EC, March 15, 2005, No M.3697

Dear Sir/Madam,

Subject: Case No COMP/M.3697 - SYMANTEC/VERITAS

1. On 09/02/2005, the Commission received a notification of a proposed concentration pursuant to Article 4 of Council Regulation (EC) No 139/2004 by which the undertaking Symantec Corporation (“Symantec”), USA, acquires within the meaning of Article 3(l)(b) of the Council Regulation control of the whole of the undertaking Veritas Software Corporation (“Veritas”), USA, by way of purchase of shares.

2. After examination of the notification, the Commission has concluded that the notified operation falls within the scope of the Merger Regulation and does not raise serious doubts as to its compatibility with the common market and the EEA Agreement.

I. THE PARTIES

3. Symantec is a US-based corporation listed on NASDAQ. It focuses on the provision of security software, inter alia data security, anti-virus protection, fire walls. Symantec also provides software to manage IT infrastructure in larger enterprises. Finally, Symantec offers services in relation with its software products.

4. Veritas, based in the US and listed on NASDAQ, manufactures software for storage and data protection purposes.

2. THE OPERATION

5. On 15 December 2004, Symantec and Veritas agreed to their merger. Veritas will become a wholly-owned subsidiary of Symantec by way of reorganisation and conversion of shares. On completion, 60% of the shares in Symantec will be held by the existing Symantec shareholders and 40% will be owned by the ex-Veritas shareholders. At the time at which the parties announced the proposed transaction, the deal was valued at approximately US$ 13.5 billion.

3. CONCENTRATION

6. Following this transaction, Symantec will have sole control over Veritas. The proposed operation therefore constitutes a concentration within the meaning of Article 3(l)(b) of the Merger Regulation.

IV. COMMUNITY DIMENSION

7. The parties have a combined aggregate world-wide turnover of more than € 2 500 million (€ 1 716 million for Symantec, € 1 545 million for Veritas; figures relate to turnover achieved in the fiscal year 2003). The combined aggregate turnover of the Parties exceeds € 100 million in three EU Member States ([...]). Each of Symantec and Veritas achieved turnover of at least € 25 million in each of these jurisdictions and more than € 100 million in the Community ([. . .]). Neither Symantec nor Veritas have achieved more than two-thirds of its aggregate Community-wide turnover within one and the same Member State. The concentration therefore has a Community dimension.

V. COMPATIBILITY WITH THE COMMON MARKET A. Introduction

8. Symantec is a provider of security software, which is defined by IDC as “a wide range of technologies used to improve the security of computers, information systems, Internet communications, and transactions. It is used to for confidentiality, integrity, privacy and assurance. Through the use of security applications, organisations can provide security management, access control, authentication, virus protection, encryption, intrusion detection, vulnerability assessment, and perimeter defence. ” IDC includes in its definition of security software a broad range of software. All serve the purpose of improving in general terms data security. Symantec is considered to be one of the leading players in the industry.

9. Veritas focuses on storage software. IDC defines that “Storage Software manages and assures the accessibility, availability and performance of information stored on physical storage media. This category does not include operating systems or subsystems'". IDC further distinguishes storage software in the following subcategories: i) backup and archive software, ii) storage replication software, hi) storage resource management software, iv) file system software. Veritas has a strong position in these product subcategories.

B. Relevant markets

Relevant product markets

10. IDC breaks-down general software categories in further sub-categories, mainly to allow a deeper and modular analysis of industry figures and trends. In the present case, however, it is not necessary to define whether all categories and/or sub-categories would constitute separate product markets or one market since the overlap is limited in scope and, in any event, the assessment of the effects of the merger would not change.

11. The notifying party identified an overlap between the merging firms in respect of backup and archive software, a sub-category of the overall segment of storage software. According to IDC, “backup and storage software includes software to perform file and disk backup data restoration and recovery, data registration, hierarchical storage management and archiving. Database archiving software is not included in this marked.

