The Model Business Corporation Act (the “Model Act” or “MBCA”) serves as a key framework for corporate entities in the United States, frequently referenced alongside the Delaware General Corporation Law. To date, thirty-six jurisdictions have adopted the Model Act, either in whole or in part. First published in 1950 by the Corporate Laws Committee (“Committee”) of the American Bar Association (“ABA”) Business Law Section, the Model Act aroused significant interest from the business community. Over the past seventy-five years, it has been subject to ongoing review and refinement by the Committee.
At the recent ABA Business Law Section 2025 Fall Meeting, held in Toronto, the Committee presented a program focusing on key considerations in connection with the seventy-five years of existence of the Model Act, titled “75 Years Young: The Model Business Corporation Act and Its Relevance for Corporate Law Today.” The panel discussion, moderated by Steven Hass, Partner at Hunton Andrews Kurth, featured insights from Maureen Gershanik, Partner at Fishman Haygood; Claudia Allen, Senior Advisor at KPMG Law; Daniel Witschey Jr., Of Counsel at Bracewell; and Heyward Armstrong, Partner at Smith Anderson. All panelists are members of the Committee.
Continuous Relevance of the Model Act
The panelists highlighted the growing importance and influence of the Model Act since its inception. The discussion began with introductory observations from the moderator, Hass, who emphasized the Act’s enduring relevance, noting, “If you group up the Model Act states . . . , the Model Act is actually by far the predominant source of corporate law in this country and governs far more corporations than Delaware does.” Witschey then provided a detailed historical overview of amendments to the Act that addressed, among other things, issues relating to developments in states. He highlighted that from 1950 to the present, the Model Act has been actively maintained and subject to numerous revisions. Among the most notable was the 1974 introduction of a standard of care for directors, one of the Act’s distinguishing provisions when compared with Delaware law.[1] During this presentation, Hass drew attention to amendments in the mid-2000s emphasizing officers’ duties to inform others of material violations of law and enabling a corporation to change the plurality voting standard in director elections to a majority voting standard. Providing background information on these revisions, and more specifically the change on plurality voting, he explained that they occurred in the wake of the financial accounting scandals of Enron and WorldCom and reflected growing demands from investors for more board accountability to enable these changes. His remarks underscored how the Model Act has evolved over time in direct response to market developments and stakeholder expectations.
Monitoring and Updating Process for the Model Act
The panelists also examined how the Committee continuously monitors legal and business developments to ensure the Model Act remains current. Allen explained that in reviewing the legal landscape, the Committee is particularly mindful of its primary constituency, which is private companies rather than large public corporations.
When the Committee determines that revisions are warranted, proposed amendments follow a three-step review process, as outlined in the Committee’s recent article The Model Business Corporation Act at 75.[2] In response to a question about whether changes often originate from external feedback, such as reaching out to the Committee and identifying an issue in practice or forwarding a decision from a Model Act state, Allen confirmed that this occurs from time to time. She provided, as an example, the revision of the Model Act’s indemnification provision, which was prompted by an issue identified by an individual. She encouraged the public to reach out to the Committee regarding practical challenges in applying the Act, stating, “We really encourage hearing from people. We want to know if the statute works.”
On this point, Gershanik emphasized that while the Committee can move swiftly in addressing certain issues, it also follows formal protocols that take time. “We still have a deliberative process,” she noted, adding that this approach enhances the quality of the Committee’s work and ensures that revisions provide well-considered solutions to emerging issues.
The discussion concluded with an overview of defining aspects of the Model Act, underscoring the Committee’s longstanding efforts to promote clarity, efficiency, and consistency while reducing areas of dispute and litigation.
ABA Model Business Corporation Act Resource Center
Armstrong provided an overview of the resources available on the ABA website relating to the Model Act, collected in the Model Business Corporation Act Resource Center. These include the current version of the Model Act, the Model Act Enactment Toolkit, relevant ABA publications, past issues of the Committee’s MBCA Newsletter, and more. Such materials are designed to assist a wide range of stakeholders, from practitioners advising on the Model Act to states considering adopting its provisions.
The Committee emphasized its commitment to supporting both Model Act and non–Model Act jurisdictions in related initiatives and invited the public to engage with its work. As Armstrong noted, “If you are in a bar association or other organization and you are part of helping a state maybe make amendments to its corporate law, . . . please come to see me after this—I want to talk to you.”
Looking ahead, and in light of the numerous initiatives underway across the country to revise state codes, it will be interesting to observe the extent to which the Model Act gains traction in non–Model Act jurisdictions.
An infectious laugh. Always welcoming—and an empathy for others that created an aura of goodwill felt by everyone Juliet touched, whether they were fellow academics, ABA Business Law Section (“BLS”) members, staff, law students, or any of the countless people who crossed her path in her incredible legal career.
Professor Juliet M. Moringiello will be remembered for many, many years to come.
Her remarkable life ended on February 27, 2025, when Juliet passed away quietly from cancer. The shock and grief of her passing was quickly replaced by a torrent of accolades, heartfelt remembrances, and testimonials from her family and friends; her colleagues at the Widener University Commonwealth Law School, where she taught for thirty-one years; her fellow editors at Business Law Today; and the legal community.
“Juliet was a rare combination of elegance and accessibility, academic brilliance and earthy practicality. She was interested in the world, and in helping people on the most basic levels,” said Ted Claypoole, Business Law Section Content Officer and partner with Womble Bond Dickinson. “Juliet was a pleasure in company and deeply comfortable in her own mind. I miss learning her thoughts on everything from recent literature to the Uniform Commercial Code to the best diners in New Jersey. We were all richer for her friendship.”
The warmth of her personality was accompanied by a host of accomplishments in her legal and academic career.
Juliet was a respected educator, chosen twice by students for Widener Law Commonwealth’s Outstanding Faculty Award. In the last several years of her life, she also served as associate dean for academic affairs.
She was a pillar in the world of law reform, serving as a Uniform Law Commissioner for Pennsylvania and a member of the Permanent Editorial Board for the Uniform Commercial Code. Juliet’s keen insight and wisdom served her well in those efforts. One highlight was her key role in the drafting process for the 2022 UCC amendments to address emerging technologies, which included the introduction of the new Article 12, as vice chair of the drafting committee.
Juliet was Business Law Today’s executive editor for Internet Law & Cybersecurity since 2017, and a member of the editorial board for even longer. She was also a leader with the ABA BLS Cyberspace Law (now Cyber and Technology Law) Committee and Uniform Commercial Code Committee; an elected member of the American Law Institute; a longtime board member of the BLS Publications Board; and a prolific contributor to BLS content.
“Let me highlight something even more foundational that truly set Juliet apart: Her ability to make everyone in her presence feel as though they belong,” said Kristen David Adams, William Reece Smith Jr. Distinguished Professor of Law and Director, Dispute Resolution Board, at Stetson University College of Law. Across all facets of her career, Juliet was a mentor to countless students and professionals. “I can’t tell you how many people have told me a story about how she made them feel welcomed, how she helped them to overcome their impostor syndrome, and how she encouraged them. When Juliet welcomed someone, they felt like an insider.”
Such determination to “connect” with others made her a consummate professional in her other passion: providing skiing lessons for children and adults. She inspired a whole generation of skiers in Pennsylvania!
Without a doubt, Professor Juliet M. Moringiello leaves behind an enviable legacy that many strive for but few achieve.
As Norman Powell, Business Law Section chair, so aptly put it, “Juliet was extraordinary: brilliant, humble, insightful, and caring. She approached her tasks with intensity and an easy grace, bringing out the best in her collaborators and students.”
As I traveled to Toronto, Canada, for the 2025 Fall Meeting of the ABA Business Law Section, it struck me that I was navigating the delicate balance of being a foreigner among friends, which our international colleagues must traverse each and every time they cross a border, whether it’s for another section meeting, or in the pursuit of their clients’ goals. And especially for me as a young litigator, this became all the more apparent as I listened to a group of incredible panelists present the CLE program “Cross-Border Enforcement in Discovery, Including Data and Personal Privacy Considerations.” We live in a globalized world, where transactions and clients transcend traditional boundaries. Therefore, in order to most effectively advocate when litigation arises (or could arise), it is essential to understand exactly how to obtain (or protect) evidence.
This CLE, which took place on September 19, 2025, included experts who have practiced in jurisdictions around the world. First, we met Steven Barber, partner at Steptoe LLP. Moderating the panel on behalf of Judge Gail Andler (retired) was Deborah Templer, partner at McCarthy Tetrault, LLP. The third panelist was Jonathan Fitch, an international arbitrator and mediator for JAMS. Rounding out the panel was Kim Nemirow, a partner at Kirkland & Ellis, LLP.
International Discovery: Guidelines and Considerations
While the panel primarily focused on issues and considerations in obtaining discovery in the United States and Canada, they also briefly touched on the importance of the Hague Evidence Convention in seeking discovery beyond those two borders. The Hague Evidence Convention guides the taking of discovery abroad (a voluntary process that protects sovereignty). Sixty-nine countries are signatories, including the United States.
United States international discovery is also governed by 28 U.S.C. § 1781 and § 1782, which are U.S. statutes allowing both the direct transmittal of letters rogatory (the formal request for judicial assistance to exchange discovery) between tribunals and permission for a U.S. district court to compel production of evidence from a person/entity in the court’s jurisdiction for use in a foreign proceeding or international tribunal. Therefore, when working with a client who needs to engage in cross-border discovery, it is important to note if the country in which you are seeking information is a Hague Evidence Convention signatory or not and whether you need information from within the United States. However, while the panelists did recommend having a working knowledge of the rules and considerations that guide discovery, they confirmed that the first thing to do when seeking discovery in a foreign jurisdiction is to obtain local counsel, who will be your guide through the local and/or national standards that may limit the ability to seek discovery.
Barriers to Information: Blocking Statutes, Data Privacy, and Investigations
The next key takeaway from the program was the importance of local blocking statutes, data privacy laws, and investigation considerations.
To begin, most jurisdictions have enacted blocking statutes, which protect their citizens against foreign discovery orders seeking evidence. Unless your request fits into an exception of that statute, you may have to engage in creative lawyering to obtain the information you need, as a lack of exception may lead that court to not even recognize discovery orders from your jurisdiction. Next, consider local data privacy laws and local statutory privilege issues. There may be different attorney-client privilege rules in the other jurisdiction.
Also consider what, if any, cultural differences in data sharing and attorney-client relationships exist between your practicing jurisdiction versus where the evidence is. These issues and statutes impact how, or if, one can obtain data from a third party or individual residing in that jurisdiction. Further, depending on the statutory guidance, one may not even be able to get the data out of the country; so consider that when seeking discovery.
But, what if you’re not even in litigation; you’re just conducting an investigation? That investigation could be either internal or in cooperation with a regulator, but the data is in another country. The same considerations, as previously discussed, apply.
Once again, it becomes clearer how important it is to engage local counsel—don’t engage in cross-border discovery without them.
