Artificial intelligence (“AI”) is a rapidly evolving field focused on developing machines capable of performing tasks that traditionally require human intelligence. These tasks include learning, problem-solving, reasoning, perception, and language understanding. Not all AI systems are equal, as they vary in complexity and functionality, and some AI systems have existed for years yet only now are receiving the attention they deserve.

AI has become an integral part of everyday life, utilized in appliances, vehicles, mobile phones, and various software applications, and it is directly accessible to consumers via the web. However, despite AI’s accessibility, its capabilities are poorly understood by the general public. In the legal field, due to AI’s widespread integration into various systems—whether for personal use, employee applications, or client interactions—it is crucial to understand how AI operates, appreciate its benefits, recognize its inherent legal and corporate compliance risks, and master risk-mitigation strategies for AI use in this brave new world.

How AI Works

The primary categories of AI systems include rule-based AI, machine learning, deep learning models (“DLM”), natural language processing (“NLP”), generative AI, and reinforcement learning models. To better understand considerations for AI use and discuss them with more nuance, it is helpful to distinguish between these foundational models.

• Rule-based AI follows a strict “if-then” decision-making system. Commonly seen in customer service chatbots, it operates based on predefined instructions, much like a flowchart or recipe, where a specific input triggers a set response.
• Machine learning identifies patterns in data and improves its decision-making over time. Netflix’s recommendation system, for example, uses machine learning to refine content suggestions based on user preferences and viewing history.
• Deep learning models (DLM) are an advanced form of machine learning that mimics human brain functions to process information. Tesla’s Full Self-Driving and Autopilot features utilize DLM to analyze real-time road conditions and improve driving performance with experience while connecting to a central hub or technological brain center.
• Natural language processing (NLP) enables computers to understand and respond to human language, both spoken and written. Virtual assistants like Siri and Alexa rely on NLP to interpret questions and provide relevant answers.
• Generative AI creates new content, such as text, images, or music, based on patterns learned from existing data. For example, ChatGPT generates human-like responses, while AI-powered art programs, like Midjourney, produce original visual content.
• Reinforcement learning operates on a reward-and-penalty system, much like training a dog. These AI models learn through trial and error, improving their decision-making based on feedback.

For this article’s purposes, we will focus on next-generation models that meet the minimum thresholds of NLP and generative AI. Specifically, we will examine hybrid AI models in corporate settings, such as recurrent neural networks, convolutional neural networks, and transformers / large language models like ChatGPT.

Benefits

AI’s applications extend far beyond grammar correction and content summarization. Hybrid AI models are increasingly embedded in corporate environments for applications such as quality control, e-discovery, document review, risk mitigation, recruitment and onboarding, and fraud detection. Businesses leverage AI to ensure compliance with international laws, local regulations, and internal policies. Pain points and gaps within preexisting policy or regulations also become minimized as AI can detect and provide supplemental standards while simultaneously enhancing efficiency. AI is also used to identify trends and calculate statistical probabilities within complex datasets.

The rapid integration of AI into corporate settings is accelerating, with no signs of slowing down. Those in the legal profession have numerous opportunities to capitalize on AI’s capabilities, making it essential to understand where and how AI operates within the profession.

Risks and Legal Considerations

Despite AI’s benefits, significant risks accompany its use. Bias and legal concerns can arise from the data sources used to train these complex models. Limited or siloed training datasets can create inherent biases, leading to skewed outputs. For example, if historical data used to develop an AI model lacks diversity, the AI will reflect those limitations in its responses. Even open data reservoirs connected to the web can introduce inaccuracies or misinformation. Additionally, models trained on copyrighted or proprietary materials pose risks of intellectual property infringement and accidental plagiarism.

Authentication has grown far more difficult as these AI-based systems have advanced, allowing malicious actors to capitalize on the authentication gap and simultaneously allowing the opening of doors for other evasive tactics. For example, AI can be exploited to create or mimic contracts, agreements, and other legal or company documentation. Misinformation and deepfake technology present additional high-risk threats. AI can generate fraudulent press releases, create bots to plague corporate social media accounts, produce fake customer reviews, and create voice-cloned content—leading to financial and reputational damages.

Legal cases such as Thomson Reuters Enterprise Centre GmbH v. Ross Intelligence Inc.^[1] have set groundbreaking precedents regarding the application of copyright laws in AI training. In a decision in this case in February, for the first time, a court declined to allow the application of the fair use doctrine to AI-produced outputs related to use of copyrighted original content. As the judiciary undergoes internal struggle in applying case law and regulatory standards to AI-related cases, which may not smoothly fit the historical mold, attorneys need to pay attention to new judicial interpretations of historically tested case law and statutes.

AI’s presence has not only rocked the judiciary but has also changed the way that lawyers conduct their own work, raising practical and ethical concerns about the usage of AI in the legal industry that have been discussed in ethics opinions or guidance from the American Bar Association and many state bars. Two key examples:

• Lawyers are using generative AI to submit briefs, some of which have contained AI hallucinations—that is, citations of cases that never existed. This has resulted in numerous sanctions and efforts by the judiciary to address lawyers’ misuse of AI.
• Lawyers are leveraging AI to prepare privilege logs, creating a potential scenario for inadvertently disclosing privileged information when they feed sensitive data into AI systems. Courts have raised confidentiality and ethical concerns over this practice.

Ethical and confidentiality concerns exist not only in the courts but also at varying corporate levels. With generative AI providing content, we have started to see major challenges to authorship and ownership rights. Furthermore, the information kept and stored by companies and how AI and/or the corporations use that information can also begin to blur our traditional understandings of corporate liability and responsibility.

Legal Hypotheticals

Two legal scenarios can help illustrate AI’s complexities:

1. The Black Mirror Conundrum. A company’s terms and conditions grant it extensive rights over user data, including the ability to create AI-generated content based on customer likenesses and behaviors. This raises questions about disclosure sufficiency and the legality of profiting from personal data.
2. The Double Cross. A fraud protection company uses client data to enhance its AI algorithms across multiple banking customers. This scenario raises questions as to whether such data usage violates contractual agreements, whether AI-generated insights constitute proprietary content, and whether or not there is a clear divide between original source data to train AI models and the output data that the models create.

These hypotheticals highlight the risks of AI by questioning the legality of using customer/consumer data to produce content that the business uses for its own purposes, whether for pecuniary gain or not. They also bring attention to ethical and contractual implications of leveraging client/employee data to enhance AI models across multiple entities. Most importantly, these hypotheticals bring to light the numerous legal gray areas that we may soon have to navigate—and that some already are navigating.

AI Risk-Mitigation and Forensic Considerations

It is critical for businesses to know how AI works before they begin to leverage it. However, the controls in place to govern its use are just as important. Leveraging AI can enhance productivity and innovation; however, it also introduces new risks that must be proactively addressed. To that end, robust governance frameworks are crucial to mitigating unauthorized or unethical AI usage.

Businesses can significantly reduce exposure to AI-related risks by implementing comprehensive compliance measures, such as Employer Device Management (“EDM”) and Mobile Device Management (“MDM”) systems. These technologies enable organizations to regulate access to AI tools and third-party applications across various devices—including computers, tablets, and mobile phones. With customizable access controls, companies can restrict usage to approved platforms and simultaneously monitor user activity beyond corporate domains, ensuring traceability and accountability.

In the event of litigation or internal investigations, these systems facilitate efficient application of legal holds and data recovery processes. By maintaining control over corporate and employee-owned devices, EDM and MDM technologies allow for secure data preservation while minimizing the need for costly and time-consuming physical device collections. Importantly, they also support privacy-preserving mechanisms, balancing investigative needs with employee data protection.

For organizations lacking centralized device management infrastructure, it is imperative to understand where AI-related data may reside. Beyond conventional storage mediums—such as hard drives, flash drives, and solid-state drives—many AI platforms store user queries and interactions in the cloud. While access to this data often requires user logins, some platforms allow anonymous interaction, complicating attribution. In such cases, forensic examiners rely on alternative artifacts including browsing histories, system activity logs (e.g., file creation, copy and paste events), and audit trails to trace AI usage. These indicators, recoverable through forensic imaging, can include both active and deleted data depending on the scope of forensic acquisition.

It is also critical to recognize that AI itself is not inherently harmful. Risk arises from its misuse, lack of oversight, or uninformed application. Therefore, alongside technical controls, companies must foster a culture of ethical AI use through clear policies, continuous education, and employee accountability. Developing and disseminating AI-specific training programs empowers employees to understand not only the functional aspects of AI but also the ethical, legal, and business implications of its use. Such training should cover topics including data privacy, intellectual property considerations, acceptable use, and bias mitigation. Ethical use agreements and internal awareness campaigns can further reinforce responsible behavior, placing shared responsibility on both the organization and its workforce.

On the reactive side, companies must be prepared to respond swiftly to potential incidents. Utilizing the Electronic Discovery Reference Model (“EDRM”), organizations can deploy litigation holds and document preservation strategies with minimal disruption. Digital forensic techniques complement these processes by enabling thorough investigations through metadata analysis, device event tracking, and the use of AI-detection tools such as GPTZero. Because AI-related content can be distributed across cloud storage, application logs, system metadata, and multimedia artifacts, a multidirectional forensic approach is essential for comprehensive risk assessment and incident resolution.

Effective AI governance demands a combination of proactive policies, technical enforcement, employee education, and forensic readiness. By integrating these components, businesses can harness the benefits of AI while safeguarding against its potential misuse.

Conclusion

AI presents both opportunities and challenges across various industries and legal spaces. While it enhances automation, decision-making, and efficiency, it also introduces legal, ethical, and security risks that organizations and the judiciary must address. If businesses and the legal profession are constantly playing catchup to technological advances such as AI, they inherently lose sight of laying a sound foundation to govern their use. By implementing strict compliance policies, monitoring AI-generated content, and staying informed about evolving legal frameworks, businesses can work to harness AI’s potential while mitigating its inherent risks. As we look to the future, our considerations should focus on responsible usage, not exclusion. Understanding where and how to engage AI will effectively pave the road for businesses to ethically exploit AI in a safe and responsible manner.

This article is related to a CLE program titled “Forensic, E-Discovery, and Legal Compliance in the Brave New World of AI” that took place during the ABA Business Law Section’s 2025 Spring Meeting. To learn more about this topic, listen to a recording of the program, free for members.

1. No. 1:20-cv-613-SB (D. Del. Feb. 11, 2025); see also Thomson Reuters Enter. Ctr. GmbH v. Ross Intel. Inc., No. 1:20-cv-613-SB (D. Del. May. 23, 2025) (highlighting the importance and difficulty of legal questions about AI’s copyright implications when certifying the case for interlocutory appeal). ↑

During the Clinton administration the U.S. Congress passed the Helms-Burton Act, also referred to as the Cuban Liberty and Democratic Solidarity Act of 1996. Title III of the Act permits U.S. citizens and corporations whose property was confiscated by the Cuban revolutionary government that took power in early 1959 to sue defendants profiting from their property. Title III did not go into effect immediately; its terms gave the president the discretion to suspend or activate it. In May 2019, President Donald Trump activated Title III for the first time in its history. An Eleventh Circuit decision in North American Sugar Industries, Inc., v. Xinjiang Goldwind Science & Technology Co. (No. 23-10126, slip op. (11th Cir. Jan. 2, 2025)) is one of a number of notable decisions in the lawsuits that have ensued since.

North American Sugar Industries, Inc. sued five defendants under Title III of the Helms-Burton Act, accusing them of “trafficking” their confiscated property. Three of the five defendants are corporations from East Asia—a Chinese wind-energy company and one of its subsidiaries (collectively, “Goldwind”), and BBC Chartering Singapore Pte Ltd.; DSV Air & Sea, Inc., is a Delaware corporation with its principal place of business in New Jersey; and BBC Chartering USA, LLC, is a Texas corporation with its principal place of business in Texas.

None of the defendants are Florida corporations. However, North American Sugar began this action in the U.S. District Court for the Southern District of Florida because, allegedly, the defendants participated in a conspiracy that “involved Helms-Burton trafficking from China, through Miami, Florida, and then to Puerto Carupano, Cuba.” The defendants moved to dismiss for lack of personal jurisdiction, which was granted. North American Sugar appealed to the Eleventh Circuit, which reversed and remanded on January 2, 2025.

