextual procompetitive justification, the burden shifts back to the plaintiff to rebut defendant’s claim or “demonstrate that the anticompetitive harm of the conduct outweighs the procompetitive benefit.” (Quoting U.S. v. Microsoft Corp., 253 F.3d 34 (D.C. Cir. 2001)).

Epic failed to carry its burden of proof on general claims that Apple has a monopoly on mobile gaming and acted as an illegal monopolist by requiring consumers to get apps through its App Store. Its claims of a narrow post-iOS market segment did not help, tending to direct the courts into a contractual analysis of Apple’s fees, given difficulties in resolving market definition. This was a highly strategic decision: Epic gained the prospect of a narrower market in which market power is easier to prove, but the price of this was that wider evidence of market power is harder to use, as it arises chiefly in the wider market whose analysis is thereby truncated. It may prove fruitful for future litigants to move the needle towards the market power analysis.

Nor did Epic convince the courts of the existence of substantially less restrictive alternatives to Apple’s system. Epic prevailed over anti-steering express terms in the standard contract with Apple because there it could show practices giving plausible financial losses. California’s courts will associate such losses with loss of consumer welfare – although it might be noted that there is no necessary or direct link between rival financial loss and harm to consumer welfare. Epic could, as it claimed, lower prices for gamers by working around Apple’s systems. This shows another key strategic aspect of app store litigation: the argument that there is lost competition helps the plaintiff, but it can also be interpreted as the possibility of switching to what remains of that lost competition. The key to this puzzle is to ensure that the quantitative evidence is strong such that even a partial impairment raises concerns – or, alternatively, to show that such effects are absent, however restrictive the clauses may seem.

As in the Epic case, applying rule-of-reason legal analysis often leads to a qualitative benefit-cost analysis – and not a quantitative one. This has significant implications for litigation, not least, that benchmarking can be expanded; ideally, on a quantitative basis. Epic’s failure to persuade the courts, other than over the issue of steering, seemed not to weigh costs and benefits comparing the status quo with feasible alternatives.  The courts traditionally resort to broad assessments although they are clearly aware of the economic arguments at stake in antitrust cases. These could be significantly expanded to allow a richer analysis of the wider costs and benefits of competitive restrictions with a sharper focus on consumer welfare impacts. Again, this observation highlights the need for much more economic analysis to quantify the impacts and welfare effects of these new markets.

What’s the difference between a Google and an Apple?

For those inclined to look for logic, consistency and comparability in the law, Epic’s litigation foray has been a salutary experience.  In 2023, Epic prevailed in a very similar antitrust case against Google (In re Google Play Store Antitrust Litig., 21-md-02981-JD (N.D. Cal. Mar. 28, 2023)). This jury trial covered similar tying, pricing and exclusionary practice issues as the bench trial with Apple.  With Apple, Epic prevailed on just one issue concerning steering. With Google, Epic prevailed on all its allegations of anticompetitive behavior based on market dominance and restrictive practices. 

It is hard to find significant differences between the two cases and, while interesting, attempts to do so seem more like rationalization than statements of antitrust principle (https://www.theverge.com/23994174/epic-google-trial-jury-verdict-monopoly-google-play). That is, for all the attention on Google’s particular actions, it is not clear what exactly the difference in market power would be to justify the differential treatment.

Certainly, Google’s apps are used across many operating systems, which might make it more susceptible to antitrust enforcement than Apple’s more sealed iOS. It is also significant that Google’s was a jury trial; Apple’s was bench.  Google appears to have run sweetheart deals with some users and to have deleted documents needed at trial. But at the end of the day, both Apple and Google have been found to have restricted competition to some extent.  The cases more than anything illustrate the difficulties in unraveling contractual links in the new information industries and a need for much more research, especially on the relationship between contractual restrictions and market power. There is a particular premium on explaining these effects in a jury-friendly way, where relevant.

What’s next for app store analysis?

Finally, this type of case concerning two-sided markets (here, gamers and game developers) is increasingly important as cases spring up in many antitrust tribunals including those in the EU, UK and Australia. In the case of Apple, it will be particularly interesting to see the position taken on the contractual restrictions following the UK CMA’s victory at the Court of Appeal, such that the Mobile Ecosystems case will return. The same issues will also arise as the EU Digital Markets Act takes root.