Word Choice Is Important: Understanding How to Tailor the Discovery Request
Discovery in all jurisdictions is discretionary, but especially in Canada, which is not a signatory to the Hague Evidence Convention, where it is rooted in principles of comity and reciprocity. Therefore, to engage in cross-border practice between Canada and the United States, we now come to the panelists’ discussion of how to obtain discovery information—a practical tool for any international litigator. The importance of narrowly tailoring your discovery request, especially for letters rogatory, was heavily emphasized. As a U.S.-based litigator who has so far only found themselves in state and federal court, the discovery I’ve seen has generally been lengthy and broadly written. So as you find yourself venturing into other jurisdictions, be extremely specific in your asks.
In Canada and the United States, the decision to grant a discovery request is a two-part test. In Canada, the court begins by the statutory/jurisdictional basis for granting the request and then decides, in part two, if it should grant the request. While there are several factors, the most important is the relevancy of the information sought. Given that the common objections include (1) that the evidence is not necessary to the U.S. litigation, (2) that the evidence could be obtained in the United States through other parties, or (3) that the request is overly broad, we see why it is essential to narrowly tailor the request. If not, the Canadian court might just do it for you. This is also true of letters rogatory in the United States—when letters rogatory are used to seek information in a U.S. jurisdiction by a foreign litigant or tribunal, the information is usually limited to documents or depositions.
The U.S. two-part statutory and discretionary test examines (1) whether the person/entity from whom discovery is sought resides, or is found, in the geographical reach of the U.S. district court, and (2) is the discovery going to be “for use” in a foreign or international tribunal? This means that one doesn’t have to actually be in litigation to seek evidence located in the United States with a letter rogatory—one just has to be reasonably contemplating litigation. But for both countries, be mindful that anyone providing an affirmation to the supporting documentation for the discovery request is open to cross-examination, so choose wisely.
International Arbitration and Discovery
When it comes to cross-border discovery in arbitration, most countries are guided by the New York Convention, which enforces arbitration agreements (Article IV). However, there can be significant obstacles to obtaining discovery in arbitration. First, arbitrators have no coercive power to compel discovery, and discovery orders are not enforceable per se in the European Union. Further, provisions of the Hague Evidence Convention do not apply to commercial arbitration. Further, in arbitration, unlike in litigation, blocking statutes may not apply to discovery, though that will be dependent upon the law of the arbitration seat. One may also have to seek to have information produced based on disclosure under specific laws, so, once more, local counsel is key.
Perhaps the biggest takeaway from this informative CLE is that when engaging in cross-border discovery, obtain local counsel. They will help you narrowly frame your request so that it is granted. They will be your partner in speaking to the relevance and necessity of the evidence sought. They are essential to understanding local data privacy restrictions as well as attorney-client privilege protections or limitations. They are the essential partner to any international litigant, and obtaining them should be the first discussion with your client.
Law firms and corporate legal departments are prime targets for cyberattacks—and that’s no surprise. The legal industry manages a trove of sensitive data: client records, intellectual property, regulatory filings, case strategies, and more. Add to that the growing reliance on digital platforms, hybrid work models, and third-party vendors, and the sector’s risk profile becomes even more complex. The consequences of a breach, including financial, regulatory and reputational impacts, can be severe and far-reaching.
Yet despite this elevated risk exposure, many legal organizations continue to operate under outdated cybersecurity assumptions. Legacy security controls and well-worn practices linger, often due to institutional inertia or misplaced confidence. Unfortunately, the cyber threat landscape has outpaced these approaches, and the legal industry can no longer afford to treat security as a static checklist.
Cyber threats today are more agile, distributed, and adaptive than ever. Ransomware attacks, phishing campaigns, and data breaches dominate headlines. Insider threats and credential abuse continue to plague organizations. Sophisticated adversaries leverage automation, artificial intelligence, and the cloud to exploit gaps and scale operations with alarming speed.
In the legal market, recent incidents have been a wake-up call. For example, in 2023, an agreement was reached between the law firm Heidell, Pittoni, Murphy & Bach LLP and the New York Attorney General for the firm to pay $200,000 in penalties resulting from a data breach that compromised individuals’ personal and healthcare data. The firm, which represents hospitals and maintains private patient information, was cited for security failures that violated state law as well as the Health Insurance Portability and Accountability Act (“HIPAA”), and as part of the agreement it was required to adopt improved data security measures.
The high-profile breaches of law firms that may be handling M&A transactions or representing high-net-worth clients underscore how attractive to cyber criminals, and how vulnerable, these entities are. Compounding this are rising regulatory expectations—including updates from the Securities and Exchange Commission and the Federal Trade Commission, which increasingly scrutinize law firms’ security practices when assessing liability and compliance.
Despite this shifting landscape, many firms continue to rely on outdated defenses that leave critical gaps unprotected. The most common obsolete practices in the legal sector include:
Overreliance on traditional, point-based cybersecurity solutions. Many firms still depend on individual tools, such as antivirus software, firewalls, or VPNs, that were not designed to handle today’s multivector threats. These siloed solutions often lack the integration and perception needed to detect coordinated or stealthy attacks across environments.
Trusting endpoint detection and response (“EDR”) alone. While EDR platforms have significantly advanced endpoint security, they are no longer sufficient on their own. Attackers increasingly target areas EDR simply does not monitor, such as cloud platforms, APIs, and network infrastructure. OAuth token abuse in Microsoft 365 or lateral movement via Internet of Things devices can easily bypass EDR’s protections.
Reliance on traditional password policies. Many legal organizations still enforce outdated password rules that emphasize complexity (e.g., symbols, numbers, and case sensitivity) and frequent resets. These policies frustrate users, often leading to insecure practices like writing passwords down on paper and using the same password for multiple accounts. Worse, they offer little defense against modern attack methods like credential stuffing.
Despite clear evidence of obsolescence, these legacy practices often endure for understandable reasons, starting with the basics of familiarity and habit. IT teams and users alike are comfortable with tools they have used for years and averse to change. Many have budget constraints, especially in small or midsize firms, which can delay upgrades or platform migrations. Some face compliance myopia and equate passing an audit with being secure, ignoring emerging risks not yet codified in regulations. Yet others have a fear of disruption, with leaders worried that major changes could interrupt client service or raise internal resistance.
While these are valid concerns, firms should weigh them against the cost of inaction: data loss, regulatory penalties, lost clients, and reputational damage.
The good news? Effective, modern alternatives exist and can be implemented in legal environments and beyond without compromising service delivery or user productivity, both of particular concern for firm partners.
Updated cybersecurity solutions for law firms and legal departments to consider include the following:
1. Replace Point-Based Solutions with Integrated Security Architectures.
Adopt a layered, defense-in-depth model that includes:
Extended detection and response (“XDR”) for unified perception across endpoints, networks and the cloud.
Cloud security posture management (“CSPM”) tools to monitor misconfigurations and exposures in software as a service (“SaaS”) and infrastructure as a service (“IaaS”) platforms.
Network detection and response (“NDR”) to detect lateral movement and anomalous behavior at the infrastructure level.
Security information and event management (“SIEM”) systems to correlate data from across your ecosystem and surface real-time alerts.
Outsourcing some functions to managed detection and response (“MDR”) services or 24/7 security operations centers (“SOCs”) can help firms gain enterprise-grade protection without building everything in-house.
2. Move Beyond EDR.
Continue using EDR, but recognize its limits. Pair it with solutions that monitor identity usage, cloud logs, and API behavior. Prioritize observing trust relationships between systems and accounts, and monitor service accounts and federated logins closely.
3. Adopt Modern, NIST-Aligned Password Practices.
Shift from complexity to length and usability—a change aligned with password guidance from the U.S. National Institute of Standards and Technology (“NIST”). Key changes include:
Require long passphrases (15 or more characters) rather than cryptic strings.
Eliminate periodic password resets unless there is evidence of compromise.
Screen new passwords against known breach datasets.
Provide and encourage use of password managers for storing credentials securely.
These practices reduce human error and improve both security and user experience.
4. Make the Case for Change.
Legal technologists must frame cybersecurity upgrades in terms of business and regulatory risk. Use concrete scenarios, such as a ransomware breach shutting down client files for days, to highlight what is at stake. For example, in early 2023, Cadwalader, Wickersham & Taft acknowledged a cyberattack that required the wiping of hard drives and taking several key systems, including the firm’s document management system, offline—in some cases for weeks. The same year, Troutman Pepper experienced a cyberattack that shut down the firm’s email and other networks, causing disruption to basic operations and client service.
Emphasize how modern security enables continuity, protects the firm’s reputation, and aligns with clients’ expectations of due diligence.
5. Facilitate Adoption with Strategic Change Management.
Security doesn’t have to be disruptive if it’s introduced with empathy and education.
Roll out new tools with clear training and support.
Engage firm leadership early to gain buy-in.
Pilot changes in small teams before scaling up.
Communicate benefits in nontechnical terms that resonate with lawyers and staff.
The legal industry cannot afford to treat cybersecurity as an afterthought or assume yesterday’s tools will withstand tomorrow’s threats. The cost of inertia, whether measured in breached data, regulatory fines, or lost client trust, is simply too high. Modernizing cybersecurity practices starts with acknowledging what no longer works: overreliance on point solutions, blind faith in EDR, and outdated password policies. From there, legal organizations must embrace a layered, integrated security model aligned with today’s risk realities.
Although legal practice is governed by complex rules and nuanced statutes, the American Bar Association Business Law Section’s recent Fall Meeting program, “Yogi Berra Does Legal Ethics: A Legal Ethics Presentation in Nine Innings,” proved that even the most challenging ethical obligations can be grounded in common-sense wisdom.
On Friday, September 19, 2025, the Business Law Section’s Professional Responsibility Committee, in partnership with the Consumer Financial Services and In-House Counsel Committees, organized a panel highlighting an array of ethics issues encountered by in-house counsel and retained outside counsel.
Utilizing the unconventional wit of baseball legend Yogi Berra to delve into the ABA Model Rules of Professional Conduct, the panel provided essential lessons for both in-house and outside counsel navigating entity representation. The program drove home the idea that ethical practice requires proactive vigilance, reinforcing its supplemental materials’ warning: “If you don’t know where you are going, you might wind up someplace else.”
The Expert Lineup
The discussion, moderated by attorney Sanford “Sandy” Shatz, Of Counsel at McGlinchey Stafford LLP, featured expert insights from a distinguished lineup. The leadoff hitter was Amy Richardson, Chair of the ethics and malpractice group at HWG Law and a professor at Duke Law School. She was joined by Bridget M. McCormack, President and CEO of the American Arbitration Association-International Center for Dispute Resolution, and the cleanup hitter, A.J. Singleton, General Counsel and Member of Stoll Keenon Ogden PLLC.
Defining the Client and the Scope of Representation
The opening innings highlighted the foundational rules that define corporate legal work, beginning with the client’s primacy.
1st Inning: Clients (Rule 1.2)—“So I’m ugly. I never saw anyone hit with his face.”
