“Dear Alex,” a column created by the ABA Business Law Section’s Diversity, Equity, and Inclusion (DE&I) Committee, is the reader’s chance to ask all about DE&I anonymously. Think of it like the old “Dear Abby” columns, but for DE&I. In each column, the Dear Alex team answers a question related to DE&I. These questions can be interpersonal or even professional, like how to convince senior partners at your firm that investing in DE&I can be a competitive advantage. If you’ve ever had a DE&I question that you have been afraid or otherwise unable to ask, now is your chance to ask “Alex.” Questions can be submitted at the form linked here.

Dear Alex,

One of the lawyers I work with accidentally mentioned that another colleague has started their gender transition even though they had requested that be kept confidential. I want to ensure our colleague feels supported at work, especially since our firm is not very accepting. Should I approach them?

Sincerely,

Confidentiality Conundrum

Dear Confidentiality Conundrum,

This is a delicate situation. First, I commend you for wanting to be a supportive ally—simply asking this question indicates you’re already on the right path. Here’s the key point: if your colleague has requested confidentiality, the first rule of Ally Club would be not to discuss this without their permission. Respecting their privacy is essential.

Instead of directly approaching them, focus on creating a more inclusive work environment. Show your support in subtle but meaningful ways. For instance, use inclusive language in emails or meetings, advocate for policies promoting diversity, or participate in events celebrating LGBTQ+ identity and rights. These actions will signal to your colleague (and others) that you are a safe person to talk to if they wish to confide in you, and they’ll contribute to shifting the environment in your office for the better.

If the opportunity arises naturally, such as when your colleague chooses to mention their transition within the firm more broadly, then be there to listen and offer support. Just remember not to create unnecessary drama in the office by saying you already know about them being trans. In the meantime, make your less accepting workplace more open, one step at a time.

* * *

Dear Alex,

I want to understand more about microaggressions so I don’t unintentionally make anyone uncomfortable. What are some examples, and how can I avoid them?

Sincerely,

Looking to Learn

Dear Looking,

Microaggressions are sneaky little gremlins of everyday interactions—those subtle comments or actions that might seem harmless on the surface but can pack a punch to someone else’s identity or experiences. Think of it like accidentally stepping on someone’s toes. Sure, you didn’t mean to, but it still hurts!

Here are some examples: Saying “Wow, you’re so articulate” to someone from a marginalized group can imply surprise at their competence (which is not great). Asking “Where are you really from?” might seem like innocent curiosity, but it can feel invalidating to the person being asked, as it may come across as making assumptions about their background and treating them as an outsider. Microaggressions can also be nonverbal or involve things you don’t say, such as clutching your bag when someone walks by or ignoring someone’s ideas in a meeting but celebrating the same idea when someone else presents it.

To avoid microaggressions, start by listening and reflecting. Challenge your assumptions and biases (everyone has them; the key is managing them). A suggestion would be to refrain from complimenting or questioning someone if you are unsure how it might be received.

If you catch yourself committing microaggressions, be mindful of people’s feelings: If they say they are hurt, do not question them or try to explain what you “actually meant.” Just apologize and learn from the experience. If you witness others making microaggressive comments, use your voice to educate them or gently redirect the conversation. The secret is to be mindful, open to feedback, and willing to grow.

Dear Alex contributors from the BLS Diversity, Equity, and Inclusion Committee rotate and include David Burick, Daniel Roman, and Michael Sabella, among others.

The increasingly unstable political situation in Venezuela, exacerbated by the exile of opposition candidate Edmundo González following disputed presidential election results, compels U.S. financial services companies, including insurers, to more closely monitor evolving legislation impacting cross-border operations and in-country activities in Venezuela. In this context, U.S. anti-corruption and sanctions laws, coupled with Venezuelan law regulating the sale of insurance in the context of cross-border/international life and health insurance, become particularly relevant.

U.S. Sanctions and Anti-Corruption Laws

U.S. economic sanctions laws impact doing business in Venezuela and complicate foreign transactions and investments there, including with respect to sale of insurance. The U.S. legal framework for sanctions is designed to further specific foreign policy or national security goals. The U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) administers and enforces sanctions programs and maintains a list of sanctioned countries, individuals, and entities. Sanctions can be imposed to prohibit U.S. persons from engaging in transactions involving a specific country, as would be the case with North Korea, for example. Targeted sanctions also serve to block the property of sanctioned individuals within a certain country, as is the case with individual Russian oligarchs, and to freeze the assets of sanctioned individuals. Additionally, OFAC maintains a Specially Designated Nationals List (“SDN List”) of individuals and companies of targeted countries whose assets are blocked and/or frozen in the U.S.

Almost twenty years ago, the U.S. began imposing sanctions on Venezuelan individuals and entities that engaged in criminal, antidemocratic, or corrupt actions. Beginning in 2013, imposition of sanctions was expanded in response to President Nicolás Maduro’s rise to power and his increasing human rights violations. Persons under U.S. jurisdiction—both U.S. citizens and U.S.-incorporated businesses—are subject to this sanctions regime. In addition, non-U.S. persons who engage in transactions involving U.S. dollars are subject to the same sanctions.

In response to developments in Venezuela in the past several years, including this year’s election, sanctions were imposed on certain Venezuelan individuals—including government officials—and entities (i.e., where a sanctioned party has 50 percent or greater ownership interest in the Venezuelan company.)^[1] For example, OFAC designated the Venezuelan government-run oil company Petróleos de Venezuela, S.A. (“PdVSA”) as a sanctioned entity on its SDN List, and entities in which PdVSA owns 50 percent or greater interest may also be sanctioned by OFAC.

Most recently, in November 2024, the U.S. government officially recognized Venezuela’s opposition leader, Edmundo González, as the country’s legitimate president-elect after the July 2024 elections in which President Nicolás Maduro declared victory, further magnifying political uncertainty.^[2] In light of these developments, OFAC designated additional Venezuelan officials as SDNs.^[3] Consequently, any transaction, including the sale of life insurance, or any attempt to do business with Venezuelan nationals or entities needs to be thoroughly vetted to ensure compliance with U.S. sanctions laws. As noted below, the attempted sale of a life insurance policy to a Venezuelan national who is listed on an SDN list at the time of sale, or who subsequently becomes listed, could contravene these sanctions laws.

In addition to sanctions laws, U.S. companies transacting insurance business in Venezuela need to consider the implications of the Foreign Corrupt Practices Act (“FCPA”).^[4] The FCPA prohibits U.S. persons or businesses from offering, paying, or promising to pay money or anything of value to any foreign official for the purpose of obtaining or retaining business. This prohibition could be applicable to the payment of money to a Venezuelan official to secure a contract to sell insurance. Enforcement of the FCPA by the U.S. Department of Justice (“DOJ”) in recent years has resulted in prosecution of numerous Venezuelan nationals for engaging in schemes that involved bribing foreign officials and defrauding foreign financial institutions. The U.S. Securities and Exchange Commission (“SEC”) is tasked with the civil enforcement of the FCPA with respect to public companies and their officers, directors, employees, agents, or stockholders acting on behalf of the companies. A public company’s violation of the FCPA can be detected by the SEC when the company shields its accounting records or financial information, or otherwise maintains inaccurate bookkeeping, potentially concealing bribes—in which case, the SEC may bring a civil enforcement action against the company.

Besides complying with the FCPA in the foreign bribery context, U.S. individuals and businesses seeking to engage in business in Venezuela or with Venezuelan nationals also need to comply with a recently adopted U.S. anti-corruption law, the Foreign Extortion Prevention Act (“FEPA”),^[5] which is enforced by the DOJ. FEPA focuses on foreign government officials who demand or accept bribes from any U.S. persons or companies. Although FEPA may prove more challenging for the DOJ to enforce, an investigation under the FCPA of a foreign official might also yield evidence of FEPA violations.

In connection with transacting insurance business with Venezuelan nationals, U.S. companies need to take both the FCPA and FEPA into consideration, recognizing that these laws could be implicated in cross-border life insurance activities to the extent that the activity involves a Venezuelan state-run business seeking to insure its employees or affiliates. For example, a U.S. life insurance company potentially triggers application of the FCPA if it seeks to obtain or retain insurance business with a Venezuelan state-run company. Therefore, in a cross-border life insurance transaction where foreign officials may be involved, it is critical to conduct due diligence to accommodate FCPA and FEPA compliance.

Venezuela’s Amended Insurance Law

In addition to the foregoing regulatory compliance considerations, U.S. life and health insurers need to accommodate Venezuela’s recently amended insurance law regulating the sale of insurance. The new law, entitled Reform Law of the Decree with Rank, Value and Force of Law of the Insurance Activity, or Ley de Reforma del Decreto con Rango, Valor y Fuerza de Ley de la Actividad Aseguradora^[6] (herein referred to as the “New Insurance Law”) took effect on March 29, 2024. As was the case with the previous law, the New Insurance Law provides that the Superintendent of Insurance Activity (Superintendencia de la Actividad Aseguradora, or “SUDEASEG”) must preapprove and authorize entities that seek to carry out insurance activity in Venezuela, including insurance and reinsurance companies, intermediaries, and representative offices or branches of foreign reinsurance companies. Thus, insurers are required to be authorized to engage in insurance business in Venezuela.

As related to life and health insurance contracts in particular, Article 17 of the New Insurance Law (excerpted below with a courtesy translation), similar to the Venezuela insurance law it amended, could be interpreted as regulating the purchase by Venezuelan residents of life and health insurance in transactions undertaken and entered into outside Venezuela:

No serán válidos los contratos de seguros o de medicina prepagada celebrados con empresas extranjeras cuando el riesgo esté ubicado en el territorio nacional, ni las operaciones de reaseguro realizadas con empresas del exterior no inscritas en el registro correspondiente, salvo las previstas en los acuerdos internacionales válidamente suscritos y ratificados por la República.

El Ministro o Ministra con competencia en materia de finanzas, previa opinión de la Superintendencia de la Actividad Aseguradora, por razones de oportunidad y de interés del Estado, fijará los casos y las condiciones en los cuales se podrá autorizar el aseguramiento en el exterior de riesgos ubicados en el territorio nacional, que no sea posible asegurar con empresas establecidas en el país, siempre que esa imposibilidad haya sido demostrada fehacientemente.

Insurance contracts or prepaid medical plans entered into with foreign entities shall not be valid in cases where the risk is located within the national territory, nor shall reinsurance activity with foreign companies that are not authorized in Venezuela be valid, with the exception of contracts sanctioned by international agreements signed and ratified by Venezuela.

SUDEASEG will be responsible for determining the cases and conditions under which it will authorize the foreign insurance of risks in the national territory for which there is no similar insurance available in Venezuela, as long as it is sufficiently proven that there is no national alternative available.

New Insurance Law, Article 17 (courtesy translation)

Because Article 17 of the New Insurance Law treats as “invalid” insurance contracts entered into with foreign insurers (i.e., not authorized in Venezuela) when the risk (i.e., person insured) is located in Venezuela, the offer and sale of life insurance to persons resident in Venezuela by U.S. companies needs to be analyzed on a case-by-case basis.

This conclusion is arguably reinforced under Article 17 of the New Insurance Law, given that foreign insurers not authorized to transact insurance business in Venezuela can nonetheless obtain permission from SUDEASEG to sell insurance in Venezuela if the type of insurance to be sold is not available from authorized insurers in Venezuela.

Conclusion

The political and business landscape in Venezuela is ever changing. Companies must be mindful of the applicable regulatory environment when engaging in the cross-border sale of insurance with Venezuelan residents. This is especially true at present given the New Insurance Law’s effect on the sale of life and health insurance on a cross-border basis, and also given the current impact of U.S. sanctions and anti-corruption laws on transaction of insurance business in Venezuela.

1. 31 C.F.R. § 591.406 (2024). ↑

2. Regina Garcia & Jorge Rueda, US Recognizes Venezuela’s Opposition Candidate as President-Elect Months After the Disputed Election, Associated Press (Nov. 19, 2024). ↑

3. Notice of OFAC Sanctions Actions, 89 Fed. Reg. 76915 (Sep. 19, 2024). ↑

4. 15 U.S.C. §§ 78dd-1, et seq. ↑

5. 18 U.S.C. § 201. ↑

6. Ley de Reforma del Decreto con Rango, Valor y Fuerza de Ley de la Actividad Aseguradora [Reform Law of the Decree with Rank, Value and Force of Law of the Insurance Activity], Gaceta Oficial No. 6,770, Nov. 29, 2023 (Venez.). ↑

To the uninitiated, the combination of patent and US Food and Drug Administration (FDA) law applicable to life sciences deals may seem needlessly technical and perhaps a subject best glazed over. What could go wrong? A lot. Consider the saga of the heart drug Angiomax. After the product was approved, the owner sought to extend the term of its patent by four years. Two months later, its lawyer prepared and filed the papers—seemingly within the statutory deadline of sixty days from drug approval. A year later, the US Patent and Trademark Office (USPTO) denied the four-year extension on the grounds that the filing was just one day late according to its rules for calculating time. The owner of Angiomax now stood to lose rights worth hundreds of millions of dollars based on a seemingly trivial one-day miscalculation.

Would a corporate lawyer conducting due diligence on a deal concerning a drug like Angiomax have flagged this issue? Would they know that the highly technical patent and FDA rules can require counting calendar days in a certain manner, and that not following these rules could lead to a very costly mistake? That is probably unlikely.

Corporate transactional lawyers and other life sciences dealmakers know how to get a deal done. They know corporate law and understand the importance of conducting diligence investigations to identify and manage business risks.

Yet corporate lawyers for life sciences transactions might benefit from consulting with an IP specialist when it comes to intellectual property (IP) diligence. IP diligence will identify and manage IP risks before the deal closes, especially patent and FDA risks that directly implicate the period of market exclusivity the product may enjoy and hence the value of the deal.

Patent lawyers can contribute a better understanding of important, but opaque, patent and IP concepts and thus improve the deal. Here are some of the most important IP concepts that may not be fully appreciated by corporate practitioners.

1. Groundbreaking Compound Patents Are Not the Key to Extending Market Exclusivity

If you develop a new therapy to cure cancer, you might win a Nobel Prize and earn a patent, too. But surprisingly, that patent may not be valuable to protect your product in the marketplace.

Developing a drug or biologic and obtaining regulatory approval is expensive and takes a long time—often ten years or longer. A drug developer will almost always patent its new therapeutic molecule during the preclinical stage, prior to starting clinical trials to obtain FDA approval. By the time the product is approved, the patent claiming the therapeutic molecule may only have a few useful years left before it expires—hardly enough exclusivity to justify the massive costs of drug development.

