4 minute read | January.23.2023
Companies considering an acquisition in Europe must navigate a regulatory and enforcement environment that can seem like a minefield. Here are five things they should consider amid unfolding legislative change and growing scrutiny and enforcement, especially in the digital economy.
European countries review or plan to start reviewing foreign direct investments for national security implications. That can add a layer of complexity to mergers and acquisitions, with the possibility of closings delayed until regulators provide clearance. Acquiring businesses should determine early on if they need clearance for a deal – and how long that may take.
In contrast to foreign direct investment screening practices, Europe has well-established merger control principles and regimes. That creates a degree of legal certainty over filing requirements, but a couple of areas are in flux.
Companies should determine if they need to submit merger filings for a transaction and incorporate such requirements into the deal timetable. Most companies do this before or during the due diligence stage. The risk and disruption of EU or UK intervention should not be overstated, but a detailed pre-signing assessment can help a company evaluate risk.
The EU and UK enforce some of the world’s most stringent laws on data protection and cybersecurity. Fines for serious breaches range as high as 4 percent of a company’s global revenue. In addition, privacy advocates regularly make complaints.
Companies acquiring a European business should conduct data and cybersecurity due diligence to:
Acquiring companies should understand the full scope of a target’s commercial activities, including the countries where it operates, the type of data it processes, how it uses and transfers data, and the extent of its privacy compliance. This is especially true for B2C targets but also applies to B2B companies.
To ensure successful integration, an acquiring company should make sure its target has the licences and permissions required by national and EU financial regulations. In some cases, the acquiring company may need those licenses and permissions, too.
To avoid delays to closing it may be possible to structure a transaction with two closings or to use options, so that the consent is only required prior to the second closing or the conversion of the options.
Acquiring companies should verify that targets comply with sanctions on other countries and people.
The EU and UK have imposed and regularly update sanctions on a variety of targets, including Russia after it invaded Ukraine.
Penalties for violations vary by country. They can be severe. An additional EU penalty may apply if an organization tries to hide the infringement by a "circumvention scheme.”