Structuring and legal considerations

Key laws and regulations

What are the key laws and regulations implicated in technology M&A transactions that may not be relevant to other types of M&A transactions? Are there particular government approvals required, and how are those addressed in the definitive documentation?

While foreign investment in France is generally not subject to restriction, technology M&A transactions may fall under the scope of identified ‘sensitive sectors’ for which a prior authorisation by the French Ministry of Economy is required. Under current legislation (following recent foreign investment reforms), these sensitive sectors include notably electronic communication services and networks, certain dual-use goods and technologies, encryption and decryption systems for digital applications (cryptology), interception, detection of correspondence or conversations, security audit and certification of IT systems or provision of similar services, capture of computer data, security of information systems, space operations, electronic systems used in public security missions, R&D activities in cybersecurity, artificial intelligence, robotics, additive manufacturing and semiconductors, as well as sensitive data storage. The detailed definition of such sensitive sectors varies depending on whether the investor is (or is not) a resident of, or incorporated in, an EU or EEA country. Should the target company or target asset be active in a ‘sensitive sector’, the prior clearance of the French Ministry of Economy shall be required as a condition precedent for the following three types of transactions:

  • the acquisition, directly or indirectly, of a controlling interest in a French company (a share deal);
  • the acquisition of all or part of a branch of activity of a French company (an asset deal); and
  • the acquisition of an interest of 33.33 per cent or more of the share capital of a French company (where the investor comes from a non-EU or non-EEA country).

Other regulatory approvals may also apply in relation to specific regulated technology activities such as encryption, whose import and export must either be notified to or authorised by the French authorities depending on the level of encryption.

Government rights

Are there government march-in or step-in rights with respect to certain categories of technologies?

As mentioned in question 1, investment by a foreign investor in specific technology businesses or assets may require prior clearance by the French Ministry of Economy.

In addition, the French Ministry of Defence has a right of expropriation over inventions and semiconductors for national defence purposes. In particular, the French state is allowed to expropriate whole or part of an invention for national defence purposes. This rule applies to patented inventions or inventions for which a patent application has been filed.

Legal assets

How is legal title to each type of technology and intellectual property asset conveyed in your jurisdiction? What types of formalities are required to effect transfer?

IP rights can be assigned alone or as part of an ongoing business (asset deal) or indirectly through the sale of the company holding said IP rights (share deal).

When assigned alone or as part of an asset deal, trademarks, patents, semiconductors and denomination of origin must be assigned in writing. To be enforceable against third parties, patent, semiconductors and trademark assignments must be published in the relevant IP register, which can be at a national, EU or international level depending on the nature of the IP right. Although the French Intellectual Property Code identifies only certain types of copyrights that need to be assigned in writing, it is recommended that any type of copyright be assigned through a written instrument and that such assignment be as detailed as possible, including in terms of scope, purpose, territory and duration. In France, since software falls under copyright protection, the assignment of software follows the aforementioned copyright assignment rules. There is no mandatory obligation to assign domain names in writing but it is recommended that they be assigned through a written instrument for evidence and enforceability purposes.

Databases are either copyright-protected (in which case the foregoing copyright assignment rules shall apply) or not, in which case, it is only recommended that they be assigned in writing. For those databases that contain personal data, it is crucial to ensure that such databases are compliant with relevant data protection legislation. Failure to comply may result in the cancellation of the sale or transfer of such illicit databases. In a landmark decision, French courts ruled in 2013 (before the EU General Data Protection Regulation No. 2016/678 (GDPR) entered into force on 25 May 2018, that is, when prior formalities were still required to be followed to process personal data) that a database that had not been reported to the French Data Protection Authority was illicit and thus could not be validly sold.

When the assignment takes place indirectly as part of a share deal, there are no specific formalities that need to be followed to ensure proper conveyance of the IP assets. The buyer should, however, ensure that the correct name of the owner of IP rights is recorded in the relevant IP register so that such rights are enforceable against third parties.

To protect their technology or know-how, many companies prefer to keep their IP assets strictly confidential and elect not to file an application to register those IP assets. Instead, the companies will enter into non-disclosure agreements that allow them to better control the dissemination of such confidential and competitive information.