When the revolutionaries seized control of the Cuban government on January 1, 1959, North American Sugar was one of the largest sugar producers in the world, with a large commercial shipping port in Puerto Carupano, Cuba. On July 20, 1960, the Cuban government confiscated the port and other properties. The Cuban government uses Puerto Carupano for its own activities.

North American Sugar is a New Jersey corporation. It filed a claim for its losses from the confiscation with the Cuba Claims Program of the U.S. Foreign Claims Settlement Commission (“FCSC”). In 1969, the FCSC certified a loss of over $97 million from the confiscation. Under the Helms-Burton Act, the FCSC’s certification of a claim is “conclusive” as to ownership and presumed correct as to value.

In order to ship certain products to Cuba that contained parts made by a U.S. company, the defendant East Asian companies Goldwind needed U.S. government export licenses. They concocted a plan to ship from Asia to Miami and then to Cuba. By transshipping the products through Miami, they received the U.S. government licenses—and, North American Sugar argued, triggered personal jurisdiction in Florida.

North American Sugar presented evidence that at least one defendant, DSV, engaged in trafficking activities in Florida, as follows: DSV’s Miami office was involved in planning the stops of two ships in Miami. DSV sent many emails about the Miami stops to Carol Scheid, DSV’s Miami-based customs broker. DSV documents related to the Goldwind companies shipments listed DSV’s Miami office as the source of the documents, with the DSV Miami office address and telephone number.

The Court of Appeals wrote that to the extent “the plaintiff’s complaint and supporting evidence conflict with the defendant’s affidavits,” the district court was required to “construe all reasonable inferences in favor of the plaintiff,” which it did not.

In addition, because North American Sugar alleged all the defendants participated in a conspiracy, Florida’s long-arm statute conferred personal jurisdiction over the BBC and Goldwind defendants even if none of them personally acted in Florida. Quoting an earlier case, the Court of Appeals noted, “Florida’s long-arm statute can support personal jurisdiction over any alleged conspirator where any other co-conspirator commits an act in Florida in furtherance of the conspiracy, even if the defendant over whom personal jurisdiction is sought individually committed no act in, or had no relevant contact with, Florida.”

Defendants in this case needed the merchandise to be transported through Miami on the way to Cuba in order to obtain the necessary U.S. government permits. However, by putting Florida into the picture they made themselves subject to the Helms-Burton Act inasmuch as part of the “trafficking” occurred on U.S. soil and subject to U.S. courts.

Challenges of Succession Planning

Succession planning is an inherently complex process that requires owners’ attention to their businesses’ immediate and long-term needs. This complexity is often more acutely felt in smaller professional firms that have limited financial resources and less bandwidth to dedicate to long-term strategic planning.

Smaller firms frequently encounter unique problems in their succession planning process. They are not always able to rely on financing mechanisms such as life insurance, retirement plans, or sinking funds, which are so often used by larger firms. They tend to be built around the individual preferences and relationships of their partners. Their methods of operation, compensation, and profit distributions frequently vary from year to year and are often adjusted based on isolated, nonrecurring events rather than consistent policies.

Beyond operational hurdles, firms navigating succession planning must also address the complexities related to valuation. Unlike other business entities, where value might reside in retained capital or tangible assets, the true worth of most professional firms lies in their client base and reputation, the skills of individual partners, and their potential to generate future revenue. This lack of tangible assets makes valuing a small or mid-size professional firm inherently more challenging, particularly when comparable transactions or multiples of value—common in large, publicly traded companies—are unavailable. For this reason, smaller firms tend to rely on one-time, arbitrary values for individual transactions. While such tactics allow small firms to be nimble, they hinder the development of consistent, methodical approaches to partner buyouts. They can also strain the firm’s finances, especially when payments to the departing partner are derived entirely from the firm’s future earnings.

A struggle common to all professional service firms, regardless of their size, is taxation. The choice of buyout structure (direct sale of the departing partner’s interest to other partners versus redemption by the firm of the departing partner’s share of total assets) impacts the tax outcomes and creates conflicting interests for the parties involved. An additional tax impact arises when the buyout includes payments for the departing partner’s share of goodwill or accounts receivable, as such payments trigger the recognition of ordinary income for the departing partner rather than the more favorable capital gain.

Without methodical preparation and thoughtful structuring of the underlying legal transaction, a partner’s departure or retirement can become a disruption that negatively impacts the firm’s financial stability and long-term prospects. Yet, despite being aware of these challenges, many firms still neglect to address them proactively. Partnership agreements, particularly those adopted early in the firm’s operation, often prioritize immediate concerns, such as management and profit-sharing, over the seemingly less pressing issues of partner withdrawals. Additionally, many buyout provisions lack the specificity and flexibility required to generate sufficient liquidity for the firm to fund a partner’s buyout.

This article provides an overview of the most popular buyout approaches that facilitate partner transitions. This overview does not address the tax issues surrounding each type of buyout or the valuation and accounting implications of the selected approach. The terms “partnership,” “partner,” “partnership agreement,” and “interest” are used generally and do not imply a specific legal or tax classification of a professional services firm.

External Financing

External financing (e.g., bank loans, lines of credit, or loans from specialty finance companies focused on professional services) to fund a partner buyout offers several key advantages, primarily centered around providing immediate capital and financial stability for the firm. Outside funding avoids the uncertainty associated with dependence on the firm’s future performance and allows it to continue its operations without depleting its cash reserves. These reserves can instead be utilized for other purposes, such as investing in essential technology upgrades, hiring key personnel, or pursuing initiatives that accelerate the firm’s growth.

Another significant advantage of external financing is a clean separation between the firm and the departing partner. The retiring partner has immediate access to funds, while the firm benefits from a complete disengagement of the departing individual from the firm’s ongoing operations.

One of the primary drawbacks of external financing is its substantial long-term cost. Some loans may contain less than favorable financing terms, including personal guaranties or shorter repayment periods. Restrictive covenants such as limits on future debt, capital expenditures, or partner distributions may constrain the firm’s operational decisions and impair its creditworthiness. Many traditional banks hesitate to offer partner buyout loans due to the lack of tangible collateral. Finally, the time-consuming process of a lender’s due diligence review might not align with the desired timeline for a partner’s departure. As a result, many firms may have no choice but to fall back on other arrangements.

Payment in Installments

Payment in installments is the simplest and, thus, most frequently used mechanism for all types of buy-sell arrangements. Professional services firms usually fund partnership redemptions from their ongoing revenue streams rather than accumulated capital. Payment in installments mitigates the financial strain on the firm by avoiding immediate cash outflows that could disrupt operations or hinder growth. The firm’s obligations are evidenced by a promissory note detailing the payment amount and terms, such as interest rate, payment schedule, and maturity date. The note can be secured to provide the departing partner with recourse if the firm defaults. Common security arrangements include:

• a pledge of the stock or membership interest purchased from the departing partner
• personal guarantees of the remaining partners
• liens on specific assets such as real estate or significant equipment (less common in the context of professional service firms, which typically do not possess substantial tangible assets)

The firm can use various approaches to manage its debt service and cash flow during the note repayment period. These include a cap that limits the total annual payout or a payment suspension clause, which permits deferral of principal payments during periods of economic downturn. Any amount that the firm cannot pay in a single year due to the cap or suspension would be rolled forward to the following year. Other details that the parties should address when using such arrangements include triggering conditions (e.g., a drop in revenue below a specified threshold), the duration of the relief period, the applicable interest rate, and the method for making up missed payments.

Payment in installments enhances a firm’s financial stability. Through proper cash flow planning and allocating a certain percentage of the firm’s revenue toward the buyout payments, the partners can neutralize the effect of unexpected difficulties, allowing the firm to navigate periods of financial hardship without default.

Earnout Arrangements

An earnout is a form of deferred payment that the seller receives from the buyer only when specific performance targets are met post-closing. In a scenario involving a partner’s buyout, the selling partner agrees to make a portion of their payout contingent on the firm’s future performance.

Earnouts are especially effective when the firm’s future financial performance is uncertain or when the departing partner’s continued involvement, even if temporary, is critical for the firm’s ongoing success, for example, to facilitate the transition of key client relationships or preservation of institutional knowledge. Partners who are compensated in the form of an earnout often stay with the firm in a part-time, consulting, or support role to ensure seamless handover of responsibilities and help maintain the firm’s stability during the transition.

Earnouts are also attractive for other reasons:

• They offer financial flexibility because a portion of the payment is tied directly to the retained revenue or profit of the firm. Such an arrangement protects the firm if client retention or revenue drops significantly after the transition.
• They help reconcile differing opinions between the departing partner and the firm on the value or prospects of the business.
• If the firm performs well, the departing partner may earn more than a fixed buyout price that might have been offered in the absence of an earnout.

In a typical earnout arrangement, the departing partner receives an initial portion of their payment in cash upfront. This payment partially mitigates the risk associated with the contingent payout. The firm’s achievement of the agreed-upon performance metrics triggers payments of the remaining balance during the earnout period, which typically lasts from one to five years. The length of the earnout period depends on factors such as the stability of the firm’s business, the time required to transition client relationships, the role of the departing partner, and the complexity of the chosen metrics. For instance, a firm with stable, predictable revenue might opt for a shorter timeframe than one with volatile, project-based income.

Commonly used performance metrics include revenue and profitability targets. Revenue targets can be based on the total revenue generated by the firm, revenue from the departing partner’s practice area, or revenue from specific client accounts historically managed by the departing partner. Revenue targets are popular because they are relatively simple to use. However, they do not reflect the actual profitability of the firm because they account for total income before expenses.

Profitability targets, on the other hand, better reflect the firm’s overall financial health and ability to pay, as metrics such as EBITDA, net profit, or profit per partner are directly linked to the firm’s bottom line. Another common metric is client retention, where payments are contingent on retaining a certain percentage of key clients associated with the selling partner for a specified period. Nonfinancial metrics are used less frequently, typically when the partner’s continued involvement is critical for achieving a specific strategic goal, such as securing a major contract, successfully integrating a practice group, or closing a joint venture deal.

Metrics used in earnout provisions should be objective, measurable, and based on reasonable assumptions and realistic projections. For any metrics to work effectively, they should be structured to prevent artificial inflation or deflation of expenses by addressing details such as the treatment of extraordinary expenses, intercompany charges, or changes in accounting policies. Simple calculations based on readily available data are preferable because they reduce the potential for manipulation or misinterpretation.

The parties can structure an earnout payment as a fixed amount, a percentage of the target achieved, or an agreed-upon formula that will be paid in periodic installments or a single lump sum at the end of the earnout period. To manage risk, the departing partner may (and should) insist on receiving a minimum guaranteed earnout payment (a “floor”). Conversely, the firm may seek a maximum payout limit (a “cap”) to avoid unexpectedly large payouts due to unforeseen successes potentially unrelated to the departing partner’s contributions.

Other protections for the departing partner include:

• extension of the earnout period if the guaranteed minimum is not met within the original timeframe due to specific, predefined circumstances
• acceleration that requires immediate payment of the remaining potential earnout or guaranteed floor upon certain events, like a change in control of the firm or the departing partner’s death
• audit rights preserving access to the firm’s books and records to verify the calculation of the performance metrics and dispute resolution methods for resolving disagreements on the payout calculation

Earnouts are not without drawbacks. Their contingent nature makes them a less desirable solution for buyouts related to retirement, where a departing partner seeks financial certainty and disengagement. They expose the departing partner to a significant risk by tying the payout to the firm’s future performance, which the partner no longer controls. External factors, regulatory changes, serious mismanagement, or strategic shifts by the remaining partners could all jeopardize the earnout payment. Nevertheless, earnouts are often the only viable method for providing buyout funding in smaller firms.

New Partner Buy-Ins

Another strategic approach to funding a partner buyout involves bringing in a new partner, either through an internal promotion or external hire. This new partner purchases the departing partner’s equity interest. This strategy provides both a funding source for the buyout and an opportunity for the firm to inject new talent, specialized expertise, or valuable client relationships into the firm. The new partner’s buy-in is especially attractive for businesses looking to grow new practice areas or expand their service offerings. However, this approach may significantly impact the firm’s ownership structure, culture, and internal dynamics and, as such, requires careful planning and execution.