12. In particular, IDC identifies Symantec’s product offering “LiveState Recovery” and Veritas’ products “NetBackup” and “BackupExec” as all belonging to the mentioned sub­category of “backup and archive software”. Symantec has no other storage software offerings apart from LiveState Recovery, while all other product offerings from Veritas (still within the storage software category) fall into sub-categories of storage software other than “backup and archive”.

13. Veritas’ product offerings serve a wide scope of customer categories. In particular, NetBackup suits large enterprises and BackupExec is targeted to small&medium size companies (“SMEs”), or departments in large corporations. NetBackup versions are available for a variety of operating system platforms, e.g. Windows, UNIX, Netware, Linux, while BackupExec versions are made available on Netware and Windows. As regards Symantec’s LiveState Recovery, this is designed to run on Windows operating system only.

14. The market investigation carried out by the Commission (“the investigation”), however, did not appear to suggest that there is a need to distinguish software according to their availability for the various operating system (“OS”) platforms. Security software runs more frequently on desktops and gateway servers using Windows, while storage software is more regularly found to run on storage servers using UNIX or OSs other than Windows. Nevertheless, vendors have “ported” their software products onto the different OS platforms to achieve wider sales reach.

15. Moreover, the investigation gave no clear indication that either product offering is particularly purchased by a specific category of customer. When purchasing such product, customers focus on product functions required for satisfying their needs; the choice of software largely depends on the installed IT architecture in the organisation. It is theoretically admissible that within security and storage software different products may exist according to different needs and complexity of the customers, depending on their infrastructure and dimensional characteristics. However, for the purpose of this case, it is not necessary to finally take a position whether that would lead to identify different relevant markets, since the assessment of the impact of this transaction would not change.

16. From the above, it can be concluded that it is not necessary to distinguish the market of backup and archive software according to the OS on which software may run, and according to customer category.

Relevant geographic markets

17. According to the notifying parties, the geographic scope for security software and storage software, hence backup and archive software, is worldwide and in any event at least of EEA-wide scope. Products would be delivered above all in their English version and they would have no country specific customisation with respect to functions except for the language.

18. In previous decisions, the Commission left open the question of the geographic scope of software markets. In the context of those investigations, it was found that vendors typically supply their software products globally in one standard function version, except for the language. On the other hand, some software applications were still provided to customers on a national basis.

19. The investigation confirmed that pricing of security software and storage software is largely harmonised within the EEA. In general, the price is set by the US/English version of the product and a premium is added to recover cost from providing the product in various languages. Moreover, small differences may occur due to other components such as taxes.

20. Customers appear to be prepared to switching software supplier if prices would increase. In any event, larger organisations have tendency to prefer global sourcing of software products, while smaller organisations would consider sourcing via alternative sales channels, either within their country or abroad, via other distributors or the internet. However, the main reasons that would induce customers to switch software supplier appear to be technical rather than commercial reasons.

21. In the present case, however, the definition of the relevant geographic markets can be left open since under all alternative geographic market definitions, the transaction will not raise competition concerns.

C. Competitive assessment Horizontal overlaps

22. As regards the market for backup and archive software, the proposed transaction would lead to a combined market share of approximately [25-35]% in the EEA ([30-40]% world­wide). Symantec contributes by less than [<10]%. This small amount of market share stems from the former business activity of PowerQuest. Symantec does not have products of its own but it has continued to sell the PowerQuest’s products.

23. Competitors, such as IBM, Computer Associates, EMC achieve market shares in the EEA in the range of between 11% and 15% each (in the same range world-wide). All these competitors are well-established strong players in the information technology sector.

24. The negligible increase in market shares and the presence of other strong competitors is sufficient to conclude that the proposed transaction would not significantly impede effective competition. This conclusion is valid also when considering the combined position of the parties vis-a-vis that of their competitors (where relevant) at national level. However, since the parties enjoy strong positions in their respective “home” markets, other effects that might arise from the proposed operation need to be further examined as provided below.

