Recently, the Competition Commission of India (CCI) concluded its examination of a complaint against Microsoft concerning the bundling of antivirus software with its Windows operating system. The CCI acknowledged Microsoft’s defense, highlighting that users retain the freedom to select antivirus solutions beyond Microsoft Defender. Furthermore, the regulator found no substantial evidence indicating that Microsoft’s practices have led to market foreclosure in the antivirus solutions sector.
Arguments
The complaint, lodged by an anonymous individual, asserted that Microsoft does not provide users with the option to install Windows without Microsoft Security Essentials. By integrating the antivirus software as a pre-installed and pre-activated default, the complainant argued that Microsoft effectively shields Microsoft Defender from competition with third-party antivirus vendors, thereby stifling capital investment and technological advancements within the antivirus software market.
Since the launch of Windows 10 in 2015, Microsoft has bundled its operating system with Microsoft Defender as the default antivirus solution. The complainant claimed that Microsoft mandates every Original Equipment Manufacturer (OEM) producing Windows OS-based devices to include this antivirus software, rendering the bundling compulsory.
Why Default Status is Crucial for Antivirus Software
The complainant emphasized that the effectiveness of an antivirus program is closely tied to its status as the default option. Essential features such as real-time protection, automatic background scanning, and timely updates are typically accessible only to the default antivirus application. Without this default status, third-party antivirus software may struggle to access critical functionalities, undermining their capacity to protect users effectively. This disadvantage could ultimately lead to the exclusion of competing solutions from Windows devices over time.
Moreover, the complainant argued that Microsoft has limited separate commercial agreements for the pre-installation and pre-activation of third-party antivirus software. While third-party applications can be pre-installed, they cannot be designated as the default antivirus. Additionally, developers of third-party antivirus solutions must comply with Microsoft’s terms to access the Antimalware API, which lacks protective guarantees. Competing solutions can only enter the Windows ecosystem through the Microsoft Store, sideloading, or OEM agreements—each presenting its own set of challenges. Access to the Store necessitates MVI (Microsoft Virus Initiative) membership, sideloading is often complicated and accompanied by security warnings, and OEM agreements permit pre-installation but not default activation, while Microsoft Defender remains both pre-installed and pre-activated, thus enjoying a competitive advantage.
Does Microsoft’s Data Collection Give it an Advantage?
The complainant further alleged that Microsoft collects extensive telemetry and app usage data from MVI members, granting it access to sensitive device information. Microsoft allegedly utilizes this insight to enhance Microsoft Defender by integrating successful features from competitors, thereby weakening the competitive landscape for third-party antivirus solutions and discouraging developers from joining MVI due to the risk of compromising their proprietary information and market position.
Submissions by Microsoft
In response, Microsoft argued that the integration of Microsoft Defender into the Windows OS aligns with industry standards and ensures ongoing protection against cyber threats. The company clarified that Defender is not a standalone product but rather a built-in feature provided at no additional cost. Furthermore, Microsoft stated that Defender automatically disables itself when a user opts to install a third-party antivirus solution.
Regarding the MVI program, Microsoft contended that it facilitates collaboration among antivirus vendors to enhance malware detection voluntarily. Users retain the ability to install and utilize third-party antivirus solutions that are not part of MVI. Additionally, Microsoft maintained that OEMs are free to pre-install alternative antivirus software, provided it meets stringent quality standards, with MVI membership serving as an indicator of reliability. The company also asserted that it does not extract privileged technological information from its antivirus competitors, accessing only publicly available data.
How Bundling Impacts Markets
The CCI previously established key criteria for assessing cases of tying or bundling:
- Separate Products: The tying and tied products must be distinct from one another.
- Market Dominance: The entity accused of tying must possess a dominant position in the market for the tying product.
- Lack of Consumer Choice: Customers must be unable to obtain the tying product without also acquiring the tied product.
- Anti-Competitive Effect: The tying arrangement must have the potential to restrict or foreclose competition in the relevant market.
In this instance, Microsoft argued that Defender functions as an integral feature of the OS, offered at no extra cost to Windows users. The company also contended that it does not hold a dominant position in the relevant market. However, the Commission disagreed with Microsoft’s assertion that Defender is merely a core security feature of the Windows OS, emphasizing the existence of independent antivirus developers that demonstrate separate consumer demand and a distinct market for antivirus software.
Moreover, the Commission determined that Microsoft holds a dominant position in the computer security (antivirus) software market for Windows OS in India. Consequently, the case satisfied the first two conditions for anti-competitive tying. Nevertheless, the Commission noted that there is no element of coercion compelling users to purchase or utilize both products together, stating, “Despite the presence of Microsoft’s built-in security software, multiple well-established and prominent players continue to operate in the market without significant barriers to entry or exclusion.”
The Commission also remarked that it found no evidence indicating that Microsoft’s practices have impeded technical or scientific development, nor was there any indication that Microsoft imposed restrictions or mandatory conditions on users regarding the use of Microsoft Defender.
Default Bundling’s Influence on Market Competition
This raises questions about whether users genuinely possess meaningful choices when confronted with default security settings. Many users tend to overlook the extra steps required to uninstall pre-set software, particularly when they perceive it as essential for their security. Default status fosters inertia, leading users to stick with what is already installed rather than actively seeking alternatives.
Consider the experience of attempting to uninstall McAfee—Microsoft’s partner—only to find oneself ensnared in a seemingly endless loop of prompts. Such experiences highlight concerns about the ease with which users can opt out of Microsoft Defender, further complicating the discussion surrounding the impact of default bundling on market competition.
In previous rulings involving WhatsApp (2020) and Google (2020), the CCI determined that tying or bundling did not constitute anti-competitive behavior, as it did not involve coercion—a perspective that similarly applies in this case. Under Indian jurisprudence, ‘tying’ refers to a practice where a seller conditions the sale of one product or service on the mandatory purchase of another distinct product or service.
Reevaluating Coercion and Consumer Inertia in Digital Markets
The European Commission (EC) in its 2020 antitrust case against Microsoft noted that, while downloading is a technically inexpensive method for distributing media players, vendors must invest resources to overcome end-user inertia and persuade them to disregard pre-installed options. In the present case, the CCI did not account for consumer inertia when assessing the implications of the pre-installation scheme.
This strict interpretation of coercion neglects the unique characteristics of tying in the digital market, where default settings, pre-installation, and ecosystem lock-in can effectively restrict consumer choice—differing from traditional scenarios where customers actively select products.
Blurry lines between user Inertia and explicit coercion
In digital markets, user inertia plays a pivotal role, rendering pre-installed or default options the de facto choice for most consumers, even in the absence of explicit coercion. In essence, coercion in digital tying cases should ideally be evaluated at the point of sale rather than inferred from consumer behavior post-purchase.
The European Commission’s case regarding the integration of Windows Media Player with the Windows Operating System serves as a pertinent example, as it was deemed an illegal tying arrangement violating Article 102 of the Treaty on the Functioning of the European Union (TFEU).
Furthermore, the OECD Report on Abuse of Dominance suggests that in digital markets, coercion should not be interpreted in its traditional sense. It posits that even subtle influences—such as pre-installation—can functionally equate to coercion by shaping consumer choices. This indicates that dominant entities in digital markets have strong incentives to tie or bundle their products to reinforce their market position. Given that digital markets often operate independently of traditional pricing factors, one could argue that the threshold for ‘coercion’ should be set lower and evaluated subjectively under the rule of reason to safeguard competition. The CCI’s order implies that it views market foreclosure as a concern only when it results in tangible and significant harm to competitors.