The program started with Yogi’s famously humble quote. This was used to stress that under Rule 1.2, the client is the one who sets the goals and makes the material decisions. Richardson highlighted the crucial distinction between a client’s objectives and the lawyer’s means to achieve them, clarifying where the lawyer’s authority lies: “When it comes to the objectives of the work that they’re doing for the client, that is the client’s call. . . . But when it comes to the means, we as attorneys have providence over that.”
2nd Inning: Organization as Client (Rule 1.13(a))—“I’m a lucky guy, and I’m happy to be with the Yankees. And I want to thank everyone for making this night necessary.”
This segment focused on the core principle of entity representation: The entity itself—not its employees or officers—is the client. Singleton detailed the duty to “report up” under Rule 1.13(b) if a lawyer discovers that an action or inaction by a constituent will cause substantial injury to the organizational client. Singleton affirmed that in this situation, the lawyer is “required to take into account the best interest. . . of the organizational clients and report up.”
3rd Inning: Client-Lawyer Relationships—“Pair up in threes.”
Yogi’s contradictory grouping set the theme for the discussion of complex relationships, such as the Insured-Insurer-Attorney triangle. The key takeaway here was the importance of the Upjohn warning and maintaining a clear boundary, ensuring nonclient constituents do not mistake the lawyer for their personal counsel.
Core Duties: Confidentiality and Conflicts
The program then moved to the bedrock duties of loyalty and preservation of information.
4th Inning: Duty of Confidentiality (Rule 1.6(a))—“I don’t know (if they were men or women fans running naked across the field). They had bags over their heads.”
Tackling one of the most misunderstood rules, the panel used this quotation to discuss Rule 1.6(a). This rule prohibits a lawyer from revealing “information relating to the representation of a client” unless explicitly authorized or permitted by a narrow exception. Singleton clarified that even information filed in a public court pleading is not automatically exempt from the ethical duty of confidentiality.
McCormack offered her view from the business side, affirming her confidence in the bar’s commitment to the rule: “I do not worry about confidentiality. . . . I still feel pretty confident that the bar is going to meet its requirements here.”
5th Inning: Conflicts (Rule 1.7(a))—“He hits from both sides of the plate. He’s amphibious.”
The discussion of concurrent conflicts was introduced by this memorable, if slightly inaccurate, observation. Rule 1.7(a) governs concurrent conflicts and applies strictly to all business lawyers. Richardson stressed the high risk when representing startups, particularly when personal guarantees are involved. She advised, “I think it’s even more important to be really clear with founders of a small business that you have this ethical duty to the business.” Singleton added that while certain conflicts are waivable, the waiver must be in writing.
Maintaining Integrity and Managing the Endgame
The latter half of the program shifted focus to the lawyer’s personal duties of self-reflection and candor, and professional closing procedures.
6th Inning: Owning Up When You Make a Mistake—“We made too many wrong mistakes.”
The panel introduced the topic of remedial duty using this candid, if confusing, quote. The discussion focused on ABA Formal Opinion 481 and Rule 1.4, which together require a lawyer to inform a current client if the lawyer believes they may have materially erred. An error is material if a disinterested lawyer would conclude it is reasonably likely to harm the client or cause the client to consider terminating the representation.
7th Inning Stretch: Not Making False Statements (Rule 4.1)—“Half the lies they tell about me aren’t true.”
Candor was championed with this Yogi quote, which introduced Rule 4.1. Rule 4.1 prohibits lawyers from knowingly making false statements of material fact or law to third persons. The rule serves as a constant reminder that integrity is nonnegotiable in all professional dealings.
8th Inning: Dealing with Unrealistic Expectations (Rule 1.4)—“Making predictions is hard to do, especially about the future.”
The critical importance of managing client expectations was highlighted by this prescient quote. The discussion reinforced the lawyer’s obligation under Rule 1.4 (Communications) to clearly explain matters and advise the client on the probability of outcomes, particularly when predicting future litigation or transactional results.
9th Inning: Professional Misconduct (Rule 8.4(c))—“The towels were so thick there I could hardly close my suitcase.”
The panel closed the regulation innings with one of Berra’s most famous observations. This was used to discuss Rule 8.4(c), which prohibits conduct involving dishonesty, fraud, deceit, or misrepresentation, reinforcing the fundamental ethical mandate that lawyers must not deceive others, even via exaggeration.
Extra Innings: Declining or Terminating a Representation (Rule 1.16(d))—“It ain’t over ’til it’s over.”
The final, crucial lesson came in the form of possibly the most famous Yogi-ism. This lesson focused on Rule 1.16(d), which mandates that a lawyer must take reasonable steps to protect a client’s interests upon termination. The panel stressed the vital role of the “close-out” or disengagement letter. Shatz emphasized the value of this documentation.
2025 is poised to be one of the strongest years thus far for cyber mergers & acquisitions (“M&A”). Although there have been relatively fewer deals than in recent years, deal value has spiked thanks to the comeback of megadeals, with deals announced this year including the $32 billion acquisition of Wiz, Inc. by Google LLC and the $25 billion acquisition of CyberArk Software Ltd. by Palo Alto Networks, Inc. The cyber industry—encompassing cybersecurity software, managed security services, threat intelligence, and related technology—has become a focal point for M&A activity as digital transformation accelerates and cyber threats proliferate. It has rapidly evolved from a niche technology vertical to a core pillar of enterprise risk management and digitization. As cyber threats escalate in frequency and sophistication, and as regulatory scrutiny intensifies, the M&A market for cybersecurity companies has become one of the most dynamic and strategically significant in the global deal landscape. The sector retains outsized strategic importance even as overall global M&A volumes fluctuate. As the value and risk profile of cyber assets differ markedly from those in other sectors, deal terms in cyber M&As have evolved to address unique challenges. This short article aims to offer a glimpse at some of the more distinctive considerations behind the contractual provisions shaping cyber industry deals, highlights key trends, and offers a forward-looking perspective for the last quarter of 2025 and beyond.
I. Cyber M&A Risk Profile
Unlike many other sectors, cybersecurity M&A is defined by the centrality of cyber risk—both as a value driver and as a potential deal-breaker. Cyber companies present a unique blend of opportunities and risks. Their value is often tied to proprietary technology, intellectual property (“IP”) assets, sensitive data, and the ability to maintain trust in the face of evolving threats. Buyers are acutely aware that the value of a cybersecurity target is inextricably linked to its own security posture, the integrity of its products, and its ability to withstand regulatory and reputational scrutiny. Unlike more traditional manufacturing or service businesses, cyber targets may have:
ongoing obligations to protect customer data and comply with a patchwork of global privacy laws
exposure to latent liabilities from past or undetected breaches
a customer base that is acutely sensitive to security incidents and regulatory scrutiny
These factors drive a different approach to diligence, risk allocation, and post-closing integration, which is often reflected in the deal terms negotiated by parties. Ultimately, cybersecurity M&A stands apart in that the very risk it seeks to manage lies at the core of the transaction itself.
II. Distinctive Aspects of Cyber M&A Purchase Agreements
A. Diligence and Disclosure Schedules
Cyber deals feature more extensive and technical disclosure schedules. In addition, a tiered approach to diligence is usually introduced, ranging from external vulnerability scans to intensive, tech-facilitated assessments of a target’s systems, codebase, and incident history. This is far deeper, more technical, and more rigorous than the standard diligence applied in most other tech or industrial deals. Sellers are expected to provide, among other things:
detailed inventories of data assets, security certifications and compliance reports
lists of all past and pending security incidents or breaches, regardless of materiality
descriptions of third-party vendor relationships and their security postures
documentation of software development practices, including open-source software (“OSS”) usage and vulnerability management
This level of disclosure is usually less common in non-cyber deals, where diligence may focus more on financial and operational matters. Simply put, the presence of unresolved vulnerabilities or a history of data incidents can materially impact valuation or even scuttle a deal.
B. Enhanced Representations and Warranties
In cyber M&A, certain representations and warranties (“R&Ws”)—particularly those addressing information technology (“IT”) and privacy and data protection, which are becoming much more prevalent in other deals as well—are receiving heightened attention and expanded scope. These provisions often address:
compliance with applicable data protection laws (most notably, the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”), and sector-specific regulations)
implementation and maintenance of “industry best practices” or “industry standard” security measures
absence of material data breaches or unauthorized access incidents
Cyber transactions frequently go further, demanding detailed disclosure and rigorous scrutiny of past incidents, third-party security audits, penetration-testing results, information on unresolved vulnerabilities, bug-bounty reports, incident response protocols, and remediation timelines. This level of specificity has become standard for significant cyber targets, and it often becomes a central point of negotiation given the risk of concealed vulnerabilities.
C. Indemnification
1. Survival Periods and Carve-Outs
Given the potential for latent cyber liabilities, buyers often negotiate longer survival periods for key nonfundamental R&Ws, such as those regarding IP, IT, and privacy and data protection—usually extending well beyond the customary twelve to eighteen months for general R&Ws.[1] In tech and cyber deals specifically, it is increasingly “market” to see “fundamental” rep treatment for those R&Ws, with survival periods at times matching those for due organization, authority, and tax matters. Carve-outs from indemnification caps for breaches of IP, IT, and privacy and data protection R&Ws are also more prevalent, covering undisclosed breaches, material unremediated vulnerabilities, and OSS license infringements, among other issues.
2. Special Escrows and Holdbacks
Data shows that parties are moving toward more surgical risk finance—smaller general escrows, plus targeted escrows and/or R&W insurance.[2] Buyers in cyber M&A tend to require a separate escrow or holdback specifically for data breach or privacy claims, with carefully calibrated escrow sizing that is more tightly linked to known risk items.
D. Post-Closing Integration and Talent Retention
Successful integration of cyber targets requires not only technical alignment but also retention of key personnel. The global shortage of cybersecurity professionals—estimated between 2.8 million and 4.8 million in 2025—remains a key challenge for both buyers and sellers. Buyers are purchasing not just technology, but also teams with deep domain expertise, making retention and integration strategies critical to deal success. Deals often include bespoke retention packages, noncompete clauses, and pre-closing as well as post-closing covenants to maintain research and development talent and other key employees.
III. Emerging Trends
A. Increasing Regulatory Scrutiny and Globalization
The regulatory environment for cyber companies is becoming more complex, with new laws in the United States, the European Union, and other jurisdictions imposing stricter requirements and higher penalties for data breaches. High-value cyber targets (or those with customers in critical infrastructure or government) face elevated regulatory scrutiny, including antitrust reviews and national security processes. Buyers often layer conditions precedent and “long-stop” dates around such reviews or offer reverse termination fee structures to hedge regulatory risk. The increasing national-security sensitivity around identity, secrets management, and infrastructure protection means counsel must factor regulatory timing into both the purchase agreement and the integration timetable.
B. Escalating Threat Landscape
The frequency and sophistication of cyberattacks continue to rise, with ransomware, supply chain attacks, and zero-day vulnerabilities making headlines. The rapid adoption of artificial intelligence (“AI”) and machine learning in cybersecurity tools is creating new opportunities—and new risks. While advances in AI enable streamlining threat detection and accelerating incident response, they have also empowered cybercriminals to deploy increasingly sophisticated, multistage attack strategies. Buyers are responding by requesting “materiality scrapes,” demanding more granular disclosure of security incidents, and requiring third-party cyber risk assessments, OSS audits, and general source code scans as closing conditions.