To protect future markets, developers invest in later-filed and later-expiring “secondary” patents that are narrower in scope. For example, drug developers will seek patents directed to methods of treating particular medical diseases or specific groups of patients for which the drug or biologic is used, as well as delivery devices and formulations for the drug. Drug developers may also seek to patent new and useful physical forms of the drug, such as salts and polymorphs (crystallized chemical forms of a drug that can be important for drug stability), and effective combination therapies in which the drug is used. In the realm of biologics, companies often patent the highly complex scientific processes required for making the drug.

These secondary patents often get far less attention than patents for pioneering chemical compounds, yet they are the workhorses that deliver the economic value necessary to make the therapeutic development process viable. Make sure that these secondary patents receive prime attention when performing diligence and are adequately addressed in your deal documents.

2. Sure, Patents Protect Your Market, but FDA Rights Can Block the Competition

Patents block competitors from making a direct or close copy of the patent owner’s invention and provide market exclusivity for a product. However, because patents can be avoided in many ways, innovators seek additional forms of market protection. The FDA offers a number of statutory exclusivities specifically for drugs, biologics, and medical devices that effectively block competitors from joining the market for critical periods of time. Likewise, the USPTO also offers drug, biologic, and device makers ways to extend the useful life of their patents to compensate for lost patent enforcement time from FDA delays in granting approvals.

The FDA provides exclusivity rights that grant drug developers the right to block competitors from obtaining competing approvals for effectively seven and a half years if the original drug is considered an orphan drug, or five years if the drug is considered to be a new chemical entity (as opposed to a new molecular entity). Some drugs may also qualify for pediatric exclusivity, which extends a product’s market exclusivity for six months in exchange for the drug developer conducting studies of its drug on pediatric patient populations. Even prospective exclusivity rights expected to be awarded to a generic first filer can stall market entry by other generic makers for years and benefit the developer of the original drug. There are several other kinds of exclusivity rights available for pharmaceuticals, biologics, medical devices, and diagnostics equipment.

Aspects of the FDA’s review processes also can result in unofficial “soft” exclusivities that protect against competition, such as stringent bioequivalent, biosimilar, and other approval standards required to obtain approval of closely similar versions of a drug, biologic, or medical device. For drugs and biologics in the form of liquids, nasal sprays, and topical ointments, the FDA often tightens the approval standards for competing generic products, making it harder to get a generic competitor’s product approved.

There are similar hurdles for medical products that operate using AI. For example, a buyer seeking to purchase a company that makes a medical device employing AI to guide surgery would need to make sure that the training dataset and other data used by the AI device’s software are owned by or licensed to the developer. Without exclusive rights to use the key data or exclusive AI software, the AI device will not have market exclusivity.

These exclusivity rights and stringent approval standards for similar products are intellectual property rights that can be just as important as patent rights in protecting the product market. The product developer must be careful in seeking and using these forms of market exclusivity.

It is important for deal documents to fully identify all the rights that protect the investment and add value to the deal. These would include traditional market exclusivity rights such as patents but should also include other lesser-known rights such as FDA exclusivity and approval standards. Ownership of these critical rights must be investigated and verified. Representations and warranties in the deal should confirm the key features of the exclusivity rights, including statements that the party owns these rights, the rights were obtained correctly, and the rights are being used properly to protect the market of interest. These non-patent rights are not vague theoretical rights but instead property rights that must be fully documented in the deal documents like other property rights.

3. Muddled IP Reps and Warranties Don’t Work

Clarity and candor are the keys to successfully completing a deal involving patents and exclusivity rights. During the diligence process, there will be many issues that cannot be immediately resolved, such as inventorship and prior art issues. Representations and warranties are the tools deal lawyers use to manage risks arising from murky patent and exclusivity issues, and they need to be as clear as possible.

Representations and warranties about patents in deal documents must reflect the issues at hand correctly and must be written with precision. For example, a representation should not comingle technical (and often confusing) concepts about patent validity with issues concerning patent inventorship, maintenance fees, ownership, or patent infringement. To make useful and effective representations, it is necessary to understand the patent processes that are the subject of the representations—which is where the assistance and advice of a patent lawyer may be useful.

4. USPTO Rules Can Void Your Security Interest in Patent Collateral

Patents are a common form of collateral in a corporate transaction and are secured by the grant of a security interest, such as interests evidenced by a UCC-1 filing. The granting of a security interest in a patent can only be validly made by the patent owner, and not a closely related company such as a parent corporation.

Verifying valid ownership can be tricky and may involve reviewing years of transfer records to establish a chain of title. To be the owner, the company must be the recipient of a written assignment of full ownership in its favor signed by the prior owner, and every link in the chain of title from the inventor to the present owner must be in place. If one of the links in the chain fails, so does the claim of ownership.

Unlike most forms of personal property, the transfer and ownership of patents is governed by federal law. US patent law requires that the transfer be in writing and then (to achieve full rights) recorded with the USPTO’s assignment division. The assignment must be made by the current owner and not a closely related party. For example, a parent corporation that fully owns a subsidiary cannot transfer ownership of patent rights owned by the subsidiary. Such a transaction would be a nullity and would create a break in the chain of ownership. Missing or defective links in the chain of title may seem like a minor issue, but they are not. If the ownership chain cannot be fully documented, ownership issues will remain unsettled and uncertain.

Thus, in a complex corporate transaction, the bona fides of every assignment in the chain of title must be examined to make sure title has properly passed to the present owner before a new transfer is made.

5. Although You Earned a Patent, You May Not Be Able to Use Your Own Invention

A common misconception about patents is the belief that a patent gives the patent owner, or patentee, the right to freely make and use the patented invention. After all, since the USPTO granted a patent that provides a right to exclude others from using the invention, why shouldn’t the patentee be able to use the invention claimed in the patent? A patent does not actually give the patent owner the right to use the patented invention. Restated in lawyerly terms, obtaining a patent does not give the patent owner freedom to operate (“FTO”). It only gives the patent owner the right to block others from making, selling, using, and importing the patented invention.

Often, a product developer will be confronted with a broader patent owned by another party that precludes the developer from practicing its own closely related invention. For example, suppose a pharmaceutical company patented a new groundbreaking therapeutic compound intended to treat a particular disease, but the compound was not approved by the FDA for lack of a suitable pharmaceutical formulation for the drug. A competitor overcomes this problem by developing an innovative new way to formulate that compound so that it is safe and effective and meets FDA standards. Even if the competitor obtains its own patent covering its formulation, it cannot make or use the formulation because doing so will infringe claims in the other company’s broader compound patent. Likewise, the original pharmaceutical company would too be precluded from practicing the competitor’s patented formulation.

Thus, it is important to understand that a patent does not give the owner the right to practice the invention. To answer that question, the diligence investigator must consider the more complex and different question of FTO.

Conclusion

Patent law presents difficult and, at times, unpredictable issues. In the worst case, the haze created by the interplay of patent and FDA statutes and regulations can cause practitioners to make simple, but devastating errors like miscounting calendar dates. Corporate practitioners should consider seeking complementary patent expertise for deals that involve patents, other IP, and related market exclusivity rights.

In the past year, following the U.S. Supreme Court’s decision in Students for Fair Admissions, Inc. v. President & Fellows of Harvard College (“Harvard/UNC”),^[1] a number of trends have emerged in the diversity, equity, and inclusion (“DEI”) legal landscape, including an increase in Section 1981 claims, suits against corporate DEI initiatives, challenges related to DEI programs based on the First Amendment, and actions involving scholarships in higher education. Although many of the DEI-related lawsuits and developments have not involved employers or the workplace directly, the cases and developments hold lessons for employers regarding best practices for their own DEI initiatives and programs. The proverbial dust has not yet settled, so employers should expect even more legal developments in the DEI arena in the years to come.

Increase in Section 1981 Litigation

Over the past year, there has been an increase in so-called reverse discrimination suits filed under Section 1981 of the Civil Rights Act of 1866. Section 1981 provides “all persons within the jurisdiction of the United States” the “same right in every State and Territory to make and enforce contracts.”^[2] The Civil Rights Act of 1866 was discussed and analyzed at length in Harvard/UNC. The majority noted that “the Act did not single out a group of citizens for special treatment—rather, all citizens were meant to be treated the same as those who, at the time, had the full rights of citizenship.”^[3]

Case precedent unique to Section 1981 further demonstrates that Section 1981 protects racial-ethnic nonminority groups and minority groups alike. For example, in McDonald v. Santa Fe Trail Transportation Company,^[4] the U.S. Supreme Court was asked to decide whether Section 1981 applied to racial discrimination against members of all races. The Court considered the plain language of the statute, examined the legislative history surrounding the Civil Rights Act of 1866, and considered other evidence regarding congressional intent. Ultimately, the Supreme Court held that the statute was clearly designed to protect citizens of every race.^[5]

The recent increase in suits filed under Section 1981 is most likely connected to the differences in how Section 1981 claims proceed as compared to claims under Title VII of the Civil Rights Act of 1964. First, a plaintiff can bring a Section 1981 claim more quickly than a Title VII claim because, unlike a Title VII claim, a Section 1981 claim does not require that the plaintiff first file a charge with the U.S. Equal Employment Opportunity Commission (“EEOC”) and exhaust its administrative remedies.^[6] Second, unlike Title VII, a Section 1981 claim is not subject to a damages cap. These two key differences make a Section 1981 claim more attractive to a plaintiff looking to challenge DEI-related policies and practices.

Increase in Organizations Filing Suits Against Corporate DEI Programs

Following the Harvard/UNC decision, there has been an increase in suits filed by organizations challenging corporate DEI programs. Similar to how Students for Fair Admissions sought action on behalf of its members in Harvard/UNC, other organizations have initiated lawsuits challenging DEI programs on behalf of their members. Two of the most active organizations engaged in this litigation in the past year include American Alliance for Equal Rights (“AAER”) and America First Legal Foundation.

However, thus far, many of these suits have been dismissed due to a lack of standing. For example, earlier this year, the organization Do No Harm filed suit against Pfizer, Inc., alleging that its collegiate summer internship program violated Section 1981 because it allegedly excluded applicants on the basis of race.^[7] Pfizer challenged Do No Harm’s standing to bring the suit. Though Do No Harm claimed that it had identifiable candidates who wished to apply and met all of the requirements for the fellowship except for the racial requirement, the organization did not provide specific names of the individuals allegedly harmed.^[8] As a result, the U.S. Court of Appeals for the Second Circuit affirmed the district court’s dismissal of the lawsuit and held that “an association that relies on injuries to individual members to establish its standing must name at least one injured member.”^[9]

First Amendment Concerns Related to DEI Initiatives

Recent DEI-related cases have also discussed First Amendment issues related to DEI programs, initiatives, and legislation. For example, AAER filed suit against a venture capital firm, Fearless Fund Management LLC, alleging that the firm’s grant contest violated Section 1981.^[10] The contest provided grants to small businesses that were at least 51 percent owned by Black women.^[11] AAER alleged that the contest discriminated against other small business owners.^[12] Fearless, in turn, argued that the First Amendment “protect[ed] [its] contest as a form of expressive conduct” and further argued that its contest was designed to demonstrate “its ‘commitment’ to the ‘[b]lack women-owned’ business community.”^[13] The U.S. Court of Appeals for the Eleventh Circuit, however, disagreed and found that “if that refusal were deemed sufficiently ‘expressive’ to warrant protection under the Free Speech Clause, then so would be every act of race discrimination.”^[14]

In Honeyfund.com Inc. v. Governor of Florida, the Eleventh Circuit addressed a slightly different free speech concern in connection with a legal challenge to Florida’s Individual Freedom Act.^[15] This law, also known as the “Stop WOKE Act,” banned certain mandatory workplace trainings.^[16] Florida argued that the act lawfully prevented employers from mandating that their employees listen to “dangerous and offensive speech.”^[17] On the other hand, plaintiffs Honeyfund and Primo Tampa argued that “the Act prohibits them from sharing their viewpoints.”^[18] Ultimately, the Eleventh Circuit held that the statute unlawfully regulated speech because it was the content of the speech at the meetings that the state was attempting to regulate.^[19]

Impact on Scholarships and Fellowships

Another area that has been impacted by the Harvard/UNC decision is educational scholarships and fellowships.

Following the decision, some states instructed their educational institutions to make changes to their scholarship programs. For example, Missouri’s attorney general, Andrew Bailey, instructed all educational institutions in Missouri subject to Title VI of the Civil Rights Act of 1964 to “identify all policies that give preference to individuals on the basis of race and immediately halt the implementation of such policies.”^[20] He also specifically instructed that scholarships “must immediately adopt race-blind standards.”^[21] As a result, the University of Missouri informed its donors that scholarships from the university would be awarded on a race-neutral basis. Some donors were upset that their scholarships could no longer be given to individuals of a specified race, which was their intent when making the donation. As a result, litigation may be looming with respect to how universities use charitable gifts with specific intentions.^[22]

Additionally, educational institutions offering scholarships with race-specific application criteria could face investigation by the Department of Education’s Office for Civil Rights (“OCR”). For example, the Equal Protection Project filed a complaint with the OCR alleging that five scholarships offered by Minnesota State University Moorhead were discriminatory because the scholarship conditioned eligibility on a student’s race.^[23] The same organization filed a complaint with the OCR regarding Western Kentucky University scholarships that restricted eligibility based on race.^[24] The OCR opened an investigation into the scholarships, and Western Kentucky University has since removed the scholarship offerings from its website.^[25]

In the Harvard/UNC decision, the Supreme Court focused on the constitutionality of affirmative action with respect to race, but it did not extend its analysis to gender. It’s possible that this is because Title IX has historically regulated gender equality in educational settings. Thus, while Section 1981 claims have become increasingly popular for challenging racial inequalities in educational settings, Title IX likely remains the only avenue for gender inequality claims in educational settings.

Changes to DEI Departments

In response to the Harvard/UNC decision, many educational institutions have made adjustments to their DEI departments and programs in the past year. In February 2024, the University of Florida closed its diversity department and terminated all DEI staff.^[26] In May 2024, the board of trustees of the University of North Carolina at Chapel Hill voted to redirect funding from diversity initiatives to campus safety and policing.^[27] Similarly, in response to state legislative actions, the University of Wyoming closed its DEI office.^[28] The University of Iowa restructured its DEI office and renamed it the “Division of Access, Opportunity, and Diversity.”^[29] The Massachusetts Institute of Technology eliminated diversity statements from its faculty hiring process,^[30] and Harvard has eliminated DEI statements as a requirement for tenure-track job applications.^[31]

Takeaways for Employers

In this new era of increased DEI-related litigation, the importance of lawful and thoughtful DEI programs remains for employers. One key to a successful program is effectively training employees and communicating the intention of the program to them. In other words, it is important for employers to know the why behind their DEI initiatives and programs. And effectively communicating the rationale behind DEI policies and initiatives is also key to demonstrating a lack of discriminatory intent. Employers cannot make employment-related decisions based on race, sex, or any other protected trait. Moreover, employers should not financially incentivize managers or leaders to meet related diversity goals because EEOC representatives have publicly stated that such incentives can be evidence of discriminatory intent.

