Our contribution discusses the key legal issues in technology M&A transactions. While we have written this contribution from a Belgian law perspective, we mainly focus on the contractual peculiarities and the process itself, which are probably quite similar and thus also relevant in other jurisdictions.

Clients wishing to acquire a technology-related business could benefit from the assistance of a M&A lawyer with a strong technology sector focus. Technological innovations may sometimes be difficult to grasp and the law is often unprepared for them, which means that a lawyer with creativity and in-depth knowledge of what the technology is capable of is may be key to reach a successful deal. 

In each step of the deal process, lawyers should be aware of the specific deal issues arising in the technology sector. When considering the deal structure at the very start, it must be decided whether the parties will conclude an asset or a share deal and how the price will be structured and pre-existing schemes such as stock option plans or warrants must be dealt with. The relevant assets on which a legal due diligence should be performed must be identified. These range from the ownership of IP rights (which often form the core asset of the target) to the issue of Open Source Software (OSS) which is regularly used in software but which may include stringent license conditions. Since the entry into force of the General Data Protection Regulation (GDPR) and its high fines, cybersecurity, privacy and data protection have also become an essential part of this process. In addition, specific labour issues may arise (e.g., the use of freelancers or self-employed service providers).

Apart from this, adequate representations and warranties must be negotiated (e.g., with respect to the lack of IP rights violations or adequate measures to protect processed personal data). Often, the seller’s liability under these representations and warranties will be capped, although in technology M&A it is common to negotiate higher liability caps for IP rights representations and warranties. Parties may also opt to take out M&A insurance. Ancillary agreements such as services or new employment agreements also repeatedly appear, as purchasers may be keen to retain the founders of the target (many of them engineers) on board post-closing. 

As with any M&A transaction, the processes must be adapted to the kind of business that is being acquired. But technology M&A gives the chance to be very creative as the law is often not yet adapted to the kind of technology that exists. On the other hand, this creates certain challenges such as the need to undertake very specific due diligence to identify and fully understand any (potential) risks and liabilities.

Full article

Technology M&A: why understanding the technology involved is a key to success

Belgium is an attractive location for technology companies to acquire European as well as global leadership positions thanks to an open business culture, specific tax incentives (such as patent income deduction, investment deductions for R&D or tax exoneration for regional grants), and the high density of ICT businesses, research centers and knowledge centers which provide a stimulating environment. Over the last two years, the Belgian government has lowered the corporate income tax and introduced an entirely new code of corporate law which provides more flexibility than ever. It then also does not come as a surprise that Belgium’s technology sector is booming (11.5% growth in 2015-2019, according to the sector’s federation Agoria) and employs more than 300,000 people (with an expected number of 22,000 jobs to be created by 2024). Foreign investment is an important factor which fuels this strong growth.

This contribution focuses on the specifics of a transaction involving the acquisition of a technology company (the ‘target’) in a M&A process from a Belgian law perspective. As a result of the extensive internationalization of M&A much of the issues discussed in this contribution also apply to other jurisdictions. We have chosen to discuss specifics of technology M&A only rather than explaining basic concepts of this field of law. In order to make this article as relevant as possible for international practitioners, we have focused on the due diligence process and contractual provisions rather than on Belgian law concepts. In any case, Belgian general contract law which applies to the transaction documents (unless foreign law is chosen) allows for a large freedom of contracting. It should be pointed out that in case of a public takeover of a listed target certain specific procedures must be respected, which are to a large extent inspired by European law, and that in many cases (European or national) antitrust law may apply too (e.g., to gain merger clearance for the deal). 

In almost all transactions, a non-disclosure agreement (“NDA”) signed by the parties will precede an agreement on a (non-)binding letter of intent (“LOI”), which sets out the basics of the deal and includes binding clauses on confidentiality and exclusivity, and/or conditions precedent. In Belgium, an agreement exists once the parties agree on the object of the sale (the target company) and a price. Hence, at this stage such terms will rather be formulated in a non-binding way. Sometimes the parties choose to have a lengthy negotiation first on a more detailed pre-contractual agreement (e.g., in the form of a memorandum of understanding (‘MoU’) or term sheet) to already agree on important items such as pricing mechanisms and limitations on liability. In this way, they hope that further negotiations on the transaction documents can proceed more smoothly and to increase the deal certainty. The downside is that it can take longer to come to an agreement on such MoU or term sheet.

Early on in the transaction, the parties must choose whether the acquisition will be conducted in the form of a share deal (whereby the target’s shares are fully or partially purchased) or an asset deal (in which case only certain assets are taken over by the purchaser). A merger is also possible, but is subject to specific procedures which are not further discussed in this contribution.

In Belgium, a share deal requires very limited formalities because title is transferred by way of registration in the share register only. Share purchases are also tax-friendly for sellers as in most cases no taxes will be due on the capital gains arising from the sale of shares. This makes a share deal the most common deal structure to acquire the target in its entirety. On the other hand, in a share deal, the purchaser will also assume all liabilities of the target which means that a careful due diligence process (see below) is essential to identify these liabilities prior to closing. Especially tax or social liabilities may be substantial.

By contrast, a transfer of assets implies that the parties must determine how each individual asset will be transferred and if any specific procedures apply to make the transfer effective against third parties (e.g., a transfer of real property in Belgium requires a notarial deed and transfer taxes will be due). Also the labour law rules with respect to the transfer of undertaking and the employees’ acquired rights may have to be respected. Alternatively, the assets can be transferred as a universality of goods or as a branch of activities following specific procedures. This structure is preferable for a purchaser which is only interested in certain assets (e.g., IP rights) rather than the entire business with all its liabilities or if the target contains substantial liabilities which the purchaser does not want to assume.

Key personnel in technology businesses, especially start-ups, often receive stock options or warrants in addition to their salary as they were expected to benefit from future performance to participate in the profit and an increase of the value of the company by converting their stock options or warrants at a later moment in time. If so, the purchaser will require as a condition precedent or a closing condition that the seller must first proceed with the respective procedure to have these instruments converted into shares prior to closing and then purchase these from its employees to avoid that the latter become a direct party of the transaction. 

During the due diligence process, the purchaser’s (legal, tax, finance, etc.) advisers will scrutinise the target to uncover potential risks and liabilities, assess its business, assets or financial performance. The process will also uncover issues which can be resolved by the seller prior to closing. The due diligence must be tailored to the type of business which is being acquired. 

IP Rights

In technology M&A, a large focus will be on the target’s technology. Legally speaking, its IP rights (such as patents, trade secrets, trademarks, rights related to databases and copyrights) will probably constitute the target’s most important assets (or, even stronger, these assets may even be the sole reason for the acquisition). In the first place, it is advisable to conduct a ‘high level IP mapping’ in order to identify crucial IP and assess whether and how it is protected in order for the purchaser to uncover any (major) obstacles for his preferred deal structure, also taking into account how the purchaser wants to use the IP post-closing. For this purpose, the transferability of IP assets and granted licenses will need to be reviewed.

Further, a more detailed due diligence will be undertaken which should focus on elements such as:

• Shared IP: does the target and its remaining corporate group (if any) use the same IP? Will it continue to do so post-closing? – In that event, a licensing or joint ownership arrangement may be required. The licensing agreement may e.g. be transitional to allow the seller to use the IP for a limited time only after closing;
• Ownership of IP assets: does the target indeed own the IP? – If the target does not own the IP, its assets may be useless to the purchaser as they cannot be bought or sold, which evidently is a deal breaker. Hence, the ownership of each IP asset must be assessed (e.g., whether it has been registered, the identification of the right of use and control, the existence of confidentiality issues, etc.). In this context, it must be checked whether all freelancers and self-employed consultants have assigned all IP rights created in the course of their assignment to the company. The same goes for employees, which in Belgium frequently own the copyright on the work they create for the employer (unless it concerns software). For this purpose, the employment agreements and work rules must be reviewed, and, if needed, the rights must be assigned to the employer;
• Legal protection of IP assets: are these legally protected? – Each type of IP asset is protected differently (e.g., copyrights are, under certain conditions, granted immediately in Belgium with no need of registration, while trademarks should be registered to receive extended protection). Depending on the IP asset, the scope and length of the protection varies too;
• IP rights violations: does the target company violate IP rights or is it the victim of IP rights violation? – As the violation of IP rights can be an extremely costly matter, a diligent purchaser should carefully assess whether the target is in violation of any third party IP rights or if the protection of the company’s own IP rights can be enforced if these are violated by third parties.

Software (including Open Source Software)

In many technology businesses of the digital and Internet age software is the most valuable asset (and the acquisition thereof may be the main or even the sole reason for the transaction) which should be made subject to a specific due diligence. An inventory of the software used by the target should be created (including information on ownership and licenses). All software agreements (e.g. licenses (or service agreements in case of a SaaS-solution, support, maintenances, assignment, etc.) must be carefully reviewed together with any policies, manuals or information on user access protocols. 

An item that is often overlooked in this regard is the effect of the widespread use of Open Source Software (OSS) in software development. This type of software may be licensed under terms which make it possible for everyone to use, change and redistribute the source code to anyone without any fees, and can thus easily be incorporated in other software solutions. This is certainly not without risks. For instance, the OSS license may provide that any software that includes or is derived from the OSS code must be entirely licensed under the terms of the OSS license (and thus made public), which implies that independently developed software with a fraction of OSS cannot be licensed for a fee or with certain restrictions. For a potential purchaser, this means a lack of license revenue which can be a deal breaker. As a solution, the business may switch to OSS with a more permissive license, or the purchaser can estimate the cost of creating newly written proprietary code which replaces the business’s source code which uses OSS (unless this is too expensive). 

In some cases it may be prudent to recommend the purchaser to involve an open source audit company, because it can examine elements of the OSS which do not immediately appear from the data room documents (e.g., whether the source code contains any OSS), but which will only be discovered after analyzing the source code in detail. Such audit may also be beneficial for the sellers, as they will be more comfortable with giving a representation on OSS if they fully understand the nature and the extent of the potential risk it covers. An OSS audit will require specific NDAs.

In this context, the IT systems of the business should also be reviewed. A focus should be on whether they are bug free, if there have been any material security breaches or material outages affecting the businesses, if all necessary licenses are in place with running maintenance and support agreements, etc. 

Cybersecurity and data protection

Another important item which can no longer be ignored, especially in jurisdictions of the European Union (including Belgium), is compliance with European and national privacy and data protection laws (especially the General Data Protection Regulation 2016/679 of 27 April 2016 (the “GDPR”)). Given the high fines under the GDPR (i.e. the higher of the following amount for each infringement: (i) up to 20,000,000 EUR; or (ii) up to 4% of the infringer’s global turnover), it is crucial that the purchaser has a clear oversight of items such as: (i) the nature and purpose of processed personal data (e.g., the existence of sensitive personal data); (ii) the basis for consent for such processing; (iii) the nature and effectiveness of the technical and organizational measures in place to protect the processed personal data; (iv) data transfers to third parties inside and/or outside the EU; (v) any automated processing of data; (vi) the existence of data breaches; and/or (vii) respect for data subject rights. Documents such as the copy of the internal register, the cybersecurity insurance policy (if any), the privacy policy, any data privacy impact assessment, data processing agreements, data sharing agreements, joint controller agreements or consent forms must be carefully reviewed. 

The target may have developed internal guidelines on how to deal with personal data and data security (e.g., measures against opening emails with malware, storing personal data of customers, etc.). It is advisable to meet with the target’s Data Protection Officer (or CIO or CSO) to discuss these guidelines and to determine whether they are adhered to in practice as well. In this context, any business continuity and disaster recovery plans must also be analysed. A technical due diligence into the target’s IT infrastructure and IT security (such as resilience against data breaches thanks to its technical and organization measures) is useful too. Once this information is collected and any potential risks are identified, the purchaser can prepare steps to reach full compliance pre- or post-closing in order to avoid any future reputational impact (nothing worse than letting your customers know their data fell in the hands of hackers), costs of investigations, data subjects’ claims or fines. 

The resources allocated to a privacy and data protection due diligence must be proportional to the importance of data processing by the target: a developer of a health app which processes sensitive medical data will by definition be more likely to incur GDPR liabilities than a constructor of robotic systems for assembly lines. The nature of the deal may also be a challenge: in an asset deal the purchaser must determine whether any data processing is at all connected to the acquired assets. If so, it is important to know whether there is already a basis for consent for the intended data processing or whether new consent must be obtained from certain groups (e.g., from the employees to process their data).

Labour law

Belgium is known for its strict labour law rules and the high fines for violations thereof. Hence, a detailed labour law due diligence is required in most cases. An issue which typically arises in the technology sector is that of sham self-employment, whereby self-employed personnel (such as freelancers) in the business is in fact made subject to hierarchal supervision (including a lack of freedom to organize work hours and activities). Based on these criteria, such personnel qualifies as employees so that the nature of the relationship between the parties may be requalified into an employer-employee relation. By consequence, the paid out fees will be requalified into gross salary. This may lead the Social Security Authorities to claim employer contributions for a period of up to three years (with surcharges and interest), while the (requalified) personnel can claim holiday pay, salary increases, end-of-year premiums which would be due since the start of providing services to the company. In addition, other rules of Belgian labour law will also apply (e.g., the provisions on employee dismissal). Another matter which must be reviewed is whether the target complied with the rules of posting of employees, which is generally prohibited with only a few exceptions existing. 