C. Continued Consolidation
Strategic buyers are continuing bolt-on consolidation—consolidating capabilities across key domains, such as cloud security, exposure, and identity management. This is driven by enterprise demand for integrated security stacks and AI-enabled controls, presenting such buyers with the opportunity to position themselves to meet evolving enterprise needs and capitalize on cross-platform value. Expect larger platform builds through 2026, which will mean more complex purchase agreements focused on customer-assignment mechanics.
D. Supply Chain and Third-Party Risk
Recent high-profile supply chain attacks have underscored the importance of third-party risk management. Buyers are increasingly scrutinizing the target’s vendor relationships, contractual protections, and incident response capabilities. Expect to see more:
R&Ws and covenants addressing third-party risk management frameworks
indemnification carve-outs for breaches arising from vendor failures
post-closing integration plans focused on supply chain security
Conclusion
Although cyber deals still look like tech deals on paper, the bargaining levers are increasingly cyber-native. The industry’s unique risk profile is reshaping M&A deal terms, with enhanced and special R&Ws, bespoke indemnification structures, targeted escrows, and rigorous diligence becoming the norm. Counsel who anticipate those items—and who can translate technical evidence into crisp contractual mechanics—will be the ones who close deals cleanly and preserve value for clients. As regulatory scrutiny intensifies and the threat landscape evolves, parties must stay agile, adapting contractual provisions to address emerging risks, from AI to supply chain vulnerabilities. For deal lawyers and other legal practitioners, understanding these trends and the data behind them is essential to navigating the world of cyber M&A—a dynamic, high-growth sector driven by structural demand, platform consolidation, and continuous innovation—in 2025 and beyond.
This is the tenth installment in the Year in Governance Series from the In-House Subcommittee of the ABA Business Law Section’s Corporate Governance Committee. Each month, the series will share key tips on a different corporate governance topic. To get involved in the Corporate Governance Committee, please visit the committee’s webpage.
A message from Kathy Jaffari: “As Chair of the Corporate Governance Committee, I would like to extend my sincere appreciation to the authors for this publication. The Corporate Governance Committee has ongoing opportunities for writing and volunteering with various projects, whether it’s an article you want to publish or a CLE that you want to present. Our Committee is dedicated to helping you promote informative resources for corporate governance practitioners. You may contact me at [email protected] to get involved.”
Special Committees of the board of directors serve an important governance function by preserving the integrity of the decision-making process when potential conflicts of interest arise or a director’s independence may be compromised. The effectiveness of Special Committees depends on appointing the right directors and establishing a thoughtful process. Here are ten tips to think about when forming a Special Committee.
Purpose. Special Committees are often formed when there is a potential conflict of interest or for matters that require a specialized focus. Composed of a subset of the board, these committees assume special duties for a limited duration, with the goal of creating an unbiased decision-making process. Example topics addressed in Special Committees include transactions involving a controlling shareholder, investigations of management’s conduct related to violations of the company’s code of conduct, or an unplanned CEO succession.
Formation and Authority. Special Committees are typically formed through delegation by the board in accordance with state corporation laws, organization bylaws, and other corporate governance documents. Responsibilities should be properly delegated and memorialized. Note that there are certain responsibilities that are nondelegable under state law, including authorizing dividends, issuing stock, and amending or repealing bylaws.
Who, When, What. Three threshold topics to consider with forming a Special Committee are (a) who should be on the Special Committee, (b) when they should meet, and (c) what will be discussed. These three considerations are interconnected. The right committee members will influence the meeting structure; the meeting structure will depend on the anticipated discussions; and the anticipated discussions will inform who should be included on the committee, with independence as a critical consideration. Strategic alignment across these three dimensions is crucial for the committee’s effectiveness and credibility. A Special Committee related to CEO succession will likely require a more significant time commitment than one focused on a related-party transaction.
External Advisers. Depending on the topic, it’s common for Special Committees to retain external advisers, including financial experts, outside counsel, and public relations firms. Independence is also a critical component when selecting advisers. While prior relationships with the company or the company’s directors and officers can be helpful in general engagements, it may be harmful when looking for an unbiased perspective.
Intentional Process and Recordkeeping. Actions of a Special Committee are often heavily scrutinized. Given this, it’s imperative to be intentional in the process of setting up the committee, ensuring proper communications, thoughtful materials, and independent advice. Be sure to keep not only records of the committee meetings (in the form of minutes) but also records related to committee membership determination, committee communications, and vetting of external advisers.
Committee Competence. Courts consider the composition of a Special Committee to be of central importance. Remind committee members that they have the same director fiduciary responsibilities when they sit on a Special Committee as in the rest of their board service. In fact, decisions made by a Special Committee can have a higher risk of being subject to litigation. Committee members should have relevant expertise and experience related to the matter at hand, so their participation is not questioned. And don’t discount the importance of good working relationships: mutual respect among the Special Committee members is essential to foster open dialogue, constructive debate, and collaborative decision-making.
Compensation. Consider the time and effort both during the Special Committee meetings and the homework required throughout the process. It’s common to provide directors with additional fees above their regular director compensation, either in the form of flat fees or meeting retainers. The chair of the Special Committee may receive additional compensation given the additional leadership responsibilities. It’s helpful to discuss compensation consideration with outside advisers to minimize any appearance of conflict.
Standard of Review. Decisions by the board of directors are typically reviewed under the business judgement rule where the assumption is that they acted in good faith, on an informed basis, and in the best interest of the company and shareholders. Courts have applied a higher standard of review, the entire fairness standard, if it appears that a director is conflicted in the decision-making process. However, creating a Special Committee in which the conflicted director is excluded from the process can shift the standard of review back to the more deferential business judgment rule.
No Charter, Typically. Unlike standing committees of the board, Special Committees of the board do not often have charters. Instead, the rules and responsibilities are determined by the board through delegation, and the members of the committee are appointed by the board through a formal approval process ensuring consideration of any conflicts. The delegation of authority should also provide clear direction on the use of external advisers and additional compensation.
Communications and Interactions. Provide clear guidelines related to interactions among the members of the Special Committee, its advisers, and the board to protect the independence of the Special Committee. The Special Committee should avoid interactions with conflicted directors or members of management on matters in the purview of the Special Committee unless necessary. These guidelines should be communicated to all participants in the process. Maintaining clear boundaries in communications and interactions protects the decision-making process by ensuring objectivity.
The views expressed in this article are solely those of the authors and not their respective employers, firms or clients.
This is the second installment in a series on damages available for intellectual property (“IP”) claims, focusing on patent damages. Understanding damages is essential for two reasons: it highlights the potential rewards of building a robust IP portfolio, and it offers a benchmark for assessing risk when facing an IP claim. Our previous article addressed trademark damages.
Patent Infringement
Patent infringement is an unauthorized act that relates to the making, using, selling, or importing of an invention for which a patent has been issued, as stipulated by the Patent Act.[1] Section 271 of the act delineates several types of infringement, including direct infringement and indirect forms such as inducement and contributory infringement. Enforcement of these provisions has been influenced by the Leahy-Smith America Invents Act (“AIA”), which also introduced new post-grant proceedings affecting infringement disputes.
Patent Damages
Under the Patent Act, patent owners may seek to recover damages adequate to compensate for infringement.[2] The court may allow damages in the form of recovery for (1) lost profits, (2) reasonable royalties, and (3) treble damages (in cases of willful infringement). The Patent Act provides that a court should award a successful claimant damages “adequate to compensate for the infringement, but in no event less than a reasonable royalty for the use made of the invention by the infringer, together with interest and costs as fixed by the court.”[3] The Patent Act does not limit damages to certain types, and a judge can award other types of damages that may be appropriate under the facts of the case.
Damages are a question of fact; thus, juries can decide damages, but judges will do so if the case is not before a jury. Courts have significant levels of discretion when it comes to applying the above methods and determining how much to award in damages. Nonetheless, courts have developed equitable methods in an effort to balance compensating a successful plaintiff for losses while simultaneously avoiding windfalls.
Lost Profits
Damages for lost profits compensate a patent holder for profits it would have made had its patent not been infringed. Being awarded damages for lost profits requires a plaintiff, with some degree of specificity, to show a nexus of causation between sales lost and the infringement, meaning that the plaintiff must show that the infringement was the cause of the decline in sales.
For years, the lost profits calculation has been based on the four Panduit factors, delineated in Panduit Corp. v. Stahlin Bros. Fibre Works.[4] The four factors are the (1) “demand for the patented product,” (2) “absence of acceptable noninfringing [alternatives],” (3) capacity to exploit the demand, and (4) amount of profit the patentee would have made.[5]
Under the second prong, a patent owner may rely on proof of its established market share rather than proof of the lack of an acceptable noninfringing substitute. A showing under Panduit permits a court to reasonably infer that the lost profits claimed were in fact caused by the infringing sales, thus establishing a patentee’s prima facie case with respect to “but for” causation. A patentee need only show that there was a reasonable probability that the sales would have been made “but for” the infringement. The burden then shifts to the infringer to show that the inference is unreasonable for some or all of the lost sales.
Reasonable Royalties
A reasonable royalty is an amount that would have been paid to a patent holder had the patent holder given the infringer a license to sell the patented item. A common approach used to calculate a reasonable royalty is the “hypothetical negotiation,” which attempts to ascertain the royalty upon which the parties would have agreed had they successfully negotiated an agreement just before infringement began.
Often, reasonable royalties are calculated when the patent holder cannot prove the elements necessary to establish entitlement to lost profits. Courts look to several factors, as outlined in Georgia-Pacific Corp. v. United States Plywood Corp.[6] These factors include past and present royalties received by a patent holder for the patent at issue, the rates paid by the infringer for the use of similar patents, a patent holder’s policies and practices regarding the grant of licenses to its technology, the commercial relationship between the two parties, the patent’s profitability, the patent’s usefulness as compared to older models of similar technology, and the extent to which the infringer used the patented product and the value of that use. These factors, among others, are often established by expert opinion.
Treble Damages
Treble damages are designed as a punitive or vindictive sanction for infringement that is willful, wanton, malicious, bad faith, deliberate, consciously wrongful, flagrant, or the like. In these instances, under the Patent Act, a court may increase the damages up to three times the amount found or assessed.[7] Courts tend to award the maximum amount only when the infringement is egregious.
To prove treble damages, a plaintiff needs to show clear evidence of willful conduct by the infringer. Even if a plaintiff proves willful infringement, enhanced damages are not guaranteed; such a decision is at the discretion of the court.
Summation
Patent infringement damages are designed not only to compensate a patent holder for actual harm but also to deter willful violations of patent rights. By tailoring awards to the nature and severity of the infringement, courts strive to strike a balance between fair compensation in the face of infringement and the promotion of innovation.
* * *
Please tune in next month for part three of our series, in which we will discuss copyright damages.
When an insured is pursuing a representation and warranty insurance (“RWI”) claim, a critical consideration is whether diminution in value damages (“DIV Damages”) can be asserted as Loss covered by the RWI policy.[1] This article, being published in four parts, discusses Delaware mergers and acquisitions (“M&A”) damages law regarding DIV Damages and describes how an insured can pursue them as part of an RWI claim.
This is Part IV of this article; it discusses the limitations on, and other matters regarding, a DIV Damages award as part of an RWI claim. Part I of this article addressed (i) the principal differences between DIV Damages calculated using a multiple of EBITDA methodology (“MOE Methodology”) and DIV Damages calculated using a discounted cash flow methodology (“DCF Methodology”), and (ii) the evolution of cases involving DIV Damages calculated using an MOE Methodology under Delaware M&A damages law.[2]Part II of this article addressed the evolution of cases involving DIV Damages calculated using a DCF Methodology under Delaware M&A damages law. Part III of this article discussed the requirements for a DIV Damages award as part of an RWI claim.
Each part of this article contains practice tips for attorneys for insureds seeking recovery of DIV Damages as part of an RWI claim.
Limitations on DIV Damages With Respect to an RWI Claim
Delaware M&A contract damages law imposes four limitations on the recoverability of DIV Damages: (1) foreseeability; (2) certainty; (3) avoidability; and (4) no windfall.[3]
1. Foreseeability
Foreseeability deals with the concept of consequential damages, for which recovery is limited under principles that hearken back to the 1854 English common law contract case of Hadleyv. Baxendale.[4] Consequential damages may be one of the most misunderstood terms in the common law, including U.S. common law.[5] That said, a number of cases have held that DIV Damages are typically general (direct) damages, not consequential (indirect) damages, and therefore not subject to the special foreseeability requirements applicable to the recovery of consequential (indirect) damages.[6]
2. Certainty
Certainty is the most important limitation on DIV Damages under Delaware M&A contract damages law.
a. Two Levels of Certainty
There are two levels of certainty in the proof of damages under Delaware M&A contract damages law:
proof that the nonbreaching party suffered damages as the result of the R&W Breach in question; and
the determination of the amount of damages suffered.[7]
The law requires reasonable certainty that the nonbreaching party suffered damages and, to a lesser degree, of the amount of damages suffered.[8] Once the fact that damages were suffered has been established, the determination of the amount of damages (often also referred to as the “quantum of damages”) suffered requires only “a basis to make a responsible estimate of [such] damages.”[9] Mathematical certainty of the quantum of damages is not required.
All of the foregoing said, courts will not award DIV Damages that are based on mere speculation or conjecture—that is, are too uncertain.[10]
b. Wrongdoer Rule
Uncertainties in determining the amount of damages suffered “are generally resolved against the wrongdoer.”[11] In this context, “wrongdoer” simply means the breaching party; no level of culpability or misconduct is required.[12]
Although there does not appear to be any case law on this subject, a valid argument can be made that the RWI carrier, which effectively stands in the shoes of the breaching party for purposes of recovery under an RWI policy, should be subject to this same “wrongdoer rule.” This would have the effect of the insured’s being in the same position against the RWI carrier as it would be in pursuing a claim against the seller that had committed the R&W Breach in question.
The wrongdoer rule is not a universal solvent requiring all uncertainty regarding the quantum of damages to be resolved in favor of the nonbreaching party, but only uncertainty arising from the R&W Breach of the breaching party.[13]
c. Need for Effect Post-Acquisition
With respect to proof that the insured suffered a diminution in value of the target business as a result of the R&W Breach in question, consideration should be given to whether the shortfall in EBITDA or in projected cash flows actually would have occurred after the Acquisition even if the R&W Breach in question had never occurred. In a lost customer case, for example, this consideration would include any evidence, known at the time of breach, that the customer would likely have been lost, or reduced its purchases of products or services from the target business, in the near term after the Acquisition anyway.[14]
3. Avoidability
The issue of avoidability[15] can arise with respect to DIV Damages in at least three ways:
a. Avoided Costs
The avoided costs principle requires that DIV Damages take into account costs that can be avoided which are associated with earning lost revenues.[16] This is relevant in calculations such as determining the deemed effect of the loss of a customer on Measurement Period EBITDA or on projected cash flows for the target business.
b. Mitigation by Reducing Loss
Mitigation requires that the target or the insured take or avoid actions after the Acquisition to reduce the amount of loss that would otherwise be suffered. Because DIV Damages are calculated based on the parties’ expectations ex ante (“before the event”),[17] and because the R&W Breach is deemed to have occurred when the representations and warranties were made (as of signing of the Acquisition Agreement, as of closing of the Acquisition, or both), these types of mitigation activities can only be taken after the Acquisition to reduce the amount of loss deemed to be applicable to the Measurement Period (such as by trying to reduce the amount of expenses incurred after the Acquisition that relate back to the Measurement Period in the case of DIV Damages calculated using an MOE Methodology).
c. Mitigation by Replacing Lost Business, Subject to the Lost Volume Seller Principle
Mitigation also requires that the target or the insured take actions after the Acquisition to replace revenues that would otherwise have been lost. However, a contract damages principle known as the “lost volume seller” may come into play. In simple terms, unless the target is capacity-constrained, sales of products or services to new customers or additional sales to existing customers are treated as additive to those suffered as a result of the R&W Breach, and therefore they are not considered replacement for the lost revenues.[18] For example, if the target has lost a customer and can add a new customer after the Acquisition, and it would have been able to provide products or services to both the lost customer and the new customer, then the target and the buyer are entitled to both, and the addition of the new customer does not replace the old customer.
As to either type of mitigation, only reasonable efforts to try to mitigate are required, and the costs of those efforts incurred by the target or the insured are typically covered Loss.[19]
4. No Windfall
Although identified as a separate and independent limitation under Delaware M&A contract damages law, the “no windfall” limitation is often treated in the case law as an additional reason not to award, or to limit the amount of, damages by reason of one of the proof requirements described in Part III of this article or one of the other limitations described above.[20]
Other Considerations in Pursuing DIV Damages With Respect to an RWI Policy Claim
In addition to the requirements and limitations described in this article, a number of other considerations can come into play in pursuing DIV Damages with respect to an RWI Claim, including the following:
1. Check the RWI Policy and the Acquisition Agreement First
It may seem obvious, but any evaluation of whether an insured is entitled to recover DIV Damages under an RWI policy should start with an examination of the RWI policy and the Acquisition Agreement in question. Each should be examined to determine that it does not operate to prohibit recovery of DIV Damages under the RWI policy and, preferably, that one or both of them affirmatively permit recovery of DIV Damages. Although affirmative coverage is preferable, silence on the issue is acceptable under applicable Delaware M&A contract damages law.[21]
2. Can an RWI Claimant Recover Both DIV Damages and Out-of-Pocket Damages?
Generally speaking, the answer is yes, a claimant can recover both DIV Damages and out-of-pocket damages resulting from the same R&W Breach.[22] For example, in the case of DIV Damages calculated using an MOE Methodology, if the target or the seller failed to pay or take into account an expense that it should have paid or taken into account during the Measurement Period and such failure is the subject of an R&W Breach, and the target or the buyer is required to bear that expense after the Acquisition as a recurring loss, then the insured should be able to claim both the out-of-pocket damages suffered by virtue of the target’s or the buyer’s having to pay that expense and the DIV Damages resulting from the deemed reduction in Measurement Period EBITDA caused by treating that expense as if it had been incurred during the Measurement Period.
At least two countervailing arguments can be made that the claimant would thereby be entitled to a:
Double Recovery: A double recovery in respect of the same R&W Breach—for example, recovering both DIV Damages and a purported working capital shortfall required to earn the lost revenue represented by the DIV Damages—may not be permitted.[23]
Recovery in Excess of Purchase Price: Recoveries of loss in respect of the same R&W Breach that would be calculated so as to exceed the purchase price paid for the target business by the buyer may or may not be permitted.[24]
3. Should Post-Acquisition Actions or Omissions by the Target or the Insured Be Taken Into Account in Evaluating DIV Damages?
Generally speaking, the answer is no, post-Acquisition actions or omissions by the target or the insured should not be taken into account in evaluating DIV Damages. As noted above, DIV Damages are generally evaluated based solely on the parties’ expectations ex ante,[25]and thus post-Acquisition actions or omissions would not be within those expectations.[26]
That said, there are exceptions to this general rule, principally:
post-Acquisition mitigation, as discussed above;[27]
post-Acquisition events that go to the no windfall limitation;[28]
post-Acquisition actions or omissions that serve to confirm (rather than prove) a determination involved in evaluating DIV Damages, such as whether a diminution in Measurement Period EBITDA is recurring in nature, what the parties’ reasonable expectations were ex ante,[29]or whether the target or the insured has acted consistently with the insured’s position that the target business suffered a diminution in value as a result of the R&W Breach in question.[30]
4. Does a Seller or an RWI Carrier Have to Put Forward a Competing Calculation of DIV Damages?
Generally speaking, the answer is no, a seller or an RWI carrier does not have to put forward a calculation of DIV Damages that competes with the calculation put forward by the buyer/insured. Under M&A damages law, the burden is on the buyer/insured to establish its damages. That said, Delaware M&A damages law cases have often unfavorably noted that the seller did not put forward a competing calculation of damages in adopting the buyer’s calculation.[31]
The question of whether or not to put forward a competing calculation of DIV Damages is a real dilemma for a seller or an RWI carrier:
Risk of Putting Forward: On the one hand, putting forward a competing calculation runs the risk of being interpreted as having accepted the other side’s position that R&W Breach and Loss have been proven, and more importantly that DIV Damages are merited, in at least the amount set forth in the competing calculation, no matter how strongly and articulately the competing calculation is put forward as an argument in the alternative.
Risk of Not Putting Forward: On the other hand, not putting forward a competing calculation runs the risk of the seller’s or RWI carrier’s missing its best chance to challenge the other side’s calculation, and more importantly, opening itself up to the other side’s taking advantage of the absence of a competing valuation, based on the type of adverse findings set forth in the case law described above.
Conclusion
Because of the potential magnitude of DIV Damages, an evaluation of whether or not an RWI claimant is entitled to recover DIV Damages as a result of an R&W Breach and, if so, the amount of such DIV Damages, can be the most critical aspect of an RWI claim. This is so even if the claimant is ultimately unsuccessful, in part or in whole, in pursuing the DIV Damages since it still “raises the stakes” for the RWI carrier.
That said, a weak or poorly supported claim for DIV Damages can be detrimental to an insured’s RWI claim if it reduces the insured’s credibility with the carrier with respect to the rest of the RWI claim. As a result, a firm understanding of the relevant M&A damages law, and the tactics and strategy, involved in pursuing DIV Damages can be critical to the success of the insured with respect to its overall RWI claim.
Practice Tips for Attorneys for Insureds
In the RWI policy claim assertion phase, consider the following actions:
Present a claim for DIV Damages with credible and convincing evidence of the shortfall in Measurement Period EBITDA and the validity of the multiple, or of the loss of projected cash flows, as the case may be, and have the forensic accounting firm or valuation firm participate in that presentation.