The process of admitting new partners involves several key steps. First, the partners must identify potential candidates, assess their alignment with the firm’s culture, and perform any necessary due diligence. Next, they need to determine the value of the departing partner’s equity interest and structure the corresponding buy-in payment. Valuation methods vary widely and might include formulas already defined in the partnership agreement (e.g., based on book value, multiples of revenue or earnings, or a fixed amount) or an independent third-party valuation.

The buy-in payment may reflect only the value of a percentage interest in the business or might include a corresponding capital contribution or a pro rata buy-in for the new partner’s share in unbilled work in progress and accounts receivable. Since paying the full purchase price in cash can be a barrier for younger partners, many firms allow new partners to pay for their equity stake over time, typically through deductions from their future profit distributions or compensation.

New partner admission typically requires the consent of all (or a supermajority of) the remaining partners. Securing this consent can be a hurdle, especially if the admission significantly shifts governance control, decision-making power, strategic direction, or profit distribution formulas in ways that make some existing partners uncomfortable. Once consent is received, the partnership agreement is updated to reflect the agreed-upon terms, including the new partner’s initial capital contribution (if any, beyond the equity purchase), percentage of ownership, voting rights, profit and loss allocation, distribution entitlements, and specific roles and responsibilities within the firm.

New partner buy-ins can be highly complex, especially for firms with tiered partnerships, complex capital accounts, vesting schedules, and mandatory retirement policies. Despite these potential complexities, a well-crafted approach can deliver a fair and balanced result for all parties while facilitating a smooth transition.

Best Practices

The goal of succession planning is to ensure smooth, fair, and predictable ownership transitions based on objective parameters. To achieve this goal, professional services firms should adopt best practices when designing partner entry and exit strategies.

The first and most critical step is developing a comprehensive partnership agreement. This agreement should clearly outline triggering events for withdrawals (retirement, death, disability, voluntary departure, termination for cause), funding sources, and procedures, including advance notice requirements, clear valuation methods, and payment terms. Other important provisions include terms for new partner admissions and, where applicable and legally permissible, noncompete, nonsolicitation, and nondisclosure covenants restricting the departing partner.

Partners should periodically review and update the partnership agreement—for example, every three to five years or upon significant changes—to reflect evolving business circumstances, partners’ expectations, and legal and regulatory requirements.

However, a robust agreement alone is not sufficient to successfully navigate partnership transitions. Professional services firms should treat succession planning as an ongoing strategic process rather than a reaction to a partner’s imminent departure. Mentorship, talent development, open communication, and collaboration among partners regarding terms of transition are key to minimizing conflicts and building consensus. Experienced tax, legal, and financial advisors specializing in professional service firms can help design, draft, and implement exit and buy-in strategies that are legally sound, financially viable, and tax- efficient and thus protect the interests of all parties involved. By proactively addressing these elements, professional service firms can navigate partner transitions more effectively, preserving the stability of their firm and setting the stage for future success.

The current political environment may be an exceptional chance to see our system of government in action, and understand “separation of powers” and the role of the federal judiciary.

Many are dismayed by the actions of the current administration. However, the outcries and outrage—the statements by those who say our democracy and government are being destroyed—may be causing their own kind of harm.

Mainstream broadcast media and social media messaging that questions the independence and integrity of the federal judiciary, including the U.S. Supreme Court, may be contributing to the erosion of confidence in the federal judiciary and Supreme Court reflected in public opinion surveys. And with an erosion of trust, it is more likely that members of the public will say it is okay to ignore the courts’ rulings. To uphold the rule of law, however, we must understand and respect all three branches of government and ask them to do their jobs.

Our forebears set up our government to address situations like we see today.

The founders of the United States foresaw, and experienced, disagreements and advocacy that were chaotic, disrespectful, and viewed as undemocratic. Thus they established a system of government, reflected in the Constitution, that provides for an independent judiciary to adjudicate disputes regarding the actions of the executive and legislative branches of our government. This third branch of government—the independent judiciary—would determine the legality of the actions of the executive and legislative branches under the laws and Constitution of the United States. Ultimately, the U.S. Supreme Court decides the law of the land, whether actions are permissible—that is, consistent with the Constitution—or not.

The executive and legislative branches need not agree, nor must they fail to aggressively pursue their desired policies through executive or legislative actions. But the members of these branches are required to recognize and honor the decisions of the federal judiciary regarding the legality of actions and the law of the land.

Positions and actions of the executive branch or the legislative branch—the president or Congress—may be viewed as unlawful by the other branch; however, the executive or legislative branch may take actions and pursue them aggressively until the action is found to be unconstitutional or otherwise unlawful by the independent judiciary. That is the way our system is structured and the way it works.

Thus, the president and his cabinet members—and even those with roles we may not understand—may take even outrageous positions and actions until the action is found to be unlawful under the Constitution or other applicable law.

Our judiciary—the third branch of government—must be allowed to do its job and respected for doing so. We may not like a judicial decision, but we must follow and respect it. When a decision is made that a party does not agree with, the appropriate action is to appeal the decision—not ignore the decision, or attack the judge(s) who made it and seek their removal or impeachment.

Remember that advocacy and disagreement led to the creation of this great nation, led to many of the changes and advancements over the years since, and will continue to do so as we move forward. Our system is not perfect, but “E pluribus unum” (“Out of many, one”) and “United we stand, divided we fall” must be principles we live by as we move forward. We are united as one under the Constitution to pursue life, liberty, and the pursuit of happiness for all citizens—collectively as a nation and a people, not as one individual, group, or party as opposed to another.

We will always have groups and leaders who will try to divide us in order to control us and destroy us, to destroy the collective “one” that we are as a unified nation. However, we are free not to fall into this trap, free to put the collective, unified one, our nation, above the many. If we are united in support of the one, we succeed, and those who seek to divide, control, and destroy us as individuals will fail.

We, humans, created our system of government, with our free will, our prejudices, frailties, and failings. We must thus take responsibility for ensuring the system is understood and operates for all of us. Each of us as citizens must accept the responsibility to participate and protect the collective—our government and way of life.

How do we do this? As a start, we can ensure that we, and our friends and neighbors,

1. understand the way our government works—the three branches of government and how they interact to govern and ensure the success of our country;
2. understand our role as citizens (and attorneys) with respect to each branch, and how we can stay engaged and take action to ensure we fulfill our responsibilities;
3. understand the issues that are important to us, where those issues are within the government, and how we can get involved and participate; and
4. do something about those issues and responsibilities.

It can feel difficult to “do something,” but it can help to take a step back and focus your energy.

Decide what you want: What is important to you? What is the issue, and what do you want to happen? Try not to simply get upset, check out, or give up.

Slow down and think about the issue or problem and what you would like to see happen. Learn more, or discuss productively with others rather than making angry posts.

Simplify the problems, solutions, and actions: Work to break things down to where there is something that can be done. Don’t let the complexity of an issue overwhelm you and make you feel helpless; there is always a place to start.

Take action: Execute your plan. Start with small actions and steps to get the ball rolling.

We can each be a part of supporting the independent judiciary and the rule of law, and of working for change in a way that maintains respect for our system of government.

This article is part of a series on the rule of law and its importance for business lawyers created by the American Bar Association Business Law Section’s Rule of Law Working Group. Read more articles in the series.

The views expressed herein are solely those of the author and are not necessarily those of the author’s employer, the American Bar Association, or the Business Law Section.

This is the fifth installment in the Year in Governance Series from the In-House Subcommittee of the ABA Business Law Section’s Corporate Governance Committee. Each month, the series will share key tips on a different corporate governance topic. To get involved in the Corporate Governance Committee, please visit the committee’s webpage.

A message from Kathy Jaffari: “As Chair of the Corporate Governance Committee, I would like to extend my sincere appreciation to the authors for this publication. The Corporate Governance Committee has ongoing opportunities for writing and volunteering with various projects, whether it’s an article you want to publish or a CLE that you want to present. Our Committee is dedicated to helping you promote informative resources for corporate governance practitioners. You may contact me at [email protected] to get involved.”

Conflicts of interest undermine a director’s duty of loyalty, erode trust and effective decision-making, and create litigation and enforcement risk. Directors should identify, disclose, and manage any conflicts of interest to maintain the integrity and effectiveness of a board. It is essential to meticulously document conflicts of interest and efforts to overcome these conflicts in order to protect both the company and its directors.

1. Draft a conflicts of interest policy. Directors need to know the types of conflicts that could arise, such as direct and indirect financial conflicts, dual representation, corporate opportunity, confidentiality, and personal interest. Draft and circulate a comprehensive policy that describes what constitutes a conflict, establishes a disclosure protocol, and lays out procedures for managing conflicts. The policy should also explain what is considered a material conflict.
2. Ask about conflicts, to facilitate disclosure. The director onboarding process will initially identify conflicts, but that is just the beginning. Directors should complete disclosure forms (typically D&O questionnaires) at least annually, and consider requiring directors to update their disclosures whenever their circumstances change.
3. Talk about conflicts, to cultivate culture. If you talk regularly about the importance of early and fulsome disclosures, then you will help create a culture where directors identify potential conflicts before they become a problem. You can place a brief disclosure statement at the top of every meeting agenda, or just remind directors before each meeting of how important it is to disclose any material conflicts.
4. Recuse conflicted directors. When there is a conflict—when a director’s interest could reasonably be expected to influence judgment—recuse that director, immediately. Exclude the director from deliberations (the meeting), decisions (the voting), and information (the minutes, although you can provide a redacted version). The minutes should reflect these efforts in order to record your compliance.
5. Manage board communications to restrict access when necessary. After asking the director with a conflict of interest to leave the room, use the available technology to restrict the information shared with that director by monitoring what is placed on the director’s portal or revising access controls. If it is necessary to maintain confidentiality, consider using separate counsel and advisors. Make sure to consider the timing of disclosures to the full board after committee deliberations.
6. When board independence is in doubt, consider forming a special committee. A special committee (made up of independent, disinterested directors) might be appropriate when, for example: multiple (or even a majority of) directors have conflicts; the transaction under consideration will be reviewed under the entire fairness doctrine; the board anticipates litigation related to the decision; or the proposed transaction involves a controlling shareholder. The special committee needs the authority to do its job properly, so it should be formed early, truly independent, and authorized to make decisions (including saying “no”). Keep in mind that the special committee may need separate counsel and advisors.
7. Consider whether a special committee is worth the trouble. A special committee likely brings inherent challenges that require careful consideration. It is costly. It creates delay. And it may generate the perception that there is more concern than exists or is warranted. Unfortunately, that perception alone could lead to litigation rather than help avoid it. Consider whether recusal of the interested directors would adequately address the conflict.
8. Address conflicts in related-party transactions. Related-party transactions bring higher scrutiny, as the standard of review examines both the process (i.e., “fair dealing”) and the economic terms (i.e., “fair price”). Using additional safeguards, such as approval from a special committee and a majority-of-the-minority vote, may help shift the burden of proof. You should also disclose all material facts, consider engaging third-party valuations or fairness opinions, and document the business rationale, among other things. Required disclosure of these transactions in Securities and Exchange Commission filings leaves them open to enhanced scrutiny.
9. Guard corporate opportunities closely. A strong conflict of interest arises when a director diverts a corporate opportunity. To avoid this, draft and adopt a policy that defines the company’s “line of business,” establish a formal process to determine if an opportunity belongs to the corporation, and document when the company declines to pursue an opportunity.
10. Leverage independent advisors. Use disinterested advisors to help a special committee, or the full board, to craft a rigorous process and establish fair-price credibility. Such advisors can be bankers, valuation experts, or outside counsel. Get them involved early in the process. It may be helpful to vet candidates beforehand so that you have a bench to draw from when the expected (or unexpected) time comes.

The views expressed in this article are solely those of the authors and not their respective employers, firms, or clients.

India’s first standalone data protection legislation, the Digital Personal Data Protection Act, 2023 (“DPDPA”),^[1] is poised to soon come into force. To facilitate its implementation, the Ministry of Electronics and Information Technology recently issued draft Digital Personal Data Protection Rules, 2025 (“Draft Rules”)^[2], which provide guidance on implementation of several key provisions of the DPDPA. The Draft Rules were issued for public consultation till March 5, 2025. After consideration of industry feedback, it is expected that the government may notify the Draft Rules in the coming months, bringing the DPDPA formally into force.

