On June 30, Mexico enacted sweeping reforms to its Federal Economic Competition Law, creating a powerful new antitrust agency, the Comisión Nacional Antimonopolio (CNA), and expanding its scope of enforcement. For U.S. tech firms operating in Latin America’s second-largest economy, the new law marks more than a regulatory update. It signals a shift in how platform dominance, data use, and cross-border mergers will be scrutinized in the years ahead.
Mexico’s tech market has long been lucrative for Silicon Valley. Google, for instance, dominates the search market and digital advertising. Meta controls social and messaging channels. Microsoft sells cloud, software, and services across the enterprise spectrum. But with market power now comes heightened antitrust exposure.
One of the law’s most consequential changes is the lowering of the merger review threshold to 837 million pesos (roughly $48 million). That figure may sound modest in the context of Big Tech, but it’s a direct strike at smaller acquisitions that previously escaped notice—a practice often referred to as “killer acquisitions.” Think early-stage startups with novel algorithms, niche user bases, or proprietary datasets. Deals that once flew under the radar may now trigger retroactive scrutiny, with a three-year “look-back” window baked into the statute.
The CNA also inherits broad new powers to demand data access from transnational digital platforms, even if their corporate owners lack a physical presence in Mexico—a move that mirrors provisions in the EU’s Digital Markets Act. Fictional Article 12 BIS, for example, gives the agency teeth to investigate pricing, platform interoperability, and user targeting—building on existing powers to require information. These are precisely the kinds of issues that have resulted in major regulatory actions elsewhere but remained under-regulated in Mexico. Those days are over.
Compliance has evolved from reactive damage control to strategic risk mitigation. Mexico’s competition authority now offers immunity or leniency through its new certification program—but only to companies that demonstrate substantive compliance infrastructure: board oversight, independent audits, and continuous monitoring systems.
The shift mirrors Europe’s enforcement approach, where regulatory authorities scrutinize implementation, not just documentation. For multinationals operating across these jurisdictions, the message is clear: paper programs invite penalties, while operational compliance frameworks provide legal protection.
Under the new system, there are real consequences for falling short. Fines can now reach up to 15% of revenue for cartel-like behavior, a significant increase from the previous cap. Companies that run afoul of the rules in government procurement—an area where Microsoft, Amazon, and others are active—risk being banned from public contracts for up to five years. And in a marked departure from past practice, Mexican authorities are now cooperating with their U.S. and Canadian counterparts, sharing evidence and coordinating investigations across borders as required by North American trade agreements.
This major legal reform demands that tech companies adapt, which means reassessing M&A strategy, retooling compliance infrastructure, and aligning their legal policies across North America. Mexico’s new regime is not just tougher—it will operate at unprecedented speed. Delay and deliberation are no longer tolerated. A missed deadline could mean the difference between a manageable fine and leaving the market.
Tech giants accustomed to battles in Brussels and Washington now face a third front: Mexico City.
Mexico’s competition authority isn’t simply rebranded—it’s been transformed into a new actor with a far sharper bite. The agency now has investigative tools and authority to coordinate with U.S. and European regulators. Where Mexico once offered lax, fragmented oversight, companies now confront a unified approach with international reach.
In effect, this triangulates global tech regulation. Executives who built compliance strategies around transatlantic rules must now account for Mexican law and enforcement priorities. The ripple effects extend across Latin America, where other governments are watching Mexico’s approach as a potential blueprint for their own tech crackdowns.
For an industry already managing complex compliance matrices across multiple jurisdictions, Mexico adds both immediate risk and strategic opportunity. Companies that invest early in understanding the new enforcement landscape—through local counsel, regulatory mapping, and proactive engagement—position themselves advantageously as the authority builds its case portfolio.
The alternative is reactive scrambling when investigations begin. For technology companies operating in interconnected global markets, regulatory missteps in Mexico City now carry reputational and legal consequences far beyond Latin America. Early preparation has shifted from prudent risk management to competitive necessity.