In all these, and other cases, the relationship between market power and contractual restrictions will be paramount. Litigants will benefit from ensuring that case strategy incorporates economic evidence from the very beginning.

Photo by Christiano Betta 

As Parliament returns from its festive break, many competition law eyes will be on the Digital Markets, Competition and Consumers (DMCC) Bill – at the moment “Just a Bill” but probably not so for much longer…

The DMCC: “Just a Bill”… but for how much longer?

There are many rich questions as the Bill heads over to the Lords for critical scrutiny. This is the major audience for due process concerns, and the place where technocracy often meets accountability. Critical questions are up for debate including how to frame the relevant evidence rules, the extent to which existing rules should change given developments in online business, and how best to ensure high quality regulation over time. Essentially, the forward-looking question is all about the evidence requirements for future interventions.

As the UK Competition and Markets Authority has become increasingly active in global business in recent years, the law will be relevant well beyond the UK. For example, recent Commitments with Google apply on a worldwide basis. There is also clear global impact from recent merger reviews such as Facebook/Giphy, Microsoft/Activision and Adobe/Figma – not to mention the new investigations into OpenAI, and cloud computing.

Dnes & Felver provided an expert report on the relevant issues to the Legatum Institute, a leading London-based think tank seeking to promote prosperity in the UK.

Stephen Dnes’ co-author, Fred de Fossard, recently commented on Politics Home:

“The last decade has seen the world’s leading antitrust regulators, the CMA, the European Commission, and the Federal Trade Commission in the USA, take a much more interventionist approach to digital markets … even if businesses with large market shares continue to innovate and provide their users and customers with new and improved services, today’s regulators may decide to prosecute them for occupying too great a position in the market… 

This has caused great discord in the digital economy, where entrepreneurs often build businesses with the intention of selling them to a large acquirer, who can take the company and its products to a bigger audience. After all, not all founders are born managers of global companies: their skills often lie in establishing new businesses and new ideas.”

The core point is essential for growth: if large and small businesses sometimes complement each other, then the law must have a mechanism for answering a very difficult question:

When is big bad, and when is big beautiful?

The same theme was noted by Diginomica journalist Chris Middleton, who commented:

“To see ‘digital markets’ as something separate and distinct in 2023 seems almost quaint – a Web 1.0 perspective, three decades too late. What about AI, decentralized services, complex supply chains, cloud, and mobility? Will some Bill address those in 2053?

“While well intentioned, I would argue that the Bill is both 25 years too late and fundamentally misconceived. To see a handful of Big Tech titans as being of ‘strategic market importance’ (SMS), based largely on their size, ignores an obvious problem. Namely, that it is often smaller players, such as OpenAI and Spotify, which are really shaping what the future looks like”

The recommendations in the expert report correspond closely to several of the amendments introduced before Parliament. This complements earlier work with the Institute, which is now reflected in the strategic steer to the UK CMA.

Getting involved

How exactly the law sifts worthy from unworthy cases for intervention may well be the critical competition policy question of the year. For the UK, it will be a once-in-a-generation reform. Moreover, how the DMCC approaches this will have ramifications well beyond the UK – so this is not so much one to watch as one to get involved with.

The Report is available online.

Does it matter where data is processed? Should it? There are some interesting developments taking this question well beyond the familiar questions about data flows between jurisdictions.

What about data use on devices, on servers, and between them? There is a lesser-spotted trend for vertically integrated firms to encourage greater use of (1) on-device processing and (2) to limit the scope for interoperation between data on devices and on servers. These are significant competitive restrictions: they limit competition with no corresponding consumer benefit. They also harm rivals who use the server deployments set to be limited – rivals who may be highly innovative.

Two significant developments threaten the ability to use a range of competing servers:

Server restrictions in the Google Privacy Sandbox

Google’s Privacy Sandbox initiative currently proposes that only Google Cloud or Amazon Web Services (AWS) will be allowed to provide remote processing for the proposed Attribution Reporting API. This amounts to a ban on on-premises server use, that is, using your own server.

