Understanding Intellectual Property Risks in Tech Acquisitions
In context of technology transactions, the strategic importance of software intellectual property (IP) cannot be overstated. This article delves into the multifaceted challenges unique to software IP, emphasizing its critical role in the tech sector. Through real-life case studies, we examine the specific risks inherent in software IP and demonstrate the effectiveness of IP due diligence, including code scans, in mitigating these risks.
The Strategic Importance of IP in Tech Transactions
Software IP stands at the forefront of value creation and competitive advantage in technology transactions, particularly in mergers, acquisitions, and investment scenarios. The role of IP extends beyond mere legal formalities; it is integral in shaping the market presence and future growth of tech companies. In an industry where IP constitutes the main portion of a company's valuation (up to 90% for smaller tech companies (AON report 2020), unique innovations and proprietary algorithms serve as key differentiators.
For example, when Microsoft acquired LinkedIn for $26.2 billion in 2016, a substantial part of the value was in LinkedIn's software IP, including its algorithms for network effects and data analytics. Further, owning unique software IP can provide a significant competitive edge and enable a company to expand into new markets. Google's acquisition of Android Inc. in 2005 allowed Google to enter the mobile operating system market, leveraging Android's software IP to compete against Apple's iOS. Finally, Software IP can be crucial for innovation. IBM’s acquisition of Red Hat for $34 billion in 2018 was a strategic move to enhance IBM’s cloud offerings, significantly relying on Red Hat's software IP in open-source solutions.
In essence, the role of software IP in technology transactions is indispensable. It's not just a matter of legal ownership but a pivotal factor in creating value, gaining a competitive edge, and pioneering market expansion and innovation. However, while the strategic acquisition and management of IP can propel a company forward, it's important to acknowledge that navigating the intricacies of IP is complex and presents its own set of challenges. This complexity is an essential consideration for any company looking to leverage software IP for long-term success.
Specificities of IP in software
The complexities in software IP during tech transactions require a keen understanding of potential challenges that can arise. One of the first considerations is the nature of software itself—intangible and easily replicable, it makes its protection uniquely challenging. Companies must be strategic in their approach, deciding whether to opt for patent protection, which varies in feasibility across jurisdictions, rely on copyright, or use trade secrets laws, each with its own set of pros and cons.
To ensure the security and proprietary nature of the software, it is important to confirm its deposit with a trusted third-party deposit agent and/or that it has secured patent protection. Additionally, verifying that stringent measures such as restricted access, VPN and compartmentalisation, among others, is vital to maintain the confidentiality of the source code to the highest degree possible.
Another significant challenge in tech transactions involving software IP is determining clear ownership, especially when the development involves multiple contributors, including contractors and employees, or joint ventures. Ensuring proper agreements and thorough documentation is crucial for asserting ownership in transactions.
Third-party licenses and open-source components in software add another layer of complexity. In transactions, it's important to recognize how mismanagement of these aspects can lead to legal issues. For example, the integration of open-source code into proprietary software might inadvertently subject the entire software to the stipulations of open-source licensing terms, such as the GNU General Public License. Therefore, conducting a comprehensive IP code scan to identify all third-party and open-source code intertwined with the proprietary source code is a fundamental step in mitigating these risks.
Risks of IP Infringement in the Tech Sector
To delve deeper into the risks associated with software IP management, let's examine three case studies that highlight different facets of these challenges.
The Permissive License Oversight. In a notable instance, an IP source code scan revealed that a company's proprietary software had been mistakenly placed under a permissive license. A further analysis of the Git history unearthed that this alteration was made by a former engineer a week before their departure. This raised questions: was it a mere oversight or an act of a rogue employee? The inherent risk in this situation was substantial. Had a motivated hacker accessed the source code, they could have legally distributed it widely due to its permissive licensing, posing a serious threat to the company’s IP security.
The AGPL Challenge and Resolution. Another case involved a SaaS company where a code scan discovered that their software was linked to a library under the Affero General Public License (AGPL). This posed a significant risk, as it could have required the company to release its entire source code. However, the tech due diligence experts identified a solution: the AGPL-licensed library offered a commercial license option. By opting for this commercial license and improving its open-source software (OSS) procedures, the company successfully navigated around potential IP risks, demonstrating the importance of code scan license review and flexibility in resolution strategies.
Effective Blocking of Unapproved OSS. In a different scenario, a company showcased the effectiveness of its OSS strategy through an IP due diligence audit. They had implemented a robust open-source management tool that proactively prevented the integration of unapproved open-source software. This system required managerial approval before any OSS could be combined with the existing codebase, ensuring a clean and compliant code environment. This approach highlights the value of proactive measures and strict compliance protocols in safeguarding software IP.
These cases underscore the diversity of risks in software IP management and the importance of vigilance, thorough checks, and adaptive strategies in mitigating these risks.
Mitigating Risks through IP Due Diligence
When considering technology due diligence, IP due diligence stands as one of the three critical pillars, alongside cybersecurity and scalability/maintainability. It plays a pivotal role in ensuring the integrity and value of investments or mergers and acquisitions.
At Vaultinum we believe that one of the key components of software IP due diligence is the utilisation of code scanners. These scans are instrumental in uncovering potential issues related to open-source software (OSS). They help in identifying OSS components within the software, evaluating compliance with licensing terms, and assessing any associated risks. This is especially crucial as OSS can have various licensing terms that might impact the use, distribution, and modification of the software, thereby affecting the overall value and legality of the transaction.
Apart from OSS evaluation, IP due diligence also scrutinises software ownership. This includes verifying that the target company has clear ownership of rights to use the software, especially in cases where multiple developers, contractors, or third-party entities are involved. Ensuring clear ownership helps prevent future legal disputes and solidifies the integrity of the IP assets.
Through IP due diligence, investors and acquirers can gauge the true value of the tech assets and uncover any hidden liabilities. It ensures that the investment or M&A transaction is not only legally sound but also strategically beneficial in the long run. By identifying and addressing IP-related risks early, companies can make informed decisions that safeguard their interests and contribute to the successful integration and growth post-transaction.
Conclusion and Key Takeaways
In summary, for parties engaged in tech transactions, recognising the value and navigating the challenges of software IP is crucial. A key aspect of this process is ensuring a comprehensive understanding of open-source software (OSS) licensing and the IP assets of potential investment targets. Verifying that companies have robust IP protection measures in place is essential for safeguarding assets and ensuring legal compliance.
Investors should confirm that these companies have taken steps like depositing source code with trusted third parties or national copyright offices to establish verifiable creation timelines and strengthen ownership claims. It is also critical to check for strategies to defend against IP infringement claims and to see if patents have been secured for unique software functionalities or if trade secret protocols are in place.
Crucially, carrying out IP due diligence with code scans is instrumental in achieving these objectives. These scans help assess third-party licensing and overall OSS management, identifying and mitigating potential risks. For investors, this level of thorough IP due diligence, especially via code scans, not only ensures the safeguarding of their interests but also significantly enhances the value of their investments in the technology sector.
Philippe Thomas is CEO of Vaultinum
The views expressed in this article are those of the author and do not necessarily reflect the views of AlphaWeek or its publisher, The Sortino Group
© The Sortino Group Ltd
All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or scanning or otherwise, except under the terms of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency or other Reprographic Rights Organisation, without the written permission of the publisher. For more information about reprints from AlphaWeek, click here.