The Bundeskartellamt has granted approval for the merger between Palo Alto Networks, Inc. and CyberArk Software Ltd. following an in-depth review.

The investigation revealed that the merger does not raise significant competitive concerns. The merger aims to combine different solutions in the enterprise security software sector.

Andreas Mundt, President of the Bundeskartellamt, stated that the review showed both companies will continue to operate in dynamic and competitive markets post-merger. They do not hold a position that would allow them to exclude competitors through product bundling or to bind customers in a competitively concerning manner.

The investigation focused on potential conglomerate effects, which refer to competitive impacts arising from the combination of complementary products or services. Such effects are increasingly significant in software and technology markets. In this case, it particularly involved CyberArk's Privileged Access Management solutions for controlling and securing sensitive access rights, while Palo Alto Networks specializes in network and cloud security.

Although there are functional connections between their product portfolios, there are only minor overlaps in the products offered by both companies. The market investigations also indicated that numerous capable competitors are active in all affected markets, including providers with similarly broad portfolios and large cloud companies. There are no expected isolation effects from bundling or coupling of products.

Customers and other market participants assessed the risk of lock-in effects, often characteristic of software markets, for the products of the merging parties as relatively low. Additionally, the technical bundling of products is considered challenging by market participants. The affected markets are also notably characterized by multi-vendor strategies, as customers aim to avoid dependencies on single providers. Concerns were also raised that excessive concentration on a single provider's product bundles could potentially increase vulnerability to cyberattacks.