Brussels, 7 November 2012
Mergers: Commission approves joint-venture between ARM, Giesecke & Devrient and Gemalto, subject to conditions
The European Commission has cleared under the EU Merger Regulation the proposed creation of a joint-venture between ARM, a UK semiconductor intellectual property ("IP") supplier, Giesecke & Devrient ("G&D") of Germany and Gemalto of the Netherlands, both providers of security solutions. The joint venture will develop and market trusted execution environments ("TEE") for consumer electronic devices. TEEs offer enhanced security services for applications such as mobile payments running on smartphones and tablets. The approval is subject to conditions. ARM will provide the necessary hardware information to competitors at the same conditions as to the joint venture to enable them to develop alternative TEE solutions. Moreover, ARM will not design its IP in a way that would degrade the performance of alternative TEE solutions. The Commission had concerns that the transaction as initially notified could have enabled ARM to shut out competitors of the joint venture from the market for TEE. The commitments offered by the companies address these concerns.
G&D and Gemalto currently offer TEE solutions and will contribute their respective solutions to the joint venture. The Commission's investigation showed that a number of actual or potential competitors will remain active in TEE after the transaction. However, ARM currently holds a very strong position upstream as a supplier of IP architecture for application processors for consumer electronics devices, including the specific hardware extension (ARM TrustZone) on which the joint venture's and its competitors' TEE solutions would be based. ARM could therefore degrade the interoperability of its IP architecture with TEE solutions competing with the joint venture's TEE solution by withholding the necessary information for these competitors' TEE to run on ARM's processor architecture and/or by modifying ARM's design of the TrustZone IP.
To address the Commission's concerns, ARM committed to provide to the joint venture's competitors the information on current and future versions of TrustZone - or other equivalent architectures that ARM may release in the future - that is necessary to develop alternative TEE solutions. This information will be provided at the same conditions as ARM provides it to the joint venture. ARM also committed not to design its IP in a manner that would intentionally degrade the performance of third party TEEs. These commitments will remain in force for a period of eight years and will therefore cover the release of the next generation of ARM's IP architecture.
The Commission concluded that the commitments would ensure that the merged entity would face competition from a number of strong actual or potential competitors and that customers would still have sufficient alternative suppliers of TEE solutions. The decision is conditional upon full compliance with the commitments.
Companies and products
ARM creates and provides developers with IP solutions in the form of microprocessors, physical IP, cache and system on chip designs, application-specific standard products, related software, and development tools.
G&D produces security solutions and secure elements, in particular for smart cards, cashless payment, mobile business applications, public transport, Internet and network security. Furthermore, G&D has developed a TEE software solution, called Mobicore.
Gemalto is a digital security company providing secure personal devices, such as secure elements and tokens, and Near Field Communication solutions.
The JV will develop and market a TEE designed to run on ARM's TrustZone.
A TEE solution creates a separate secure operating system for consumer electronic devices, such as smartphones, tablets, and smart TVs. It runs alongside the main operating system such as Android, iOS or Windows Phone. It allows applications running on these operating systems to offer enhanced security services. Examples of such trusted applications include banking applications, mobile payments, delivery of premium content and enterprise data solutions.
The transaction was originally notified to the Commission on 15 June 2012 and subsequently withdrawn on 3 July 2012. The transaction was then re-notified on 14 September 2012.
Merger control rules and procedures
The Commission has the duty to assess mergers and acquisitions involving companies with a turnover above certain thresholds (see Article 1 of the Merger Regulation) and to prevent concentrations that would significantly impede effective competition in the EEA or any substantial part of it.
The vast majority of notified mergers do not pose competition problems and are cleared after a routine review. From the moment a transaction is notified, the Commission generally has a total of 25 working days to decide whether to grant approval (Phase I) or to start an in-depth investigation (Phase II).
More information on the case will be available at: