Due diligence

Typical areas

What are the typical areas of due diligence undertaken in your jurisdiction with respect to technology and intellectual property assets in technology M&A transactions? How is due diligence different for mergers or share acquisitions as compared to carveouts or asset purchases?

The following intellectual property and technology due diligence is typically carried out in technology M&A transactions with a UK element:

  • identifying all registered IP rights and applications for registration that are purportedly owned by the target group, and verifying that a member of the target group is the registered proprietor or applicant in respect thereof, in particular by carrying out customary proprietorship searches (see question 5);
  • confirming in respect of the target group’s registered rights portfolio whether there:
  • have been, or are, any oppositions or challenges to the validity or ownership of these IP rights;
  • are security interests or licences registered against these IP rights; or
  • are any defects in their chain of title;
  • identifying all other IP assets that are material to the target group’s operations and confirming that all rights in them are either owned without encumbrance by, or are the subject of appropriate licences to, a member of the target group;
  • reviewing the terms of any licences of intellectual property granted to, or by, members of the target group and assessing:
  • for licences in, the scope of the rights granted and that they are not likely to be lost as a result of the proposed transaction; and
  • for licences out, that they do not unduly restrict or fetter the operations of the target group or grant rights to third parties that could otherwise undermine the value of that intellectual property to the business;
  • reviewing the target group’s agreements with past or present employees, contractors and consultants to assess whether a member of the target group owns all rights in inventions and other works created by them and has imposed appropriate confidentiality obligations on them;
  • assessing the target group’s use of open source software and the applicable licence terms, including reviewing source code scans, and analysing whether any such software has been deployed in such a manner as to render the target’s codebase liable to be redistributed at no charge or made available on an open source basis or on other disadvantageous terms;
  • reviewing and analysing all other IP-related agreements (or IP provisions in agreements), including research and development agreements, strategic alliance agreements, manufacturing, supply and distribution agreements, and settlement agreements;
  • determining and analysing the target group’s IP protection and enforcement policies and procedures and the measures it takes to protect valuable know-how and confidential information;
  • identifying and analysing any IP-related claims or disputes in which the target group is or has been involved;
  • reviewing agreements relating to the material IT systems used by the target group, including licences, support and maintenance agreements and outsourcing contracts;
  • reviewing the target group’s compliance with the GDPR, in particular as regards its privacy policies, appointment of data processors and data export arrangements;
  • vetting the extent and ramifications of any data privacy breaches or security incidents; and
  • determining whether and what rights to use personal data will transfer to the buyer.

The above investigations are also important for any carveout or asset-purchase transactions, together with the following additional considerations:

  • As carveouts or asset purchases necessarily involve the separate assignment of assets and contracts, it is particularly important to ensure that all IP rights that should transfer to the buyer will be effectively transferred.
  • All licence and other contracts will need to be reviewed to determine whether they can be effectively assigned without the need for counterparty consent. Under English law, to legally transfer the burden of obligations, a tripartite novation agreement is strictly speaking required; however, in many cases it is market practice to give notice of assignment backed up by appropriate contractual indemnities and to rely on achieving assumption of obligations through the counterparty’s continued dealings with the assignee.
  • Shared IP rights will also need to be properly allocated and cross-licensed between the parties post closing.
  • It will also be important to consider the need for technology and knowledge transfer assistance if not all key employees will transfer.
  • The purchaser should assess whether appropriate consents have been obtained or if other grounds exist to support the transfer of personal data to it and the subsequent planned use of that data in the purchaser’s business.
  • Invariably, a carveout structure gives rise to the need to assess all other key technology and operational interdependencies to determine what transitional and longer-term arrangements need to be put in place to allow for effective separation of brands, IT systems, databases, research and development capabilities and manufacturing, supply and distribution networks.
Customary searches

What types of public searches are customarily performed when conducting technology M&A due diligence? What other types of publicly available information can be collected or reviewed in the conduct of technology M&A due diligence?

The buyer’s counsel will usually carry out:

  • searches of publicly available databases maintained by the UK IPO and the European Intellectual Property Office;
  • searches using commercial search database facilities covering multiple jurisdictions, in each case to verify the information provided in the data room concerning the target group’s registered IP portfolio or to identify all proprietary registered IP rights owned in relation to the target business;
  • depending on the transaction timetable and value of particular IP rights to the target business, searches carried out to identify:
  • potential third-party trademark rights that may impact on the value of the trademark portfolio or pose issues to expansion of the business; or
  • potentially problematic patents owned by third parties;
  • whois searches for domain name registrant information; and
  • searches of websites operated by the target group to analyse privacy policies, terms of service and other publicly available information regarding the target business.
Registrable intellectual property

What types of intellectual property are registrable, what types of intellectual property are not, and what due diligence is typically undertaken with respect to each?

In the United Kingdom:

  • trademarks are registrable with the UK IPO; however, it is also possible to gain rights in an unregistered trademark;
  • copyrights and database rights are not registrable;
  • patents are registrable with the UK IPO and registration is required for the protection of patents - this can be done by means of a UK patent application or by a European Patent application designating the United Kingdom, which is a system that should survive Brexit;
  • rights in know-how and other confidential information are not registrable;
  • design rights (including semiconductor topography rights as a special type of design right) are registrable with the UK IPO, but there is also unregistered design protection that may be available (with different eligibility criteria, and with a different scope); and
  • domain names are registrable with domain name registrars and registration is required.

In addition, there are also registered and unregistered IP rights that cover the entire European Union, which, prior to Brexit, includes the United Kingdom. These include EU trademarks and Community design rights (registered) and rights in designs (unregistered). Further, in the future, a new type of patent, the unitary patent, will be available for registration that will cover all EU countries that have ratified the Unified Patent Court Agreement. The United Kingdom has done so, but it remains to be seen if and how the United Kingdom will remain a participant in this system after Brexit.

See questions 4, 5 and 8 for a description of typical due diligence activities in respect of the different types of IP right.

Liens

Can liens or security interests be granted on intellectual property or technology assets, and if so, how do acquirers conduct due diligence on them?

Under English law, security interests can be taken over IP rights, with the exception of know-how. Security interests over IP rights are often granted under a ‘global’ debenture securing all the assets of a company and usually are in the form of a legal mortgage or a fixed or floating charge.

There is no obligation to register a charge with UK Companies House in order to perfect the relevant security interest, but failing to do so within 21 days of creation of the charge means that it is void against the liquidator, the administrator and any creditor of the company. Registration of a charge with Companies House is, therefore, recommended to anyone who has an interest in the charge.

A security interest taken over UK IP rights also does not need to be registered at the UK IPO for it to be perfected. However, such registration is recommended, because registering the security interest at the UK IPO constitutes notice of the charge, thus ensuring that any later acquirer of the right acquires it subject to the charge. Registration of the charge at Companies House has been held by the courts to not always constitute valid notice if the third-party purchaser could not, in its normal course of dealings, be expected to search the Companies House register.

Buyers typically conduct due diligence on security interests taken over registered UK IP rights by performing searches of the online databases maintained by the UK IPO. If the security interest has been recorded against the relevant IP right, this can be seen on the online records for that IP right. However, as recordal of the security interest is not required for it to be perfected, if the UK IPO database does not show any security interest over an IP right, that is not conclusive evidence that no security interest has been taken over it.

Further, it is not possible to record a security interest that has been taken over unregistered IP rights, as there is no register on which to record the security interest. In the case of companies registered in England and Wales, buyers typically conduct searches of the Companies House register and raise enquiries with the seller to ascertain whether security interests have been taken over the IP rights of the target group, and also ask for a warranty that the IP rights of the target group are not subject to any encumbrances.

If a financing is being paid off in connection with the contemplated transaction, the parties typically agree that any security interests securing this financing would be released at closing. If any such security interest has been recorded at the UK IPO, notice should be given to the UK IPO post-closing to remove the interest from the records of the relevant IP right.

Employee IP due diligence

What due diligence is typically undertaken with respect to employee-created and contractor-created intellectual property and technology?

Due diligence in respect of employee-created and contractor-created intellectual property and technology first involves ascertaining the extent to which employees or contractors have been involved in the development of material intellectual property, the location where these employees or contractors are based and the terms on which they have been employed or engaged. This is because the position on first ownership of technology and inventions created or discovered by employees and contractors is a question of national law in the jurisdiction in which the work was carried out.

In the United Kingdom, employers will generally own rights in technology and inventions created or discovered by their employees in the course of their employment (absent any contractual provision to the contrary). Absent an express written assignment, the rights in any contractor-created technology or inventions will remain with the contractor (with an implied licence arguably being granted in favour of the engaging company).

Following disclosure of the relevant employment or contractor agreements, it is necessary to analyse the provisions relating to intellectual property to determine whether the target company or the employee or contractor owns the intellectual property in technology or inventions that have been created or discovered.

As a general rule, employment and contractor agreements should ideally contain the following (although the absence of certain such provisions in employment agreements may not be an issue if ownership of the relevant IP rights has automatically vested in the employer by operation of law):

  • an assignment of all rights in all work products and intellectual property created by the employee or contractor. There should also ideally be a present assignment of future rights;
  • a provision obliging the employee or contractor to perform all acts and execute and deliver all documents necessary to perfect the target company’s ownership of all work products and intellectual property; and
  • robust confidentiality provisions governing the use and disclosure of know-how and other confidential information.
Transferring licensed intellectual property

Are there any requirements to enable the transfer or assignment of licensed intellectual property and technology? Are exclusive and non-exclusive licences treated differently?

Under English law, licences of intellectual property or other rights are generally treated as personal to the licensee, which means that they cannot be assigned without the consent of the licensor. This is because it is thought that the choice of a particular licensee may have been central to the licensor’s decision to grant a licence at all, and therefore it is appropriate that the licensee should be prevented from assigning it to a third party at will. However, to clarify this, most IP or technology licences explicitly prohibit transfers of the licence by the licensee without the consent of the licensor. Frequently, this is qualified so that transfers are permitted without consent to other companies within the same group as the licensee, which will facilitate any intra-group reorganisation that the licensee may wish to carry out. Alternatively, or in addition, licences may provide that the licensor’s consent to any assignment must be not unreasonably withheld or delayed, so as to permit more flexibility by the licensee in its choice of assignee. In general, exclusive licences are more likely to contain absolute prohibitions on assignment than non-exclusive licences.

The licensor’s rights to assign are usually stated to be unfettered, so that it may assign the licence to any third party on notice to the licensee, but it does not need to acquire the licensee’s consent to this.

If the licence is silent as to the party’s rights to assign, it is generally accepted under English law that the licensor has the right to assign the licence at will, but the licensee may only do so with the consent of the licensor. This can vary depending on the facts surrounding each case, but this is the usual position in the absence of unusual circumstances. For the avoidance of doubt (and disputes), a well-drafted licence will explicitly set out each party’s rights to assign and any limits to these.

It should be noted that English law only permits the assignment of the benefit of a licence (or any other form of contract) but not the burden of it. This means that the assignee would receive the rights granted, but would not be subject to any of the obligations set out in the licence. If it is intended that the entire licence, including the burden of fulfilling the obligations under it (such as payment of a licence fee), be taken on by the assignee then the licence must be novated, rather than assigned. A novation is a tripartite contract to which each of the licensor, the existing licensee and the assignee must be a party, under which the assignee formally agrees to assume the burden of the licence, along with the benefit of it, and the licensor acknowledges that the existing licensee is released from the licence entirely.

Software due diligence

What types of software due diligence is typically undertaken in your jurisdiction? Do targets customarily provide code scans for third-party or open source code?

Software due diligence typically involves:

  • identifying key proprietary software, if any, of the target group and how it has been developed;
  • undertaking the due diligence steps in relation to employee or contractor-created intellectual property detailed in question 8;
  • ascertaining from the target whether any of its key proprietary software products or systems contain any software that has been licensed from third parties and reviewing any related licences;
  • determining whether and how proprietary software is licensed or distributed to third parties and reviewing any standard form licence agreements, and a sample of customer agreements that have been entered into, to identify any provisions that might unduly impact the business or its value; and
  • ascertaining from the target:
  • whether any open source software has been incorporated into, distributed with, or used in connection with the development of, the target group’s proprietary software; and
  • the licence terms under which each piece of open source software has been used. It is then necessary to review the relevant open source software licences in light of the way in which the open source software has been deployed, and how the target company’s resulting proprietary software is licensed or distributed, in order to determine whether the use of that open source software raises any material issues.

In the course of due diligence for technology M&A transactions in the United Kingdom, it is not customary for target companies to provide code scans for third-party or open source software code as a matter of course. However, it is not unusual for this to occur depending on the materiality of the software code at issue, the nature of the transaction and whether any potential open source issues have been identified.

Other due diligence

What are the additional areas of due diligence undertaken or unique legal considerations in your jurisdiction with respect to special or emerging technologies?

Due diligence undertaken in relation to emerging technologies, such as artificial intelligence, the internet of things, autonomous driving and big data is fundamentally the same, from an IP perspective, as in relation to more established technologies because the underlying rights will be the same or similar and will need to be the subject of substantially the same diligence processes.

This will include establishing the owner of the relevant IP rights (primarily copyright in the software involved, database rights in the data being processed and any patents that have been granted or applied for in relation to any of the component parts) and examining the terms of any licences that have been granted to, or by, the target in relation to any of these.

Personal data and privacy issues are central to many emerging technologies and are, therefore, of increased significance in due diligence with respect to these technologies. One of the most vital areas of any emerging technology diligence process will be to seek to establish that appropriate security measures are in place as regards the data involved, and that the rights of the relevant individuals in relation to their personal data that is being processed are being appropriately safeguarded, in compliance with applicable data privacy laws (including, in the United Kingdom, the GDPR and the UK Data Protection Act 2018).

Given the reliance of most emerging technologies, in particular internet of things and autonomous driving, on connectivity (via the internet or telecommunication networks or other connection and data exchange technologies), cybersecurity is a further particular focus of due diligence with respect to such technologies.

A further area of concern is the problematic question of liability for damages resulting from malfunctions of complex and interconnected software and IT devices and, in particular, from ‘decisions’ made by artificial intelligence systems.