At the end of the day, employers should remember that they should always hire or promote the most qualified candidate and treat employees and candidates as individuals and not as representatives of their respective demographic groups. By focusing their efforts on removing barriers to inclusion (as opposed to creating quotas or targets for racial or gender balancing), employers can manage workplace policies and standards universally across all employees while still capturing the essence of DEI.

1. Students for Fair Admissions, Inc. v. President & Fellows of Harvard Coll. (Harvard/UNC), 600 U.S. 181 (2023). ↑

2. 42 U.S.C. § 1981. ↑

3. Harvard/UNC, 600 U.S. at 250. ↑

4. McDonald v. Santa Fe Trail Transp. Co., 427 U.S. 273 (1976). ↑

5. Id. at 295. ↑

6. Riddhi Setty & Tatyana Monnay, Conservative Duo Fights Against DEI One Bias Claim at a Time (1), Bloomberg L. (June 5, 2024). ↑

7. Do No Harm v. Pfizer Inc., 96 F.4th 106 (2d Cir. 2024). ↑

8. Id. at 108–09. ↑

9. Id. at 109, 120–21. ↑

10. Am. All. for Equal Rts. v. Fearless Fund Mgmt., LLC, 103 F.4th 765 (11th Cir. 2024). ↑

11. Id. at 769–70. ↑

12. Id. ↑

13. Id. at 777, 779. ↑

14. Id. at 779. ↑

15. Honeyfund.com Inc. v. Governor of Fla., 94 F.4th 1272 (11th Cir. 2024). ↑

16. Id. at 1275–76. ↑

17. Id. at 1276. ↑

18. Id. ↑

19. Id. at 1283. ↑

20. Letter from Andrew Bailey, Att’y Gen. of Missouri (June 29, 2023). ↑

21. Id. ↑

22. Liam Knox, Affirmative Action Fallout Sours Donor Relations, Inside Higher Ed (June 13, 2024). ↑

23. Stephen Montemayor, Race-Based Scholarships at Minnesota State University Moorhead Subject of New Civil Rights Complaint, Minn. Star Trib. (June 11, 2024). ↑

24. Equal Protection Project v. Western Kentucky University (Two Scholarships Restricting Eligibility Based on Race Challenged), Equal Protection Project (last visited Nov. 22, 2024). ↑

25. Id. ↑

26. Caroline Downey, University of Florida Closes Diversity Department, Fires All DEI Staff, Nat’l Rev. (Mar. 1, 2024). ↑

27. Caroline Downey, University of North Carolina Board Slashes DEI Funding, Diverts Money to Campus Police, Nat’l Rev. (May 13, 2024). ↑

28. UW Makes Changes in Response to Legislative Actions on DEI, Univ. of Wyo. (May 10, 2024). ↑

29. Univ. of Iowa Off. of Strategic Commc’n, UI Makes Progress Implementing Iowa Board of Regents DEI Directives, Iowa Now (May 30, 2024). ↑

30. James Lynch, MIT Scraps Diversity Statements in Faculty-Hiring Process After Discovering “They Don’t Work,” Nat’l Rev. (May 10, 2024). ↑

31. Josh Moody, Harvard’s Largest Division Drops DEI Hiring Statements, Inside Higher Ed (June 5, 2024). ↑

In an era of increasing data breaches and cyberattacks, businesses face mounting risks that can lead to financial, reputational, and operational damage. The cost of a data breach reached an average of $4.88 million in 2024, a 10 percent increase from the previous year. And with companies increasingly relying on artificial intelligence (AI) for decision-making and operations, they must navigate additional risks and legal challenges as AI’s transformative power introduces opportunities and significant exposures.

In this context, cyber insurance is a comforting safety net, helping businesses manage and mitigate the impact of cybersecurity incidents, including those driven by AI technology. AI’s evolving landscape also creates new challenges, such as algorithmic biases, unpredictable outputs, and the potential for “black box errors”—AI errors with unclear causes—that may result in uninsured exposure if not properly accounted for in insurance policies. Knowing that such a safety net exists can provide a sense of reassurance in the face of these evolving risks.

Even with strong cybersecurity, systems can be breached. Cyber insurance can help cover costs from data breaches, ransomware, and AI risks, though AI-specific coverage is still developing. Many policies offer some AI protection, but specialized coverage for algorithmic bias, large language model (LLM) hallucinations, and regulatory issues is emerging, often with broader protection than traditional policies.

However, expect high premiums and low limits, much like early cyber insurance. Insurers may also exclude losses from intentional AI misuse, standard software failures, and breaches not covered in existing policies. Exclusions for noncompliance with data privacy laws may also appear as regulations evolve.

Given the increasingly sophisticated nature of cyber and AI-related threats, the importance of cyber insurance cannot be overstated. AI creates unique vulnerabilities, from algorithmic decision-making errors to data privacy violations. Without adequate cyber insurance, businesses risk financial devastation and legal exposure in the event of AI system malfunctions or cybersecurity breaches.

Types of Cyber Insurance Coverage

Insurance policies generally provide two categories of coverage: first-party and third-party. With AI becoming integral to business processes, understanding these coverage types and how they apply to AI-specific risks is essential for selecting the right policies. 

First-Party Coverage

First-party coverage addresses direct financial losses from a cyberattack or AI-related incident. An AI-related incident includes malfunctions, errors, or unforeseen consequences from AI systems, such as algorithmic biases, black box errors, security breaches, or data mishandling. As AI becomes integral to operations, these risks increase, potentially falling outside traditional insurance policies. Critical areas of coverage, often focusing on intangible losses like data breaches and cyber extortion and offering specialized services such as breach response and reputation management, include:

• Data recovery: Covers the cost of recovering lost or compromised data after a cyber or AI-related incident.
• Business interruption: Provides compensation for income lost due to a cyber event, such as a malfunctioning AI system that disrupts business operations.
• Cyber extortion: Covers payments made in response to ransomware or AI-related extortion schemes.
• Reputational harm: Addresses costs related to damage to your company’s reputation following a cyber or AI-related incident.
• Notification costs: Pays for notifying affected individuals, clients, and regulators about a data breach or AI system failure.
• Regulatory fines: Provides coverage for penalties imposed by regulatory bodies for noncompliance with data protection and AI-related laws​.

Third-Party Coverage

Third-party coverage focuses on liabilities your business might face from external parties due to a cyber or AI-related incident. Areas it covers include:

• Liability from data breaches: Protects against claims from customers or clients whose personal data was compromised by a security breach or AI malfunction that exposes data.
• Network security failures: Provides coverage for claims arising from network security failures, including AI-related security failures, such as unauthorized access or data loss.
• Privacy violations: Covers legal actions related to violations of privacy laws caused by mishandling sensitive data, including sensitive data mishandled in connection with AI systems.

The Cyber Insurance Procurement Process

Due to AI developments, securing the right cyber insurance policy has become more complex. Businesses must adopt a comprehensive approach that ensures their insurance policies cover both traditional cybersecurity threats and emerging AI-related liabilities.

Step 1: Assess Cybersecurity and AI Risks

Before pursuing a cyber insurance policy, it’s not just important to conduct a thorough risk assessment, particularly concerning AI usage; it’s essential. This assessment helps identify vulnerabilities in your information and AI systems and data protection strategies, ensuring your business is prepared for AI-related and traditional cyber threats. Being prepared with a thorough risk assessment can provide a sense of readiness in the face of these risks.

Step 2: Gather Information

Underwriters require detailed information about your business’s cybersecurity and AI protocols. Be prepared to provide details on the following:

• existing cybersecurity and AI governance policies
• security measures, such as multi-factor authentication and data encryption, as well as monitoring of AI systems
• incident response plans that account for AI-related failures
• records of employee training on both cybersecurity and AI risk management​

Step 3: Compare Policies

When comparing policies, consider both traditional and AI-related risks. Key factors include:

• Coverage limits: Ensure the policies provide adequate coverage for AI-related incidents, including algorithmic errors and business interruptions caused by AI​.
• Exclusions: Be mindful of exclusions related to AI, such as liability for black box errors, biased algorithms, or failures caused by poorly trained AI models.

Step 4: Negotiate Terms

Negotiating AI-specific terms is crucial to ensure your policy provides the necessary protection. Areas to negotiate include:

• extending coverage to include AI-driven business interruption losses
• ensuring the inclusion of legal costs related to AI-generated data breaches and privacy violations
• clarifying what constitutes an “AI-related event” in the policy

Step 5: Understand Policy Exclusions and Limitations

With the rapid adoption of AI, businesses should pay particular attention to policy exclusions related to AI use. Standard exclusions might include:

• Black box errors: Many policies exclude coverage for AI decisions that cannot be explained or justified​.
• Acts of war or terrorism: Some policies exclude cyberattacks involving AI systems attributed to state actors or terrorist organizations​.
• Preexisting conditions: Coverage may be denied for vulnerabilities or issues that existed before the policy’s inception​.

Step 6: Regularly Review and Update Your Policy

Regularly reviewing and updating your business insurance policies as cyber risks and AI technology evolve ensures that your coverage remains adequate to address new AI-related dangers and vulnerabilities. AI systems are continuously improving; your insurance must keep pace with these changes.

Best Practices for Managing AI-Related Cybersecurity Risks

AI introduces significant new risks, from algorithmic biases to unforeseen system failures. However, strong governance and cybersecurity measures can minimize the likelihood of AI-related incidents. Here are several best practices to mitigate AI risks and improve cybersecurity posture:

• Develop and implement a written information security program (WISP): Ensure your business has a comprehensive security program in place, as required by various regulatory frameworks, including the Gramm-Leach-Bliley Act and the Federal Trade Commission Red Flags Rule.
• Implement strong governance and oversight policies for AI: Ensure your organization generally has a comprehensive AI risk management policy that includes regular risk assessments and mitigation strategies; in some instances AI policies specific to cybersecurity issues may be appropriate.
• Implement strong access controls for data: Restrict access to sensitive data and ensure multifactor authentication is used to mitigate unauthorized access.
• Monitor systems continuously: Continuous monitoring is essential to ensure cyber and AI systems function as designed and meet performance expectations.
• Conduct regular cybersecurity audits: Regular audits of your systems and third-party vendors will help identify vulnerabilities before they are exploited.
• Train employees on risk: Regularly educate employees on cybersecurity and AI-related risks, ensuring they have a sufficient understanding of how AI works and the potential vulnerabilities it introduces.
• Test incident response plans: AI-driven incidents can be more complex than traditional cyberattacks. Regularly test your WISP and incident response plans to address traditional cyber threats and AI-specific failures.

Cyber insurance is crucial for managing cyberattack fallout, but with AI’s rise, all businesses must understand their insurance coverage and how they mitigate cyber and AI-specific risks. Businesses should consider AI-specific coverage, regularly review regulatory and risk management guidelines for their industry, especially those issued by regulators, and prepare for policy renewals by outlining their AI strategies, uses, and compliance measures. Understanding AI technology and articulating risk management is crucial in insurance negotiations. Thorough risk assessments, strong AI governance, and regular policy updates will mitigate cyber and AI risks in our complex digital world.

Today, technical, legal, and business risks associated with generative AI (GenAI) are widely publicized to most legal professionals. AI hallucinations, privacy issues, infringement of third-party intellectual property rights, possible antitrust issues, leak of confidential information, poisoning of training datasets, and theft of proprietary technology are just a few to name. However, the AI governance strategies of many US law firms either are still in a nascent stage of conceptualization or early implementation, or don’t exist at all. This article discusses key steps lawyers and law firms should consider to preserve confidentiality of client data as this always-important goal faces further challenges in the turbulent era of automation and GenAI.

While cybersecurity is increasingly a top priority of large and medium-sized law firms, the rise of AI has increased the incentives to obtain firms’ data, frequently by improper or illicit means. For instance, creating competitive and trustworthy LegalTech AI solutions requires high-quality training data—including sensitive, privileged, and confidential legal documents. Now, not only sophisticated cybercrime actors and malicious insiders, but also numerous technology startups and large tech vendors actively seek to get access to law firms’ data, albeit for different purposes.

In this context, the (oftentimes clandestine or stealthy) integration of GenAI into numerous platforms, tools, and technologies used by lawyers on a daily basis, and the potential for data exposure this poses, deserves special attention. Lawyers need to attend to the risks that arise when implementing new technology, and risks related to unauthorized information disclosure to legitimate third parties are widely unidentified or underestimated.

This year, July 29 was marked with the release of a long-awaited and much-needed ethics opinion from the American Bar Association on generative artificial intelligence tools, Formal Opinion 512. Section B of the Opinion’s discussion is dedicated to the duty of confidentiality, elaborating on the protection of prospective, current, and former clients’ data from unauthorized use and access both within and outside of a law firm. Several state and local bars have also released their own guidelines on use of GenAI in legal practice, many of which, like those of the California State Bar and the New York City Bar Association, similarly include significant discussion of confidentiality issues.

It is important to note that data risks are not limited to GenAI: Other types of architectures and AI models usually share the same or similar risks. High-quality training data is the precious fuel of any contemporary AI technology; without it, even the most powerful and wealthy AI tech giants will be technically unable to innovate. The legal industry is as affected by this as any other, with the mushrooming of AI-enabled legal software for both lawyers and nonlawyers, ranging from e-discovery triage tools and contract review assistants to more complex systems that may predict the outcome of a trial based on underlying facts and relevant case law. As a result, demand for legal data—including memos, briefs, lawsuits, motions, depositions, contracts and settlements—is surging amid modest supply.

Despite these challenges, a proper implementation of well-established and time-tested data protection best practices will address many AI-related risks and threats.

First, lawyers should bear in mind that even if their law firm does not use specific GenAI tools or solutions, their data—including work product and privileged and confidential client data—may be stealthily utilized by third parties for unauthorized or unexpected purposes, such as commercial large language model (LLM) training. (In simple terms, an LLM is the “brain” of GenAI technology, trained on huge amounts of human-created and other data.) Some vendors, desperate for high-quality AI training data, creatively update their terms of service by playing with semantics to make their terms as unsuspiciously broad or ambiguous as possible to eventually extrapolate the permitted use of customer data for training of proprietary LLM models. Less scrupulous vendors simply update their terms with immediate or even retroactive effect to allow use of customer data for AI training, and then send an unobtrusive notice to customers, for instance, concealed inside a monthly newsletter to distract attention from the perilous change.

