The acquisition of Gemalto by Thales, first announced in December 2017 for a total consideration of EUR 4.8 billion, is now the object of an in-depth investigation by European authorities. The European Commission (EC) says it is concerned that the merger could lead to higher prices and reduce choice and innovation for customers of hardware security modules (HSMs).

HSMs (Hardware Security Modules) are security devices used to generate and manage securely the keys used for authentication and more generally any cryptographic processes. As of now, HSMs are used by major organizations including companies and governments to play a role in their identity management process. Thlaes nShield HSM offer is essentially built upon the product series they acquired from nCipher in 2008 for GBP 50.7 million (EUR 65 million) while Gemalto HSM product line if built upon SafeNet acquisition in 2014 for US$ 890 million (EUR 810 million).

European Commissioner Margrethe Vestager, in charge of competition policy, said: "Our society is increasingly dependent on data security solutions to secure all sorts of social, commercial or personal information.” According to the European Commission, Thales and Gemalto currently closely compete against each other in the market for hardware security modules at the European and global level.

A role or the European Commission is to put businesses under constant pressure to offer the best possible range of goods at the best possible prices. In a free market, business should be a competitive game with consumers as the beneficiaries, says the EC. In this context, mergers are to be cleared at European level as the EC considers some mergers may reduce competition, usually by creating or strengthening a dominant player.

At this stage, the Commission is concerned that the proposed transaction would eliminate the competitive constraint that Thales and Gemalto exercise on each other and on the other few players that would remain in the market and would risk creating a dominant player at the European and global level.

The Thales – Gemalto transaction was notified to the Commission on June 18, 2018. The Commission now has 90 working days, until November 29, 2018, to take a decision. The opening of an in-depth investigation does not prejudge the outcome of the investigation.

Form the beginning of the process, Thales and Gemalto made it clear they were seeking Regulatory Clearances from the competent antitrust authorities in Australia, in China, for the European Union, in Israel, in Mexico, in New Zealand, in Russia, in South Africa, in Turkey and in the United States. In addition, they are seeking Regulatory Clearances relating to foreign investments from the competent authorities in Australia, Canada and Russia, in addition to the ongoing process by the CFIUS (Committee on Foreign Investment in the United States – cf. our blog post on January 31, 2018).

Proposed acquisitions are sometimes blocked by competition authorities. Qualcomm just announced it has dropped its bid to acquire NXP Semiconductors, a project first announced in October 2016. The project valued at US$ 44 billion (EUR 37.7 billion) was approved by eight of the nine global regulators required but failed to obtain the approval of the China Ministry of Commerce. Actually, according to EETimes, China's Ministry of Commerce (MOFCOM) never formally rejected the proposed acquisition but did not approve it by its deadline last week. Qualcomm and NXP agreed in April to withdraw and refile notice of the acquisition with MOFCOM at the ministry's request. The end of the proposed acquisition of NXP by Qualcomm is seen as a collateral damage of the ongoing global trade war between the US under Trump administration and China.

What will be the fate of Thales – Gemalto project?