Propose a meeting, actual or virtual, with the RWI carrier and its advisors to walk through the evidence supporting the DIV Damages claim, particularly any spreadsheets included in the presentation.
Continue to have the target and the insured avoid any action or omission calling into question any material element of the DIV Damages.[32]
This article is the fourth in the RWI Practice Insights series by John T. Capetta.
The author of this article thanks his colleagues Mark Gregory and Aria Antonopoulos, and his guide as to all things private equity and valuation related, Doug Karp of private equity advisory firm Pacific Partners, for their contributions to this article and to this series of articles.
This article focuses on buyer-side RWI policies and U.S. law (principally Delaware case law). For purposes of this article:
DIV Damages are a form of expectation damages in which the amount of the damages is the difference between (i) the value of the target business as represented to the buyer, almost always the purchase price paid for the target business by the buyer, and (ii) the value of the target business after giving effect to the diminution in the target business resulting from a breach of the Acquisition Agreement representations and warranties (“R&W Breach”) or from fraudulent misrepresentation or deceit regarding the target business.
Although there are other methods to calculate DIV Damages, this article focuses on those calculated by using either (i) in the case of a multiple of EBITDA methodology (“MOE Methodology”), (a) an actual or deemed shortfall in the EBITDA of the target business for a specified measurement period (“Measurement Period EBITDA”) caused by the R&W Breach or the fraudulent misrepresentation or deceit, times (b) the multiple applied by the insured to the Measurement Period EBITDA in determining the purchase price to pay for the target business; or (ii) in the case of a discounted cash flow methodology (“DCF Methodology”), the loss of future cash flows and of terminal value over a specified period caused by the R&W Breach or the fraudulent misrepresentation or deceit, discounted to present value by the application of a discount factor.
The period of time for which the historical EBITDA is measured in an MOE Methodology and the period of time for which the projections used in a DCF Methodology are included are each referred to in this article as the Measurement Period.
As used in this article:
the term Loss has the definition set forth in the RWI policy;
the term Acquisition Agreement includes stock purchase agreements, merger agreements, asset purchase agreements, and other types of business combination agreements by which a buyer acquires a target business from a seller;
the term Acquisition refers to the business combination contemplated by the Acquisition Agreement;
the term the buyer and the term the insured are often used interchangeably;
the term target and the term target business are used interchangeably;
the term R&W Breach also includes a claim under an RWI policy with respect to a tax indemnification provision in the Acquisition Agreement; and
the phrase without required disclosure by the seller refers to a failure by the seller to make a disclosure to the buyer even though required to do so by a representation and warranty in the Acquisition Agreement.
“Expectation damages” are also sometimes referred to by courts as expectancy damages.
Although relevant M&A damages law regarding DIV Damages may apply with respect to fraudulent misrepresentation or deceit (each a tort) regarding the target business as well as an R&W Breach (a breach of contract), DIV Damages with respect to an RWI claim can only be asserted for an R&W Breach and therefore will always be subject to M&A contract damages law. However, note in this regard the argument described in Footnote 3 of Part III of this article with respect to an R&W Breach in the form of a claim under the tax indemnity provision in an Acquisition Agreement. ↑
The Restatement (Second) of Contracts identifies foreseeability, certainty, and avoidability as limitations on contract damages, but not a “no windfall” limitation. However, Section 351(3) of the Restatement sets forth the following as a type of additional limitation: “A court may limit damages for foreseeable loss by excluding recovery for loss of profits, by allowing recovery only for loss incurred in reliance, or otherwise if it concludes that in the circumstances justice so requires in order to avoid disproportionate compensation.” Restatement (Second) of Contracts § 351(3) (A.L.I. 2024). “Delaware courts have often looked to the Restatement (Second) of Contracts as persuasive authority for interpreting basic contract principles . . . .” Thompson St. Cap. Partners IV, L.P. v. Sonova U.S. Hearing Instruments, LLC, No. 166, 2024, 2025 WL 1213667 (Del. Apr. 28, 2025). However, it does not appear that any Delaware case has cited to Section 351(3) as a basis for limiting M&A contract damages. ↑
The preeminent commentator in the United States with respect to M&A contract law generally, and to the confusion surrounding the meaning of the term “consequential damages” specifically, is Glenn D. West, a retired M&A and private equity partner at Weil, Gotshal & Manges. West has written a series of articles on the meaning of that term and the often-unintended consequences of waiving its applicability in an Acquisition Agreement. See, e.g., the following articles authored or co-authored by West:
For an M&A lawyer, West’s articles are the gold standard and essential to practicing M&A law knowledgeably. ↑
See, e.g., Taylor Precision Prods., Inc. v. Larimer Grp., Inc., No. 15-CV-04428, 2023 WL 6785802, at *4 (S.D.N.Y. Oct. 13, 2023); Powers v. Stanley Black & Decker, Inc., 137 F. Supp. 3d 358, 386 (S.D.N.Y. 2015). Although there appears not to have been a case under Delaware M&A contract damages law explicitly holding that DIV Damages are direct damages, as opposed to consequential damages, all of the Delaware M&A contract damages law cases involving DIV Damages discussed in this article seem to assume that they are direct damages (i.e., damages that may fairly and reasonably be considered arising naturally from the R&W Breach in question). See, e.g., Cobalt Operating, LLC v. James Crystal Enters., LLC, No. 714, 2007 WL 2142926, at *29 (Del. Ch. July 20, 2007), aff’d, 945 A.2d 594 (Del. 2008) (unpublished table decision). ↑
SIGA Techs., Inc. v. Pharmathene, Inc., 132 A.3d 1108,1130–31 (Del. 2015). Although SIGA is not a DIV Damages case, it is a Delaware Supreme Court case that speaks authoritatively on certain principles of Delaware contract damages law, such as certainty, the wrongdoer rule, and the use of post-breach information. ↑
In re Dura Medic Holdings, Inc. Consol. Litig., 333 A.3d 227, 262 (Del. Ch. 2025) (“The law does not require certainty in the award of damages where a wrong has been proven and injury established. Responsible estimates that lack m[a]thematical certainty are permissible so long as the court has a basis to make a responsible estimate of damages.”) (footnotes and internal quotation marks omitted); NetApp, Inc. v. Cinelli, No. 2020-1000, 2023 WL 4925910, at *24 (Del. Ch. Aug. 2, 2023). ↑
SeeNetApp, 2023 WL 4925910, at *24; Great Hill Equity Partners IV, LP v. SIG Growth Equity Fund I, LLLP, No. 7906, 2020 WL 948513, at *20 and *23 (Del. Ch. Feb. 27, 2020). See also Taylor, 2023 WL 6785802, at *5. In each of the foregoing cited cases, the court rejected a buyer’s claim for DIV Damages based, at least in part, on a lack of certainty:
NetApp: In NetApp, after setting forth the principles of Delaware M&A contract damages law regarding certainty, Vice Chancellor Will went on to state: “Nonetheless, the court cannot award damages based on speculation or conjecture. An award of expectation damages presupposes that the plaintiff can prove damages with reasonable certainty.” NetApp, 2023 WL 4925910, at *24 (footnotes and internal quotation marks omitted). Vice Chancellor Will then went on to reject the buyer’s claim for loss of synergistic value as being speculative. Id. at *24–26. A few notes regarding NetApp and Vice Chancellor Will’s rejection of the buyer’s claim for DIV Damages in the form of loss of synergistic value:
Lack of Proximate Cause as Well: As discussed in Part III of this article, Vice Chancellor Will also found that the buyer’s claim for loss of synergistic value lacked the requisite proximate causal relationship with the R&W Breach and fraud asserted by the buyer. Those two findings—lack of certainty and lack of proximate cause—were interrelated in NetApp, and often are interrelated when a claim for DIV Damages is rejected.
Nomenclature: The standard that Vice Chancellor Will applied in NetApp and that the Delaware courts generally apply in rejecting a claim for DIV Damages is “speculation or conjecture,” meaning “too uncertain.” While it is tempting to write or say “too speculative or conjectural,” that is not the standard used for the certainty limitation.
Great Hill: In Great Hill, as discussed in Footnote 24 of Part III of this article, Vice Chancellor Glasscock rejected the buyer’s claim for DIV Damages primarily on the basis that there was a lack of proximate cause between the DIV Damages asserted and the R&W Breach and fraud that the buyer had been able to establish at trial regarding the threatened termination of the relationship between payment processor PayPal and the target company Plimus.
Lack of Certainty as Well: In addition to the lack of proximate cause, Vice Chancellor Glasscock described a lack of certainty regarding the buyer’s assertion of DIV Damages.
Intertwining: Unlike NetApp, in which Vice Chancellor Will set out in separate sections the lack of proximate cause and the lack of certainty, in Great Hill Vice Chancellor Glasscock intertwined the lack of proximate cause and the lack of certainty in one section.
Use of One Quarter of EBITDA as the Measurement Period: On a side note regarding certainty, in Great Hill, Vice Chancellor Glasscock also drew attention to the issue of whether the buyer’s reliance on a multiple of just one quarter of EBITDA was nonspeculative. See Great Hill, 2020 WL 948513, at *21 n.266 (“This assumes that it is non-speculative to base the damages for the loss of the PayPal relationship on a multiple of Q4 2011 EBITDA. I do not reach the question of whether such a snapshot approach to damages is reliable here.”).
Taylor: In Taylor, applying New York M&A damages law, Judge Carter of the United States District Court for the Southern District of New York rejected the second of the buyer’s two claims for DIV Damages based on a lack of certainty.
Allowed First Claim for DIV Damages: The first claim for DIV Damages was with respect to an undisclosed fall-off in the sale of stock-keeping units (“SKUs”) to two of the target business’s largest customers, Target and Walmart.
Disallowed Second Claim for DIV Damages: The second claim for DIV Damages tried to leverage that fall-off in sales of SKUs to two customers into a claim for an overall fall-off in the target business.
Disallowed Use of Reduced Multiple: The Taylor case appears to be unique with respect to the buyer’s calculation of its second claim for DIV Damages, which was based on a proposed reduction of the multiple that the buyer had applied to the portion of the target business other than to Target and Walmart.
Lack of Responsible Estimate: In rejecting that second claim for DIV Damages, Judge Carter stated as follows regarding certainty: “While the law does not require damages to be calculated with mathematical precision, they must be capable of measurement based on known reliable factors without undue speculation. . . . While the Court acknowledges that it is ’reasonably certain’ that Plaintiff would have lowered its growth expectation for the Business had it known of the lost SKUs, Plaintiff has not provided a ‘stable foundation for a reasonable estimate’ of such damages as required by New York law.” Taylor, 2023 WL 6785802, at *5.