Therefore, in the era of AI, it is indispensable to have a comprehensive and up-to-date inventory of technology vendors with access to law firm data and their current terms of service. Importantly, this list of vendors should also encompass the numerous online and software-as-a-service (SaaS) solutions the firm uses, spanning from Google Workspace, which is often favored by solo practitioners and small firms, to complex customer relationship management (CRM) or enterprise resource planning (ERP) platforms tailored for Big Law firms. Even tools like Google Translate or online grammar correction software, which can seem safe and innocent at first glance, may pose a hidden risk if used by law firm employees or external consultants, such as expert witnesses, to process legal or judicial documents, as their content may end up in a place where it should never be. To prevent such incidents, law firms should consider implementing and enforcing a written policy to address permitted use of their data, expressly prohibiting all tools and services that are not present in the list of authorized solutions.

Firm-wide data minimization, or limiting collection and retention of data to the minimum needed for a specific purpose, is arguably even more crucial to reduce a wide spectrum of cybersecurity and privacy risks, including those related to GenAI. If data does not exist, it simply cannot be misappropriated even in the case of the most sophisticated data breach or flagrant human error. Moreover, data minimization is the cornerstone of many emerging privacy laws and regulations. Data minimization is, however, virtually impossible without having a clear understanding of data inventory and data flows in the first place. Thus, the very first step is to document what data a law firm stores and processes, for what purposes, and where, and how that information can be captured in a corporate data management program. Once a firm’s data is mapped and underlying data flows are identified, data minimization can be thoroughly and thoughtfully implemented.

Data minimization strategies help ensure that all data necessary for business, as well as documents that must be preserved as a matter of law, will be duly safeguarded and readily available, while also enabling and facilitating secure deletion of obsolete or redundant data. Data minimization also drives operational costs down by optimizing data storage, processing, and backup bills. Additionally, any data that must be preserved but is not required in daily operations may be securely sent to so-called cold storage, from where it can later be retrieved if necessary. Cold storage facilities are remarkably cost-efficient and are usually beyond the reach of malicious insiders, disgruntled employees, or external cybercriminals. In sum, data minimization is a cybersecurity principle that has been known for decades, and it continues to be a potent tool to reliably address risks when interacting with emerging technology such as AI.

Another business-critical best practice to maintain data privacy is to establish separate data protection agreements with all external parties that may have access to a firm’s data, explicitly prohibiting any unauthorized use of the data. The agreement should have a conspicuous clause that in case of any conflict with clickwrap agreements or similar terms of service from a vendor, the agreement shall always prevail. Notably, data protection agreements are needed not only with those vendors that by design ingest a law firm’s data for storage or processing but with all vendors that may occasionally or tangentially have access to the data or any part of it. For instance, cybersecurity vendors that scan a firm’s laptops, servers, or emails for malware may legitimately send suspicious files to their cloud for further analysis unbeknownst to the law firm. Solo practitioners and boutique law firms, which typically cannot afford to invest many resources in a comprehensive vendor management program, may at least minimize their number of third-party data processing vendors and carefully review the terms of service of those that remain, as well as minimize or anonymize any data that they submit for external processing. Paradigmatically, legal professionals should remember that lack of time or budget is virtually never a valid excuse for breach of ethical or fiduciary duties related to use of AI or any other technologies.

Use of public cloud providers, such as Amazon Web Services (AWS) or Microsoft Azure, deserves a dedicated mention within the context of law firm cybersecurity. According to Gartner, through 2025, 99 percent of cloud security incidents will be the fault of the customer, caused by human error or misconfiguration of cloud services. Unsurprisingly, cybercriminals and unscrupulous data brokers vigorously go after misconfigured cloud storage to access exposed data without any hacking and sometimes, debatably, without even breaking the law. Such carelessly exposed data may be exploited for all imaginable and unimaginable nefarious purposes, including LLM training by unprincipled tech vendors or even sovereign states amid the global race for AI supremacy. To avoid falling victim to a cloud data breach, law firms should maintain a comprehensive inventory of their cloud-stored data and cloud resources and have those resources regularly tested by specialized cloud security providers for possible misconfigurations, vulnerabilities, and weaknesses.

Notably, all of the abovementioned challenges to data confidentiality also silently reside at law firms’ trusted third parties that have legitimate access to firms’ data under a proper data protection agreement. To illustrate this convoluted problem, consider a law firm with an affiliated law firm that uses a cloud backup service provider. Despite a properly implemented data protection agreement between the two law firms, the cloud provider may share, sell, or otherwise exploit the backup data unbeknownst to both law firms. Worse, this practice is not necessarily illegal: For example, the affiliated law firm could simply overlook a tiny clause in its contract with the vendor authorizing use of backup data for LLM training.

Because of the potential for data breaches via trusted third parties, law firms should consider implementing a comprehensive and risk-based third-party risk management (TPRM) program. One of the key purposes of a modern-day TPRM program is to assess, understand, and monitor how trusted third parties protect themselves and data in their possession. Whenever sharing sensitive data with third parties, preference will be given to entities with mature data protection and information security management programs. The strength of such programs can be evidenced and partially validated by conformity with global technical standards and frameworks like ISO 27001 or SOC 2. A truly robust TPRM program should, however, go beyond superficial examination of entities’ certifications, instead meticulously inspecting their risk catalogues and cybersecurity policies and procedures, as well as auditing their compliance with these policies, and regularly reviewing a list of security incidents (including those that may not reach the level of a reportable data breach) with documentation of their aftermath and the response by the third party. Holistic implementation of TPRM will not only help mitigate AI-specific risks but also reduce a broad spectrum of technical risks and threats stemming from more conventional IT tools and solutions.

Another class of high-frequency and high-impact data risk for law firms is human error while using AI. According to Verizon’s 2024 Data Breach Investigations Report, as many as 68 percent of data breaches involved a nonmalicious human error. The current situation in the realm of AI is analogous: Many legal professionals working in law firms are still unaware of the broad and continually growing spectrum of risks created in their office environment by AI technologies. For instance, a paralegal may see nothing wrong in submitting a highly confidential memo to an online chat for a quick spell-check, trying to produce an impeccable document. Likewise, a busy associate may innocently upload a confidential brief to an online platform to get a cogent summary of the brief, trying to accomplish long list of tasks in a timely manner. This is why it is crucial to create, promulgate, and enforce a firm-wide AI use policy, which would specify permitted and prohibited ways to utilize AI in the workplace. Last but not least, ongoing training on risks, threats, and benefits of AI can serve as a powerful enhancement of such policy, which otherwise may simply gather dust on a bookshelf.

Another GenAI-related concern is that even publicly accessible data may be misused by GenAI vendors or their suppliers of training data. Some law firms generously share their expert knowledge, unique know-how, and analytical insights on corporate websites and blogs, providing high-quality articles or presentations on recent developments in the law. For legal technology AI vendors, such data is gold. Obviously, few authors would consent to have their work ingested by an LLM to be later exploited as part of a commercial product without any compensation or credit to the original content creator. However, valuable data can be vacuumed from trustworthy websites without notice through the common method of data scraping. The author has elaborated elsewhere on techniques for investigating and proving unauthorized data scraping in court, but prevention tends to be a better solution than an after-the-fact response.

Reviewing a law firm website’s terms of use is a sound starting point, as increasingly AI vendors—partially due to better self-regulation and partially due to emerging AI legislation, namely the EU AI Act and US state laws on AI—are starting to pay attention to terms of service. With the exception of some “good bots” like Google, automated scanning and crawling of the firm’s website should be prohibited, expressly banning data scraping for AI training. It may also be a good idea to add a liquidated damages clause if enforceable under applicable law. Next, a modern anti-bot protection, such as Cloudflare or a comprehensive web application firewall (WAF), can help protect the website from being crawled by malicious automated bots while ensuring a smooth experience for human visitors.

To summarize, though law firms face substantial risks to their data as technology evolves, protection of a law firm’s data in the GenAI era is not rocket science. While many of the foregoing challenges are bolstered by the rise of GenAI, ongoing attention to data risk management best practices provides corresponding solutions. Law firms should consider implementing and continuously improving the following instruments discussed above as part of a comprehensive and firm-wide data protection program:

• Data inventory program
• Data minimization strategy
• Third-party risk management policy (TPRM)
• Inventory of third parties with access to firm’s data
• Inventory of third-party terms of service and data protection agreements
• Cloud security and authorized cloud use policies
• Authorized use of AI tools and solutions policy
• Technical controls protecting firm’s public data
• Terms of use protecting firm’s public data

This article is Part IV of the Musings on Contracts series by Glenn D. West, which explores the unique contract law issues the author has been contemplating, some focused on the specifics of M&A practice, and some just random.

A recent decision in the English High Court of Justice, BM Brazil I Fundo de Investimento em Participações Multistrategia v. Sibanye BM Brazil (Pty.) Ltd.,^[1] is the latest judicial pronouncement by a common-law court on the meaning and effect of a material adverse effect (“MAE”) clause. In BM Brazil, Mr. Justice Butcher determined that a “geotechnical event” (basically a landslide), which occurred at a mine owned by the target company between the signing and closing of a Sale and Purchase Agreement (“SPA”), did not constitute an MAE permitting the buyer to terminate the SPA. And the MAE definition included in the SPA looked like it had been cut and pasted from a standard US acquisition agreement.

The Pattern of an MAE Definition

According to Professor Robert T. Miller, one of the oft-cited academics in MAE jurisprudence, including in BM Brazil,^[2] almost all MAE definitions follow a similar pattern.^[3] First, there is the “Base Definition,” which consists of (a) a listing of the “Underlying Predicate Events” (“events, acts, occurrences”), followed by (b) an “Expectation Metric” (“has, or would/could reasonably be expected to have”), followed by (c) an “Undefined Term” (“material adverse effect on”), followed by (d) the “MAE Objects” (“business, financial condition, results of operation”). Second, there is a list of “MAE Exceptions,” which eliminate the realization of certain generalized risks so that even if they occur and have a material adverse effect on the target, no MAE has occurred. And last, there is a “Disproportionality Exclusion,” which adds back to the MAE definition some or all of the MAE Exceptions to the extent that their occurrence has disproportionally caused harm to the target compared to a specified group of similarly situated companies.^[4] The MAE definition under consideration in BM Brazil followed this common pattern.

Finding That an MAE Has Occurred Continues to Be a Rarity

That the judge determined that there had not been an MAE should surprise no one, even without knowing the facts. Judicial determinations that an MAE has occurred are exceedingly rare.

Indeed, in Delaware there has only been one such judicial determination, Akorn, Inc. v. Fresenius Kabi, AG.^[5] In Akorn, Vice Chancellor Laster, in concluding that an MAE had occurred because of the “sudden and sustained drop in Akorn’s business performance,”^[6] examined a number of metrics regarding the target’s performance following the signing of the merger agreement. This drop in performance was determined by making “period-to-period comparisons [that] . . . involved extremely large declines, with EBITDA always declining more than 50 percent.”^[7]

Importantly, however, Vice Chancellor Laster separately concluded that an MAE-qualified “bring down” of a regulatory representation had also been breached where the cost of remediating the regulatory violation exceeded 20 percent of the target’s equity valuation. While that 20 percent did not necessarily establish a bright line, it has been viewed by many in the deal community that a 20 percent value decline is as good a benchmark of what will be deemed an MAE as any.^[8]

The English Court Looks to Delaware Cases

Given the relative dearth of English cases discussing MAEs, Mr. Justice Butcher relied upon the more substantial body of cases from Delaware to guide his decision, taking a cue from a pandemic-era English MAE case, Travelport Ltd. v. WEX Inc.^[9] In that case, Mrs. Justice Cockerill had noted that

[Delaware has a] better developed body of case law [on MAE clauses] . . . [and] to ignore the thinking of the leading forum for consideration of these clauses, a forum which is both sophisticated and a common law jurisdiction, would plainly be imprudent. . . . The same goes for the academic learning which is often cited in the Delaware Court.^[10]

So, turning to that US authority, Mr. Justice Butcher looked first to the oft-quoted statement of then–Vice Chancellor Strine, in In re IBP, Inc. Shareholder’s Litigation,^[11] as to the “strong showing” required to invoke an MAE termination condition:

[E]ven where a Material Adverse Effect condition is as broadly written as the one in the Merger Agreement, that provision is best read as a backstop protecting the acquiror from the occurrence of unknown events that substantially threaten the overall earnings potential of the target in a durationally-significant manner. A short-term hiccup in the earnings should not suffice; rather the Material Adverse Effect should be material when viewed from the longer-term perspective of a reasonable acquiror.^[12]

Mr. Justice Butcher then took a trip through the other Delaware authorities that have addressed MAE conditions since IBP, quoting or paraphrasing these authorities for a number of different propositions, including the following:

• “[D]efining a ‘Material Adverse Effect’ as a ‘material adverse effect’ [as nearly all MAE clauses do] is not especially helpful.’”^[13]
• Use of the word would in the phrase “would not reasonably be expected to have [an MAE]” suggests “a greater degree (although quantification is difficult) of likelihood than ‘could’ or ‘might,’ which would have suggested a stronger degree of speculation (or a lesser probability of adverse consequences[)].”^[14]
• “[T]he burden of proving that a MAE had occurred lay on the buyer, irrespective of the form in which the MAE clause was drafted (ie whether as a representation, warranty or condition to closing), absent clear wording to the contrary.”^[15]
• “There is no ‘bright-line test’ for evaluating whether an event has caused a material adverse effect. To assess whether a financial decline has had or would reasonably be expected to have a sufficiently material effect, this court will look to ‘whether there has been an adverse change to the target’s business that is consequential to the company’s long-term earnings power over a commercially reasonable period.’”^[16]

Mr. Justice Butcher also noted that, while the US case decisions indicated that the determination of whether an MAE has occurred “has both quantitative and qualitative aspects,” he was inclined to the view (consistent with the view of Miller) that “if there is no significant impact in financial, or ‘quantitative’, terms on the Group Companies or their business, then it is difficult to see that such ‘qualitative’ matters could on their own mean that the ‘change, event or effect’ was ‘material and adverse’.”^[17]

Finally, Mr. Justice Butcher also agreed with Miller that the numerous MAE Objects listed in an MAE definition are not necessarily measuring anything substantively different from each other—and the MAE Objects listed appear to all be simply measuring whether there has been an MAE on the target company.^[18]

The Losses Arising from the Landslide Did Not Result in an MAE

Noting Vice Chancellor Laster’s suggestion that a 20 percent decline in equity value would be sufficient to constitute an MAE (without intending thereby to suggest that a “reduction in the equity value of the target of anything less than 20% would necessarily not have been material”), Mr. Justice Butcher agreed that “in the present case . . . a reduction in equity value of 20% or more would indeed be material, but that a somewhat lesser reduction might also be material.”^[19] And he was inclined to view 15 percent as the right number for this case. But to cover his bases, he then viewed the evidence presented (expert testimony, for the most part) about the significance of the geotechnical event from the standpoint that even a 10 percent reduction might be sufficient.^[20]

In reviewing the evidence, however, he concluded that even at this lower level, no MAE had occurred (it would appear that credible expert testimony is critical in these cases, as well as establishing that invoking the MAE clause has not simply been a means to get out of a deal that has not fared as well as one might have hoped^[21]).