Because of the DPDPA’s extraterritorial reach, businesses around the world need to prepare for its significant impact. Among the critical aspects of the new data protection law are provisions on cross-border data transfers and data localization, requirements for processing of children’s data, personal data breach notification obligations, and heightened obligations for “significant” data fiduciaries. At a macro level, global businesses will need to assess the DPDPA’s applicability to them and update their technological infrastructure and documentation to comply with the new requirements. “Consent managers,” a new category of entity introduced by the law, may need to be onboarded and integrated to manage data subjects’ consents, and data privacy notices will need to be revisited to ensure they provide the DPDPA’s requisite disclosures. At a business level, data sharing arrangements with vendors and group companies will also need to be reconsidered in light of the DPDPA.

Overview and Extraterritorial Application

The DPDPA introduces several compliance requirements for collection and processing of personal data, whether collected in digital form or collected and subsequently digitized.^[3] “Personal data” broadly includes “any data about an individual who is identifiable by or in relation to such data.”^[4] The provisions of the DPDPA do not apply to personal data processed by an individual for “any personal or domestic purpose,” or to personal data that is made or caused to be made publicly available by (a) the “Data Principal” (akin to “data subjects” under other jurisdictional frameworks) to whom such personal data relates, or (b) any other person who is under a legal obligation to make personal data publicly available.^[5]

The DPDPA applies not only to entities processing personal data within India but also to those outside India if such processing is in connection with any activity related to offering of goods or services to individuals (i.e., Data Principals) within India.^[6] This provision is comparable to global frameworks like the European Union’s General Data Protection Regulation (“EU GDPR”), which applies extraterritorially to non-EU businesses that offer goods or services to, or monitor the behavior of, individuals located in the EU.^[7] International businesses that do not have a physical presence in India but target and serve Indian consumers, such as e-commerce websites and digital platforms, will need to comply with the DPDPA.

Consent and Notice Requirements

One of the core principles of the DPDPA is obtaining consent from Data Principals for processing their personal data. “Data Fiduciaries” (akin to “data controllers” under other jurisdictional frameworks) must provide clear, standalone notices in English or any official Indian language,^[8] detailing the purpose of data collection, the types of data processed, and the rights of Data Principals.^[9] The Draft Rules do not prescribe a rigid template or format for the notice, allowing flexibility for Data Fiduciaries to design their notices so long as other requirements are satisfied. However, the notice cannot be combined with other documentation such as an end-user license agreement, general terms of service, or other website policies.^[10]

Under the DPDPA, Data Fiduciaries are required to provide similar notice to Data Principals, as soon as “reasonably practicable,” regarding data for which consent for processing was obtained prior to the enforcement of the Act.^[11] However, the Draft Rules do not specifically prescribe separate notice requirements for these existing datasets. In the absence of detailed guidance, it may be sufficient, in certain cases, for a public notice to be issued on the Data Fiduciary’s websites or apps.

An operational aspect of concern for these notices is the language requirement. It would simplify implementation if the government were to allow notices to be accessible in the language in which the platform is supported or made available to the Data Principals, to prevent unnecessarily onerous translation requirements.

Consent Managers

Unlike the EU GDPR, which permits data processing on some relatively broad bases such as legitimate interest, the DPDPA relies primarily on consent-based processing, with limited instances of legitimate uses such as for employment.^[12] This approach imposes a greater burden on organizations to ensure user-friendly and transparent consent mechanisms. Against this background, it is relevant to note that the DPDPA introduces the novel concept of “Consent Managers.”^[13] These are entities registered with the Data Protection Board of India^[14] that provide Data Principals a platform to manage, review, and withdraw their consent.^[15] These Consent Managers must maintain robust technical and organizational safeguards to ensure transparency and data security.^[16]

While the introduction of Consent Managers may alleviate compliance burdens for Data Fiduciaries, it also creates a potential bottleneck if the regulatory framework for their operation is not adequately developed. Furthermore, it would be useful to clarify whether Consent Managers, which operate as independent entities and businesses from Data Fiduciaries, should themselves be considered Data Fiduciaries, or even Significant Data Fiduciaries.

Significant Data Fiduciaries

The DPDPA introduces the concept of “Significant Data Fiduciaries,” a subset of Data Fiduciaries that will be designated by the central government based on an assessment of “such relevant factors as it may determine,” such as the volume and sensitivity of the data they process.^[17] SDFs are subject to enhanced compliance obligations, including mandatory data protection impact assessments, audits, and appointment of a dedicated Data Protection Officer^[18] to oversee compliance. SDFs may also be required to implement additional security measures, maintain detailed processing records, and observe strict data governance protocols. Furthermore, they may be restricted from transferring certain categories of personal data outside India (discussed below).^[19] Businesses operating as SDFs must proactively assess their data processing activities and prepare to meet these heightened regulatory requirements. It is likely that big tech and large, consumer-facing health care, finance, and IT companies could potentially be notified as SDFs, though the exact criteria that the government may use to notify Data Fiduciaries as SDFs is not clear.

Cross-Border Data Transfers

One of the major concerns under the DPDPA and the Draft Rules for multinational businesses is the regulation of cross-border data flows. The DPDPA permits the transfer of personal data outside India unless the government specifically restricts certain jurisdictions.^[20] Unlike some stringent data localization laws, the DPDPA does not impose blanket prohibitions but retains the authority to designate restricted territories.

This regulatory approach offers some flexibility for businesses engaged in global data processing while ensuring that transfers remain subject to oversight. However, the government may prescribe additional compliance measures for transfers to certain jurisdictions,^[21] such as requiring contractual clauses, data protection impact assessments, or approvals from regulatory authorities. The government may also impose additional compliance requirements on notified SDFs depending on the nature of personal data processed by the SDF and the recipient jurisdiction.^[22] Organizations transferring data outside India should be prepared for these potential requirements and must stay updated on government notifications regarding restricted countries and additional conditions applicable to data transfers.

A key question is whether these restrictions will align with existing global frameworks and compliance with foreign law obligations. Companies operating across multiple jurisdictions may face conflicting compliance obligations depending on specific restrictions that may be introduced under the DPDPA. This could create operational challenges for global data-sharing frameworks, necessitating the adoption of a modular approach to data governance, which enables jurisdiction-specific adjustments while maintaining overall regulatory consistency.

Data Localization Requirements

While the DPDPA generally allows data transfers, the Draft Rules introduce provisions for potential data localization requirements, particularly for SDFs. These entities may be subject to specific data storage and localization mandates.^[23] A government-appointed committee will determine categories of personal data processed by SDFs that must be stored within India.^[24] This could impact global enterprises, particularly those in sectors like finance, health care, and technology, where handling sensitive personal data (often across borders) is integral to operations. Apart from personal data, localization requirements may extend to traffic data pertaining to the flow of personal data,^[25] which can include logs and transactional records, meaning businesses must implement robust infrastructure to ensure compliance. Companies must assess whether they are likely to fall within the SDF category and prepare for potential localization obligations by revising their data storage strategies.

These regulations could impact multinational companies that rely on global data centers and cloud services for their business operations. For companies that use global analytics and services driven by artificial intelligence, data localization can introduce significant inefficiencies. Localization mandates may result in increased costs for infrastructure deployment and operational inefficiencies due to the inability to process data across borders. Additionally, concerns have been raised regarding whether localization measures genuinely enhance data security or merely create operational and economic hurdles.

Personal Data Breach Reporting Obligations

Under the DPDPA, organizations must promptly report personal data breaches.^[26] The law requires that both affected individuals and the Data Protection Board of India be informed without delay upon discovering a breach.^[27] Additionally, within seventy-two hours of an organization’s becoming aware of the breach, a detailed report of the breach must be submitted to the Data Protection Board.^[28]

This requirement aligns with international best practices, such as the EU GDPR, but lacks a materiality threshold. Every breach, regardless of its impact, must be reported. This could lead to an increased compliance burden for businesses, necessitating highly robust cybersecurity frameworks and breach detection mechanisms. The lack of a materiality threshold also raises concerns about regulatory fatigue. If organizations are required to report even minor breaches, regulators may be overwhelmed with notifications, reducing their ability to focus on critical threats. Businesses may also face reputational risks from excessive breach disclosures to multiple stakeholders, even in cases where no harm occurs.

In any case, organizations must establish internal protocols for incident detection, assessment, and reporting. Given that breach notifications may also be required under other laws, such as general^[29] and sector-specific cybersecurity regulations (such as in the banking or the insurance sector), companies should harmonize their reporting obligations to avoid duplication and ensure efficiency.

Additional Considerations

Data Security: Subject to a few minimal restrictions, Data Fiduciaries are allowed to implement the security standards and procedures of their choice to protect the personal data they process.^[30] These safeguards are required to include making sure that the right data security measures (such as encryption, obfuscation, or mapping personal data to tokens) are implemented; access control mechanisms are in place; logs are maintained and routine monitoring is conducted to identify instances of unauthorized access; and more.^[31]

Children and Persons with Disabilities: In relation to processing of personal data of children and persons with disabilities, there are additional requirements for obtaining verifiable consent from the parent or legal guardian if applicable, respectively.^[32] The mode of seeking verifiable consent is left to the discretion of the Data Fiduciary.^[33] Neither the DPDPA nor the Draft Rules require the Data Fiduciary to investigate the ages of its users to ascertain if they are in fact not children, or to investigate the relationship between child and purported parent. The DPDPA and Draft Rules appear to rely upon self-identification by a user as a child, or by a parent, for compliances to trigger.

Retention: According to the DPDPA, personal data must be deleted as soon as it is reasonable to believe that the specified purpose for processing the personal data is no longer being fulfilled.^[34] The Draft Rules specify time frames for the processing of personal data for particular purposes by e-commerce entities, online gaming intermediaries, and social media intermediaries (that meet the prescribed user thresholds).^[35] It lays out a three-year term from the enforcement of the Digital Personal Data Protection Rules, 2025, or the last time the Data Principal approached the Data Fiduciary to execute the specified purpose or exercise their rights, whichever is later.^[36] There is no guidance on the manner of ascertaining when the specified purpose is no longer being served for other Data Fiduciaries. In the absence of a specific timeline, Data Fiduciaries will have varying standards to determine erasure of personal data. Further, it is unclear why a timeline has only been prescribed for the said three classes, as opposed to other Data Fiduciaries, such as those in possession of large volumes of personal data.

Conclusion

Feedback and comments from the industry submitted during the public consultation period are presumably under consideration by the Indian government. Based on recent media reports, it was expected that the DPDPA and the Draft Rules would be finalized for implementation by April 2025.^[37] However, as of mid-May 2025, neither the DPDPA nor the Draft Rules have been brought into effect. As the rules are finalized, businesses must assess their current data protection practices based on their industry and the type of personal data they handle. Principles of purpose limitation, collection limitation, and storage limitation are enforced through the DPDPA and Draft Rules and should be enforced by businesses. Compliance will require updating technological systems, internal processes, and documentation. SDFs engaged in cross-border data sharing may face localization challenges, necessitating adjustments to their data transfer arrangements. A critical consideration for businesses is the significant penalties prescribed under the DPDPA, which start at approximately USD 6 million and go up to approximately USD 30 million, depending on the nature of violation.While the Draft Rules offer flexibility by avoiding rigid standards, several critical aspects, such as SDF designations, data transfer restrictions, and details for obtaining verifiable consent for children’s personal data, remain undefined. These details are likely to be addressed once the final rules are released or subsequently through government-issued FAQs.

