Document requests issued by the EU Commission (EC) have become common in complex EU merger cases. A few years ago, the EC would only ask for several hundred documents in such cases – now it has become standard to request several hundred thousand documents from each of the parties to the transaction, often within a short time period (once the RFI has been formally adopted). This means we are moving to US Second Request levels, in addition to the burdensome requirement of submitting a Form CO notification necessary to start the formal review process. The document requests issued by the EC in merger cases are nowadays based on a standard template. The below provides details regarding the different sections commonly contained in such document request. Reference is made to the draft Best Practices on requests for internal documents under the EU Merger Regulation (Draft Guidelines), where appropriate (which we understand will be adopted by the EC soon).
Documents. The notion of documents includes all computer files in the possession, custody or control of the party to whom the RFI is addressed, including all electronically stored information which includes emails, instant messages, word processing and pdf files, spreadsheets and slide presentations. Draft documents are also to be included if the originals are not in the possession, custody or control of the company. The formulation that documents “in possession, custody or control” are within the scope of the RFI is a very broad one. This may, for instance, cover electronic project folders to which the custodian has access in theory (e.g. in his function as the division head) but does not form part of his ordinary course of business activities. It would be useful if the Guidelines could specify what is meant by this concept, applying a reasonable approach in order to limit the burden on the parties. In addition, from a practical perspective, it is required that one understands how and where documents are stored by the targeted custodians, along with the various documents storage systems retention polices; this will need to be explained to the EC in the accompanying report (see below).
Custodians. These are normally senior management persons of the company, including CEOs, CFOs and the heads of the business units dealing with the relevant product areas. Documents from predecessors and successors of the named custodians in the relevant time period fall within the scope of the RFI as well. In rare instances, the custodians named by the EC have included persons from the company’s legal department (whose documents are often privileged which increases the privilege review burden for the parties and advisers).
Search terms. The EC regularly includes expansive search term lists in its document RFIs. Often the search terms are not limited to the relevant product markets of concern, but go beyond that. The search term strings / combinations included in the RFI can be very lengthy (combinations of ca. 500 terms are not unusual) and the parties have to ensure that the document processing system used for the case is able to amend the scope of the RFI quickly in order to move forward. Often the EC will also request that search terms are applied not only in English, but additionally in the language of the country where the company is headquartered. Finally, the search term list can include “legal” search terms, such as “merger control”, “divestment” or “remedies”. The Draft Guidelines indicate that the EC focuses its request on commercial, ordinary course of business documents which, in our view, is in line with the purpose of a document request, i.e. allowing the EC to obtain the factual business information in order to assess the transaction (as opposed to receiving legal documents / analysis which, in any event, will normally be privileged). It would therefore be helpful if there could be a clear focus on business-related search terms in the EC’s RFI search term lists (and no inclusion of “legal” search terms).
Relevant time period. The EC normally requests documents from the relevant custodians for a time period of 3 years, in some cases even 5 years.
How to provide the documents
File format. The EC requires that all documents are provided in native format and PDFs or other image files have to be made searchable prior to submission. The background is that the files have to be ready to be indexed and searchable on the EC’s e-search platform (as we understand that Case Teams normally perform additional targeted searches over the documents provided by the parties).
Although native file format is required, documents and emails should not be produced in electronic storage containers such as PST email boxes (outlook), NSF email boxes (Lotus Notes) or any other email mailbox format. Additionally, documents also need to be extracted from zip file containers. For example if you have an outlook mailbox, the emails need to be extracted and saved as single files such as .msg format. If you have a zip file, documents need to be extracted.
File size. The RFI “standard template” also requests that files should not be larger than 30 MB in size. This request can be somewhat problematic in case of larger files such as PowerPoint presentations / Excel files (which have to be split into multiple smaller documents and therefore are no longer be in their native format).
Password protection. The files should not be password protected. Efforts need to be made to obtain and remove passwords. These efforts relate to asking the business to provide a full list of passwords for all responsive documents (which can be very burdensome in particular for older documents for which the password may not be easily retrievable / no longer be known). If passwords cannot be retrieved, a form of password “cracking” may need to be performed in order to comply with the EC’s instructions (and the attempts explained to the EC in the accompanying report).
Index. An index is required which needs to contain very detailed metadata for each document that is submitted. This index can normally be created automatically from an e-search platform during the document export / production stage.
Documents exempted from the scope of the RFI
Legal privilege. The standard EC document RFI includes reference to the case law of the European courts on the scope of legal professional privilege (LPP) (which relates to cartel cases but is nevertheless used by the EC in merger control cases as well). Also, instructions are given for producing a privilege log which serves the purpose of justifying the party’s privilege claim. The privilege log needs to include a significant amount of information, including a high-level summary of each document that is being withheld. In some cases, the Case Teams have shown some flexibility as to the practical approach to privilege (e.g. the withholding of documents from US lawyers belonging to the same international law firm) and the requirements of the privilege log. See also my blog post on this topic: http://risk.freshfields.com/post/102e74q/legal-professional-privilege-in-eu-merger-control
Privacy. There are no express exemptions in the standard RFI document for private documents, i.e. those unrelated to the business (e.g. private conversations, sickness, holidays), or HR-related correspondence / documents (e.g. job applications, bonuses, performance feedback on employees). In light of the GDPR which has recently entered into force it would be helpful if the EC’s standard RFI template / the Guidelines could provide for such exemption. Furthermore, if there is a chance that any EU based custodians are subject to a similar request by a non-EU based competition authority careful consideration needs to be given on the export of the data collected to ensure that privacy rules are respected.
In the accompanying report, the process of the document collection needs to be explained in detail. Persons responsible for the document collection need to be identified, including all instructions that were prepared for this purpose. In case of oral instructions the person who gave the instructions has to be identified and a description of the content of the instructions has to be given. All persons who assisted in the document collection (incl. IT forensic specialists) have to be identified.
When using forensic software tools to identify or collect electronically stored information (which is nowadays standard) the underlying audit logs have to be produced. It is vital that vigilant planing and questioning is conducted at the start of the exercise, so that the RFI can be replied in a complete manner. As company IT systems are not the same and there are many different ways documents can be view / worked on / saved, it needs to be ensured that external advisers (law firm IT e-discovery experts and lawyers) understand the technical input received from the company IT experts.
The company has to confirm that the response to the RFI has been prepared and assembled in accordance with the instructions set out in the RFI and that it comprises all documents responsive to the RFI. In addition, the company has to confirm that the documents (originals or copies) submitted are true, correct and complete. Given the very large volumes of documents it seems very demanding / in practice not possible for the company to confirm completeness. It would therefore be sensible to require only a “substantial compliance” with the RFI (as is the case for US Second Requests).
Commissioner Vestager: "Internal documents can be important for complex mergers [...] internal documents can help us make better decisions. They can help us understand the markets, and the companies’ plans for the future. But of course, in a merger case, timetables are short. We know businesses face serious pressures of time. That's why we’ve decided to start preparing a set of best practices on these requests for internal documents in merger cases, which we aim to publish in the coming months."