A Preexisting Condition Is Not a “Change, Event or Effect”

There have been a number of recent MAE decisions that have focused less on the Base Definition and more on the existence of MAE Exceptions and whether the Disproportionality Exclusion applied.^[22] And those decisions have raised questions about how the wording of the lead-in to the MAE Exceptions, which includes “arising from or related to,” may expand the exceptions to include unexcepted matters.^[23] Those issues did not figure prominently in Mr. Justice Butcher’s decision in BM Brazil, so I will not delve into those matters here but simply refer the reader to footnote 23.

But one of the more interesting aspects of the BM Brazil decision was Mr. Justice Butcher’s discussion of whether a material adverse condition that is “revealed” as the result of a change, event, or effect after signing and before closing, but that in fact existed prior to signing (even though it was unknown), could constitute an MAE. One of the contentions made by the sellers was that the buyers were including in the material adverse effects of the geotechnical event not just the direct effects of the geotechnical event but also the alleged problems with the “underlying geology” that had been revealed by the geotechnical event. According to the sellers, any problems and costs associated with the underlying geology that had been revealed by the geotechnical event could not be included in any determination of whether an MAE had occurred—only the direct effects of the geotechnical event itself could be included. Mr. Justice Butcher agreed with the sellers on this point, even though he went on to decide the case as if everything were included. Regardless, I think this revelatory issue needs to be thought about more.

The argument that Mr. Justice Butcher was persuaded was correct was as follows:

The Claimants emphasised that the terms of the MAE definition looked to whether the “change, event or effect” itself “is or would reasonably be expected to be material and adverse”. They argued that, unlike the exceptions part of the MAE definition, the general part does not direct any enquiry into the causes of the relevant “change, event or effect”; rather that part directs enquiry to, and only to, the characteristics of the relevant “change, event or effect” itself: is it material and adverse? It would be an abuse of language to say that a “change, event or effect” occurring between signing and closing was “material and adverse” because it reveals some other problem or issue. And further, to construe the clause as meaning that revelatory events may be MAEs would enable the temporal requirement of the clause to be circumvented, in that it would allow a party to identify a relevant “change, event or effect” within the period between signing and closing even though the problem or issue predated the contract, and would or could have been picked up by the buyer’s due diligence, and the risk of which will have been assumed by the seller to the extent of the representations and warranties given, but which are otherwise for the buyer’s account. In the present case, the Claimants pointed out, the representations and warranties in Article 3 of the SPAs are exhaustive and do not include any relating to the geotechnical situation at, or the suitability of the mine design of, the Santa Rita Mine, or any general representations or warranties about the costs of, or operations at, the Mine.^[24]

In other words, an MAE condition cannot save you from the failure to obtain a representation and warranty about any existing issue—MAEs focus on future occurrences, not existing facts. In this case, the underlying geological condition “had existed for millennia.”^[25] And “[n]o ‘change, event or effect’ had occurred in [that underlying geological condition] by the happening of the [geotechnical event—i.e., the landslide].”^[26]

One could imagine a situation where there is a boiler explosion that causes damages to a manufacturing plant after signing and before closing. But assume that those damages are insufficient in themselves to constitute an MAE. Nevertheless, assume that in reviewing the damages caused by the explosion, the buyer discovers other, more serious issues that relate to the plant’s equipment and the costs of deferred maintenance, etc. Can those costs be included in assessing whether there has been an MAE? Probably not.

According to Mr. Justice Butcher, Underlying Predicate Events in the Base Definition of MAE focus on what happened, not on what caused it to happen or the reason it happened. There is nothing in a typical MAE clause that would actually expand an Underlying Predicate Event such that it would include some preexisting condition that may have actually caused it (or is likely to cause future similar events) to occur.

And there you have it.

1. [2024] EWHC 2566 (Comm). ↑

2. See Robert T. Miller, A New Theory of Material Adverse Effects, 76 Bus. Law. 749 (2021). ↑

3. This familiar pattern has previously been likened to the consistent ingredients of a McDonald’s “Big Mac.” See Glenn D. West & S. Scott Parel, Revisiting Material Adverse Change Clauses, Corp. Couns. Bus. J. (Sept. 1, 2006). ↑

4. Miller, supra note 2, at 755–57. ↑

5. No. 2018-0300-JTL, 2018 WL 4719347 (Del. Ch. Oct. 1, 2018). ↑

6. Id. at *47, discussed in Glenn D. West, A Delaware Case Has Finally Determined That There Is Such a Thing as a “Material Adverse Effect,” Weil’s Glob. Priv. Equity Watch (Oct. 8, 2018). ↑

7. Miller, supra note 2, at 775. ↑

8. See Glenn West, Richard Slack & Joshua M. Glasser, Just Because a Really Bad Thing Happens Does Not Mean a Material Adverse Effect Has Occurred: Assessing the Latest Delaware MAE Decision, Weil Sec. Litig. Alert 2 (Dec. 24, 2019). ↑

9. [2020] EWHC 2670 (Comm). ↑

10. Id. at paras. 175–76. ↑

11. 789 A.2d 14 (Del. Ch. 2001). ↑

12. Id. at 30–31. ↑

13. BM Brazil I Fundo de Investimento em Participações Multistrategia v. Sibanye BM Brazil (Pty.) Ltd., [2024] EWHC 2566 (Comm), at para. 196 (quoting Frontier Oil Corp. v. Holly Corp.). ↑

14. Id. (quoting Frontier Oil Corp.). ↑

15. Id. at 199 (quoting Hexion Specialty Chems. v. Huntsman Corp.). ↑

16. Id. at para. 203 (quoting Snow Phipps Grp. LLC v. KCake Acquisition Inc.). ↑

17. Id. at para. 222. ↑

18. Id. at para. 204. ↑

19. Id. at para. 253. ↑

20. Id. at para. 252. ↑

21. See Akorn, Inc. v. Fresenius Kabi, AG, No. 2018-0300-JTL, 2018 WL 4719347, at *3 (Del. Ch. Oct. 1, 2018). (“In prior cases, this court has correctly criticized buyers who agreed to acquisitions, only to have second thoughts after cyclical trends or industrywide effects negatively impacted their own businesses, and who then filed litigation in an effort to escape their agreements without consulting with the sellers. In these cases, the buyers claimed that the sellers had suffered contractually defined material adverse effects under circumstances where the buyers themselves did not seem to believe their assertions.”). ↑

22. See Glenn D. West, The MAE Clause, Mrs. Palsgraf and Events “Arising from or Related to” MAE Exceptions, Weil’s Glob. Priv. Equity Watch (May 11, 2021). ↑

23. See id.; see also Robert T. Miller, What Do Exceptions in MAE Definitions Except?, Bus. L. Today (May 20, 2021). ↑

24. BM Brazil, [2024] EWHC 2566 (Comm), at para. 230. ↑

25. Id. at para. 229. ↑

26. Id. ↑

This article is Part III of the Musings on Contracts series by Glenn D. West, which explores the unique contract law issues the author has been contemplating, some focused on the specifics of M&A practice, and some just random.

Somewhere in Scotland is the “Sheriffdom of South Strathclyde, Dumfries and Galloway.” And the sheriff (basically the same as a lower-court judge in the United States) of the Hamilton Sheriff Court in that sheriffdom recently issued a decision, Screwfix Direct Ltd. v. Paterson,^[1] that caught my attention.^[2] Although from an obscure (at least to me) court in Scotland, the case is based on traditional common-law principles that apply in the United States with regard to personal liability for entity-specific contracts. Corporate lawyers, whose clients regularly have deal professionals individually sign documents on behalf of limited liability entities, might want to pay attention.

Personal Liability in Screwfix

The dispute in Screwfix involved the efforts of a building materials supplier to collect overdue sums owed from one of its customers pursuant to a Trade Accounts Card Agreement between the supplier and the customer (“Agreement”). The supplier was Screwfix Direct Limited, trading under the name “Trade UK.” The customer was Paterson Restoration Limited (“Company”). James Paterson was a director and shareholder of the Company. Paterson signed the Agreement on behalf of the Company as its “director.” The Agreement seems to have been a standard form, and it stated that if the person opening the account was a limited company, “the form must be signed by a director.”^[3]

But paragraph f of the Agreement contained the following statement: “I, the director, agree to guarantee performance of all the company’s current and future financial obligations to Trade UK, including any subsequent increase/s in credit limit.”^[4] The Company subsequently became insolvent and was wound up. Trade UK, the supplier, then sought to recover all past due sums from Paterson personally pursuant to paragraph f.

Paterson only signed the Agreement once, as a director of the Company, and he clearly bound the Company as the named account holder to the Agreement. He did not sign separately to bind himself personally as a guarantor of the Agreement between Trade UK and the Company, and he was not a named party individually. So, Paterson defended the action brought by Trade UK on the basis that “the provision did not impose personal liability upon him as an individual [because] [h]e signed the Agreement solely in his capacity as a director and as such was committing only the company to the performance under the agreement.”^[5]

But Trade UK countered that paragraph f only made sense if Paterson were making a personal commitment because Paterson had already bound the Company without paragraph f, simply by signing on behalf of the Company as its director. Indeed, in paragraph c of the Agreement, Paterson had stated that he was “authorised to bind the account holder to this agreement by signing it.”^[6]

The sheriff agreed with Trade UK (citing Scottish cases in support) and rendered judgment in Trade UK’s favor against Paterson.

Does this seem fair to you? While the use of the personal pronoun “I” was clearly problematic, Paterson was not a party to the Agreement, only the Company was—so, in a sense, the only “I” or “you” was the Company. And Paterson signed only on behalf of the Company, as its director, not personally.

US Jurisdictions

Would this result occur in New York, Texas, or some other US state?

Well, let’s see. On very similar facts, Texas courts have repeatedly held that an officer signing on behalf of a corporate party to a contract can make themselves personally liable for the corporation’s obligation if there is language in the contract making the corporate signatory liable.^[7] “The fact that a person is under an agency relation to another which is disclosed does not prevent him from becoming personally liable where the terms of the contract clearly establish the personal obligation.”^[8] And sometimes that language is not as clear-cut as the “guarantee” language that was present in Screwfix. Simple statements such as “the undersigned agrees to personally pay” may be deemed sufficient.

That people signing in a corporate capacity could unwittingly be committing themselves to personal liability should make us all pause. So too should the reality that most of the time these are agreements that the corporate officers of our clients are signing without any real review.

New York has a more nuanced approach to these issues.

In Salzman Sign Co. v. Beck,^[9] the New York Court of Appeals refused to hold a corporate officer personally liable for the obligations of his corporate principal where he signed the agreement only in his corporate capacity. And this was despite the fact that the agreement, similar to the contract at issue in Screwfix, stated specifically that “[w]here the Purchaser is a corporation, in consideration of extending credit to it, the officer or officers signing on behalf of such corporation, hereby personally guarantee the payments hereinabove provided for.”^[10]

The court refused to find that language sufficient to make the corporate officer personally liable because

[i]n modern times most commercial business is done between corporations, everyone in business knows that an individual stockholder or officer is not liable for his corporation’s engagements unless he signs individually, and where individual responsibility is demanded the nearly universal practice is that the officer signs twice—once as an officer and again as an individual. There is great danger in allowing a single sentence in a long contract to bind individually a person who signs only as a corporate officer. In many situations the signing officer holds little or no stock and if the language of the agreement makes him individually liable his estate may be stuck for a very large obligation which he never dreamed of assuming. We think the better rule is the one used here—that is, that the statement in the contract purporting to bind the signing officer individually is not sufficient for Statute of Frauds purposes without some direct and explicit evidence of actual intent.^[11]

A federal court, considering liability of a signatory to a letter agreement, has described New York law on this issue as follows (case citations omitted):

Under New York law, an agent who signs an agreement on behalf of a disclosed principal will not be individually bound to the terms of the agreement “unless there is clear and explicit evidence of the agent’s intention to substitute or superadd his personal liability for, or to, that of his principal.” In assessing whether a signatory intended to be individually bound, the following five factors (the “Lollo factors”) should be examined: “length of the contract, the location of the liability provision(s) in relation to the signature line, the presence of the signatory’s name in the agreement itself, the nature of the negotiations leading to the contract, and the signatory’s role in the corporation.” In addition to these factors, the most obvious indicator of the signatory’s intent is the signature’s form. “‘[W]here individual responsibility is demanded the nearly universal practice is that the officer signs twice—once as an officer and again as an individual.’”^[12]

Finding Where the Line Is Drawn

New York is basically looking for more clear intent to be personally liable than Texas and some other jurisdictions. Even in Scotland, it appears that if the guarantee or personal undertaking language is not in the main body of the agreement, but rather in a set of separate terms and conditions incorporated by reference, the courts are inclined to refuse to find the necessary intent to be personally bound.^[13] And England long ago appears to have recognized that if one buries onerous terms in a lengthy form agreement, without highlighting those onerous terms to the person sought to be bound to them, they may well be held unenforceable: “a logical development of the common law into modern conditions [is] that . . . if one condition in a set of printed conditions is particularly onerous or unusual, the party seeking to enforce it must show that that particular condition was fairly brought to the attention of the other party.”^[14]

But it is far from clear where the line is to be drawn, even in the more nuanced approach offered by New York. There are plenty of decisions from other jurisdictions holding corporate officers personally liable for their company’s agreements on facts similar to Screwfix.^[15] And those corporate officers are, many times, just that—employed company officers, not owners of the enterprise. The fact remains that representatives signing contracts on behalf of limited liability entities must do more than merely ensure that they only sign in a representative capacity; they must also ensure that there is not any language in that agreement making them personally liable for the entity’s obligations based on that representative signature. Our private equity deal professionals, who sometimes become officers of portfolio companies, should be aware and act accordingly.

Ensuring (Hopefully!) a Signature Only in a Representative Capacity

While we are on the subject, let’s take a quick quiz on the correct manner of clearly indicating that you are signing only in your representative capacity on behalf of a limited liability entity.

Assume that a contract named a limited liability entity (“Private Equity LLC”) as the party and then an authorized representative of Private Equity LLC (“Sarah Deal Professional”) signed the contract with the following signature line:

_____________________________
Sarah Deal Professional
President, Private Equity LLC

True or False: This signature line clearly indicates that Sarah Deal Professional was only signing in her capacity as president of Private Equity LLC, and not individually?

