The FTC Turned Brand Safety Into an Antitrust Problem
When the World Federation of Advertisers shut down GARM in August 2024, most of the industry treated it like a legal nuisance. Elon Musk sued, a nonprofit folded, and everyone moved on. Looking back, that was probably the clearest warning sign of what the FTC had planned next.
The FTC announced Monday that it’s in active settlement negotiations with Dentsu, Publicis, and WPP over whether those holding companies violated federal antitrust law by coordinating ad boycotts against platforms including X. FTC lawyer Thomas Byron told the U.S. Court of Appeals for the D.C. Circuit that public announcements on settlements are expected "soon." Havas and Horizon Media were also named in the investigation, though their settlement status is less clear.
The proposed terms would require these agencies to commit to not directing clients’ ad budgets away from media platforms based on political content. Individual advertisers can still choose to avoid specific sites. But the agency can’t make that call on their behalf.
If that language sounds familiar, it should. The FTC imposed nearly identical conditions on Omnicom when it approved the $13.5 billion IPG merger earlier this year. Under that 10-year consent decree, Omnicom is barred from directing, refusing, or conditioning ad placements based on political or ideological viewpoints. That includes viewpoints "as to the veracity of news reporting" or content characterized as "misinformation" or "disinformation." The decree even requires an independent compliance monitor.
Three more holdcos are about to sign up for something similar.
The interesting question is what happens to your exclusion list
I think most agency executives will sign these agreements without much of a fight. The alternative is a federal antitrust lawsuit, and the math on that is pretty straightforward. The more interesting question is what this means downstream, at the brand level, where someone actually has to decide which sites to buy on.
The practical shift is this: under these settlements, an agency can’t maintain a company-wide blocklist that keeps all its clients off certain publishers for ideological reasons. If Publicis had an internal policy to deprioritize spending on platforms it considered politically toxic, that’s now a potential antitrust violation. The agency becomes a neutral execution layer.
But a client (a brand, an advertiser) can still tell its agency to avoid specific sites. That’s still legal. The distinction matters, because it means the compliance burden just moved. It used to sit with the agency’s brand safety team. Now it sits with the client’s legal and marketing team.
If you’re at a brand that relied on your agency’s default exclusion lists to keep your ads away from controversial content, those lists are going away. Or at minimum, they can’t be applied unless you explicitly request them. And "explicitly" in an FTC consent decree context means documented, specific, and defensible.
Brand safety vendors are stuck in a gray area nobody wants to talk about
One thing that hasn’t gotten enough attention in the coverage: what happens to third-party verification companies like DoubleVerify and Integral Ad Science?
Digiday’s analysis of the Omnicom-IPG decree flagged this specifically. The FTC’s order prevents agencies from using exclusion lists from companies like DoubleVerify or IAS unless clients explicitly request it. But those verification tools categorize content into brand safety tiers, and some of those categories overlap with what the FTC might consider "political or ideological." Misinformation filtering, news quality ratings, even categories like "debatable social issues" could conceivably fall under that umbrella.
Forrester analyst Jay Pattisall noted that "nearly all media plans are decided by advertisers" and that "clients are the ultimate decision-authorities for buying media, not agencies." Which is technically true and practically misleading. In reality, agencies build the plans, recommend the publishers, configure the brand safety tools, and present options. The client approves. If the agency can no longer bake certain exclusions into the default setup, the client has to proactively ask for them. Most won’t think to.
From what I’ve seen, the default drives behavior far more than anyone admits. Changing the default from "excluded unless you opt in" to "included unless you opt out" will shift where a lot of money lands. And honestly, I’m not sure most brand teams have the infrastructure to make site-by-site decisions at the speed programmatic requires.
Three things to do before the settlements go public
There’s a specific set of moves that makes sense right now regardless of which holdco your agency belongs to.
First, ask your agency what their current exclusion list policy is and whether it’s been updated since the Omnicom-IPG decree. If they give you a vague answer, push harder. You need to know whether you’re inheriting a default list or building your own. The agencies that already moved to client-specific lists are ahead. The ones still running a blanket policy are going to have a scramble on their hands when the next round of consent decrees lands.
Second, get your brand’s exclusion criteria documented internally, independent of whatever your agency provides. This means putting your actual red lines in writing: what categories of content you genuinely can’t appear next to (regulated industries, specific adjacency concerns) versus what you were avoiding because your agency’s default list told you to. I’d guess most teams would find that less than half their blocklist reflects genuine brand risk. The rest is inherited defaults nobody ever questioned.
Third, talk to your verification vendor directly. If you’re using IAS or DoubleVerify through your agency’s account, find out which categories are being applied to your campaigns. The settings may change without anyone telling you, because the agency may be forced to change them.
One thing worth watching: Ad Fontes Media, the news rating company, was also named in the FTC investigation. NewsGuard has already sued the FTC over the Omnicom-IPG condition, arguing it’s unconstitutional. If the courts agree, some of this gets unwound. If they don’t, the entire content rating ecosystem has a new legal constraint to operate under.
The compliance paperwork has a return address, and it’s on the client side
The timeline here matters. GARM died in August 2024. The Omnicom-IPG decree landed earlier this year. And now the three remaining major holdcos are likely signing similar agreements within weeks. In roughly 18 months, coordinated ad boycotts went from standard industry practice to potential federal antitrust violations.
I think the agencies will adapt quickly because they don’t really have a choice. The harder adjustment is for the brands who were, whether they realized it or not, outsourcing a legal decision to their media buyer. That arrangement is over.
Most marketing teams of 5-15 people don’t have an antitrust lawyer reviewing their media plan. They have a media planner and a quarterly brand safety review that takes 20 minutes. That gap between what the FTC expects (documented, client-specific, defensible exclusion decisions) and what actually happens (copy last quarter’s list, nobody questions it) is where the real risk lives now.
We’ve already seen what happens when AI systems make brand safety calls without human oversight. Add the FTC’s interest in how those calls are made at scale, and you’ve got a genuinely different operating environment for anyone buying media.
The agencies signing consent decrees this month aren’t the end of this story. They’re probably closer to the first chapter of a much longer compliance manual nobody wanted to write.