Due diligence

Typical areas

What are the typical areas of due diligence undertaken in your jurisdiction with respect to technology and intellectual property assets in technology M&A transactions? How is due diligence different for mergers or share acquisitions as compared to carveouts or asset purchases?

Typically, as part of due diligence, a buyer looks at whether the IP assets that are necessary to conduct the target company’s business are owned or licensed to the target company. Among the owned IP assets, it is key to assess whether the target company is the only owner or whether those IP assets are co-owned with third parties (including the target company’s affiliates) to anticipate any potential future licence-back or cross-licence agreements that may need to be entered into with such third parties. The buyer will also enquire about whether the owned IP assets are subject to any potential claim from third parties, contractors or employees that would have participated in the creation of those IP rights. This is also a key issue in respect of software given that most software is developed using open source libraries, which can be contaminating, and thus can subject the target company’s software to certain restrictions in terms of use and distribution.

With respect to the licensed IP assets, the focus at due diligence is whether the target company is the exclusive or sole licensee (ie, whether the target company is the only one authorised to use the licensed IP assets or if the licensor can also use them, in both cases to the exclusion of any third party) or not, or if the licence is not exclusive (ie, third parties can also use them). Most valuable IP assets are usually owned or licensed to the target company exclusively. This assessment requires a thorough review of the different agreements entered into by the target company, including assignment, licence, pledge, customer, service and lease agreements, as well as related terms and conditions. When a carveout is contemplated, acquirers should also ensure that the resulting company will have the necessary IP rights (by way of assignment or licence if the relevant IP rights are to be used by both companies) to conduct its business independently.

Another key area of due diligence is data protection. With the entry into force of the GDPR and the significant sanctions that are now available to data protection authorities, potential buyers are all the more focused on the target company’s compliance with data protection legislation.

Customary searches

What types of public searches are customarily performed when conducting technology M&A due diligence? What other types of publicly available information can be collected or reviewed in the conduct of technology M&A due diligence?

A potential investor or buyer usually carries out searches in publicly available IP databases (eg, INPI for French IP registrations, OAMI for EU IP registrations or the World Intellectual Property Organization for international registrations) to verify the accuracy of the IP-related information provided by the target company. The findings of the searches usually include the name of the registered owner, the dates of registration and potential expiration, the existence of any registered licence or security interest or any other potential type of restraint (such as limited class of products or services for trademarks, or non-payment of the renewal fee in a given country for a patent).

Private databases, that is, databases requiring a subscription fee, may give additional relevant information, including the existence of any past or pending litigation involving the target company as a claimant or as a defendant or involving the target company’s IP assets.

In some cases, such IP databases may also allow the identification of any prior or posterior IP rights owned by third parties, which could constitute an obstacle to the use by the target company (and the potential buyer post-closing) of its IP assets.

With respect to data protection, before the entry into force of the GDPR, the data protection authorities often provided for the list of formalities to be carried out by companies on their respective websites. Even though the GDPR no longer requires formalities to be carried out (since data controllers and processors must keep a register of their data protection activities), such information may still be relevant to assess the target company’s compliance for the period before 25 May 2018.

Registrable intellectual property

What types of intellectual property are registrable, what types of intellectual property are not, and what due diligence is typically undertaken with respect to each?

Not all types of intellectual property are registrable in France. The following are registrable: trademarks, patents, designs and semiconductors. In contrast to common law countries, France does not provide for registration of author’s rights (equivalent of copyrights in the United States).

Software is not registrable; however, source codes may be held in escrow by a third party, such as a public notary or an agency dedicated to software (eg, APP Agency for the Protection of Programs).

Acquirers will usually need to be provided with the list of intellectual property owned or used by the target company or necessary to run the target company’s business on a stand-alone basis. This is particularly important in respect of non-registrable intellectual property since it cannot be found, traced or verified on public databases. The assessment of the nature of non-registrable intellectual property that the target company owns or uses and of the potential associated restraints can be conducted by reviewing the target company’s rights and obligations provided under related contracts.

In addition and as mentioned in the response to question 5, due diligence undertaken with respect to registered IP assets include verification of the name of the registered owner, the dates of registration and potential expiration, the existence of any registered licence or security interest or any other potential type of restraint (such as limited class of products or services for trademarks, non-payment of the renewal fee in a given country for a patent, etc).