This is astonishing. It is like saying that you can lease any car, provided that it is a Ford or a Toyota. What if you would like to own a competing model – say, a VW?

There is simply no ability to do so while using the API as proposed, because it can only be used on a leased basis on the cloud.

This also bakes in the current generation of technology from the largest providers. So much for that innovative electric car you were thinking of trying out… A competing hosting provider simply isn’t allowed to interoperate with the API.

The proposal is all the more remarkable because approximately two thirds of existing deployments are on-premises:

So, the proposal is essentially to force a technological tie between data hosting and advertising systems.

This is all the more concerning because on-premise deployment is considered safer, on average, than cloud. KBV goes on to note:

“many benefits … come with on-premise deployment, including a high level of data protection and safety. Because on-premise deployment models have higher data security and fewer data breaches than cloud-based deployment models, industries prefer them, which fuels industry demand for on-premise deployment models.”

So there is no good reason to exclude the competing alternatives. This is especially so at a time when cloud computing restrictions are under review based on concerns about difficulties in switching.

If you currently use on-premise servers – or, indeed, anything other than Google Cloud or AWS – now would be a very good time to register a concern with the UK Competition and Markets Authority, which is reviewing Google’s proposals.

There is a quarterly reporting cycle with ample scope for concerns to be heard – the sooner the better, so as to influence the current reporting cycle.

Draft EDPB Guidance on Technical Scope

The same theme emerges from some important draft Guidance from the European Data Protection Board (EDPB). This revisits the much-maligned cookie consent box, which derives from Art. 5(3) of the ePrivacy Directive.

The draft Guidelines 2/2023 on Technical Scope of Art.5(3) of the ePrivacy Directive do not trip off the tongue, but their content is highly significant for competing data handlers. The draft extends the cookies analysis to other technologies including pixels and tracking links.

Significantly, there is a partial carve out for on-device storage. This risks a tilt towards those controlling devices, unless the rules are technologically neutral. The proposal is to capture movement into and out of local storage:

“The use of such information by an application would not be subject to Article 5(3) ePD as long as the information does not leave the device, but when this information or any derivation of this information is accessed through the communication network, Article 5(3) ePD may apply.”

That is very helpful to those able to execute local processing – but a tremendous hurdle for those who rely on server-side processing.

As server and on-device processing are indistinguishable from the consumer perspective, the technologically and competitively neutral rule would be to intervene on the basis of a reasonable evidence-based level of consumer protection – with the same rule, whether on-device or on the cloud, or moving between them. That would suggest that consent is not generally required to move data from the device to servers, as consumers are not harmed by this action.

IP addresses are highlighted as potentially requiring consent, without any carve out for innocuous use, such as audience definition. For example, an IP address with coarse location might contain no personal data at all, as where a business address is indicated. But the Guidance seems not to cater to that scenario.

There is also specific comment on the use of identifiers. The draft takes a highly precautionary stance: identifiers are seen often to link to identity – but is this so? Trillions of identifiers are used for innocuous audience matching purposes without any such link. If so, the guidance is over-broad and imposes a consent requirement beyond what is needed for a reasonable level of evidence-based consumer protection.

So, those with interests in the use of data for everyday, harmless but helpful audience optimization may wish to speak up. Comments can be submitted until January 18^th.

An expert article co-authored by Partner Stephen Dnes has appeared in the Competition Law Journal: “If the Competition and Markets Authority were an emoji: merger clearance lessons from Meta/Giphy.”

The article reviews the decision by the UK CMA to block Facebook / Giphy, the decision by by-then Meta to challenge this in the Competition Appeal Tribunal, and the implications of the CAT judgment in the context of developing merger clearance doctrines.

The article is relevant to those looking at the thorny questions surrounding international merger clearance work in technology markets, especially following Microsoft/Activision, Adobe/Figma and the merger-based intervention into OpenAI.

It is a particular pleasure that the article was co-authored with a graduate of Stephen’s competition law class, Joseph Day.

The article is available via Edward Elgar journals.

In September 2023, Stephen Dnes was appointed as a Fellow of the Dynamic Competition Initiative co-hosted by UC Berkeley and the European University Institute of Florence, Italy.

Details can be found here: https://www.dynamiccompetition.com/