1. Digital Personal Data Protection Act, 2023 [hereinafter DPDPA]. ↑

2. Ministry of Electronics and Information Technology, Draft Digital Personal Data Protection Rules, 2025, G.S.R. 02(E) (Issued on January 3, 2025) [hereinafter Draft Rules]. ↑

3. DPDPA § 3(a). ↑

4. DPDPA § 2(t). ↑

5. DPDPA § 3(c). ↑

6. DPDPA § 3(a)–(b). ↑

7. Article 3(2), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), 2016 O.J. (L 119) 1 [hereinafter EU GDPR]. ↑

8. DPDPA §§ 5(3), 6(3). Please note that there are twenty-two languages recognized as official under the Eighth Schedule to the Constitution of India: Assamese, Bengali, Bodo, Dogri, Gujarati, Hindi, Kannada, Kashmiri, Konkani, Maithili, Malayalam, Manipuri, Marathi, Nepali, Oriya, Punjabi, Sanskrit, Santhali, Sindhi, Tamil, Telugu, and Urdu. ↑

9. DPDPA § 5(1); Draft Rules, Rule 3; see also Explanatory Note to Digital Personal Data Protection Rules, 2025, ¶ 3 (last visited Apr. 26, 2025). ↑

10. Draft Rules, Rule 3(a). ↑

11. DPDPA § 5(2). ↑

12. DPDPA § 7. ↑

13. DPDPA § 2(g) (“‘Consent Manager’ means a person registered with the [Data Protection] Board [of India], who acts as a single point of contact to enable a Data Principal to give, manage, review and withdraw her consent through an accessible, transparent and interoperable platform.”). ↑

14. DPDPA § 6(9). ↑

15. DPDPA § 6(7)–(8). ↑

16. The Draft Rules prescribe the conditions for registration of a Consent Manager under Part A of the First Schedule and enumerate the obligations applicable to the Consent Manager under Part B of the same Schedule. ↑

17. DPDPA § 10(1) (“The Central Government may notify any Data Fiduciary or class of Data Fiduciaries as Significant Data Fiduciary, on the basis of an assessment of such relevant factors as it may determine, including—(a) the volume and sensitivity of personal data processed; (b) risk to the rights of Data Principal; (c) potential impact on the sovereignty and integrity of India; (d) risk to electoral democracy; (e) security of the State; and (f) public order.”). ↑

18. DPDPA § 10(2). ↑

19. Rule 12(4), Draft Rules. ↑

20. DPDPA § 16(1). ↑

21. Rule 14, Draft Rules. ↑

22. Rule 12(4), Draft Rules. ↑

23. DPDPA § 10(2)(c)(iii); Rule 12(4), Draft Rules. ↑

24. Rule 12(4), Draft Rules. ↑

25. Rule 12(4), Draft Rules. ↑

26. DPDPA § 2(u) (“‘[P]ersonal data breach’ means any unauthorised processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction or loss of access to personal data, that compromises the confidentiality, integrity or availability of personal data”). ↑

27. DPDPA § 8(6); Rule 7, Draft Rules. ↑

28. Rule 7(2)(b), Draft Rules. ↑

29. In particular, this refers to the obligation to report cyber-security incidents to the Indian Computer Emergency Response Team in accordance with the provisions of the Information Technology Act, 2000. ↑

30. DPDPA § 8(5). ↑

31. Rule 6, Draft Rules. ↑

32. DPDPA § 9(1). ↑

33. Rule 10, Draft Rules. ↑

34. DPDPA § 8(7)– 8(8). ↑

35. DPDPA § 8(8); Rule 8 and Third Schedule, Draft Rules. ↑

36. Third Schedule, Draft Rules. ↑

37. Surabhi Agarwal & Suraksha P, Centre Sets April Date for DPDP Rules as MeitY Studies Feedback, Econ. Times (Mar. 25, 2025). ↑

This article is Part IX of the Musings on Contracts series by Glenn D. West, which explores the unique contract law issues the author has been contemplating, some focused on the specifics of M&A practice, and some just random.

A recent decision by the Delaware Supreme Court, Thompson Street Capital Partners IV, L.P. v. Sonova U.S. Hearing Instruments LLC,^[1] reveals a potentially worrisome crack in Delaware’s solid and reliable contractarianism. This crack appears in one of the more important bargains made between a buyer and a seller in a private company acquisition agreement—the survival period and the timing and content of the notice of claims required to be delivered by the buyer to the seller to entitle the buyer to the limited indemnification provided by the seller.

Thompson Street Capital involved a seemingly routine dispute concerning the sufficiency and timeliness of a claims notice sent to the seller before the end of the survival period. The seller alleged that this notice (a) failed to include the “specificity” regarding the claim as required by the merger agreement and (b) was untimely because it was not sent within thirty days after the buyer became aware of the issue as required by the merger agreement. While the nature of the dispute was unremarkable, the court’s holding was anything but unremarkable.

The Dispute and the Court of Chancery Decision

The plaintiff, a sell-side private equity firm acting as the “Members’ Representative,” filed a declaratory judgment action in the Delaware Court of Chancery seeking “an order declaring that the Purported Claim Notice did not meet the contractual requirements with which [the buyer] had to comply and, as such, could not serve as a basis to withhold the escrowed funds.”^[2] Additionally, the plaintiff’s complaint “sought a mandatory injunction requiring [the buyer] to execute a Joint Instruction letter directing the Escrow Agent to release the contents of the Indemnity Escrow Fund to Plaintiff.”^[3] Anyone involved in private company M&A is well familiar with this scenario—i.e., a limited survival period coupled with an escrow fund that serves as the sole recourse for any rights to indemnification that may arise during that survival period, followed by a dispute over the timeliness or sufficiency of the notice of claim.

In response to the plaintiff’s complaint, the buyer made a motion to dismiss, which the Delaware Court of Chancery granted “after concluding that ‘[t]he notice provisions at issue here are unambiguous and [the plaintiff’s] prayers for relief are fatally lacking.’”^[4] However, in reaching that holding, the Delaware Court of Chancery focused almost exclusively on the notice provisions of the escrow agreement and failed to recognize that compliance with the notice provisions of the merger agreement was a condition precedent to the buyer’s right to obtain indemnification. 

Because there was both a merger agreement and a separate escrow agreement, which do not always mesh, it was understandable that some confusion might arise over which notice requirements were applicable. The Delaware Court of Chancery focused on the escrow agreement rather than the merger agreement, concluding that the notice was valid under the escrow agreement.

The Delaware Supreme Court’s Decision

On appeal, the Delaware Supreme Court determined that the requirements of the merger agreement were unequivocal and should have been the focus of the Court of Chancery’s decision. Section 9.3.2 of the merger agreement provided:

Any claim by a Purchaser Indemnified Party on account of Damages under this Article IX (a “Claim”), including those resulting from the assertion of a claim by any Person who is not a Party to this Agreement (a “Third-Party Claim”), will be asserted by giving the Members’ Representative reasonably prompt written notice thereof, but in any event not later than 30 days after the Purchaser Indemnified Party becomes actually aware of such Claim, provided that no delay on the part of the Purchaser Indemnified Party in notifying the Members Representative will relieve the Merger Parties from any obligation under this Article IX, except to the extent such delay actually and materially prejudices the Merger Party. Such notice by the Purchaser Indemnified Party will describe the Claim in reasonable detail, will include the justification for the demand under this Agreement with reasonable specificity, will include copies of all available material written evidence thereof, and will indicate the estimated amount, if reasonably practicable, of Damages that has been or may be sustained by the Purchaser Indemnified Party. The Purchaser Indemnified Parties shall have no right to recover any amounts pursuant to Section 9.2 unless the Purchaser notifies the Members’ Representative in writing of such Claim pursuant to Section 9.3 on or before the Survival Date.^[5]

The court focused almost exclusively on the last sentence of section 9.3.2 (defined in the decision as the “Final Sentence”). Importantly, the Delaware Supreme Court held unequivocally that “the Final Sentence clearly embodies a condition precedent and potential for forfeiture because it states plainly that there is no right to indemnification unless the claim notice is provided.”^[6] The court further held that the Final Sentence contained specific language creating the condition precedent of timely and compliant notice, which specific language controlled over the more general language contained in a boilerplate “no waiver” provision.^[7] Moreover, the court held that it was “reasonably conceivable that [the buyer] failed to comply with the Specificity Requirement that [the buyer] ‘include copies of all available material written evidence’ of its claim.”^[8] Indeed, the buyer had apparently admitted that “it did not provide any written evidence with the Claim Notice beyond its own assertions in the Claim Notice itself.”^[9] Finally, the court held that the plaintiff had also sufficiently “alleged that [the buyer] did not comply with the Timing Requirement of Section 9.3.2.”^[10] As a result, the Delaware Court of Chancery should not have granted the buyer’s motion to dismiss. 

So far, so good; this all sounds very contractarian. But then came the bombshell. According to the Delaware Supreme Court, the Final Sentence provides only the “potential” for forfeiture, not a definitive forfeiture of the indemnification right, because, notwithstanding the clear language of the contract, “our law abhors a forfeiture.”^[11] As a result of that abhorrence, the buyer’s “noncompliance may be excused if the timing and specificity requirements were not material to the agreement and the noncompliance would result in a disproportionate forfeiture.”^[12] 

So, the good news for the private-equity-seller plaintiff is that it will now have its day in the Delaware Court of Chancery to (a) prove (or fail to prove) that the buyer’s claim notice was deficient under the merger agreement and (b) if successful, thereby establish that the condition precedent to the indemnification obligation had not occurred, which would then seem to entitle the seller to the release of the escrowed funds as a matter of the bargained-for terms of the merger agreement. 

But, the bad news is that, even if successful in proving the noncompliant notice, the private-equity-seller plaintiff must now also provide evidence in the Delaware Court of Chancery that the timing and specificity requirements that it proved were not met were in fact “material to the agreement” and, if not material to the agreement, that the buyer’s noncompliance would not result in a disproportionate forfeiture of the indemnity rights that were legally conditioned upon that compliance. Failing to meet these additional noncontractual requirements could result in the seller’s inability to enforce the bargained-for condition precedent to the buyer’s indemnification right.

It remains unclear (at least to me) how a buyer, whose right to indemnification is expressly conditioned upon a compliant notice being timely given, could be deemed to have forfeited anything if the buyer failed to comply with the express condition that gives rise to that right. Nevertheless, the Delaware Supreme Court held that a forfeiture would occur and that, in such circumstances, the common law’s abhorrence of that forfeiture would apply.^[13]

The Materiality of Survival and Notice of Claims Provisions

But even if a forfeiture of a conditional indemnification right occurred because of noncompliance with the condition precedent giving rise to that right, such a forfeiture is permissible if the required terms of compliance were “material to the agreement.” And it is truly hard to fathom how any private equity seller could not have considered the bargained-for length of the survival period and the bargained-for requirements for a notice of claim as material in any negotiation of a private company acquisition agreement. Limiting recourse and establishing a limited time to pursue remedies, based on real, not presumed or anticipated, claims, is private equity dealmaking 101.

Indeed, the Delaware Supreme Court in Thompson Street Capital noted cases that have drawn materiality conclusions as a matter of law. The court cited a non-Delaware decision holding that the notice requirements of a claims-made insurance policy were material as a matter of law, as well as a Delaware Court of Chancery decision involving a claim of forfeiture arising from an earnout provision.^[14] While the claims-made insurance policy example closely resembles a survival clause that conditions any indemnification rights on a compliant notice being given before the survival period’s end, the Delaware Supreme Court referenced that example without comment. However, the court did discuss the earnout example of Obsidian Finance Grp., LLC v. Identity Theft Guard Solutions, Inc.^[15] 

In Obsidian, the Delaware Court of Chancery considered an argument by a disappointed seller who failed to meet the exact requirements for an earnout. Instead of the company obtaining an extension of a government contract for six years as required by the earnout terms, it only received an extension for five years and six months. Certainly close, but no cigar, said the Delaware Court of Chancery:

Obsidian’s argument that the Court may declare immaterial the six-month difference between the 5.5-year contract and the six-year earnout condition is misplaced. Obsidian cites no authority that would support a holding that a party to a merger agreement may be excused from satisfying a condition to an earnout on grounds of forfeiture. This comes as no surprise, as an earnout provision contemplates the payout of additional, often substantial, consideration when the entity sold achieves specific, bargained-for milestones. The value of the contingent consideration is inextricably linked to the estimated probability of the contingent event’s occurrence. To change the benchmark of the earnout would be to change its risk profile and, by extension, the amount that should be paid in the event of its achievement. Under Delaware law, however, “a party may not come to court to enforce a contractual right that it did not obtain for itself at the negotiating table.” Unlike horseshoes or hand grenades, there is no “close enough” when it comes to earnouts negotiated by sophisticated parties based on the estimated probability that the precise measure would be hit. Any adjustment to the earnout condition, then, would be “material” as a matter of law.^[16]

The rationale for why this example from the realm of earnouts is not applicable in the context of bargained-for time periods for submitting compliant claims notices as a condition to a buyer’s entitlement to indemnification was not explained. The Delaware Supreme Court simply noted:

We are unable on this record to resolve the materiality and disproportionate forfeiture questions. We address materiality first because excusal of the condition, according to Section 229 of the Restatement, “applies only where occurrence of the condition was not a material part of the agreed exchange.” Although, [the plaintiff] alleges that the timing and particularity requirements were material, the record has not been developed on these points, including whether the parties, in negotiating these agreements, considered these requirements to be material.