Subsidies

Start-ups may also have benefited or are benefiting from state subsidies, whose terms may include change of control provisions. Subsidy conditions must be evaluated to check whether the state must be informed of the acquisition (or give its consent thereto), or if any grounds exist for the state to reclaim the subsidy as a result of the transaction (e.g., frequently one of the conditions is that employment is maintained).

V. Due diligence: understanding the technology being acquired is key

When reviewing in a due diligence whether the general meeting of shareholders was validly convened in 2017, it does not make any difference whether the target sells books, produces furniture or creates software for medical devices. But when a lawyer moves to undertake a due diligence on matters such as IP rights or compliance with privacy laws, a thorough understanding of the underlying technology (e.g., the software, use of data or cloud application) is desirable to be more able to assess potential liabilities. Such knowledge is also useful beyond the due diligence.

Take drones. These seem simple: in most cases they fly in an unmanned manner under the control of a pilot on the ground. From a liability law perspective, the pilot will remain responsible for the operation of the drone during the duration of the flight. But what if they are autonomous and something goes wrong? As there is no pilot anymore, who can be held liable? The owner, the producer or perhaps even the software developer? If a lawyer carries out a due diligence on any (potential) litigation of a target which develops software which guides autonomous drones (or cars), it is certainly useful to identify all potential liability risks. If a lawyer is advising a seller which provides enhanced air footage captured by drones and must describe GDPR compliance in the seller’s due diligence report, it is essential to understand what the drone’s camera can possibly photograph and film to see if personal data is captured and, if so, whether it may even be processed. In addition, knowledge of the local regulations which set out where drones may be used or whether they may be flown beyond line of sight (BLOS) is also essential.

Another example is Artificial Intelligence (AI). If the target is a sales platform or a business active in e-commerce whose website uses AI-driven algorithms to set prices based on the patterns of client behaviour or the client’s location, such behaviour may be the subject of an antitrust due diligence. If the algorithm also monitors the pricing of competitors and automatically changes it when the competition does so too, a possible existence of coordinated practices of competitors infringing competition law must be excluded. Again, for this purpose the underlying AI technology and the privacy and liability consequences it entails must first be understood (e.g., the difference between explainable AI whereby the results of the solution can be recognized by humans and “black box” AI whereby such explanation is impossible).

Legal practitioners active in technology law and technology M&A must closely follow new technology trends and their legal consequences. What seems modern and state-of-the-art today, will be outdated tomorrow. A file carrying sensitive personal data which is encrypted by special software may seem as a sufficient technical measure today in light of the GDPR, but a quantum computer (which has significantly greater computing powers than today’s computers) may in the near future hack this advanced encryption within minutes. In technology M&A, a legal adviser should be aware of such (upcoming) risks.

Depending on the deal structure, the transaction document will be a share purchase agreement (‘SPA’) or asset purchase agreement (‘APA’). These may be supplemented with ancillary documents such as notarial deeds if real property is transferred in an asset deal, shareholders’ agreements (in case only part of the shares is purchased), (transitional) service agreements, management or employment agreements, or IP assignment agreements. Parties should take into account that Belgian general contract law obliges them to act in good faith when negotiating.  In addition,  a new Belgian act on unlawful contractual clauses in B2B contracts will enter into force on December 1, 2020 as a consequence of which parties will have to carefully balance their clauses in all of their agreements. 

Pricing

A crucial element of the transaction document is the purchase price, which must be determined or at least be determinable on the basis of objective elements outside the scope of the parties’ will in order to be valid under Belgian law. In tech M&A the target often has no sales yet, but is merely developing a promising idea. Hence, complex mechanisms such as earn-outs, including bad leaver/good leaver provisions, are chosen to retain the developers (which may be the founders) and to reward the sellers for future sales (see further). Of course, in case of an earn-out, the sellers may require some management control for the duration of the earn-out period to ensure that the purchaser takes the necessary actions to maximize the earn-out and does not take any action to avoid that the earn-out becomes due (e.g., by shifting revenue to other affiliates). A reimbursement in stock of the acquiring entity may also be considered. The agreement must stipulate the conditions for payment (including the terms, amounts, bank accounts, conditions, etc.) in detail. Alternative mechanisms are an option like a vendor loan by virtue of which the target’s seller grants a loan for the purchase of its shares to the purchaser.