If you answered “True,” thanks for playing, but the case law appears to lean decidedly in favor of this being false. Many cases would find that the language under the name Sarah Deal Professional that indicates she is president of Private Equity LLC is merely descriptio personae, a Latin phrase that simply means that the words “President, Private Equity LLC” only indicate who Sarah is but do not limit the capacity in which she signed. As a result, such a signature has been deemed sufficient to impose personal liability on the signatory, even without guarantee language like that at issue in Screwfix.^[16]

The best practice, therefore, is to always follow these guidelines:

The signature itself represents a clear indication that the signator is acting as an agent if: (1) the name of the principal is disclosed, (2) the signature is preceded by words of agency such as “by” or “per” or “on behalf of,” and (3) the signature is followed by the title which represents the capacity in which the signator is executing the document, e.g., “Pres.” or “V.P.” or “Agent.”^[17]

Thus, use the traditional formulation:

Private Equity LLC
By: _________________________
Name: Sarah Deal Professional
Title: President

But again, even this formulation may not save you from the Screwfix issue if there is language in the agreement making the entity representative personally liable—this formulation only works to avoid personal liability being imposed on those who simply fail to clearly indicate their limited capacity.^[18]

And finally, please ensure that the officers and deal professionals signing documents on behalf of limited liability entities use the full legal name of the limited liability entity as the named party, both in the body of the contract and in the signature line. Note that one of the rules of limiting liability for an agent acting on behalf of a limited liability principal is that the name of the principal has to be identified. If the limited liability entity operates divisions, or has an assumed name, contracts are often entered into in the name of those divisions or under that assumed name. Many cases have held that naming a division or trade name as the party, rather than the entity itself, using its actual legal name, is a failure to disclose the principal. As a result, the officer signing on behalf of that division or in that assumed name may incur personal liability.^[19]

As noted by one Texas court:

Regarding the liability on corporate contracts, officers of corporations are in the same position as agents of private individuals. That is, as is true of agents generally, officers of a corporation are not personally liable on the corporation’s contracts if they do not purport to bind themselves individually, they disclose their representative capacity, and they identify their principal. Even if Burris had filed an assumed name certificate with the Secretary of State and had filed a new assumed name certificate with the clerk of Travis County indicating Burris & Inscore Construction, Inc. was doing business as “B & S Construction, Inc.,” that would be immaterial to his personal liability because an agent has the duty to disclose the name of his principal, not just the principal’s assumed or trade name.^[20]

As if we didn’t have enough stuff to worry about.

1. [2024] S.C. HAM 1. ↑

2. The case came to my attention through a September 20, 2024, blog posting by the Scottish law firm of Brodies LLP. Sarah Wilson et al., Are You a Company Director? Could You Have Given a Personal Guarantee Perhaps Without Realising?, Brodies (Sept. 20, 2024). ↑

3. Screwfix, [2024] S.C. HAM 1, at para. 4. ↑

4. Id. ↑

5. Id. at para. 6. ↑

6. Id at para. 5, 7. ↑

7. See, e.g., Action Powersports, Inc. v. 1STEL, Inc., 500 S.W.3d 632 (Tex. App. Texarkana 2016); 84 Lumber Co., L.P. v. Powers, 393 S.W.3d 299 (Tex. App. Houston (1st Dist.) 2012); Taylor-Made Hose, Inc. v. Wilkerson, 21 S.W.3d 484 (Tex. App. San Antonio 2000). ↑

8. Am. Petrofina Co. v. Bryan, 519 S.W.2d 484, 487 (Tex. App. El Paso 1975). ↑

9. 176 N.E.2d 74 (N.Y. 1961). ↑

10. Id. at 75. ↑

11. Id. at 76. ↑

12. EQT Infrastructure Ltd. v. Smith, 861 F. Supp. 2d 220, 232 (S.D.N.Y. 2012). ↑

13. See Montgomery Litho Ltd. v. Maxwell, [2000] S.C. 56, discussed in Brandon Hire PLC v. Russell, [2010] CSIH 76. ↑

14. Interfoto Picture Libr. Ltd. v. Stiletto Visual Programmes Ltd., [1989] 1 Q.B. 433. ↑

15. See, e.g., Yellow Book Sales & Distrib. Co. v. Valle, 84 A.3d 1196 (Conn. 2014); Buffa v. Yellowbook Sales & Distrib. Co., 760 S.E.2d 644 (Ga. Ct. App. 2014). ↑

16. See, e.g., Hubbard Fam. Tr. v. TNT Land Holdings, LLC, 9 N.E.3d 411, 424–25 (Ohio Ct. App. 2014). ↑

17. Id. ↑

18. For a discussion of the various means that can expose private equity deal professionals to personal liability, see Glenn D. West, Protecting the Private Equity Firm and Its Deal Professionals from the Obligations of Its Acquisition Vehicles and Portfolio Companies, Weil’s Glob. Priv. Equity Watch (May 23, 2016). ↑

19. See, e.g., Lachmann v. Hous. Chron. Publ’g Co., 375 S.W.2d 783 (Tex. Civ. App. Austin 1964) (writ ref’d n.r.e.); Empire Off. Machs., Inc. v. Aspen Trails Assocs. LLC, 322 P.3d 424 (Mont. 2014); Bou-Matic LLC v. Legg, 843 N.W.2d 710 (Wis. Ct. App. 2014). ↑

20. A to Z Rental Ctr. v. Burris, 714 S.W.2d 433, 437 (Tex. App. Austin 1986) (writ ref’d n.r.e.); see also Restatement (Third) of Agency § 6.02 cmt. d (Am L. Inst. 2006) (noting that “an agent’s use of a trade name, which may be traced to its registered user through a search of public filings is not sufficient to disclose the principal’s identity”). But see TicketNetwork, Inc. v. Darbouze, 133 F. Supp. 3d 442, 453 (D. Conn. 2015) (“Because Charged.fm was the registered assumed name of a corporation, Plot Commerce, TicketNetwork had constructive notice that the principal with which it was dealing . . . was Plot Commerce. Accordingly, Mr. Darbouze cannot be held personally liable on the contract he signed, because he contracted on behalf of a disclosed corporation.”). ↑

On April 5, 2024, the ABA Business Law Section’s Corporate Laws Committee approved amendments to Section 2.02 of the Model Business Corporation Act (the “MBCA”) that permit a corporation to include in its articles of incorporation a provision limiting or eliminating the monetary liability of certain corporate officers.^[1] Prior to the amendments, the articles of incorporation could only provide exculpatory protection to directors. As discussed in this article, the officer exculpation now permitted under Section 2.02 is similar to the director exculpation already authorized by that section. New to the MBCA is a definition of the “officers” that may be exculpated. In defining “officer,” the amendments reinforce freedom of contract principles by providing a default list of the “officers” who may be exculpated while also allowing corporations to expand or contract that definition as needed.

Similar in nature to Delaware’s officer exculpation statute, the MBCA’s amendments provide a complementary template for jurisdictions that are considering amending their corporate code to provide exculpatory protection to officers.

Background

For over three decades, the MBCA has authorized corporations to include a provision in their articles of incorporation that limits or eliminates, with certain exceptions, the monetary liability of directors to the corporation and its shareholders.^[2] Commonly referred to as an exculpatory provision, this provision has protected directors from personal liability for monetary damages for breaches of the duty of care. Today, all states provide for some form of director exculpation in their corporate code. These statutes follow three different approaches—charter option statutes, self-executing statutes, and cap on money damages statutes—or some combination thereof.^[3] Section 2.02(b)(4) of the MBCA is a charter option statute, which permits corporations to adopt a charter provision that now provides for the exculpation of both directors and designated officers.^[4]

At the time director exculpation statutes were initially being adopted, limiting the liability of directors was viewed as vital to addressing a perceived director shortage resulting from the D&O insurance crisis and the Delaware Supreme Court’s groundbreaking decision in Smith v. Van Gorkom.^[5] Similar protection for officers, on the other hand, was generally viewed as unnecessary, and their inclusion in exculpation amendments was ultimately rejected in most states.^[6] Until recently, the topic of officer exculpation has remained largely dormant. Several recent developments surrounding officer liability, however, have led to renewed interest in exculpating senior management in a manner similar to that which exists for directors. First, Delaware amended its long-arm statute in 2003 to cover senior executive officers of Delaware corporations.^[7] Second, the Delaware Supreme Court, in its 2009 Gantler v. Stephens decision, held that officers owe the same fiduciary duties as directors.^[8] Finally, in response to several opinions from the Delaware courts clarifying the ability of shareholders to challenge merger transactions, officers are being named as defendants in M&A litigation with increasing frequency.^[9] Due to the lack of exculpatory protection, disclosure claims against officers in these lawsuits were allowed to survive while those same claims against corporate directors were dismissed based on exculpation provisions in the charter.^[10] In response to those developments, the Delaware legislature amended its corporate code in 2022 to permit exculpation of certain senior executive officers. Under the amendments, exculpated officers largely enjoy the same protection as directors with the exception that officers cannot be exculpated from derivative claims or claims brought by the corporation.^[11]

As was the case with the adoption of director exculpation, the Corporate Laws Committee watched these developments and considered whether, and how, to amend the MBCA to provide for officer exculpation.^[12] Earlier this year, the Committee adopted amendments to Section 2.02 permitting the articles of incorporation to include a provision exculpating certain officers.

The MBCA Amendments

As amended, Section 2.02(b)(4) authorizes a provision to be included in the articles of incorporation that limits or eliminates monetary liability for specified officers. In general, the protection afforded to officers under a Section 2.02 exculpation provision is similar to that which the MBCA already allows for directors. Like directors, officers may not be relieved of personal liability for (i) financial benefits received to which the officer is not entitled; (ii) any act or omission that intentionally inflicts harm on the corporation or its shareholders; or (iii) any act or omission that is an intentional violation of criminal law. In addition to these carve-outs, officers (but not directors) may not be exculpated for any claim by or in the right of the corporation (e.g., derivative proceedings). Essentially, under the amendments, a provision in the articles of incorporation may exculpate certain officers for breaches of the duty of care in direct claims brought by shareholders (which includes class actions), but not for claims brought by the corporation or in a shareholder derivative proceeding.

In connection with the exculpation amendments, a new subsection (f) was added to Section 2.02 that defines “officer.” This new definition applies only to the use of “officer” in Section 2.02(b)(4)’s exculpation and not to the use of “officer” elsewhere in the MBCA.^[13] The definition has three components to it. First, subsection (f) provides a statutory list of executive officers who are covered by default in an exculpatory provision: chief executive officer, president, chief operating officer, chief financial officer, chief legal officer, secretary, controller, treasurer, and chief accounting officer.^[14] Second, consistent with freedom of contract principles, subsection (f) allows the articles of incorporation to expand or contract the default list of enumerated officers or specify a procedure for doing so.^[15] Third, unless otherwise provided in the articles of incorporation, the board of directors may, by way of resolution, exculpate other officers beyond those listed in the articles. The board may not, however, alter the exculpatory protection provided to the officers listed in the articles without amending that document. Thus, the MBCA allows a board of directors to tailor the definition of “officers” for exculpatory purposes to the specific needs of the corporation as they may vary from time to time, unlike the Delaware statute which defines the term “officer” in the statute itself.

Comparison to Delaware

The MBCA and Delaware’s General Corporation Law serve as the two principal blueprints for state corporate codes. In the case of officer exculpation, Delaware amended its statute two years prior to the final adoption of the MBCA’s amendments. Overall, Delaware and the MBCA provide similar exculpation protection to officers. One particular area of divergence, however, is the exact language used for the carve-outs for nonexculpable liability.^[16] Identical to the carve-outs for director exculpation, the MBCA’s language provides greater clarity than that of the Delaware statute through its use of more concrete and narrower exclusions. For example, contrary to Delaware’s statute, the MBCA’s exclusions avoid references to the “duty of loyalty” and “good faith” as bases for exclusion from exculpation, instead excluding “intentional infliction[s] of harm on the corporation or the shareholders” and “intentional violation[s] of criminal law.”^[17] Likewise, the MBCA carves out a narrower set of “financial benefits” to which a director or officer is not entitled, as opposed to Delaware’s “improper personal benefit.”^[18]

Another difference in the two statutes relates to the definition of the “officers” who can be exculpated. Delaware’s statute relies upon the definition of “officer” found in its long-arm statute^[19] while the MBCA has its own definition in the statute. Both Delaware and the MBCA identify the same list of executive officers to be included in the definition of “officer.” After the initial enumerated list of executive officers, Delaware looks to Securities and Exchange Commission filings and an individual’s consent to jurisdiction as the criteria for determining who is an “officer.”^[20] The MBCA, on the other hand, provides corporations with more flexibility to individually tailor inclusion in the “officer” definition through specific enumeration in the articles of incorporation or, alternatively, by a board resolution. By authorizing officer exculpation by a board resolution, the MBCA’s definition allows a board to be nimble in addressing officer exculpation on a case-by-case basis, when and if the need arises, without having to pursue the formal process of amending the corporation’s articles.

Officer Exculpation Trends

Corporate Charter Amendment Trends

Under both the MBCA and the Delaware amendments, an exculpation provision for officers must be set forth in the corporation’s charter. For existing corporations this means amending the charter through a statutorily required process that includes approval of the amendment by the board and the shareholders.^[21] For publicly traded corporations this also means satisfying federal securities laws requirements such as disclosures in a proxy statement. While the MBCA’s amendments are too new to have been adopted in more than one MBCA jurisdiction and thus there are no statistics for corporate adoptions in those states, there is a growing body of data on adoption rates by Delaware corporations.

Since Delaware’s adoption of its officer exculpation amendments, there has been a modest, but continually growing, number of public companies that have amended their charters. Overall, commentators have observed that these amendments are being approved by shareholders, with only a handful of proposed officer exculpation amendments failing due to shareholder turnout and a two-thirds supermajority vote standard for approval.^[22] To date, most of the officer exculpation amendments have been proposed at small-cap companies (under $2 billion market cap) and mid-cap companies ($2–$10 billion market cap).^[23] Commentators predict an increase in the number of large-cap companies (over $10 billion market cap) and dual class companies proposing officer exculpation amendments to their charters moving forward in light of three developments: (i) the clarification by Delaware courts that such amendments do not require a separate class vote of nonvoting shares for approval;^[24] (ii) the relative success in approving these amendments at smaller companies;^[25] and (iii) the limited impact that negative proxy advisor recommendations have had on the approval of such amendments.^[26]

State Statute Adoption Trends

Prior to Delaware’s amendment of its corporate code to provide for officer exculpation, only seven states had such a statutory provision.^[27] Around the same time that Delaware adopted its amendments, Pennsylvania amended its corporate statute to limit officer liability.^[28] Since that time, a number of additional states have amended or are considering amending their corporate codes to provide for officer exculpation. Both Oklahoma and Alabama have recently adopted officer exculpation amendments. The Oklahoma amendments are nearly identical to the language in Delaware’s statute^[29] while Alabama, which is an MBCA state, has adopted an amendment that is based on the MBCA language.^[30] As of the writing of this article, it remains to be seen how quickly other states will amend their corporate statutes to provide for officer exculpation as well as whether the MBCA’s or Delaware’s statutory language will serve as the prevailing model.^[31] Nevertheless, the adoption of the MBCA amendments as well as the increasing frequency and success of Delaware corporations in adopting officer exculpation charter amendments will likely spur calls for more jurisdictions to consider such changes.