Even if we were to determine that the Notice Requirements are not material, we are still unable to determine the disproportionate forfeiture issue on this record. Accordingly, we remand to the Court of Chancery for further consideration on these points.^[17]

The court then provided guidance to the Delaware Court of Chancery on remand. That guidance was derived from section 229 of the Restatement (Second) of Contracts, which consists of a list of factors to consider that are somewhat ambiguous. But the court then quoted from a Pennsylvania Superior Court case to summarize what is essentially required for the materiality analysis under section 229 of the restatement: “materiality in the context of Section 229 ‘rests to a large extent on the analysis of the requirement’s purpose, [but] it also involves a consideration of the negotiations of the parties along with all other circumstances relevant to the formation of the contract or to the requirement itself.’”^[18] 

In private equity deals, sellers desire certainty over the limits of recourse for, and the timing of, indemnification claims. Limiting recourse to the escrowed funds, and returning the remaining sales proceeds held in escrow to the private equity fund’s limited partners after the end of the survival period, is a material part of any private company acquisition agreement. The limited additional record that the Delaware Supreme Court is requiring should be straightforward, therefore. But the fact that it is necessary, in addition to the proof that the notice was in fact noncompliant, is troubling.

Contractarianism Versus Equitable Principles from the Middle Ages 

Professors Jody S. Kraus and Robert E. Scott are among the leading theorists in contract law.^[19] They have expressed their dismay over the importation into contract law of equitable principles developed by the English Chancery Courts in the Middle Ages, which were intended to mitigate some of the harshness of the common-law courts, where no means were available for enforcing executory contracts and commercial parties instead relied upon penal bonds.^[20] The enforcement of the penal bond could sometimes work an injustice because the bond may have been issued for a contract that had in fact been performed, so the Chancery Courts intervened to grant relief from these unjust enforcements.^[21] But we no longer live in that world. The common law now provides remedies for breach of executory contracts, and penal bonds have been relegated to the history books. 

In addressing the interplay between the law of conditions and the equitable concepts related to forfeitures, Professors Kraus and Scott noted the following:

The law of conditions explicitly endorses the principle of freedom of contract by committing to the strict enforcement of all express conditions. Yet, it is also home to the hoary equitable maxim that “the law abhors forfeitures.” The antiforfeiture norm suffuses the law of conditions, which therefore reads like a schizophrenic text, in one sentence insisting on the sanctity of strict construction and enforcement of conditions in spite of forfeiture, while in the next admonishing courts, whenever interpretation allows, to avoid the conclusion that the promisor’s obligation is subject to an enforceable condition if enforcement of the condition would raise the specter of forfeiture.^[22]

The professors further opined:

Even if the parties succeed in writing an express term that unequivocally creates a condition, the ex post form of the antiforfeiture norm strongly encourages courts to exercise their discretion to excuse the condition whenever its enforcement would create a forfeiture and the court deems the condition not to have been a material part of the agreement at the time of formation. In addition, even if a court agrees that a contract contains a material, express condition, the ex post norm encourages the court to find that the promisor has implicitly waived the condition, either retrospectively or prospectively, whenever enforcement of the condition would create a forfeiture.^[23]

Accordingly, they encourage a contractarian approach that Delaware is known for generally. Specifically, in their view:

[C]onditions are always material from the ex ante perspective because they allocate risks between the parties, the contract compensates each party for bearing those risks, and the parties inevitably rely on that allocation of risks. Since materiality is determined by the parties’ intent at the time of formation, conditions will always be material.^[24]

In other words, the professors are apparently suggesting that the “law abhors a forfeiture” maxim should be consigned to the same historical vault that currently houses penal bonds.

Academics similarly suggest that historically inherited and now-encrusted boilerplate is often used impulsively by practitioners without considering the original purpose behind such provisions.^[25] As a result, these inherited provisions may no longer accomplish their intended objective and instead undermine more bespoke provisions in a contract. Could it be that courts are effectively doing the same thing—i.e., applying legal maxims that are effectively “historical artifacts”^[26] to the modern law of contracts?

Perhaps, but the professors’ and other academics’ theories remain just that. And Thompson Street Capital embodies the current law in Delaware. Nevertheless, can Delaware’s contractarianism offer a potential means of avoiding an evidentiary hearing to assess the materiality of bargained-for indemnification regimes in the future? I believe the answer is yes.

Delaware’s Contractarianism Remains Strong

Delaware justifiably “prides itself on the contractarian nature of its law.”^[27] Sophisticated dealmakers and their counsel rely on Delaware courts to enforce the terms of their freely made contracts and to respect the decisions they make about the “risk they should bear.”^[28] As a result, “Delaware courts are ‘especially chary about relieving sophisticated business entities of the burden of freely negotiated contracts.’”^[29]

This contractarianism is so strong that Delaware courts will generally only override the parties’ binding contract “upon a strong showing that dishonoring the contract is required to vindicate a public policy interest even stronger than freedom of contract.”^[30] And these stronger public policy “interests ‘are not to be lightly found, as the wealth-creating and peace-inducing effects of civil contracts are undercut if citizens cannot rely on the law to enforce their voluntarily-undertaken mutual obligations.’”^[31] Thus, “Delaware courts will ‘not rewrite the contract to appease a party who later wishes to rewrite a contract he now believes to have been a bad deal.’”^[32] This is so because “[p]arties have a right to enter into good and bad contracts, the law enforces both.”^[33]

The law’s abhorrence of forfeiture does not appear to be one of the strong public policy interests sufficient to override the parties’ material bargained-for exchange.^[34] Indeed, Thompson Street Capital makes that clear by instructing the Court of Chancery to further develop the record regarding the materiality of the timing and specificity requirements of the merger agreement’s indemnification regime. Assuming that the additional record indicates that the timing and specificity conditions related to the right of indemnification were material to the parties’ agreement, which experience suggests they should be, the Delaware Supreme Court indicated that the antiforfeiture concern will be overcome.

Some Possible Additions to the Survival Clause

But to avoid the requirement that a trial record be established in the future, couldn’t the parties agree on the fact of that materiality in the contract and rely on Delaware’s contractarianism to uphold that agreement? I suggest that they should.^[35]

My current view is that there should be a statement in the survival clause reflecting the parties’ agreement that compliance with the terms of the notice provisions is not only a condition precedent to the indemnifying party’s obligation to indemnify but also a material part of the parties’ bargained-for exchange. I also believe that adding “time is of the essence” language to the survival clause might be helpful, as those words seem to have an almost talismanic effect in other contexts.^[36]

What might these additions to a survival clause look like? Well, I am still musing, but here is a quick effort at such additions:

Notwithstanding anything herein to the contrary, the obligations to indemnify, pay, reimburse, compensate, and hold harmless a Person pursuant to this ARTICLE IX in respect of a breach of representation or warranty, covenant, or agreement shall terminate on the applicable survival termination date (as set forth in Section  9.1(a)), unless an Indemnified Party shall have made a claim for indemnification pursuant to Section 9.2 or Section 9.3, prior to such survival termination date, as applicable, including by delivering an Indemnification Claim Notice or Third-Party Indemnification Claim, as applicable, to the Indemnifying Party. The Parties specifically and unambiguously intend and agree that (a) the survival periods that are set forth in this Section 9.1(a) shall replace any statute of limitations that would otherwise be applicable; (b) the timely delivery of an Indemnification Claim Notice or Third-Party Indemnification Claim, as applicable, to the Indemnifying Party pursuant to Section 9.2 or Section 9.3 shall be an express condition precedent to the obligations to indemnify, pay, reimburse, compensate, and hold harmless a Person pursuant to the ARTICLE IX; (c) time shall be of the essence in the delivery of an Indemnification Claim Notice or Third-Party Indemnification Claim, as applicable, to the Indemnifying Party pursuant to Section 9.2 or Section 9.3; and (d) the survival periods, and the timing and content of an Indemnification Claim Notice or Third-Party Indemnification Claim, as required by this ARTICLE IX, were a material part of the agreed exchange made by the Parties in entering into this Agreement.^[37]

Will this effectively eliminate the need for an evidentiary hearing to establish the materiality of the bargained-for conditions for indemnification, given the law’s abhorrence of forfeitures? Who knows? But it might help. And I welcome improvements and corrections.

1. 2025 WL 1213667 (Del. Apr. 28, 2025). ↑

2. Id. at *5. ↑

3. Id. ↑

4. Id. at *6. ↑

5. Id. at *2 (emphasis in original). ↑

6. Id. at *1 (emphasis added). ↑

7. Id. at *21. The “no waiver” provision stated: “No failure or delay by any Party in exercising any right, power, or privilege under this Agreement will operate as a waiver thereof nor will any single or partial exercise thereof preclude any other or further exercise thereof or the exercise of any other right, power, or privilege.” Id. at *2. The potential that this type of standard boilerplate may do violence to the specific notice of claims procedures made part of your indemnification regime was previously discussed in Glenn D. West, The Perils and Delights of Contractual Boilerplate, Bus. L. Today (Apr. 15, 2025). ↑

8. Thompson St. Cap., 2025 WL 1213667, at *16. ↑

9. Id. ↑

10. Id. at *17. ↑

11. Id. at *1. ↑

12. Id. ↑

13. But see Vague v. Bank One Corp., 2006 WL 290299, at *11 (Del. Ch. Feb. 1, 2006) (failure to timely exercise options in accordance with the strict terms of an unambiguous agreement resulted in loss of options notwithstanding efforts at “formulating (or piecing together) a theory of equitable relief that would overcome the terms of the parties’ express agreement”). ↑

14. Thompson St. Cap., 2025 WL 1213667, at *20 n.148. The non-Delaware case cited with respect to a claims-made insurance policy’s notice requirements was Citizens Insurance Co. of America v. Assessment Systems Corp., 2019 WL 4014955, at *5–7 (D. Minn. Aug. 26, 2019). But it is interesting to note that in the context of consumer-based life insurance policies, “[i]t has long been established that forfeiture of life insurance coverage for late payment of premiums is ‘not favored in the law; and that courts are always prompt to seize hold of any circumstances that indicate an election to waive a forfeiture, or an agreement to do so on which the party has relied and acted.’” Speziale v. Nat’l Life Ins. Co., 159 F. App’x 253, 255 (2d Cir. 2005). ↑

15. 2021 WL 1578201 (Del. Ch. Apr. 22, 2021). ↑

16. Id. at *8 (emphasis added). ↑

17. Thompson St. Cap., 2025 WL 1213667, at *20. ↑

18. Id. at *21 (citing Acme Mkts., Inc. v. Fed. Armored Express, Inc., 648 A.2d 1218, 1222 (Pa. Super. Ct. 1994)). ↑

19. See Robert E. Scott & Jody S. Kraus, Contract Law and Theory (Carolina Academic Press, 6th ed. 2023). ↑

20. Jody S. Kraus & Robert E. Scott, The Case Against Equity in American Contract Law, 93 S. Cal. L. Rev. 1323 (2020); Jody S. Kraus & Robert E. Scott, Contract Design and the Structure of Contractual Intent, 84 N.Y.U. L. Rev. 1023 (2009). ↑

21. Kraus & Scott, The Case Against Equity in American Contract Law, supra note 20, at 1334–38. ↑

22. Kraus & Scott, Contract Design and the Structure of Contractual Intent, supra note 20, at 1081–82; see also Kraus & Scott, The Case Against Equity in American Contract Law, supra note 20, at 1375. ↑

