As global M&A activity faced significant headwinds throughout 2023, buyers and investors seeking opportunities in technology industries found refuge in critical technology subsectors—particularly artificial intelligence (“AI”). Despite global tech M&A volume falling roughly 50 percent in 2023 on a year-over-year basis, the aggregate value of global AI M&A transactions grew in 2023 by over 20 percent compared to the year prior. As fears of recession wane and expectations of interest rate decreases in 2024 grow, M&A activity in the AI sector is poised to continue its run with force.
In a variety of industries, organizations are rapidly investing in and acquiring AI software companies to enhance value and broaden their capabilities. AI companies offer notable advantages due to their ability to swiftly scale operations with minimal capital investment, ensuring operational efficiency. However, companies leveraging AI also present distinct challenges and unprecedented risks. These risks are particularly pronounced for AI companies employing cutting-edge technology or operating in highly regulated industries, such as FinTech, RegTech, biomedical solutions, digital health devices, or autonomous vehicles. Buyers, ranging from private equity funds to strategic and tech-savvy acquirers, must not only recognize these risks but also enlist the guidance of advisors experienced in acquiring companies with AI solutions (“AI companies”) to structure transactions in a manner that mitigates risk and maximizes value.
This article will highlight five key AI-specific issues to consider when acquiring an AI company and offer strategies to mitigate these risks. Screening for such AI-related concerns will supplement the standard considerations typical of ordinary acquisitions. As with any acquisition, buyers must thoroughly assess all aspects of the target company’s operations, encompassing employment practices, tax implications, commercial agreements, and any specific issues arising from the acquisition (e.g., regulatory scrutiny of the transaction).
1. Target Company IP Rights
In the realm of AI enterprises, having clear ownership or sufficient rights to utilize all critical intellectual property (“IP”) is imperative. IP forms the foundation of AI business activities. Without unequivocal ownership rights, a company faces the peril of third-party infringement assertions, posing existential threats to its business viability and profitability.
Buyers should initially identify the essential IP assets and AI solutions fundamental to the target company’s operations. Subsequently, they must ascertain whether the target holds exclusive ownership or possesses adequate rights to utilize the IP and AI solutions incorporated into its operations or offered in its products and services. This entails verifying that any entities involved in the development of the target company’s IP and AI—such as employees, contractors, service providers, or research institutions—have duly assigned and transferred all relevant rights to the target company. Buyers should meticulously scrutinize databases maintained by the relevant administrative bodies, such as the Canadian Intellectual Property Office, and conduct thorough IP searches. This diligence ensures that the target company is the rightful owner of any registered IP and that there are no encumbrances from third-party interests registered against the IP.
In instances where the target company does not possess outright ownership of the underlying IP, buyers must assess the extent of ownership and the terms governing the target company’s utilization of the IP. This includes evaluating any associated risks relating to potential IP infringement claims that could be levied against the target company.
In the context of AI companies utilizing employees or independent contractors to develop their AI solutions, it becomes imperative to ensure that the company has obtained waivers of moral rights and consents from these third-party contributors. Moral rights afford creators of original works that are protected under copyright laws specific rights to their creations, independent of formal registration. In Canada, moral rights cannot be transferred or licensed; rather, they must be explicitly waived.
Another consideration for buyers is whether the target company has incorporated open-source software into its AI solutions, which carries inherent risks. The use of open-source software can include obligations for the company to disclose, free of charge, the source code of any software or program integrating the open-source software. Given the substantial risks at hand, prospective buyers should contemplate enlisting a third-party evaluator to scrutinize the target company’s AI solution source code. Such an audit aids in comprehending any potential open-source challenges or infringements on third-party intellectual property associated with AI ventures.
2. Ownership and Voting Structure
During the launch and initial phases of growth, diverse investors may obtain equity in a company. Yet, early-stage enterprises often grapple with maintaining precise corporate records, which can pose challenges during the acquisition process. Hence, buyers must meticulously discern the identities of the target company’s shareholders and the attendant rights they hold, which could significantly influence the acquisition. These rights might encompass voting privileges or dissolution rights linked to specific share classes or investors.
Emerging and rapidly expanding firms frequently employ options or warrants to motivate both internal stakeholders (e.g., employees, board members, and contractors) and external counterparts (e.g., lenders, strategic allies, and key clients) to support their growth through investment endeavors. Consequently, buyers must scrutinize the terms and vesting schedules of any options, warrants, or convertible securities (if issued) by the target company, as these factors could impact future control and ownership.
The buyer must also ensure all appropriate shareholders approve of the share purchase transaction or agree to sell their shares (pursuant to the articles or shareholder’s agreement). A thorough examination of the target company’s minute books and relevant agreements, such as shareholder agreements, becomes imperative to grasp the company’s ownership and voting framework comprehensively. Additionally, scrutinizing the chain of share ownership is vital for buyers to ascertain the identity of each shareholder and confirm their authorization to transfer shares to the buyer.