A version of this article originally appeared in the Summer 2024 issue of the MBCA Newsletter, the newsletter of the ABA Business Law Section’s Corporate Laws Committee, under the title “Amendments to the Model Business Corporation Act Permitting Officer Exculpation.” Read the full issue and previous issues at the Corporate Laws Committee’s Model Business Corporation Act Resource Center.

The views expressed in this article are solely those of the author and not the University of Oklahoma College of Law. No legal advice is being given in this article.

1. See Corporate Laws Comm., Changes in the Model Business Corporation Act—Amendments to Section 2.02 Relating to Officer Exculpation, 79 Bus. Law. 801 (2024) (notice of approval on third and final reading); Corporate Laws Comm., Changes in the Model Business Corporation Act—Proposed Amendments to Section 2.02 Relating to Officer Exculpation, 79 Bus. Law. 125 (2023–24) (notice of approval on second reading). See generally, Model Business Corporation Act Resource Center, which includes the current and previous versions of the MBCA with the Official Comments, reports of the Corporate Laws Committee on proposed and adopted amendments of the MBCA, and other MBCA resource materials. ↑

2. See Model Bus. Corp. Act § 2.04(b)(4) (1990); Corporate Laws Comm., Changes in the Revised Model Business Corporation Act—Amendment Pertaining to the Liability of Directors, 45 Bus. Law. 695 (1990) (notice of approval on second reading). The director liability amendments were approved by the Corporate Laws Committee on the third and final reading on June 16, 1990. Corporate Laws Comm., Changes in the Revised Model Business Corporation Act—Amendment Pertaining to Liability of Directors, 46 Bus. Law. 319 (1990). ↑

3. See Corporate Laws Comm., 45 Bus. Law. at 696 (1990). ↑

4. Delaware’s approach to director exculpation is also a charter option statute. Thirty-one states have adopted the charter option approach to exculpation. See Bryn R. Vaaler, 2.02(b)(4) or Not 2.02(b)(4): That Is the Question, 74 Law & Contemp. Probs. 79, 82 n.19 (2011). ↑

5. 488 A.2d 858 (Del. 1985). See John Mark Zeberkiewicz & Robert B. Greco, Amendments to the DGCL Permit Officer Exculpation, 36 Insights, no. 10, Oct. 2022, at 3. ↑

6. It is clear that the decision to omit officers from early exculpation statutes was a deliberate one in Delaware and the MBCA. See Lewis S. Black, Jr. & A. Gilchrist Sparks, III, Analysis of the 1986 Amendments to the Delaware Corporation Law 312 (1986) (explaining the rationale for the exclusion of officers in the adoption of Section 102(b)(7)); Corporate Laws Comm., 45 Bus. Law. at 700 (1990) (explaining the rationale for the decision to omit officers from the MBCA’s original exculpation provision). It is less clear, however, that other jurisdictions approached the officer liability level of analysis when adopting their director exculpation statutes. See Dennis R. Honabach, Smith v. Van Gorkom: Managerial Liability and Exculpatory Clauses—A Proposal to Fill the Gap of the Missing Officer Protection, 45 Washburn L.J. 307 (2006). ↑

7. See 10 Del. C. § 3114 (2003); Del. Div. of Corps., Amendments to Corporate Law 2003 (June 30, 2003) (describing the rationale for the amendment). ↑

8. 965 A.2d 695, 708–09 (Del. 2009). ↑

9. See Zeberkiewicz & Greco, supra note 5 (summarizing the case law developments that led to the officer exculpation amendments). ↑

10. See, e.g., Morrison v. Berry, 2019 WL 7369431 (Del. Ch. Dec. 31, 2019). In Morrison the court noted that while the disclosure claims against the officers survived a motion to dismiss, an ultimate finding of liability for breach of the duty of care in making the disclosures would be unlikely. Id. at *24. ↑

11. See 8 Del. C. § 102(b)(7) (2022). ↑

12. See James J. Hanks, Jr. & Larry P. Scriggins, Protecting Directors and Officers from Liability–the Influence of the Model Business Corporation Act, 56 Bus. Law. 3, 25 (2000) (describing the history of the MBCA’s director exculpation statute). ↑

13. See Model Bus. Corp. Act § 2.02, cmt 3.E. (2024). ↑

14. In addition, “[t]he use of ‘chief’ in the enumerated list of officers is intended to capture the principal officer, appointed or elected in accordance with section 8.40, performing the functions of such office irrespective of that officer’s title.” Id. ↑

15. The ability to expand or contract the statutory default list of officers by a provision in the articles is implied in the language of subsection (f)—“unless the articles of incorporation otherwise provide.” Model Bus. Corp. Act § 2.02 (2024). The Official Comment to Section 2.02 confirms this reading of the statute. See id. at cmt 3.E. (“That definition includes any individual identified in the enumerated list of officers, although the articles of incorporation may expand or contract this list or specify a procedure for doing so.”).
    ↑

16. For a comparison of the language in the MBCA’s and Delaware’s exculpation statutes, see the Model Bus. Corp. Act Ann., § 2.02, at 2-29 to 2-30 (5th ed. 2020); Vaaler, supra note 4, at 82–83. ↑

17. See Model Bus. Corp. Act § 2.02, cmt I. (2013); Vaaler, supra note 4, at 83; Hanks & Scriggins, supra note 12, at 28 (“By focusing on receipt of an improper financial benefit and intentional infliction of harm, section 2.02(b)(4) avoids many of the interpretive questions surrounding the definition of a breach of the duty of loyalty.”). ↑

18. See Model Bus. Corp. Act § 2.02, cmt 3.E. (2024) (stating that the “benefit must be financial rather than in less easily measured and more conjectural forms, such as business goodwill, personal reputation, or social ingratiation.”). ↑

19. See 8 Del. C. § 102(b)(7) (2022) (“All references in this paragraph (b)(7) to an officer shall mean only a person who at the time of an act or omission as to which liability is asserted is deemed to have consented to service by the delivery of process to the registered agent of the corporation pursuant to § 3114(b) of Title 10 (for purposes of this sentence only, treating residents of this State as if they were nonresidents to apply § 3114(b) of Title 10 to this sentence.”); 10 Del. C. § 3114(b) (defining “officer” as “an officer of the corporation who (1) [i]s or was the president, chief executive officer, chief operating officer, chief financial officer, chief legal officer, controller, treasurer or chief accounting officer of the corporation at any time during the course of conduct alleged in the action or proceeding to be wrongful; (2) [i]s or was identified in the corporation’s public filings with the United States Securities and Exchange Commission because such person is or was 1 of the most highly compensated executive officers of the corporation at any time during the course of conduct alleged in the action or proceeding to be wrongful; or (3) [h]as, by written agreement with the corporation, consented to be identified as an officer for purposes of this section.”). ↑

20. Id. ↑

21. See 8 Del. C. § 242(b); Model Bus. Corp. Act § 10.03 (2024). For companies that are contemplating going public, these entities can incorporate an officer exculpation provision in the amended charter adopted in connection with the IPO or spin-off transaction. ↑

22. See Andrew J. Noreuil et al., Recent Developments in Delaware Officer Exculpation Charter Amendments, Mayer Brown Alert (Feb. 6, 2024) (reporting proposal and adoption rates as of the end of January 2024 for Delaware public companies included in any of the major indices). See also Douglas K. Schnell & Daniyal Iqbal, Lessons from the 2023 Proxy Season: Advance Notice Bylaws and Officer Exculpation, Harv. L. Sch. F. on Corp. Governance (Sept. 5, 2023) (reporting on proposal and adoption rates as of July 24, 2023, for Delaware technology companies in the Lonegan Silicon Valley 150); Melissa Sawyer et al., Lessons from the 2023 Proxy Season, Sullivan & Cromwell Alert (Sept. 14, 2023) (reporting on proposal and adoption rates for meetings through H1 2023 at U.S. public companies). ↑

23. Noreuil et al., supra note 22. ↑

24. See In re Fox Corp./Snap Inc. Section 242 Litigation, C.A. Nos. 2022-1007, 2022-1032, 120 (Del. Jan. 17, 2024). ↑

25. See Noreuil et al., supra note 22. ↑

26. Id. See generally, Glass, Lewis & Co., United States 2024 Benchmark Policy Guidelines at 75 (recommending voting against proposals eliminating monetary liability for certain officers, unless compelling rationale for the adoption is provided by the board, and the provision is reasonable); Institutional Shareholder Services, United States Proxy Voting Guidelines, Benchmark Policy Recommendations at 25 (January 2024) (recommending a case-by-case consideration of the stated rationale and identifying a number of factors to be considered). ↑

27. Those states are Louisiana, Maryland, Nevada, New Hampshire, New Jersey, Utah, and Virginia. In its Principles of Corporate Governance, the American Law Institute also recommended allowing a corporation’s charter to exculpate a director or officer. See Principles of Corporate Governance: Analysis and Recommendations §§ 7.19-7.20 (1994). ↑

28. See 15 Pa. Cons. Stat. § 1735 (amended on November 3, 2022; effective January 2, 2023). The Pennsylvania statute differs in several aspects from the Delaware exculpation provision (e.g., the limitation on liability in Pennsylvania can be in a shareholder-adopted bylaw as opposed to the charter). ↑

29. See 2024 Okla. Sess. Law Serv. Ch. 120, Section 10 (S.B. 620) (2024). The Oklahoma amendments differ from Delaware and the MBCA in that they do not define “officer” for purposes of the exculpation statute. ↑

30. See Ala. Code § 10A- 2A-2.02 (amended May 17, 2024, effective Aug. 1, 2024). ↑

31. See Vaaler, supra note 4, at 82 (describing adoption trends for director exculpation statutes). Of note, thirty-six jurisdictions have corporate codes based on the MBCA, and it is reasonable to expect that they will adopt the MBCA’s officer exculpation language as they update their corporation codes over time. ↑

This article describes recent Delaware decisions that are relevant to the Model Business Corporation Act (the “MBCA”). These include several decisions addressing (i) the validity of governance provisions in agreements and (ii) the requirements for board of directors and stockholder approvals of merger agreements. In addition, this article describes legislation recently enacted in Delaware dealing with a number of the issues raised by these decisions.

Validity of Governance Provisions in Agreements

Delaware Decisions

Moelis Decision

In West Palm Beach Firefighters’ Pension Fund v. Moelis & Company, 311 A.3d 809 (Del. Ch. 2024),^[1] the Delaware Court of Chancery held that certain pre-approval rights and board and committee composition provisions in a stockholder agreement entered into by the corporation with its controlling stockholder in anticipation of an initial public offering (“IPO”) by the corporation were facially invalid under Section 141(a) of the Delaware General Corporation Law (the “DGCL”), which provides that the “business and affairs of every corporation . . . shall be managed by or under the direction of the board of directors, except as may be otherwise provided in [the DGCL] or the certificate of incorporation.” The Court held that those provisions infringed on the power of the board to manage the corporation’s affairs under the DGCL’s board-centric model of corporate governance.

The challenged stockholder agreement required the corporation to obtain the stockholder’s approval before taking various corporate actions and granted the stockholder extensive rights designed to ensure that he could elect a majority of the directors and that the composition of board committees would be proportionate to the number of the stockholder’s designees on the board. While the Court characterized the agreement as a “new-wave” stockholder agreement, rights of this kind are often found in agreements entered into in connection with debt and equity financings (including venture capital and private equity investments) and other commercial arrangements, as well as in settlement agreements with activists. The Moelis decision raises significant questions regarding the validity of these provisions when they are included in this kind of agreement. Because the decision is likely to be appealed, it may not be the last word from the Delaware courts on these issues.

The Court held that the pre-approval requirements in the Moelis agreement, viewed collectively, and some of the stockholder’s rights involving the composition of the board and its committees were facially invalid under Section 141(a). In addition, the Court held that the provisions related to the composition of board committees were also invalid under Section 141(c)(2), which vests the board with the authority to designate committees. The Court noted that most of the invalidated provisions (but not those relating to the composition of board committees or that are inconsistent with a mandatory feature of the DGCL) would have been valid if they had been included in the certificate of incorporation. This could have been accomplished by either (i) including them expressly in the certificate or by incorporating them by reference to an agreement as permitted by Section 102(d) regarding reference to extrinsic facts, or (ii) if the board is authorized to create new classes or series of stock (“blank check” authority), including them in a certificate of designation and issuing a single “golden” preferred share. An amendment of the certificate of incorporation would, of course, require stockholder approval, but a new class or series of stock could be created by the board alone if it has blank check authority.

The Court noted that, although Delaware is a contractarian state that favors private ordering, the ability to do so is subject to the limitations of the DGCL. The Court emphasized the need to differentiate between an agreement creating an internal governance arrangement and an external commercial contract that constrains board actions, like a credit agreement with restrictive covenants or an exclusive supply contract, while it also recognized the challenge in differentiating between the two. The Court identified several factors that indicate that an agreement creates an “internal governance” arrangement, including whether it arose out of an obvious commercial exchange and whether the purpose of the restrictions was to allocate governance rights. However, the Court did not specify how those factors should be weighted, other than that all of them are matters of degree and none are essential. It then indicated that once a contractual provision appears to be part of the corporation’s internal governance arrangements, a court must assess whether the provision prevents or limits in a substantial way the ability of the directors to use their own best judgment and make decisions in managing the corporation’s affairs. Applying these standards, the Court had no problem concluding that the Moelis stockholder agreement involved an internal governance arrangement that was not tied to any underlying commercial transaction and finding that most of its provisions violated Section 141 and were invalid. The Court found, however, that several provisions in the agreement that related to the rights of the stockholder to nominate board members and for the corporation to use its best efforts to cause them to be elected were valid.

Wagner Decision

Following the Moelis decision, the Court of Chancery, in Wagner v. BRP Group, Inc., 2024 WL 2741191 (Del. Ch. May 28, 2024), found invalid provisions in another pre-IPO stockholder agreement, as it was initially executed, that required pre-approval by the controlling stockholder of (i) any significant decision regarding a senior officer because it contravened Section 141(a) and Sections 142(b) and (e), (ii) any charter amendment because it contravened Sections 141(a) and 242, and (iii) certain significant transactions, most involving the corporation’s sole operating subsidiary, because it violated Section 141(a). Wagner differed from Moelis, however, because following the filing of the lawsuit, the parties modified the challenged stockholder agreement to provide that the stockholder would approve any action that a committee of the independent directors unanimously determined in good faith was in the best interest of the corporation. The Court considered the effect of the modification on the validity of the governance provisions. Although it recognized that the unanimity requirement permitted any one committee member to block a determination, since the DGCL permits bylaws to establish procedural limitations, like high vote and even unanimity requirements for a corporate action,^[2] the Court held that the committee mechanism was sufficient to overcome the invalidity under Section 141(a), but not the invalidity of the senior officer provision under Section 142 or the pre-approval requirement for charter amendments under Section 242.