Liens

Can liens or security interests be granted on intellectual property or technology assets, and if so, how do acquirers conduct due diligence on them?

Yes, specific liens and security interests can be granted on IP rights (eg, trademarks, patents, movies, designs, domain names, software and databases). For unregistered IP rights (such as domain names, software and databases), since there is no legal provision specifically relating to the grant of security interests thereon, it is important to identify the register or the database on which the lien or security interest should be recorded and how to ensure that the lien can be enforced against third parties. Intellectual property rights can also be part of the liens and security interests taken on the tangible and intangible assets of the grantor.

Employee IP due diligence

What due diligence is typically undertaken with respect to employee-created and contractor-created intellectual property and technology?

When intellectual property is developed or created by an employee or a contractor, it is important to ensure that the rights in such intellectual property are vested in the target company. Patentable inventions that are developed by employees as part of their employment and during the performance of their duties are automatically assigned to the employer who must pay additional compensation to the employee for such assignment. Those patentable inventions that are developed by employees outside the scope of their employment but using resources provided by the employer belong to the employee; the employer may, however, ask to be assigned ownership in consideration of a fair price. Inventions that are developed by employees outside the scope of their employment using their own resources belong to the employee (article L. 611-7 of the French Intellectual Property Code).

Software created by employees during the scope of their employment automatically belong to the employer unless the employment agreement provides otherwise (article L. 113-9 of the French Intellectual Property Code).

All other intellectual property created by employee or contractor belong ab initio to the employee or contractor and, therefore, must be expressly assigned in writing to the employer. In particular, it is recommended that copyright assignments be detailed, in particular, in respect of the scope of the economic rights to be assigned. However, assignment of economic future rights in works is not allowed.

Transferring licensed intellectual property

Are there any requirements to enable the transfer or assignment of licensed intellectual property and technology? Are exclusive and non-exclusive licences treated differently?

Transfer or assignment of licensed intellectual property and technology must be registered on the relevant IP register to become enforceable against third parties. In practice, non-exclusive licences are not registered. Depending on the terms of the licence agreement, consent of the licensee may be required for the transfer or assignment of the licensed IP and technology. Indeed, such transfer will most likely imply the transfer or assignment of the licence itself.

Software due diligence

What types of software due diligence is typically undertaken in your jurisdiction? Do targets customarily provide code scans for third-party or open source code?

When software is a key asset of the transaction, specific software due diligence will help with assessing the rights and obligations of the target company associated with such software. The following due diligence is typically undertaken as part of this software audit:

  • identifying whether the software owned or used by the target company is proprietary or open source-based and who actually developed the source code (the target company’s employees or outside contractors);
  • verifying that all of the IP rights in the software are vested in the target company;
  • identifying any open source software, including open source software used to develop the target company’s software, and associated licence terms (eg, Apache) as those licence terms may apply to the software into which open source components have been integrated (contamination effect);
  • detecting vulnerabilities of the software components or those components that are not in use, are slowing the software operation or need to be updated or upgraded; and
  • assessing whether the software used by the target company is the most efficient and reliable software for the target company.

It is not customary for targets to provide scans for third-party or open source code.

Other due diligence

What are the additional areas of due diligence undertaken or unique legal considerations in your jurisdiction with respect to special or emerging technologies?

The legal framework with respect to special or emerging technologies is itself emerging or non-existent. Additional areas of due diligence undertaken or unique legal considerations with respect to such technologies focus on the following key legal issues:

  • for artificial intelligence, whether the software performs tasks that are regulated (eg, providing legal or financial advice);
  • for internet of things and autonomous driving, personal data and liability; and
  • for big data, on security and personal data, especially focusing on how the system has taken into account the purpose limitation enshrined in the GDPR.

Purchase agreement

Representations and warranties

In technology M&A transactions, is it customary to include representations and warranties for intellectual property, technology, cybersecurity or data privacy?

As technology is of the essence in such transactions, purchasers usually expect to be able to perform extensive technical and legal due diligence on the underlying technology and to obtain a comprehensive set of confirmatory representations and warranties in relation to IP or technology--related matters. The insertion of such IP representations and warranties is generally market practice, although their scope, qualifiers and limitations are negotiated case by case.