23. Kraus & Scott, Contract Design and the Structure of Contractual Intent, supra note 20, at 1084; see also Kraus & Scott, The Case Against Equity in American Contract Law, supra note 20, at 1376. ↑

24. Kraus & Scott, Contract Design and the Structure of Contractual Intent, supra note 20, at 1084; see also Kraus & Scott, The Case Against Equity in American Contract Law, supra note 20, at 1377. ↑

25. See, e.g., Stephen J. Choi, Mitu Gulati & Robert E. Scott, Comparing Agency Costs in Contract Production: Private Equity M&A Versus Corporate and Sovereign Bonds, 74 Case W. Rsrv. L. Rev. 47 (2023); Stephen J. Choi, Mitu Gulati, Matthew Jennejohn & Robert E. Scott, Contract Production in M&A Markets, 171 U. Pa. L. Rev. 1881 (2023); Robert E. Scott, Stephen J. Choi & Mitu Gulati, Revising Boilerplate: A Comparison of Private and Public Company Transactions, 2020 Wis. L. Rev. 629 (2020). ↑

26. See Tara Chowdhury, Faith Chudkowski & Mitu Gulati, The Form Knows Best, 79 U. Mia. L. Rev. 607, 625 (2025). But see Glenn D. West, The Form Doesn’t Know Anything: A Response to Chowdhury, Chudkowski & Gulati, 79 U. Mia. L. Rev. 628 (2025). ↑

27. New Enter. Assocs. 14, L.P. v. Rich, 295 A.3d 520, 565 (Del. Ch. 2023). ↑

28. Id. at 566 (quoting Abry Partners V, L.P. v. F&W Acquisitions, LLC, 891 A.2d 1032, 1061 (Del. Ch. 2006)).  ↑

29. Id. (quoting Abry Partners, 981 A.2d at 1062). ↑

30. Id. (quoting Libeau v. Fox, 880 A.2d 1049, 1056 (Del. Ch. 2005), aff’d in part, rev’d in part on other grounds, 892 A.2d 1068 (Del. 2006)). ↑

31. Id. (quoting Libeau, 880 A.2d at 1056–57). ↑

32. Id. (quoting Nemec v. Shrader, 991 A.2d 1120, 1126 (Del. 2010)). ↑

33. Id. (quoting Nemec, 991 A.2d at 1126); see also HC Cos., Inc. v. Meyers Indus., Inc., 2017 WL 6016573, at *9 (Del. Ch. Dec. 5, 2017) (“Delaware courts enforce bad deals the same as good deals. The Court cannot rewrite the contracts, and it cannot ignore the plain terms of the contracts.”). ↑

34. This would appear to contrast with the common law’s abhorrence of “penalties” for breach of contract. See Glenn D. West, When “Liquidated Damages” Are Not—The Common Law’s Abhorrence of Penalties and What You May or May Not Be Able to Do About It, Weil’s Glob. Priv. Equity Watch (Dec. 22, 2020). The law’s problem with penalties was part of the decision in Crispo v. Musk, 304 A.3d 567 (Del. Ch. 2023) (“A party cannot recover damages for consideration that it would not expect to receive had the contract been performed. Such provisions are considered penalties. If a contractual provision defines damages to include penalties, then it is unenforceable.”). But as part of the legislative response to the Crispo decision invalidating provisions providing for lost shareholder premium damages in a busted merger, Delaware General Corporation Law section 261(a) now specifically permits penalties as a remedy against a party who breaches a merger agreement. 8 Del. Code § 261(a). For background on the Crispo decision, see Glenn D. West, Surprise: Target Company May Not Be Entitled to Expectancy Damages Based upon the Lost Premium for an Acquirer’s Wrongful Failure to Close a Merger, Weil’s Glob. Priv. Equity Watch (Nov. 14, 2023). ↑

35. While perhaps not directly in point, Delaware courts have honored contractual stipulations of irreparable harm for the purposes of awarding injunctive relief and specific performance. See, e.g., Gildor v. Optical Sols., Inc., 2006 WL 4782348, at *11 (Del. Ch. June 5, 2006). ↑

36. See HIFN, Inc. v. Intel Corp., 2007 WL 1309376, at *9 (Del. Ch. May 2, 2007) (“When time is of the essence in a contract, a failure to perform by the time stated is a material breach of the contract that will discharge the non-breaching party’s obligation to perform its side of the bargain. Whether time is of the essence in a contract turns in the first instance on whether the contract explicitly states so. When the contract fails to contain a time of the essence clause, time will only be of the essence if the circumstances surrounding the contract or the parties’ course of dealing clearly indicate that strict compliance with a specified timeframe was intended.”). ↑

37. While much of this language is a response to Thompson Street Capital, clause (a) is in response to another concern that was highlighted in a Business Law Today article. See Glenn D. West, Making Sure Your Survival Clause Works as Intended, Bus. L. Today (Mar. 7, 2025). ↑

On April 15, and again on May 2, President Donald Trump called for the revocation of Harvard University’s 501(c)(3) tax-exempt status.^[1] The news came as environmental groups were grappling with rampant rumors that the Trump administration was moving—reportedly through an executive order that was to be issued on Earth Day (April 22)—to redefine the Internal Revenue Service (“IRS”) qualifications for 501(c)(3) tax-exempt status in a way that would exclude conservation and climate nonprofits. That did not happen, and the White House disavowed the rumors. However, on April 24, the interim U.S. attorney for the District of Columbia wrote to the Wikimedia Foundation, the nonprofit that runs Wikipedia, questioning its 501(c)(3) tax-exemption eligibility.

All of this follows President Trump’s March 7 executive order on the federal Public Service Loan Forgiveness program, which ordered the U.S. secretary of education to propose regulations that exclude from the program nonprofit organizations that the administration believes do not qualify for 501(c)(3) tax-exempt status due to having a “substantial illegal purpose.” The executive order defines activities with a “substantial illegal purpose” to include those that aid or abet violations of federal immigration laws, support terrorism, aid or abet illegal discrimination, or violate state tort laws (including those against trespassing, disorderly conduct, or public nuisance), among others. In April, Ed Blum’s American Alliance for Equal Rights filed complaints with the IRS asking the Service to audit and revoke the tax-exempt status of the Gates Foundation and two other 501(c)(3) foundations due to their race-restricted scholarship programs—and the Gates Foundation changed its program just days later. Finally, a March 24 editorial by a Wall Street Journal editor called for the IRS to audit and revoke the exempt status of 501(c)(3) organizations that engage in “illegal” diversity, equity, and inclusion (“DEI”) activities as one of their principal purposes.

While these announcements have sent a wave of fear, apprehension, and alarm through wide swaths of the nonprofit sector, it is important to note that the president, the Justice Department, the Treasury Department, the U.S. attorney for the District of Columbia, and even the IRS do not have the ability to revoke the federal tax-exempt status of any entity through executive order or with the mere stroke of a pen.^[2] There are well-established procedures for revoking federal tax exemption, and they all involve the IRS. As described below, with a few exceptions (such as automatic revocation for failure to file an IRS Form 990 for three years in a row), those procedures require individual, case-by-case IRS audits of each organization, with ample opportunity for the entity to defend itself and multiple routes of appeal. There simply is no lawful mechanism for the president, other members of the Trump administration, or the IRS to revoke the tax-exempt status of multiple nonprofits—or even a single nonprofit—without following this longstanding process.

Note that nonprofit organizations are generally organized and operated as both nonprofit and tax-exempt entities. “Nonprofit” status refers to incorporation status under state corporate law; “tax-exempt” status refers to federal income tax exemption under the Internal Revenue Code (“IRC”). Even if, following the IRS audit and appeal process (and any ensuing litigation), an organization’s tax-exempt status is revoked, it still remains a nonprofit corporation (albeit a taxable one). Even post-revocation, the IRS has no authority to shut down a nonprofit, seize its assets, or otherwise take control of the organization.

If the IRS questions the federal tax-exempt status of a nonprofit organization, it can initiate an audit (technically called an “examination”) of the organization, auditing one or more IRS Forms 990 that were filed by the entity. For the tax years under examination, the IRS is effectively determining whether the Forms 990 at issue were accurate and reflected full compliance with the applicable tax laws. For 501(c)(3) tax-exempt organizations (which comprise the vast majority of tax-exempt entities), there can be many bases for threats to their exempt status, including not meeting the “organizational” or “operational” tests, being found to engage in private inurement or impermissible private benefit, having a substantial nonexempt purpose, engaging in too much lobbying, engaging in prohibited political campaign activity, or having too much unrelated business income, among others.

The IRS conducts several types of audits of tax-exempt organizations. The two most common are correspondence examinations and field examinations, the latter of which is much more invasive, involving one or more auditors on site reviewing information and documents and conducting interviews. Field exams generally take several months to conduct, at a minimum, and often much longer.

There are four potential outcomes of an IRS examination of an exempt organization: a no-change letter, a no-change letter with written advisories, a negotiated closing agreement, or a proposed revocation of exempt status. The first three outcomes enable the organization to retain its tax-exempt status, but in the second or third options, with certain conditions or required changes.

If the IRS concludes an audit with a proposed revocation, the organization has thirty days (or longer if an extension is negotiated) to “protest” the proposed ruling and avail itself of the IRS appeals process.^[3] During the pendency of the IRS appeal, the organization remains tax-exempt, and during the pendency of the audit and appeal process, the IRS is barred by law from disclosing anything publicly about the matter. Once the protest is filed, it will be assigned to an IRS appeals officer, and the organization (and/or its representatives) will have the opportunity to have an appeals conference to make its case for denying the proposed revocation or otherwise proposing a settlement. The appeals conference is an informal meeting between the organization’s representatives and the appeals officer; the IRS agent who conducted the underlying examination does not participate in the conference. The appeals officer (with the approval of their manager) has broad authority to order the IRS division conducting the examination to issue a no-change letter or no-change letter with written advisories, to negotiate a settlement with the organization, or to finalize the revocation.

If the IRS appeals officer decides to uphold the proposed revocation, the organization will be issued a final adverse determination letter, at which point the entity will have lost its federal tax exemption. The revocation will be published in the Federal Register. Following receipt of the letter, the organization will have ninety days to petition the U.S. Tax Court, the U.S. Court of Federal Claims, or the U.S. District Court for the District of Columbia for a declaratory judgment as to its qualification for tax-exempt status. Like other federal litigation, if unsuccessful at the lower court level, the nonprofit organization or the IRS are permitted to appeal to higher courts. Note that if the court petition is filed prior to the issuance of the final adverse determination letter, the IRS is not permitted to revoke the organization’s tax-exempt status during the pendency of the litigation. However, the IRC provides that a court may not issue a declaratory judgment unless the court determines that the organization has exhausted its administrative remedies. If a protest is not filed with the IRS Appeals Office with respect to an adverse determination, the court may determine that the organization has not exhausted its administrative remedies.

If, at the end of the process, the nonprofit loses its federal tax-exempt status, as stated above, it still remains a private nonprofit corporation, just a taxable one, required to file IRS Form 1120 (the federal corporate tax return) annually and pay federal (and state, if applicable) corporate income tax on its net annual income. Of course, if the nonprofit makes the necessary conforming changes to its organization or operations, it always has the option to prospectively reapply to the IRS for recognition of its 501(c)(3) tax-exempt status. It also has the option to transfer its assets to an existing 501(c)(3) entity or to a newly created 501(c)(3) organization, following which it can then dissolve (once all outstanding liabilities have been satisfied).

For more information, contact the author at [email protected].

The views expressed herein are solely those of the author and are not necessarily those of the author’s firm, the American Bar Association, or the Business Law Section.

1. Note that federal law (26 U.S.C. § 7217) prohibits senior officials of the executive branch, including the president, from requesting that the Internal Revenue Service (“IRS”) conduct or cease an audit or other investigation of any taxpayer (including tax-exempt entities). There is an exception for written requests by the secretary of the treasury to the IRS as a consequence of the implementation of a change in tax policy. ↑

2. Congress would seemingly have such authority, but, to date, such legislative action has not been publicly contemplated. ↑

3. See Internal Revenue Serv., IRS Publication 892, How to Appeal an IRS Determination on Tax-Exempt Status (Feb. 2017). ↑

As more state legislatures introduce legislation expanding the reach of their antitrust laws and state attorneys general ramp up their use of antitrust investigations and litigation, the legal landscape continues to become more complex for companies and the courts. Recently, the California enforcers filed an appeal in Association for Accessible Medicines v. Becerra,^[1] of a federal judge’s limiting the extraterritorial reach of California’s Assembly Bill 824^[2] (“A.B. 824”).