See, e.g., SIGA, 132 A.3d 1108, at 1131; Dura Medic, 333 A.3d 227, at 262–63; Taylor, 2023 WL 6785802, at *4. Cf. NetApp, 2023 WL 4925910, at *25 (“Resolving uncertainty against [the seller by virtue of the wrongdoer rule] does not relieve [the buyer] of its burden to present expectation damages that are not speculative.”) (footnote omitted). Note that NetApp involved a buyer trying to obtain the difference between a synergistic value for the target business and the value without such synergies, based on a DCF Damages methodology, rather than the difference between the purchase price it paid for the target business and the value of the target business after taking into account a shortfall in Measurement Period EBITDA, based on a multiple of EBITDA methodology. In NetApp, because the buyer was trying to recover a loss of synergistic value, DIV Damages based on a multiple of EBITDA methodology would not have achieved that result (i.e., because the Measurement Period EBITDA would not have taken post-Acquisition synergies into account). Although the principal focus of the damages analysis in NetApp was on the Chancery Court’s rejection of synergistic damages, the Court did award DIV Damages (but using a multiple of revenues rather than of EBITDA) to the buyer in a much smaller amount. Id. at *29. ↑
Cf. SIGA, 132 A.3d 1108, at 1131 (“SIGA is correct that the trial court did not have unbridled authority to dress up punitive damages as expectation damages by importing the willfulness of the breach into the damage award. And it is not every contract case where the court should assess the bona fides of the breaching party. But in a case about expectation damages caused by breach of a Type II agreement, where the wrongdoer caused uncertainty about the final economics of the transaction by its failure to negotiate in good faith, willfulness is a relevant factor in deciding the quantum of proof required to establish the damages amount.”) (footnote omitted). For a discussion of the “no fault” nature of M&A contract damages generally, and exceptions thereto with respect to certain types of covenant breaches, see Theresa Arnold, Amanda Dixon, Madison Whelan Sherrill, Hadar Tanne, & Mitu Gilati, The Cost of Guilty Breach: Willful Breach in M&A Contracts, 62 B.C. L. Rev. I-32 (2021). In a sense, the “upgrading” of a contractual R&W Breach to the tort of fraud, with the resulting exposure to punitive damages and other enhanced remedies, can be viewed as a way to “punish” a breaching party for an R&W Breach accompanied by “fault.”
In Surf’s Up Legacy Partners, LLC v. Virgin Fest, LLC, No. N19C-11-092, 2024 WL 1596021 (Del. Super. Ct. Apr. 12, 2024), Delaware Superior Court Judge Wallace made reference to the possibility of a plaintiff’s recovering punitive damages based on a contractual breach, even in the absence of the commission of a tort such as fraud. Id. at *23 n.287 (“Punitive damages may be appropriate for egregious cases of willful and malicious breach of contract. [T]his Court has phrased the test for punitive damages in breach of contract cases in various ways . . . [t]he import of these cases suggests that punitive damages may not be awarded for breach of contract unless the intentional breach is similar in character to an intentional tort. . . . Virgin Fest has failed to prove malice or willfulness in those actions—or that such actions effectively equate to torts.”) (citations and internal quotation marks omitted). The Surf’s Up case appears to be an outlier among the DIV Damages cases under Delaware law with respect even to the possibility of punitive damages for an R&W Breach, and the cases cited by Judge Wallace in Footnote 287 of Surf’s Up were all Delaware Superior Court cases (not Delaware Chancery Court cases, arguably having greater precedential value, or Delaware Supreme Court cases). Whether “contractual breach punitive damages” would be recoverable under an RWI policy is beyond the scope of this article, and in the first instance would be an issue under the RWI policy’s definition of “Loss” and the wording of any exclusion applicable to punitive damages. ↑
See, e.g., SIGA, 132 A.3d 1108, 1132 (“Where uncertainty could not be traced to SIGA’s breach, the Court of Chancery did not resolve the uncertainty against SIGA. . . . The court did not apply the wrongdoer rule to resolve all uncertainty against SIGA, where SIGA’s breach was not the cause of the lack of information.”) (footnote omitted); NetApp, 2023 WL 4925310, at *25 (“[T]he pervasive uncertainty in the Combined Projections is not a result of [the target company’s] misrepresentations; it is due to NetApp making optimistic predictions about the unknown. Whether NetApp would deliver on its prognostications depended on how NetApp operated the combined entity—a matter squarely in NetApp’s hands.”) (footnote omitted); Great Hill, 2020 WL 948513, at *23 (“The uncertainty of damages here, if attributable to any party, is attributable to the Plaintiffs. They could have, but did not, provide a non-speculative way to quantify damages from the loss of PayPal.”) (footnote omitted). ↑
Another justification for not awarding DIV Damages to an insured with respect to a customer that would have been lost, or that would have reduced its purchases of products or services from the target business regardless of the R&W Breach, is the lack of proximate cause between the R&W Breach and the Loss. ↑
Two notes regarding avoidability:
Avoided Costs as Element of Calculation: Avoided costs as a reduction to DIV Damages is arguably more an element of the calculation of the amount of DIV Damages than it is an example of the avoidability limitation on contract damages.
Consequence of Failure to Mitigate as Element of Calculation: Although mitigation is often referred to as a “duty,” it is actually simply an element of the calculation of recoverable damages. In other words, the only adverse consequence arising from a failure to comply with the “duty to mitigate” is a reduction of recoverable damages, not a separate liability in respect of the failure.
See, e.g., Neri v. Retail Marine Corp., 30 N.Y.2d 393 (N.Y. 1972); Dura Medic, 333 A.3d 227, at 260 (“The [Buyers] could not ‘mitigate’ the damages from the lost customers by obtaining new customers. The Buyers could only mitigate their losses from the two customers by cutting expenses or somehow convincing the customers to come back.”). See alsoRestatement (Second) of Contracts § 347, cmt. f (A.L.I. 2024). ↑
See, e.g., Dura Medic, 333 A.3d 227, at 260 (“The Sellers bore the burden of proving that the Buyers failed to mitigate damages by not using reasonable efforts to reacquire [the lost customers]. The Sellers failed to meet their burden.”) (footnotes omitted), and at 260 n.58 (“A non-breaching party need not hazard undue risk, burden, or humiliation in mitigating costs and damages. Mitigation is subject to a rule of reasonableness . . . .”) (quoting W. Willow-Bay Ct., LLC v. Robino-Bay Ct. Plaza, LLC, 2009 WL 458779, at *8 (Del. Ch. Feb. 23, 2009)). Although there are Delaware contract damages law cases that address recovery of costs expended by a nonbreaching party in attempting to mitigate damages, see, e.g., Wise v. Western Union Telegraph Co., 181 A. 302, 305 (Del. Super. Ct. 1935); Katz v. Exclusive Auto Leasing, Inc., 282 A.2d 866, 868 (Del. Super. Ct. 1971), the RWI policy itself will often provide for recovery of reasonable costs incurred in attempting to mitigate losses by treating such costs as covered Loss under the RWI policy, in some cases even if the efforts to mitigate are unsuccessful. ↑
See, e.g., NetApp, Inc. v. Cinelli, No. 2020-1000, 2023 WL 4925910, at *23 (Del. Ch. Aug. 2, 2023) (the court determined that the buyer’s synergistic valuation of the target business was speculative and not sufficiently certain, and was not limited to losses that were proximately caused by the R&W Breach, and also found that the buyer’s damages expert’s “conclusion would deliver a windfall to [the buyer].”), and at *27 (“awarding [the buyer] damages in excess of the purchase price would amount to a windfall”) (citing Paul v. Deloitte & Touche, LLP, 974 A.2d 140, 146 (Del. 2009) (“breach of contract damages should not provide a ‘windfall’ to the plaintiff”)). ↑
See Interim Healthcare, Inc. v. Spherion Corp., 884 A.2d 513, 549 (Del. Super. Ct. 2005) (“The Court first considers whether the plaintiffs’ expectancy damages claim is legally viable in the context of this highly negotiated contract between two sophisticated parties. Clearly, the Agreement does not expressly contemplate expectancy damages; they are nowhere mentioned or even insinuated in the contract. The sole remedy for breach identified in the Agreement is indemnification . . . . Here, although the Agreement does not specifically provide for expectancy damages, it also does not specifically exclude them. Accordingly, if other remedies (including expectancy damages) are factually viable, then they are legally viable as well.”) (footnote omitted).
Even though, as discussed in Part I of this article, DIV Damages are not actually “multiplier damages,” it is still better to avoid an argument that the term “multiplier damages” precludes DIV Damages, particularly those calculated using an MOE Methodology.
RWI policies have evolved in many ways since they were first introduced in the United States more than two decades ago. One of those ways is that some general exclusions have been omitted and some made more insured-friendly. In the early days, some RWI carriers included in their RWI policies an exclusion with respect to multiple of EBITDA damages and the like. (For a discussion of how such exclusions may have arisen from D&O policy exclusions regarding the multiple portion of multiplied damage awards, such as in the case of antitrust treble damage awards, see Michael Gill & Frank Mascari, Confusion Reigns: Applying the Multiplied Damages Exception in Representations and Warranties Insurance Policies, Bloomberg L. (Jan. 24, 2016).) Over time, RWI carriers were persuaded to give up such an exclusion and let their RWI policies be silent on the issue, thus following applicable law instead, such as the Cobalt line of cases. As a result, modern RWI policies should not contain such an exclusion. ↑
See, e.g., Cobalt Operating, LLC v. James Crystal Enters., LLC, No. 714, 2007 WL 2142926, at *30 (Del. Ch. July 20, 2007), aff’d, 945 A.2d 594 (Del. 2008) (unpublished table decision) (buyer awarded indemnification for free airtime credits provided to advertisers after the Acquisition, in addition to DIV Damages, in respect of the R&W Breach and fraud by the seller). Section 347 of the Restatement (Second) of Contracts explicitly recognizes this by providing that: “Subject to the limitations stated in §350-53, the injured party has a right to damages based on his expectation interest as measured by (a) the loss in the value to him of the other party’s performance caused by its failure or deficiency, plus (b) any other loss, including incidental or consequential loss, caused by the breach, less (c) any cost or other loss that he has avoided by not having to perform.” Restatement (Second) of Contracts § 347 (A.L.I. 2024). See Vici Racing, LLC v. T-Mobile USA, Inc., 763 F.3d 273, 293 (3d Cir. 2014) (paraphrasing § 347 of the Restatement (Second) of Contracts). ↑
But cf. In re Bracket Holding Corp. Litigation, No. N15C-02-233, 2020 WL 764148, at *3–4 (Del. Ch. Feb. 7, 2020) (“Defendants claim that the damages awarded are an impermissible double recovery based on the alleged inflated purchase price and shortfall in working capital, reflecting that the jury double count[ed] working capital. . . . However, . . . the jury . . . would have been free to . . . calculate the damages to include the amount [the buyer] overpaid for the [target] plus the shortfall in the working capital.”), rev’d on other grounds, Express Scripts, Inc. v. Bracket Holdings Corp., 248 A.3d 824 (Del. 2021). ↑
For example, if a target had lost all of its customers prior to the Acquisition without required disclosure by the seller, the DIV Damages would equal the entire purchase price. To then compensate the buyer as well for out-of-pocket damages it suffered after the Acquisition in connection with the same R&W Breach would entitle the buyer to damages greater than the purchase price it had paid.