The IP representations and warranties in technology M&A transactions will typically cover the following aspects (without limitation):

  • legal title to the owned registered and unregistered intellectual property;
  • no third-party rights;
  • payment of royalties and renewal fees;
  • proper recording in IP registries;
  • past, ongoing or threatened IP disputes;
  • investigation by competent governmental authorities;
  • no infringement of third-party rights;
  • disclosure, existence and validity of third-party licences necessary to run the business;
  • absence of change of control or other third-party approvals required;
  • compliance with IP-related contracts (such as licences, cooperation or research and development agreements) and data privacy laws; and
  • compliance with legislation on employee invention.

Specific disclosure regarding the use of open source software and the absence of software defects is also a customary ask in relation to software-based businesses.

In addition, with the coming into force of the GDPR and although French data protection has been in existence for 40 years, it is now recommended to include detailed representations on personal data mirroring the various obligations incumbent to data controllers and processors under the GDPR.

In any case, it is important that those representations and warranties be tailored to address the key value items of the acquired businesses or assets, including, where possible, the input from technical experts.

Customary ancillary agreements

What types of ancillary agreements are customary in a carveout or asset sale?

The types of ancillary agreements will largely vary depending on the specific features of each transaction. They will generally aim at addressing the status of IP-related assets or contracts with a shared use or dependencies between the disposed business and the seller group organisation.

When certain IP or technology assets or contracts are shared between the disposed business and other activities of the seller, the parties will seek to negotiate appropriate cross-licence agreements, transitional trademark agreements, trademark coexistence agreements, or joint development or cooperation agreements. Ancillary agreements may also include IT transition services agreements and appropriate service level agreements whereby the seller group continues to provide IT services (IT infrastructure, applications) to the disposed business or to the purchaser for a temporary, and usually short-term, period. In such a case, parties will have to discuss the preparation, project management and implementation of an appropriate transition plan and the allocation of the related responsibilities and costs.

It is generally in the interest of both parties to start discussions on the nature and scope of the ancillary agreements as early as practicable in the M&A process as those matters usually require input from legal, financial and operating teams on both sides. In addition, with the increasing influence of the OECD’s base erosion and profit shifting principles (notably regarding transfer pricing and valuation of intangibles), we have seen more in-depth discussion in relation to the pricing of such agreements, and their impact on the overall valuation of the transaction.

Wrong-pockets covenants and further assurance clauses are also commonly included in the acquisition documents to address potential misallocation of IP assets or specific post-closing formalities in enforcing the transfer of IP assets.

Conditions and covenants

What kinds of intellectual property or tech-related pre- or post-closing conditions or covenants do acquirers typically require?

The acquisition documents usually include specific pre- and post-closing covenants in relation to tech-related matters. For instance, to preserve the substance and value of the acquired assets or business, acquirers will typically insert specific restrictions during the period from signing to closing to prevent the seller from disposing material IP assets, licensing IP assets out of the ordinary course of business, or settling or initiating material IP litigation, in each case without the prior consent of the acquirer. To the extent that third parties’ consents are required to transfer identified assets or contracts, the seller may also be requested to seek such consents or to cooperate with the purchaser in this respect. In addition, when the acquirer’s due diligence has pointed out specific IP issues that can be remedied, acquirers will generally request the seller to fix those issues at its costs, for instance, by carrying out specific registration formalities with IP offices, renewing trademarks or patent registrations, entering into IP or invention assignment agreements or ensuring compliance with the GDPR. In certain transactions, the scope of the seller’s post-closing non-compete covenant can be delineated by reference to the use of a certain type or family of technology.

Survival period

Are intellectual property representations and warranties typically subject to longer survival periods than other representations and warranties?

While business representations usually survive for an 18- to 24-month period, acquirers in technology M&A transactions tend to negotiate a longer survival period for IP warranties, which may last up to three to five years after the closing depending on deal-specific features.

Breach of representations and warranties

Are liabilities for breach of intellectual property representations and warranties typically subject to a cap that is higher than the liability cap for breach of other representations and warranties?

