There are vital technology-specific issues to consider when acquiring a technology company.
Does the Company Have Adequate IP Rights?
Clear ownership or adequate rights to use all relevant intellectual property (IP) is critical. IP is the cornerstone of the business. A company that does not have a clear IP title risks third-party infringement claims that can kill the business.
Buyers must identify what IP is critical to the company's operations and ensure that it either owns or has the rights to the IP used in its operations or incorporated into its products and services. This includes ensuring that third parties (employees, contractors, service providers, and research institutions) involved in developing the IP have assigned all rights to the company. Buyers should review databases of appropriate administrative bodies to ensure the company owns all applicable registered IP and no third-party interests are registered against the IP.
If the company does not own the IP, buyers should understand how the company is permitted to use the IP. This includes understanding the scope of any licenses for any material company IP.
For non-US companies that use employees or independent contractors to develop their technology, confirm that the company has waivers of moral rights from these third parties. Moral rights grant the author of an original work covered by copyright certain rights to that work without any need for registration.
The use of open-source software by the company also has risks. This can include creating obligations on the company using the open-source software to make available, at no charge, the source code of any program or software that incorporates the open-source software. Consider engaging a third-party provider to audit the company’s source code. This will help the buyer understand if there are any open-source issues or issues relating to the potential infringement of third-party IP.
Data Rights and Use of Personal Information
Data is often a key driver of value. Buyers should work to understand how the company uses data and its data practices, focusing on contractual obligations on the collection, use, and transfer of data. The review should include examining the company’s policies surrounding personal information, verifying compliance with applicable data protection laws, and obtaining consent to transfer data where necessary. The review should cover all privacy policies, internal data use policies and the company’s privacy practices.
If the company’s data practices involve processing personal information, buyers should know what laws apply and whether the company has implemented processes that comply with applicable data protection laws, privacy laws, and third-party agreements.
If the proposed transaction results in a transfer of ownership of the data, buyers should ensure that the company has the necessary rights and consents to transfer the data.
Issues relating to inappropriate data use may be expensive or impossible to remedy. Buyers must have a clear understanding of the company’s data practices.
Ownership and Voting Structure
In a company's launch and growth stages, numerous types of investors may acquire equity. Maintaining accurate corporate records may not be a priority for early-stage companies. This can complicate things in the acquisition process. Buyers must clearly understand who the company’s shareholders are and any rights they have that could impact the acquisition. This may include voting or dissolution rights associated with any particular share class or investor.
It is common for high-growth companies to use options or warrants to incentivize internal and external stakeholders to support their growth. The buyer must review the terms and vesting schedules of any options, warrants, or convertible securities issued by the company.
It is also critical that the buyer ensures that the appropriate shareholders approve of the transaction or are required to sell their shares. For a share sale, buyers must understand each shareholder and ensure that it is purchasing all of the company’s shares. A review of the chain of title of shares is essential to help ensure that buyers are purchasing all of the company’s shares. Buyers must also ensure that each shareholder has the right to transfer shares to the buyer. A review of the company’s minute books and relevant agreements, like shareholder agreements, are critical to ensure a complete understanding of the company’s ownership and voting structure information.
Cybersecurity
Data security is critical to protecting a business’s assets and operations. A data breach can be highly damaging to a company’s value. Unauthorized access to confidential business or sensitive customer information can cause financial and reputational harm. Cybersecurity due diligence helps lower the risk of future data breaches, regulatory fines, and privacy breach proceedings.
Buyers should review a company’s cybersecurity practices, identify vulnerabilities that could be exploited, and address cybersecurity risks before they turn into issues. This review should contemplate the sensitivity or value of the stored data and monitor any gaps in data security. The more sensitive data is, the more secure it must be. Buyers should also review the company’s cyber response plan to ensure it has adequately contemplated cyber risk and has a robust plan to manage, mitigate or remedy any cyber threat.
Regulatory Risk and Life Cycle Issues
In early software development stages, it is not uncommon for technology companies to focus on product development that meets functional specifications. This may develop a functionally sound solution that does not contemplate regulatory requirements imposed on the company or its customers. This can arise when a solution initially designed for one industry or jurisdiction is made available to customers in another industry/jurisdiction where regulatory obligations differ. Also, regulations evolve, and products and services must continually be updated to reflect these changes.
Buyers should ensure the company’s technology complies with its and its customer’s legal obligations and contemplate anticipated changes in laws to best ensure the technology will not be obsolete by these changes.
If the company’s solutions do not meet all applicable regulatory requirements, it could face significant liability from customers, third parties, and governmental agencies.
The fast-evolving nature of disruptive technology means the life cycle of the company’s technology should be considered. The review should consider the technology's scalability, functionalities, and development potential.
Addressing the Risk
If issues are identified, buyers should consider how they can be addressed. The company may be able to address the concerns pre-closing. The purchase agreement should include targeted representations and warranties addressing these matters.
If the issue cannot be addressed pre-closing, buyers may wish to negotiate a reduction in the purchase price to reflect the risk assumed and the cost to remedy the risk post-closing. Buyers may consider a specific indemnity to address the risk for known issues and consider a holdback of a purchase price portion that buyers can set off against losses due to the identified issues.