Author: mariasernadiezderevenga

Trick or treat? Lessons from the Abengoa Case

In the toolbox of EU competition enforcement, Inability to Pay (ITP) is a curious instrument. It exists, it’s official, and it’s mentioned in the Commission’s 2006 Fining Guidelines (point 35, to be precise). But for many, it feels a bit like a theoretical lifeboat: part of the ship’s safety design, yet rarely deployed — and almost never spotted returning to shore.

The principle behind ITP is simple: fines, however justified, should not irreparably sink a company. Deterrence matters — but not at the cost of economic annihilation, massive job losses, or collapse of vital services. There’s a recognition, albeit understated, that competition policy doesn’t operate in a vacuum. As such, where a fine would “irretrievably jeopardise the economic viability” of an undertaking and “cause its assets to lose all their value”, a reduction is possible, within a specific social and economic context.

Yet possible does not mean probable. Between 2000 and 2019, only 18% of ITP claims were successful. Most companies that knock on this particular door find it firmly shut — if not locked from the inside.

So, is ITP just a mirage of mercy? Or is it doing exactly what it’s meant to do — provide a lifeline for the few, not the many?

Let’s turn to a real case.

Abengoa: When the Threshold Is Met

Abengoa — once a major player in renewable energy and ethanol production in Europe — recently found itself on the receiving end of a €20 million fine by the Commission. Its offence? Participating in a cartel aimed at manipulating ethanol price benchmarks published by Platts, an infringement that spanned nearly three years and affected the entire European Economic Area.

The case was serious, and the evidence compelling. But what made it remarkable, procedurally speaking, was that Abengoa submitted a request for fine reduction under the ITP mechanism — and the Commission accepted it.

Yes, you read that correctly. In a world where 4 out of 5 such requests fail, Abengoa succeeded.

Why?

Because Abengoa had long been navigating stormy waters: it had undergone painful restructuring, faced multiple insolvency proceedings in Spain, and was the subject of national and international concern. Its financial vulnerability wasn’t speculative — it was structural and well-documented.

The Commission, after thoroughly examining the company’s accounts and the state of implementation of its restructuring plans, granted a reduction. It didn’t tear up the fine altogether (nor should it), but it acknowledged the exceptional context. Combined with a 10% discount for settlement cooperation, the final sanction reflected both gravity and economic realism.

A Safety Valve, Not a Safety Net

The takeaway from Abengoa is not that the ITP door is now wide open. It isn’t — and it shouldn’t be. A system that routinely allows companies to plead poverty after breaching EU law would undermine deterrence and incentivise moral hazard.

But it does suggest something more subtle, and arguably more important: that the ITP mechanism works when it is supposed to. Its rarity is not necessarily a sign of failure, but of design. After all, emergency exits are not meant to be the main route — they’re there for when all others are blocked.

If anything, Abengoa shows us that ITP is not a loophole but a disciplinary exception. It’s hard to get, it demands full transparency, and it requires the Commission to balance legal firmness with economic insight.

And perhaps, as enforcement becomes more entangled with questions of social sustainability, the real question is not whythe ITP is used so little, but whether we’re ready to accept that some safeguards should only work when everything else doesn’t.

A fire extinguisher isn’t broken just because it spends most of its life behind glass.

RFIs, WhatsApps and Secrets: Anatomy of a Procedural Paradox

Disclaimer

While this case arises under Council Regulation (EC) No 139/2004 on the control of concentrations, and not under Regulation 1/2003, it is worth noting that the legal provisions governing the protection of confidential information share essentially the same material content across both frameworks. Moreover, the European Commission’s guidance on the use of confidentiality rings expressly applies to procedures conducted under both merger control and Articles 101 and 102 TFEU. For these reasons, and given the broader relevance of the issues at stake – including access to personal data, the right to privacy, and procedural fairness – this article engages with the legal questions surrounding confidentiality and the potential use of confidentiality rings, even in the context of merger proceedings.

1. A far-reaching RFI, two firms, and many open questions

In October 2022, Vivendi notified its acquisition of sole control over Lagardère. The transaction was cleared in June 2023 with commitments. Not long after, the Commission opened an investigation into alleged gun jumping.

In September 2023, it issued two RFIs under Article 11(3) of the Merger Regulation. These RFIs required both companies to produce documents containing certain keywords, including emails and messages exchanged through private accounts and personal devices of employees and company officers, as long as they had been used even once for professional purposes.

The breadth and nature of these demands raised eyebrows: could a company comply with such requests without breaching privacy rights, professional secrecy or – worse – criminal law under national legislation?