N-able Decision

After the legislation described below was enacted and before it became effective, the Court of Chancery decided Seavitt v. N-able, Inc., 2024 WL 3534476 (Del. Ch. July 25, 2024), which involved similar issues to those in Moelis and Wagner regarding the validity of a pre-IPO stockholder agreement with controlling stockholders that contained pre-approval covenants and board and committee composition and director removal provisions. Like Moelis and Wagner, the Court found many of the provisions facially invalid in violation of the DGCL, an issue that was not resolved by the legislation because agreements subject to litigation at the legislation’s effective date were excluded from coverage under the legislation. As a harbinger of issues that can arise under the new legislation, the Court suggested that provisions in a stockholder agreement modifying the requirement for stockholder approval under the DGCL or permitting identified stockholders to remove directors might not be valid under the legislation because those provisions would not have been permissible in the certificate of incorporation.

Unlike in Moelis and Wagner, some of the provisions in the N-able certificate of incorporation stated that they were “subject to” the stockholder agreement. That raised the issue whether (as characterized by the Court) “this laconic prepositional phrase” effectively incorporates the stockholder agreement into the charter by reference under Section 102(d) of the DGCL. Not surprisingly in view of this characterization, the Court held that the reference was not sufficient to incorporate the agreement into the charter and, moreover, indicated that a private agreement cannot be incorporated into a charter, which is a foundational public document, noting that the statute only authorizes incorporation of “facts ascertainable” outside the charter.^[3]

Delaware Legislation

In response to the uncertainties created by the Moelis decision, legislation has been enacted in Delaware to add a new clause (18) to Section 122 of the DGCL to give corporations the power, notwithstanding Section 141(a), to enter into governance agreements—like the ones in Moelis, Wagner, and N-able—that include approval rights and board composition provisions that otherwise could be included in the certificate of incorporation.^[4] The legislation, which encountered some criticism, principally from academics and some in the Delaware judiciary, became effective on August 1, 2024, and applies retroactively except to litigation begun before that date. Section 122(18) eliminates some of the uncertainties for Delaware corporations arising from the Moelis, Wagner, and N-able decisions, but interpretive issues in applying the new provision, such as the scope of agreements authorized under it and how those agreements mesh with fiduciary duties, will need to be considered.

Relevance for the MBCA

Although the Moelis, Wagner, and N-able decisions apply to Delaware corporations, their reasoning could be applied to business corporations formed in other jurisdictions that have provisions similar to Section 141, such as Section 8.01 of the MBCA. Whether other states will follow the reasoning in the Moelis, Wagner, and N-able decisions is not certain. Unlike Delaware, many state corporation statutes, such as those based on the MBCA, expressly permit stockholder agreements, in addition to provisions in the charter, to vary the director management norm. Typically, however, the stockholder agreements authorized by a statute like Section 7.32(b) of the MBCA require that all stockholders be a party to the agreement.^[5] Some jurisdictions, including Delaware, have close corporation provisions that permit stockholder agreements. A court might read these provisions to exclude stockholder agreements among less than all of the stockholders as permitted vehicles for varying the director management norm, and if so, the issues raised by Moelis, Wagner, and N-able could be even more difficult in those jurisdictions. On the other hand, a court could preferably read these provisions as nonexclusive for these purposes. The ABA Corporate Laws Committee is currently considering how, if at all, to respond to the Moelis, Wagner, and N-able decisions and the recent Delaware legislation.

In deciding whether governance provisions that do not have the benefit of the Delaware legislation may be validly included in an agreement, practitioners should consider whether the provisions limit the authority and exercise of discretion by the board of directors. In the case of an agreement with these limitations, practitioners should then determine whether those provisions are external commercial contractual arrangements or are internal governance arrangements to be tested against the statutory provisions like Section 141 of the DGCL and Section 8.01 of the MBCA and other provisions of the applicable corporation statute. The Court of Chancery distinguished traditional commercial contracts from the agreements in Moelis, Wagner, and N-able, which were not tied to any underlying commercial transaction and were designed to address corporate governance in an extensive way, thus constituting an “internal governance” arrangement. Accordingly, traditional commercial credit agreements with institutional lenders and securities purchase agreements with equity investors that contain customary restrictive covenants associated with protecting the credit or the investment should not be viewed as an internal governance arrangement. The dividing line is not clear between these customary agreements and agreements with extensive protective and governance provisions that fall between these two.

Analyzing provisions implicated by the Moelis, Wagner, and N-able decisions and giving legal opinions on the validity of those provisions, especially outside of Delaware, may be problematic, and the need to do so should be weighed in the context of the specific transaction. If practitioners are concerned about the validity of provisions in an agreement, they could redraft the provisions, for example by including a fiduciary duty out^[6] or similar exception, or they could include some or all of the provisions in the charter, either through an amendment or, if authorized, in a certificate of designation creating a new class or series of stock that becomes part of the charter. Section 102(d) of the DGCL permits certain provisions of the certificate of incorporation to “be made dependent upon facts ascertainable outside such instrument, provided that the manner in which such facts shall operate upon such provision is clearly and explicitly set forth therein,” and Section 2.02(d) of the MBCA permits such provisions to be “made dependent upon facts objectively ascertainable outside the articles of incorporation” if the requirements of Section 1.20(k) of the MBCA are met, one of which authorizes reference to terms of an agreement to which the corporation is a party.^[7] Even when governance provisions are included in a corporation’s charter, however, they still should be analyzed to ensure that they are of a type permitted to be included in the charter. For example, as noted above, limitations on the board’s authority to designate committees under Section 141(c) can raise issues, as can provisions that are inconsistent with a mandatory feature of the DGCL.

Actions to Approve Mergers and Other Fundamental Changes

Delaware Decision

In Sjunde AP-fonden v. Activision Blizzard, Inc., 2024 WL 863290 (Del. Ch. Feb. 29, 2024) (corrected Mar. 19, 2024), the Delaware Court of Chancery declined to grant a motion to dismiss a complaint challenging the approval of a merger, which serves as reminder to practitioners of the importance of strictly following the requirements to approve a merger under Section 251 of the DGCL. These requirements relate to the need for a sufficiently final merger agreement to be approved by the board of directors and to the contents of the notice that must be sent to the stockholders when soliciting their approval of the merger.

In Delaware an essentially final merger agreement must first be approved by the board. The key question addressed by the Court in Activision was what “essentially final” means. The plaintiff argued for the execution version to be approved, while the defendants asked the Court to recognize the market practice of submitting a draft or near-final form to the board for approval. The Court held that, at least for purposes of dealing with the motion to dismiss, in order to comply with Section 251(b) of the DGCL, the board had to approve an essentially complete version of the merger agreement. It then went on to conclude that the plaintiff adequately pled that the merger agreement approved by the board was not essentially complete because it omitted the name of the company being acquired, the merger consideration, a disclosure letter that qualified a number of provisions of the agreement, the disclosure schedules called for by the agreement, and the surviving corporation’s charter^[8] and because the board delegated a decision on the amount of the dividends that the acquired company may pay prior to closing to an ad hoc committee of the board. The defendants may be able to establish at trial that the board had before it some of the omitted information, such as the name of the company to be acquired and the merger consideration. The Court recognized as an open issue whether the disclosure schedules were essential, but the Court’s decision indicates that a merger agreement that the board approves, to be essentially complete, must be close to being the execution version.

The Court then examined whether the information required under Section 251(c) to be included in the notice of the stockholder meeting was satisfied. It acknowledged that the notice purported to provide a copy of the merger agreement by referring to the exhibit to the accompanying proxy statement, but the Court determined that the merger agreement provided with the notice did not satisfy Section 251(b) because, among other things, it omitted the surviving corporation’s charter.^[9] The Court also ruled that the notice did not satisfy the alternative permitted under Section 251(c) of containing a brief summary of the merger agreement because, although the proxy statement sent with the notice contained a summary of the merger agreement, the proxy statement was not part of the notice.^[10]

Finally, the Court ruled that the board’s delegation to a committee to finalize the provision of the merger agreement permitting the payment of certain pre-closing dividends by the target was invalid because under Section 141(c) a committee cannot approve on its own matters for which stockholder approval is required under the DGCL, such as approval of a merger agreement.^[11]

Delaware Legislation

The recently enacted Delaware legislation^[12] includes provisions to address the issues identified by the Activision decision. It adds a new Section 147 to the DGCL to recognize that the board of directors can approve a merger agreement and other agreements requiring board approval in substantially final form, not necessarily the final form, and can ratify a previously approved agreement before a filing is made with the Secretary of State. Also, Section 232 dealing with notices to stockholders is amended to provide that any materials included with, or attached to, a notice to stockholders, like a proxy statement, is considered to be part of the notice. In addition, (i) a new Section 268(a) is added to eliminate the need for the certificate of incorporation of the surviving corporation to be attached to the merger agreement or approved by stockholders of the target where those stockholders will not become stockholders of the surviving corporation, as is the case for an all cash reverse triangular merger, and (ii) a new Section 268(b) is added to make clear that disclosure letters and schedules are not part of the merger agreement and therefore, as a statutory matter, do not need to be approved by the board.^[13]

Relevance for the MBCA

The Activision decision highlights the importance of strict compliance with notice and approval requirements, even after enactment of the Delaware legislation, under both Delaware law and the law of other relevant jurisdictions. Those requirements, which are not limited to mergers, differ among jurisdictions, and thus the particular jurisdiction’s law needs to be carefully reviewed. For example, under Section 11.04 of the MBCA a “plan of merger” meeting the requirements of Section 11.02(d) must first be adopted by the board and then, with certain exceptions, approved by the stockholders; if approval is to be sought at a meeting, the notice of the meeting shall “contain or be accompanied by a copy or summary of the plan,” in some cases with a copy or summary of the surviving entity’s governing documents.^[14] It is common, at least in states outside of Delaware, to structure mergers using both a transactional agreement, usually called a merger agreement or acquisition agreement that describes the transaction and contains representations, covenants, conditions to closing and other provisions, and a separate plan of merger that is typically attached as an exhibit to the transactional agreement. The plan of merger is typically a relatively short document that contains only the terms and conditions of the merger as required by the corporation statute, which in MBCA jurisdictions are those set forth in Section 11.02(d). Only the plan of merger needs to be submitted to stockholders for adoption in those jurisdictions. The statutory pattern in Delaware is somewhat different, and that difference may account for a difference in practice and the Court’s rulings in Activision. Section 251(b) of the DGCL requires that the board approve an agreement of merger and declare its advisability and that the agreement of merger be executed by the corporation and submitted to the stockholders for approval. Under the MBCA, the plan of merger need not be executed by the corporation, and as long as there is a plan of merger approved by the board and the stockholders, the transactional agreement signed by the parties to the merger need not be submitted to or approved the stockholders.

This piece originally appeared in the Summer 2024 issue of the MBCA Newsletter, the newsletter of the ABA Business Law Section’s Corporate Laws Committee. Read the full issue and previous issues, including previous articles in the Recent Decisions Relevant to the MBCA series, at the Corporate Laws Committee’s Model Business Corporation Act Resource Center.

The views expressed in this article are solely those of the author and not his law firm or clients. No legal advice is being given in this article.

1. In a prior decision, West Palm Beach Firefighters’ Pension Fund v. Moelis & Company, 310 A.3d 985 (Del. Ch. 2024), the Court held that laches and ripeness did not apply where there is an alleged violation of a statute. ↑

2. See Section 141(c)(4) of the DGCL. ↑

3. The Court distinguished Colon v. Bumble, Inc., 305 A.3d 352 (Del. Ch. 2023), which upheld super-voting power granted to stockholders identified in a stockholder agreement on the grounds that the identified stockholders were ascertainable facts outside of the charter as permitted by Section 151(a). See Stanley Keller, Delaware Court of Chancery Approves Differential Voting Within Same Class, In Our Op. (ABA Bus. Law Section Legal Ops. Comm.), Fall 2023 (Vol. 23, No. 1), at 17–18. ↑

4. S.B. 313, 152nd Gen. Assemb., An Act to Amend Title 8 of the Delaware Code Relating to the General Corporation Law, 84 Del. Laws ch. 309 (enacted on July 17, 2024). ↑

5. The MBCA uses the term “shareholders,” but for consistency this article follows the DGCL usage of “stockholders.” ↑

6. The question of whether a fiduciary out alone will validate certain governance provisions in a stockholder agreement could be an issue in Dollens v. Goosehead Ins., Inc., C.A. No. 2022-1018-JTL (Del. Ch. Nov. 10, 2022), in which the plaintiffs challenged a stockholder agreement as being in violation of Section 141(a). A proposed settlement involving amendments to the stockholder agreement has been agreed to by the parties to the litigation and is pending approval. The amendments narrow the governance provisions and add fiduciary outs for the board. The notice of the proposed settlement is available from plaintiff’s counsel. ↑

7. As noted above, the question of whether and the extent to which the terms of an agreement may be incorporated by reference in a certificate of incorporation pursuant to Section 102(d) of the DGCL is addressed in N-able. ↑

8. The Court’s reference to Section 251(b) requiring the surviving corporation’s charter to be included in the merger agreement does not appear to be apt because the requirement of Section 251(b)(4) applies only to a consolidation. For a merger, Section 251(b)(3) requires only a statement that the surviving corporation’s charter shall be its charter, unless it is to be amended or restated, in which event that shall be stated. ↑

9. Id. ↑

10. The Court noted that Section 251 did not contain the amendments to Sections 228 on stockholder consents and 242 on certificate of incorporation amendments that permit notice of internet availability of proxy material to satisfy the merger agreement notice requirement. An alternative that could have satisfied Section 251 would have been for the notice to have referred to the summary of the merger agreement in the proxy statement instead of referring just to the merger agreement attached as an exhibit to the proxy statement. ↑

11. An application has been filed with the Court of Chancery to validate the merger at issue in the Activision decision under Section 205 of the DGCL. The MBCA has similar provisions to validate defective corporate acts and stock issuances in Subchapter E of Chapter 1 (Sections 1.45–1.52). ↑

12. Supra note 4. ↑

13. The Delaware legislation also adds a new Section 261 to address the holding in Crispo v. Musk, 304 A.3d 567 (Del. Ch. 2023), regarding remedies for breaches of a merger agreement by recognizing a provision in the agreement that allows a target company to seek damages, including lost stockholder premium, for a breach by the acquirer and, if so provided, to retain such damages. It also allows the stockholders, by approving the merger agreement, to appoint a stockholder representative to enforce their rights under the merger agreement. ↑

14. If appraisal rights under Chapter 13 of the MBCA are available, additional information is required. ↑