A.B. 824, signed by Governor Gavin Newsom in 2019, attempts to ban settlements between generic and brand pharmaceutical manufacturers colloquially known as “reverse payment” settlements. These sorts of settlements arise when a generic manufacturer takes steps to launch a drug product despite the branded manufacturer’s claim to market exclusivity by virtue of its patent protections over that drug. A reverse payment settlement commonly involves a brand pharmaceutical manufacturer offering something of value to a generic manufacturer in exchange for the generic manufacturer’s agreement to delay its market entry until a certain date in the future.

In Federal Trade Commission v. Actavis, Inc.,^[3] the U.S. Supreme Court examined the legal standard that applies to reverse payment settlements, holding that the agreements should be evaluated under the rule of reason. California’s A.B. 824 was enacted in response, and it categorically deemed these agreements anticompetitive as a matter of law and provided for fines of up to $20 million or three times the amount received by the violator in striking the deal—whichever is larger.

In August 2020, the Association for Accessible Medicines (“AAM”), a trade group representing generic pharmaceutical manufacturers, sued the State of California, arguing the law was unconstitutional. In December 2021, the court entered a preliminary injunction, prohibiting enforcement of A.B. 824 pending resolution of the instant lawsuit. In February 2022, the injunction was modified to permit the state to enforce the law only as to “settlement agreements negotiated, completed, or entered into within California’s borders.”

In February 2025, the court entered an order resolving cross-motions for summary judgment, effectively permanently memorializing the state of affairs created by the February 2022 injunction. The court held that A.B. 824 did indeed violate the dormant Commerce Clause insofar as it purported to regulate settlement agreements that had absolutely no connection to California. Accordingly, the court held that the state may enforce the law only as to “settlement agreements negotiated, completed, or entered into within California’s borders.” The order permanently enjoined the state from enforcing A.B. 824 with respect to any settlement agreement that lacked such a connection to California.

At first blush, the order appears to be a victory for the AAM and its member manufacturers. It would seem that so long as generic manufacturers steer clear of negotiating, completing, or executing reverse payment agreements within California borders, they will remain out of the reach of the fines and penalties codified in A.B. 824.

It is unclear whether the pending appeal will resolve two key issues raised by the order. First, the court expressed its concern that A.B. 824, on its face, permitted California to regulate conduct that had no connection to the state whatsoever. In response, the state attempted to argue that this was not the case, asserting A.B. 824 applied only to settlements that cover drug sales in California. With this limitation, the state suggested that A.B. 824 targeted only settlements with some demonstrable connection to California. The court ultimately rejected this argument—not because the sales connection was too tenuous, but solely because the text of A.B. 824, on its face, did not include a limitation to only settlements involving California sales of pharmaceuticals. Thus, the court has left open the proverbial door for California—and other states—to amend A.B. 824 and similar laws to include a sales limitation. In the absence of a full-throated analysis of this defense, it is unclear whether such a limitation would allow for a broader application of A.B. 824 than that permitted by the instant order, one which would undoubtedly trouble the AAM and its members.

Second, the state argued that it should be permitted to enforce A.B. 824 because many states across the country maintain antitrust statutes that already prohibit conduct akin to that regulated by this particular law. The court quickly dispensed with this argument, noting that no state may enforce antitrust legislation ultimately found to violate the dormant Commerce Clause. To the extent challenges are brought, the question of the constitutionality of these state antitrust laws may well boil down to whether the law contains sufficient limiting language so as to target only that unlawful conduct that bears some connection to the subject state.

It unlikely that California’s appeal will resolve the risk for market participants. For example the district court’s order may act as a catalyst for suits challenging the breadth of similar state antitrust laws across the country. In particular, the order leaves ambiguous the potential for California—or other states—to expand the breadth of these antitrust laws by including language that would tie their enforcement to activity that involves sales in the subject state. The growing number of state-level premerger notification requirements and new and amended statutes aimed at expanding the scope of the antitrust laws to conduct not deemed per se illegal under the federal law, or at making it easier for private plaintiffs or enforcement agencies to challenge business activities successfully, will likely complicate antitrust compliance, compliance training, and risk management for companies engaged in interstate commerce.

Before engaging in activity aimed at resolving disputes over generic entry and brand patent protection, it is important to engage competent counsel to prevent any unnecessary cost and expense that may result from an unwitting violation of state law.

1. No. 2:20-cv-1708 (E.D. Cal. Feb. 13, 2025), ECF No. 92. ↑

2. Cal. Health & Safety Code § 134000–134002. ↑

3. 570 U.S. 136 (2013). ↑

“Terms of Service.” Probably all of us have been asked at some point or another to agree to a company’s TOS in order to access its services. Most often, this happens when we download an app to our phone, though it can happen on a regular website as well. It’s not like we have much choice: if we want to use the app, we must agree to the TOS. If we don’t want to agree, we can’t use the app. In practice, that almost always means we agree to the TOS.

TOS commonly contain an arbitration clause. Depending on the clause, arbitration may be subject to—for example—restrictions on remedies, prohibitions against class actions, or limits on recoverable damages. And under typical arbitration rules, there will almost certainly be less and narrower discovery than in court. So it should come as no surprise that some lawyers and litigants cast about for ways to get around arbitration clauses, including in cases where the clause is in TOS.

Last month, in Davitashvili v. Grubhub, No. 23-521 (2d Cir. Mar. 13, 2025), the Second Circuit addressed almost every conceivable threshold question about whether a dispute is arbitrable. In that case, the court looked at three different companies’ TOS to assess (1) whether the parties had agreed to arbitrate at all; (2) if they had agreed to arbitrate, whether it was a court or arbitrators who should decide whether the dispute was within the arbitration clause; (3) if it was for the court to decide, whether the dispute was within the arbitration clause; and (4) if the dispute was covered by the clause, whether the clause was enforceable. In other words, this case presented pretty much every arbitrability-related threshold question imaginable.

Here are the facts. Grubhub, Postmates, and Uber all provide online platforms where customers can order meals from restaurants for pickup and delivery. The restaurants agreed with the platforms not to sell their meals at prices lower than they charge on the platform. That agreement was the basis for an antitrust class action. Three purported classes of restaurant customers sued: those who bought food for delivery or takeout at the restaurants but not on the platforms; those who dined in the restaurants; and those who bought from these restaurants on some other platform. The idea was that, because the platforms required the restaurants not to sell at prices lower than on the platforms, each of these classes had to pay higher prices for their meals than they would have otherwise. In other words, the class action alleged a form of price-fixing.

Note that these classes aren’t defined by reference to any of the platforms’ apps—obviously in order to get around the arbitration clauses in each app’s TOS. But some of the class members (maybe many, or even most) had actually downloaded one or more of the platforms’ apps and accepted their TOS. So does that mean they have to arbitrate their claims?

The first issue was whether there was an agreement to arbitrate at all. There was no issue when it came to Uber and Postmates—those platforms’ custo­mers had agreed to arbitrate. For Grubhub it was less clear. The issue was whether the screen on Grubhub’s interface was designed so that users had inquiry notice of the TOS they were being asked to accept. Typically, for “click-wrap” agreements, in which users are asked to agree to TOS, the users are bound only if they had at least “inquiry” notice of the TOS. Whether there was inquiry notice turns, broadly speaking, on whether the interface makes clear to a user that the “agree” (or “confirm”) button links to the TOS, without excessive distraction on the page, and whether the TOS are reasonably accessible.

In this case the Second Circuit held that the Grubhub web interface was clean and clear enough to place a reasonably prudent user on inquiry notice—though Judge Pérez in her concurring opinion thought Grubhub made the cut just barely, commenting that if the “interface were even marginally more cluttered, the outcome of this appeal would likely be different.” So companies asking users to agree to their TOS would be well-advised to make sure that the screen presenting the TOS to users for agreement should be clean, uncluttered and clear.

Because Grubhub users were on inquiry notice there was an agreement to arbitrate. That led to the next issue: who should decide whether that agreement to arbitrate covers the price-fixing dispute—should it be a court or an arbitrator? This question turns on the language of the arbitration clause. Under Grubhub’s TOS, “issues related to the scope, validity, and enforceability of this Arbitration Agreement are for a court to decide.” So that was pretty clear. But the outcome was different for Uber and Postmates—the Second Circuit held that arbitrators rather than a court decide whether the arbitration clauses in their TOS cover the dispute.

The main remaining issue as to Grubhub was this: were the antitrust class action claims co­vered by the arbitration clause? The Second Circuit’s answer was no. The key issue was whether the language of the arbitration clause covered the antitrust class actions. Here is the relevant part of Grubhub’s TOS:

You and Grubhub agree that all claims, disputes, or disagreements that may arise out of the interpretation or performance of this Agreement or payments by or to Grubhub, or that in any way relate to your use of the Platform, the Materials, the Services, and/or other content on the Platform, your relationship with Grubhub, or any other dispute with Grubhub, (whether based in contract, tort, statute, fraud, misrepresentation, or any other legal theory) (each, a ‘Dispute’) shall be submitted exclusively to binding arbitration.

Recall the basis of the antitrust claims: the plaintiffs alleged that Grubhub essentially fixed prices by requiring restaurants that sold through Grubhub to agree not to charge lower prices else­where than they charge on Grubhub. Grubhub argued that the antitrust claims “relate to [the plain­tiffs’] use of the Platform” because their use of Grubhub’s services helped give Grubhub the econo­mic clout to engage in the claimed anticompetitive activity. But the Second Circuit viewed that as too speculative and tenuous a connection to the claims. In the court’s view, the antitrust claims arose from the plaintiffs’ use of other platforms or direct dealings with the restaurants, where they had to pay allegedly artificially high prices, and not from their use of Grubhub’s app. In fact, some class members had never even accessed the Grubhub app—which underscored the court’s point that it was just a coincidence that some members of the plaintiff classes had used Grubhub’s platform.^[1]

The bottom line is that the antitrust class actions against Grubhub remained in court. But that is not the end of matters. There are two additional opinions: one concurrence and one partial dissent. They are worth noting because they may presage issues that might come up in the future.

First, Judge Pérez’s concurrence. Judge Pérez stressed that the under the Federal Arbitration Act (“FAA”), a court can compel arbitration only if the dispute arises out of the particular contract that contains the arbitration clause—in her words, if there is a “nexus” between the claim and the contract. In other words, it doesn’t matter how broadly drafted the clause may be; Judge Pérez would say that a court does not have power to direct the parties to arbitration if a particular dispute doesn’t clearly enough “aris[e] out of” the contract (in the words of the FAA). Depending on how narrowly a future court may view any proposed “nexus,” this approach may materially alter the scope of courts’ perceived authority to send disputes to arbitration.

Judge Sullivan dissented in part. He agreed there must be some kind of connection (or nexus) between the dispute and the contract containing the arbitration clause, so a dispute that is completely unrelated to the contract cannot be sent to arbitration. But his view of an adequate connection was different from the other judges on the panel. He thought the class action claims did arise from the apps. The plaintiffs’ theory of liability was that Grubhub through its app had amassed so much market power that restaurants had no choice but to agree to Grubhub’s “no price competition” terms. Thus, reasoned Judge Sullivan, if pervasive use of Grubhub is the basis for the antitrust claims, the claims “arise out of” use of Grubhub for purposes of compelling arbitration under the FAA.

Where does this leave us? It isn’t every day that we get three opinions from a three-person appellate panel. Is this case a harbinger of a possibly less broad policy in favor of arbitration at the federal level? Might it indicate ongoing ferment about how tight the connection has to be between claims and clause before a dispute can be referable to arbitration? It remains to be seen. Ultimately, of course, the final say on the matter will be with the Supreme Court.

1. The plaintiffs had also argued that it would be unconscionable to require their claims to be arbitrated, but the Second Circuit was unimpressed. The plaintiffs had not even sufficiently advanced the argument in their papers, and certainly not in enough detail to be considered properly. ↑