Often part of the purchase price will be blocked for a certain period of time in a special purpose (escrow) or simply held bank account. This amount secures successful claims for breaches of the representations and warranties brought by the purchaser. In smaller transactions the cost of such account may outweigh its benefits. The purchaser can also opt for a right to set off the amounts of e.g. the vendor loan or the earn-out against any claims which are awarded to the seller after a successful claim.

Representations and warranties 

Representations and warranties generally relate to power and authority to enter into the agreements, corporate items, real estate, litigation, labour law, tax, insurance, etc. As always, these will have to be tailored to the business being acquired, especially when technology is involved.

In case of IP rights, the purchaser will for instance require representations and warranties on: (i) the lack of claims by third parties that the IP rights are invalid or infringe on their rights; (ii) IP rights ownership; (iii) valid consent of third parties for the use of IP rights; (iv) valid IP rights assignment; and/or (v) the sufficient protection of these rights. Specific provisions should be drafted in case of software (e.g., a lack of any obligation to make available the source code for any proprietary software due to OSS licenses). 

Targeted representations and warranties on privacy and data protection are also essential given the GDPR. These may relate to: (i) compliance with specific elements of privacy laws (e.g., due respect for the rights of data subjects and the effective possibility for them to exercise these rights); (ii) implementation of security measures in relation to information technology assets; (iii) absence of pending litigation on data protection; (iv) the existence of data recovery plans and back-up procedures; (v) absence of loss of or unauthorized access to personal data; (vi) sufficient cybersecurity insurance coverage; and/or (vii) the implementation of adequate technological and organizational measures to protect processed data.

The representations and warranties may also have to be more abstract depending on the technology involved. In a deal involving AI software, the purchaser may for instance wish a representation stating that the software is at all times made subject to the control of the operator due to potential liability issues or that the industry’s ethical standards on AI are sufficiently adhered to.

Limitations to liability 

In most cases, the seller will want to cap its liability under the representations and warranties. Often a de minimis clause excludes claims below a certain amount or a basket clause stipulates that the claim can only be brought when the total amount of all claims exceeds a certain amount. The general warranties will usually be capped at around 20% to 30% of the purchase price. However, higher caps are often set for title, tax and IP. The latter may be important in a technology deal.

If certain issues were identified (e.g., severe data protection law violations, possible IP rights violations or the use of OSS in the target’s proprietary software), specific indemnities will be negotiated which in principle lead to unlimited liability, but are usually capped at a certain amount (e.g., 100% of the purchase price) or limited in time. 

The seller can also disclose important problems to limit its liability under its representations and warranties. Whereas the preference of specific disclosures through a disclosure letter remains the preference of purchasers, general data room disclosures of all documents provided during the due diligence are increasingly becoming common in Belgium. In technology transactions purchasers will at least try to exclude the fundamental representations and warranties on IP and sometimes data protection from any general data room disclosure. The Q&A log of all questions and answers provided may also be disclosed.

Covenants and conditions

Most commonly, the transaction document will include conditions precedent and covenants.

Conditions precedent, which must be fulfilled pre-closing, may include: (i) a material adverse change clause relating to the period between signing and closing (present in around 40% of transactions); (ii) a requirement to gain third-party consent (e.g., in case of change of control clauses); (iii) merger clearance; (iv) receiving bank financing; (v) cancelling any warrants or having existing warrants exercised; and/or (vi) transaction-specific conditions based on issues found in the due diligence (e.g., the termination of specific agreements, resolving certain labour law issues or obtaining waivers from creditors and other parties who benefit from change of control clauses). 

Typical covenants pre-closing include a standstill clause implying that during the period between signing and closing the seller may only conduct the target’s business in the ordinary course so that the business is preserved as a going concern. This may further be specified as a prohibition of certain actions (e.g., dividend distribution, granting securities, etc.). Post-closing, the agreement may include a provision with respect to the discharge of the directors’ liabilities (and perhaps their resignation), the further use of the brand name or certain agreements on transitional services. Further, confidentiality, non-solicitation and non-compete covenants will usually appear in the document.

Conclusion

Each M&A deal is different and its structure must be adapted to the factual circumstances (such as the style of negotiations which may depend on the origin of the parties), the timing, the underlying objectives and the type of business involved. If technology is of the essence, a technology lawyer can prove valuable to assess potential liabilities of the business in the due diligence process and to create adequate transaction documents which answer these risks (e.g., with sufficient representations and warranties and liability mechanisms). As the law generally lacks behind on development in technology, the creativity of a lawyer who understands the technology involved is a key to success in M&A deals.