Cf. NetApp, 2023 WL 4925910, at *26–27 (in addition to being speculative and not all being the proximate result of the R&W Breach and fraud in question, “awarding NetApp [synergistic] damages [of $37.7 million] in excess of the purchase price [of $35.0 million] would amount to a windfall.”). ↑
See SIGA Techs., Inc. v. Pharmathene, Inc., 132 A.3d 1108, 1133–34 (Del. 2015) (“The Court of Chancery recognized that post-breach evidence could be used in order to aid in its determination of the proper expectations as of the date of the breach, but relied on such evidence sparingly. According to the court, it also limited the use of such evidence to the parties’ expectations, and in all other respects determined that the post-breach evidence was irrelevant to measure expectation damages at the time of the breach. We find after reviewing the record that the Court of Chancery properly limited the use of post-breach evidence to confirm its conclusions as to the parties’ reasonable expectations at the time of breach, or used the evidence to adjust the damages award in SIGA’s favor.”) (footnotes and internal quotation marks omitted). See also, e.g., Taylor Precision Prods., Inc. v. Larimer Grp., Inc., 2018 WL 4278286, at *33 (S.D.N.Y. Mar. 26, 2018) (“Because contract damages are measured at the time of the breach[,] inquiry into the performance of [the acquired] assets and market conditions in the months following the acquisition is improper, as evidence subsequent to the breach may neither offset not enhance [buyer’s] general damages.”) (citations and internal quotation marks omitted). ↑
See the subsection above titled “Avoidability” in the section titled “Limitations on Damages.” For a discussion of avoided costs and of the types of mitigation activities a jilted buyer was found by the court to have taken after a failed Acquisition, seeWaveDivision Holdings, LLC v. Millennium Digital Media Systems, L.L.C., No. 2993, 2010 WL 3706624, at *24 (Del. Ch. Sep. 17, 2010). ↑
See, e.g., NetApp, 2023 WL 4925910, at *27 (“Just four months after closing, NetApp decided to end-of-life [target company] Cloud Jumper’s VDI product. NetApp never attempted new sales of Cloud Jumper software, even though the product performed as expected. It retained Cloud Jumper’s existing customers, intellectual property, and personnel. The Cloud Jumper engineering team was moved to develop a new VDI product within Spot—another (significantly larger) company acquired by NetApp. In such circumstances, awarding NetApp damages in excess of the purchase price would amount to a windfall.”) (footnotes omitted).
A situation that highlights the use of post-Acquisition evidence in support of the no windfall limitation is a termination threat by a major customer or supplier of the target business without required disclosure by the seller, which otherwise might have resulted in a DIV Damages claim, but for the fact that the customer or supplier did not terminate, or even adversely change the pricing of, its relationship with the target business post-Acquisition. Without the use of such post-Acquisition evidence, the buyer of the target business could arguably make out a claim for DIV Damages on the basis that if it had known of the termination threat pre-Acquisition, it would have reduced its purchase price for the target business accordingly, if the basis for such a claim were only the buyer’s reasonable expectations ex ante. ↑
SIGA, 132 A.3d 1108, at 1133 (“the [C]ourt [of Chancery] could consider post-breach evidence when determining the reasonable expectations of the parties before or at the time of the breach.”) (footnote omitted). See, e.g., S.C. Johnson & Son, Inc. v. DowBrands, Inc., 294 F. Supp.2d 568, 588 (D. Del. 2003) (“[T]he Court finds the fact that SCJ did not make any sales of DowBrands’ products in Latin America from the date of closing until the end of its fiscal year which was five months later and that they sold less than $1 million in bags and wraps in Latin America seventeen months after closing persuasive.”), rev’d on other grounds, 111 F. Appx. 100 (3d Cir. 2004). ↑
See, e.g., Great Hill, 2020 WL 948513, at *23 n.284 (“Because I find that the Plaintiffs have failed to meet their burden with regard to the damages methodology, I do not reach the Defendants’ contentions that Plimus’s downturn was not as severe as suggested by Great Hill and that explanations exist for any downturn other than the allegations lodged by Great Hill. Indeed, Great Hill’s own annual report for 2011 noted that Plimus’s Q4 2011 EBITDA declined primarily due to 25 incremental hires necessary to support Plimus’[s] anticipated growth.”) (internal quotation marks omitted). ↑
See, e.g., Cobalt Operating, LLC v. James Crystal Enters., LLC, No. 714, 2007 WL 2142926, at *29 (Del. Ch. July 20, 2007), aff’d, 945 A.2d 594 (Del. 2008) (unpublished table decision) (the seller ”Crystal did not provide its own valuation evidence”); Surf’s Up Legacy Partners, LLC v. Virgin Fest, LLC, No. N19C-11-092, 2024 WL 1596021, at *23 (Del. Super. Ct. Apr. 12, 2024) (the seller “has failed to provide any valuation of [the target business]—besides the transaction price—that could warrant providing less than what the indemnification cap maximally allows.”). ↑
For those who have read this far and still may be wondering, the first part of the title of this article is taken from an old Woody Allen joke, which goes as follows: “Some guy hit my fender the other day, and I said unto him, ‘Be fruitful and multiply.’ But not in those words.” ↑
Three nearly simultaneous actions of the Federal Trade Commission (“FTC”) in September confirmed its intentions with respect to employee noncompetes. In the first two related actions, the FTC indicated it will not defend its 2024 rule banning virtually all worker noncompetes and will instead focus on efforts to rein in the use of “unfair and anticompetitive” noncompetes. The FTC’s third action notified the public of its intent to accomplish its goals, at least in part, through a wide-ranging request for the public to identify employers using noncompetes, followed by targeted enforcement actions.
Specifically, on September 4, 2025, the FTC voted 3–1 along party lines to approve a complaint against the largest pet crematorium in the U.S. and a settlement of that action that bans the company from using noncompete clauses in many of its employment agreements. The complaint alleges that, in 2019, the pet cremation company and its subsidiary adopted a policy requiring noncompete agreements for all newly hired employees, which typically barred the employees from working in the pet cremation industry anywhere in the U.S. for one year after their departure. According to the FTC’s complaint, the only employees not subject to noncompetes are those working in California, which has a statutory prohibition on such restrictions.
The complaint emphasized the fact that the noncompetes were imposed on employees regardless of (1) their responsibilities, compensation levels, or skills, and (2) even in the absence of a nearby operational facility. The FTC also pointed out that, in one instance, employees were required to enter into noncompetes only to have the facility at which they worked closed and their employment terminated within weeks. Commissioner Rebecca Slaughter, who was briefly reseated pursuant to a court order, dissented: “one-off enforcement is no substitute for the FTC’s meaningful, marketwide noncompete rule that will protect workers across the country.”
The settlement with the FTC bars noncompete agreements except in limited circumstances. Specifically excluded from the noncompete prohibition are those entered into by directors, officers, or senior employees, in conjunction with the grant of equity or equity interests. Further, the settlement does not prohibit noncompete agreements in conjunction with the sale of a business, provided that individuals subject to restriction have a pre-existing equity interest in the business being sold. Notably, the settlement also bars employee agreements restricting employees from soliciting customers, except those current or prospective customers with whom the employee had “direct contact or personally provided service” in the last twelve months.
The FTC’s second action, also on September 4, was to issue a Request for Information Regarding Employer Noncompete Agreements in an effort to identify “which specific employers continue to impose noncompete agreements.” The request is not aimed at studying the use of worker restrictions and does not seek information from employers wanting to justify their use of noncompetes; instead, it is focused solely on gathering information about employers that are currently using noncompete agreements. For example, it seeks the employer names, job functions, and salaries of those workers covered, scope of restrictions (e.g., geography, duration), enforcement practices, harm to employee mobility (e.g., moving and legal costs, lost higher wages, etc.), lost opportunity to start new businesses, harm to rival employers, and loss of innovation. The request specifically calls for information about instances where noncompetes have harmed health care workers. Among the most interesting is a request for the names of employers that use nonsolicitation or nonrecruitment agreements limiting former workers from working with former customers or former employees.
The third action, filed the following day, was the FTC’s unopposed motions to dismiss both its Fifth and Eleventh Circuit appeals of the two district court decisions holding that the agency’s rule banning worker noncompetes exceeded the FTC’s authority.[1] By dismissing these appeals, the agency has acceded to the vacatur of the final Non-Compete Clause Rule. The vote to abandon the defense of the rule was 3–1 along party lines. Commissioner Slaughter dissented on the basis that the rule received overwhelming support in the form of 25,000 supportive comments out of the approximately 26,000 total comments received. She was also critical of the majority’s decision to simply drop the defense of the rule instead of allowing for a public notice and comment period:
The law does not permit the agency to void this popular rule under cover of darkness by simply withdrawing from litigations. The law requires that we hear from the American people. In absence of that legally required process, the action the Commission takes today should not hamper the agency in the future.
Whether or not the FTC followed the correct process, this administration will not defend the 2024 noncompete ban. This means the Northern District of Texas decision, which universally vacated the FTC’s noncompete rule, and the Middle District of Florida decision, which preliminarily enjoined the FTC’s enforcement of its rule against the named plaintiff there, as well as the conflicting Eastern District of Pennsylvania decision, which refused to enjoin the FTC rule, all remain on the books without appellate court review.
Although the FTC acknowledges that noncompetes can serve “valid purposes in some circumstances,” it is also concerned with the impact on workers of the often knee-jerk reliance on the clauses. These FTC actions and the agency leadership’s statements make clear that the agency intends to discourage the blanket use of worker noncompetes, hopes to use the public to relatively quickly identify such employers, and intends to take action against “the worst offenders [to] restore fairness to the American labor market.” The FTC could issue cease-and-desist letters, or it could go so far as to launch burdensome investigations and pursue administrative or federal court lawsuits under the FTC Act. However, the FTC has been consistent in its stance that noncompetes in the context of sale of business agreements are subjected to substantially less scrutiny.
Employers considering the use or continued use of noncompetes should evaluate all potentially applicable state laws. These state laws have changed rapidly and may include minimum compensation thresholds, notice periods, garden leave requirements, maximum time limitations, and other similar requirements. In addition, to mitigate FTC Act risks, firms should, at a minimum:
document the justifications for their noncompetes;
limit their use to employees with job responsibilities relevant to those justifications;
narrow the restrictions in terms of geography, timeframe, and types of later employment;
consider the use of less restrictive options, such as nondisclosure and nonsolicitation agreements and, where possible, use less restrictive alternatives; and
where less restrictive alternatives are not sufficient, document why they are not adequate.
Firms should also be aware that the Department of Justice and the FTC remain concerned with agreements among companies not to solicit or poach each other’s employees. Companies using no-poach agreements should consider the same factors above.
Ryan, LLC v. FTC, No. 24-10951 (5th Cir.); Properties of the Villages v. FTC, No. 24-13102 (11th Cir.). ↑
Connect with a global network of over 30,000 business law professionals