The parties position in their “home” markets

25. Symantec’s market share in security software amounts to approximately [10-20]% in the EEA ([10-20]% world-wide), which is ahead of its main competitors Computer Associates, Check Point Software, Network Associates and IBM, each enjoying a market share in the range of 4% to 7% (4% to 7% world-wide). A number of fringe players have smaller market shares.

26. Veritas enjoys a market share in storage software of approximately [15-25]% in the EEA ([15-25]% world-wide), which is 2^nd position after EMC which has a market share of approximately [20-30]% ([20-30]% world-wide). Other main competitors, such as Computer Associates, IBM, HP, each enjoy a market share in the range of 7% to 10% (6% to 8% world-wide), while smaller players have market shares in the range of 1% to 3%.

27. Both parties face in their respective “home” markets well-established competitors, many of large size and well-established in the information technology sector, which would ensure sufficient competitive threat to the new entity. The above conclusion would not change considering (where relevant) the combined position of the parties and the number of competitors at national level.

Bundling/tying

28. According to the parties, customers would purchase their security and storage solutions typically in separate steps, due to their use in different parts of a user’s computer network. Moreover, security software and storage software run on different levels. For instance, security software is typically found on network points such as gateway servers, mail servers and desktops, whereas storage software performs within a storage area network or on storage systems attached to a network.

29. The investigation revealed that both types of software can function properly independently of one another and hence technical bundling is not necessary. Security software scans data looking for patterns which would signal bad behaviour of the system/application, whereas storage software screens data looking for changes and copying data to other locations. While potentially these products could be integrated in a variety of ways, however vendors continue to market these products separately since no particular added value could be achieved from bundling.

30. Moreover, customers tend to purchase security and storage software separately. This has been confirmed by competitors.

Interoperability

31. With regard to interoperability, the notifying party claims that it is not necessary for the proper functioning of security software and storage software that they be interoperable with each other except for the need to run on top of the appropriate operating system platform. By their very nature, security software and storage software execute different functions on a user’s computer.

32. In the course of the market investigation, customers and competitors expressed views similar to the one taken by the parties. Indeed, it is true that interoperability (although not necessary) may provide users with some advantages. In any event, whilst there are security elements of storage software relating to the storage users’ rights to administer the application, these do not directly interface with any security products.

Conclusion

33. In view of the foregoing, it can be concluded that the proposed operation would not significantly impede effective competition, in particular as a result of creating or strengthening a dominant position in the EEA or any substantial part of it.

VI. CONCLUSION

34. For the above reasons, the Commission has decided not to oppose the notified operation and to declare it compatible with the common market and with the EEA Agreement. This decision is adopted in application of Article 6(l)(b) of Council Regulation (EC) No 139/2004.

1. OIL 24, 29.1.2004 p. 1.

2. IDC provides market data and analysis for and about the information technology sector. It is widely recognised and relied upon by the IT industry.

3. In fact, Symantec’s storage product stems from the recent acquisition of PowerQuest in December 2003.

4. IV/M.336 - IBM France/CGI, IV/M. 1580 - CAI/PLATINUM

^5. IV/M.1580 - CAI/PLATINUM, para. 14, IV/M.668 - Philips/Origin, and IV/M.798 - General Electric/Compunet.

6. Market share data from IDC source. Gartner Group, another leading consulting company for the information technology sector, indicates slightly different market shares for Veritas ([30-40]% for the EEA, [30-40]% world-wide), however, Symantec’s market share remains small. The difference lies in the fact that consulting companies compile data from different sources, they use a different range of products and services to include in the relevant data set, and they use different methodologies in their reporting. Market share information can therefore vary slightly.

7. Gartner Group market shares: 7% to 22%. The figure of 22% for one competitor, however, appears to be lower (around 12%) after verification of their sales volume achieved in 2003.

8. Gartner Group indicates similar market shares for these software categories.