3. Data Rights and Use of Personal Information
For AI companies, data and quantitative metrics often serve as pivotal value drivers. Prospective buyers must strive to gain a comprehensive understanding of how the target company leverages data and its corresponding data practices, with a particular focus on contractual obligations pertaining to data collection, usage, and transfer. This examination should encompass an assessment of the target company’s policies regarding personal information, ensuring adherence to relevant laws, including data protection and intellectual property regulations, and securing necessary consent for data transfer and utilization where applicable. Comprehensive scrutiny should extend to all privacy policies and internal data handling procedures employed by the target company. Verifying the adequacy of consents for data usage is essential in mitigating associated risks.
In scenarios where the target company’s data practices involve the handling and processing of personal data, buyers must ascertain the relevant legislation governing such activities and evaluate whether the target has established protocols that align with all applicable data protection and privacy laws, as well as any existing third-party agreements. Given the potential complexities and costs associated with rectifying data misuse issues, buyers must clearly comprehend the target company’s data practices. Noncompliance on the part of the target company could present significant challenges, potentially necessitating consent from relevant third parties to rectify.
In cases where the proposed transaction entails a transfer of data ownership, buyers must ensure that the target company possesses the requisite rights and consents for such transfer. Failure to secure appropriate consent could result in the target company breaching its contractual obligations and facing subsequent liability.
4. Regulatory Risk and Life Cycle Issues
During the initial phases of software development, AI companies typically concentrate on crafting products that fulfill specific functional criteria. However, in this pursuit, these entities may overlook the regulatory obligations that apply to them and their clientele. This oversight can occur when a solution initially tailored for a particular industry or jurisdiction is later offered to customers operating in different regulatory environments. Regulations are constantly evolving, and therefore products and services must be monitored and continually updated to reflect these changes to avoid regulatory offenses.
Buyers must verify that the target company’s AI aligns with the legal and regulatory requirements applicable to all involved parties, looking both to requirements regarding the technological aspects of the solution and to those related to the specific functions or industries it involves. Additionally, they should anticipate potential legal changes to ensure the longevity of the AI solution and prevent unforeseen regulatory breaches. Failure to meet regulatory standards could expose the target company to substantial liabilities from customers, third parties, and governmental entities.
Beyond regulatory compliance, the dynamic nature of disruptive AI solutions necessitates considering the life cycle of the target company’s AI solution. In conjunction with legal and financial due diligence, cyber diligence efforts should assess the scalability, functionalities, and growth potential of the AI solution slated for acquisition in the M&A transaction.
5. Cybersecurity
Ensuring data security is paramount in safeguarding an AI business’s assets and operations. A breach in data integrity can inflict severe damage on a company’s worth; unauthorized access to confidential business data or sensitive customer information has the potential to cause significant financial losses and tarnish the company’s reputation, thereby impacting credibility and revenue streams. Cybersecurity due diligence, commonly referred to as “cyber diligence,” serves as a proactive measure to mitigate the risk of future data breaches, regulatory penalties, and privacy infringement litigation.
Engaging in cyber diligence is advantageous for buyers because it allows for a comprehensive review of a target company’s cybersecurity practices, identification of potential vulnerabilities, and preemptive measures to address cybersecurity risks before they cause threats. Furthermore, cyber diligence should meticulously evaluate the sensitivity or value of stored data and monitor any gaps in data security protocols. Engaging cybersecurity experts may be necessary to assess the adequacy of security measures and identify vulnerabilities within the system. Buyers should also scrutinize the target company’s cybersecurity incident response plan to ascertain its readiness to manage, mitigate, or resolve cyber threats should they arise.
6. Addressing the Risks
Upon identifying issues, buyers should assess the feasibility of mitigating these risks and how they can be addressed. Depending on the gravity of the issue, the target company might have the capacity to rectify concerns before the closing of the deal. Buyers may opt to tackle identified issues pertaining to the AI solution through the representations and warranties outlined in the share purchase agreement.
In instances where issues cannot be rectified prior to closing, such as concerns surrounding the utilization of open-source software in the target company’s products or services, buyers are advised to negotiate a reduction in the purchase price to reflect the assumed risk and the anticipated cost of post-closing remedies. Additionally, buyers may contemplate securing a specific indemnity to address known issues or consider withholding a portion of the purchase price, which can be utilized to offset losses stemming from identified issues post-closing. The parties involved may also explore restructuring the transaction to alleviate associated risks.
Certain issues, such as significant infringement of third-party intellectual property or noncompliance with privacy laws, may not be possible to address prior to closing. Consequently, buyers must weigh the potential reputational risk of proceeding with the transaction without resolving such concerns.
Conclusion
The points discussed in this article are by no means an exhaustive list of all issues relating to M&A where the target has developed or incorporated AI solutions; the aim is to highlight certain unique challenges inherent in the AI landscape. The issues identified should be closely monitored and thoroughly assessed during the due diligence phase of any transaction. Based on the findings, issues may be able to be addressed in the purchase agreement. This will assist in protecting buyers and also in establishing a meaningful valuation for the target company, as the parties can seek to address the risk through a reduction in the purchase price.
Engagement of legal counsel well-versed in AI solutions and experienced in AI M&A transactions is crucial for both buyers and sellers. Such expertise ensures comprehensive protection of their respective interests throughout the transaction process.