2. Interim relief: when cooperation may become criminal liability

Both Vivendi and Lagardère challenged the RFI Decisions before the General Court, also requesting interim measures. Lagardère argued that complying with the RFI would force it to commit a criminal offence under French law (notably Article 226-1 of the French Penal Code), as it would involve accessing private communications without consent.

Initially, the General Court dismissed the application for interim measures, finding no urgency. But this was overturned by the Vice-President of the Court of Justice[1], who ruled that the risk of criminal liability was sufficiently concrete to justify interim protection. The harm, he observed, was not only legal but reputational: “the stigma attached to a criminal conviction and the breach of trust[2] with employees amounted to serious and irreparable harm.  

The key point here is not whether criminal sanctions were likely to be imposed eventually, but rather that the company would be forced to adopt conduct that could amount to a criminal offence, placing it in an impossible position: comply with the Commission and violate national law, or refuse and face penalties under EU law.

3. Where were the confidentiality rings when they were most needed?

The case invites a natural question: why were confidentiality rings not used?

Confidentiality rings are a tried and tested mechanism for reconciling the need for access to sensitive information with the rights of those who provide it. They allow confidential data to be reviewed by a limited circle- external counsel-under strict safeguards. The Commission’s own guidance promotes their use in both antitrust and merger proceedings.

In Vivendi/Lagardère, the Commission did attempt to introduce data room protocols and assurances, particularly concerning sensitive personal data and journalistic sources. However, as the Court observed, these safeguards were largely informal – outlined in a letter, not embedded in the RFI Decisions – and therefore legally uncertain.

More importantly, the Court took a firm stance: mere access to personal data can, in itself, constitute a serious interference with the right to privacy under Article 7 of the Charter and Article 8 ECHR[3]. This marks a shift: where in Akzo[4] the mere reading of privileged documents was not considered a violation, here the simple act of accessing private data is enough to tip the balance.

4. Possession, control, and legal impossibility

A further procedural twist is the question of possession and control. Lagardère pointed out that the documents requested were not in its possession or under its control, but rather in the private realm of its employees. This posed an obvious problem: how could the company be sanctioned for failing to produce documents it neither held nor could lawfully access?

Interestingly, Article 11(3) of Regulation 139/2004 allows the Commission to address RFIs directly to natural persons. This would have been a procedurally safer route, as those individuals clearly control the documents. By addressing the RFI to the company instead, the Commission arguably placed it in a legally contradictory position, between national criminal law and its EU obligations.

In other words, the Commission may have overreached – not in its intent, but in its choice of procedural vehicle.

5. A delicate change: privacy above legal privilege?

Another conceptual point arises from the comparison between privacy and legal professional privilege (hereinafter, “LPP”).

In Akzo, the Court held that the harm of reading privileged documents could only arise if the Commission relied on them in its decision-making. But in Vivendi, the Vice-President made clear that mere access to personal data constitutes harm, even if the documents are not used. This suggests a potential recalibration of fundamental rights, with privacy taking centre stage in digital-age enforcement.

This does not mean LPP is weakened – but it may indicate that privacy, in its own right, is gaining greater procedural protection, particularly when the volume and sensitivity of data are significant.

Conclusion: Towards a new procedural equilibrium?

The Vivendi/Lagardère case is more than a procedural scuffle. It is a revealing episode in the broader tension between the Commission’s investigatory powers and the fundamental rights of the parties involved. The Commission must be able to investigate effectively-but not at the cost of violating national law or undermining constitutional guarantees.

So where does that leave us?

Confidentiality rings offer one practical solution. Their absence in this case is telling. As RFIs become broader, deeper, and more digitally invasive, such safeguards should not be optional, informal or post hoc – they should be embedded ex ante into the procedural DNA of the request.

Because if EU competition law now demands access to private WhatsApp chats and personal emails, it also demands that we rethink the balance between enforcement and rights.

Should we allow companies to be squeezed between conflicting legal obligations without procedural relief? Or is it time for the Commission- perhaps the legislature – to develop clearer frameworks that protect privacy without paralysing enforcement?

The Court will answer in time. But the question can no longer be ignored.

[1] Order of the Vice-President of the Court of April 11 of 2024, Lagardère SA v European Commission, Case C-89/24 P(R), ECLI:EU:C:2024:312.

[2] Ibid, paragraph 77.

[3] Order of the Vice-President of the Court of April 11 of 2024, Vivendi SE v European Commission, Case C-90/24 P(R), ECLI:EU:C:2024:318, paragraph 100. 

[4] Order of the President of the Court of September 27 of 2004, Akzo, Case C-7/04 P(R), ECLI:EU:C:2004:566.