It is a common feature on the French market for the IP representations and warranties to be treated as part of the business warranties and to be generally subject to the same aggregate liability cap (expressed either as an absolute figure or as a percentage of the purchase price). However, in recent years, acquirers have been pressed in a highly competitive tech M&A market to lower the general liability cap applicable to business warranties - from 15 to 30 per cent of the purchase price down to 10 per cent thereof, especially when no red flags have emerged from due diligence. In this context, we have seen an increasing number of technology deals where acquirers have pushed to get either a specific cap, or an uplift of the general liability cap, with respect to breaches of IP warranties or data privacy regulations.

Are liabilities for breach of intellectual property representations subject to, or carved out from, de minimis thresholds, baskets, or deductibles or other limitations on recovery?

The IP warranties will usually be subject to the same financial limitations as the other business warranties. By exception, where there are material IP issues, the acquirer may seek specific indemnities for the seller to cover such matters. In such a case, it is usual that all or part of the general limitations (such as de minimis, baskets or deductible) be carved out for the purpose of such specific indemnities or, alternatively, that the parties negotiate a specific set of financial limitations in relation to such specific indemnities.

Indemnities

Does the definitive agreement customarily include specific indemnities related to intellectual property, data security or privacy matters?

Specific indemnities are not a common feature in the French M&A market unless used to cover specific known issues or circumstances identified through due diligence or disclosure (eg, an ongoing or threatened IP litigation or a known non-compliance related to data security or privacy matters). In such a case, the acquirer will usually be prevented from bringing a warranty claim (as it had knowledge of the issue) but may seek a specific indemnity from the seller to be held harmless from the related liabilities. Similarly, if there have been past technical incidents affecting the disposed business, the acquirer may request the seller to assume the liabilities arising out of such incidents.

Walk rights

As a closing condition, are intellectual property representations and warranties required to be true in all respects, in all material respects, or except as would not cause a material adverse effect?

It is common in France that the seller’s representations and warranties be made both at signing and at closing of the transaction and that the same standard (including carveouts or qualifiers) apply at both times. However, unlike other jurisdictions, it is more the exception than the rule that such bring-down of the warranties be set as a closing condition.

If the specific negotiation context allows for it, the parties might seek to negotiate limited walk rights, for instance, upon the occurrence of extreme events affecting core disposed technologies or IP rights. This may be the case if new events occur during the interim period that would cause a breach of the IP warranties consuming all, or most of, the warranty cap or preventing the continued operation of the disposed business or asset (eg, termination of a core IP licence).

Updates and trends

Key developments of the past year

What were the key cases, decisions, judgments and policy and legislative developments of the past year?

Key developments of the past year20 What were the key cases, decisions, judgments and policy and legislative developments of the past year?

Decree No. 2018-1057 of 29 November 2018, further amended and expanded the list of sensitive sectors subject to prior authorisation by the Ministry of Economy (MoE), including notably the following sensitive sectors: security of information systems, space operations, electronic systems used in public security missions, R&D activities in cybersecurity, artificial intelligence, robotics, additive manufacturing, semiconductors, certain dual-use goods and technologies, and sensitive data storage.

The PACTE Law dated 22 May 2019 amended the legal framework applicable to national security review and notably modified the sanctions mechanism in the case of breach of prior authorisation requirements. When a transaction has been implemented without prior authorisation, the MoE may now enjoin the investor to file for prior authorisation; unwind the transaction at his or her own expense; or amend the transaction. If the protection of public order, public security or national defense is compromised or likely to be compromised, the MoE also has the power to pronounce the following interim measures to remedy the situation quickly:

  • suspend the investor’s voting rights in the target company;
  • prohibit or limit the distribution of dividends to the foreign investor;
  • temporarily suspend, restrict or prohibit the free disposal of all or part of the assets related to the sensitive activities carried out by the target; and
  • appoint a temporary representative within the company to ensure the preservation of national interests.

If an investor fails to comply with the commitments imposed by the MoE in its clearance decision, the following injunctions may be pronounced: (i) withdrawal of the clearance; (ii) compliance with the initial commitments; and (iii) compliance with new commitments set out by the MoE, including unwinding the transaction or divesting all or part of the sensitive activities carried out by the target. The PACTE Law has also increased the monetary sanctions in the case of infringement.