Navigating AI M&A transactions in today’s rapidly evolving M&A landscape

10 avril 2024 | Myron A. Mallia-Dare, Brandon Meyer, Amanjot Saral

( Disponible en anglais seulement )

With global M&A activity having faced significant headwinds throughout 2023, buyers and investors seeking opportunities in the technology industries found refuge in critical technology subsectors – particularly, artificial intelligence (“AI”). Despite global tech M&A volume having fallen roughly 50% in 2023 on a year over year basis, the aggregate value of global AI M&A transactions grew in 2023 by over 20% compared to the year prior. As recessionary fears wane and interest rate decreases are expected to materialize in 2024, M&A activity in the AI sector is posed to continue its run with force.

In various sectors, organizations are rapidly investing in and acquiring AI software companies to enhance value and broaden their capabilities. AI companies offer notable advantages due to their ability to swiftly scale operations with minimal capital investment, ensuring operational efficiency. However, companies leveraging AI also present distinct challenges and unprecedented risks. Buyers, ranging from private equity funds to strategic and tech-savvy acquirers, must not only recognize these risks but also enlist the guidance of advisors experienced in acquiring companies with AI solutions (« AI companies ») to structure transactions in a manner that mitigates risk and maximizes value. These risks are particularly pronounced for AI companies employing cutting-edge technology or operating in highly regulated industries, such as FinTech, RegTech, biomedical solutions, digital health devices, or autonomous vehicles.

This article will highlight five key AI-specific issues to consider when acquiring an AI company and offer strategies to mitigate these risks. Screening for such AI-related concerns will supplement the standard considerations typical of ordinary acquisitions. As with any acquisition, buyers must thoroughly assess all aspects of the target company’s operations, encompassing employment practices, tax implications, commercial agreements, and any specific issues arising from the acquisition (e.g., regulatory scrutiny of the transaction).

1. Target Company IP Rights

In the realm of AI enterprises, having clear ownership or sufficient rights to utilize all critical intellectual property (“IP”) is imperative. IP forms the foundation of AI business activities. Without unequivocal ownership rights, a company faces the peril of third-party infringement assertions, posing existential threats to its business viability and profitability.

Buyers should initially identify the essential IP assets and AI solutions fundamental to the target company’s operations. Subsequently, they must ascertain whether the target holds exclusive ownership or possesses adequate rights to utilize the IP and AI solutions incorporated into its operations or offered in its products and services. This entails verifying that any entities involved in the development of the target company’s IP and AI—such as employees, contractors, service providers, or research institutions—have duly assigned and transferred all relevant rights to the target company. Buyers should meticulously scrutinize databases maintained by the relevant administrative bodies, such as the Canadian Intellectual Property Office, and conduct thorough IP searches. This diligence ensures that the target company is the rightful owner of any registered IP and that there are no encumbrances from third-party interests registered against the IP.

In instances where the target company does not possess outright ownership of the underlying IP, buyers must assess the extent of ownership and the terms governing the target company’s utilization of the IP. This includes evaluating any associated risks relating to potential IP infringement claims that could be levied against the target company.

In the context of AI companies utilizing employees or independent contractors to develop their AI solutions, it becomes imperative to ensure that the company has obtained waivers of moral rights and consents from these third-party contributors. Moral rights afford creators of original works, protected under copyright laws, specific rights to their creations, independent of formal registration. In Canada, moral rights cannot be transferred or licensed; rather, they must be explicitly waived.

The incorporation of open-source software by the target company carries inherent risks. This encompasses obligations for the company to disclose, free of charge, the source code of any software or program integrating the open-source software. Prospective buyers should contemplate enlisting a third-party evaluator to scrutinize the target company’s source code, given the substantial risks at hand. Such an audit aids in comprehending any potential open-source challenges or infringements on third-party intellectual property associated with AI ventures.

2. Ownership and Voting Structure Information

During the launch and initial phases of growth, diverse investors may obtain equity in a company. Yet, early-stage enterprises often grapple with maintaining precise corporate records, which can pose challenges during the acquisition process. Hence, buyers must meticulously discern the identities of the target company’s shareholders and the attendant rights they hold, which could significantly influence the acquisition. These rights might encompass voting privileges or dissolution rights linked to specific share classes or investors.

Emerging and rapidly expanding firms frequently employ options or warrants to motivate both internal stakeholders (e.g., employees, board members, and contractors) and external counterparts (e.g., lenders, strategic allies, and key clients) to support their growth through investment endeavors. Consequently, buyers must scrutinize the terms and vesting schedules of any options, warrants, or convertible securities (if issued) by the target company, as these factors could impact future control and ownership.

The buyer must also ensure all appropriate shareholders approve of the share purchase transaction or agree to sell their shares (pursuant to the articles or shareholder’s agreement). A thorough examination of the target company’s minute books and relevant agreements, such as shareholder agreements, becomes imperative to grasp the company’s ownership and voting framework comprehensively. Additionally, scrutinizing the chain of share ownership is vital for buyers to ascertain the identity of each shareholder and confirm their authorization to transfer shares to the buyer.

3. Data Rights and Use of Personal Information

For AI companies, data and quantitative metrics often serve as pivotal value drivers. Prospective buyers must strive to gain a comprehensive understanding of how the target company leverages data and its corresponding data practices, with a particular focus on contractual obligations pertaining to data collection, usage, and transfer. This examination should encompass an assessment of the target company’s policies regarding personal information, ensuring adherence to relevant laws, including data protection and intellectual property regulations, and securing necessary consent for data transfer and utilization where applicable. Comprehensive scrutiny should extend to all privacy policies and internal data handling procedures employed by the target company. Verifying the adequacy of consents for data usage is essential in mitigating associated risks.

In scenarios where the target company’s data practices involve the handling and processing of personal data, buyers must ascertain the relevant legislation and evaluate whether the target has established protocols that align with all applicable data protection and privacy laws, as well as any existing third-party agreements.

Given the potential complexities and costs associated with rectifying data misuse issues, buyers must possess a clear comprehension of the target company’s data practices. It is imperative to confirm the target’s compliance with regulatory requirements and contractual obligations concerning data usage. Non-compliance on the part of the target company could present significant challenges, potentially necessitating consent from relevant third parties to rectify.

In cases where the proposed transaction entails a transfer of data ownership, buyers must ensure that the target company possesses the requisite rights and consents for such transfer. Failure to secure appropriate consent could result in the target company breaching its contractual obligations and facing subsequent liability.

4. Regulatory Risk and Life Cycle Issues

During the initial phases of software development, AI companies typically concentrate on crafting products that fulfill specific functional criteria. However, in this pursuit, these entities may overlook the regulatory obligations imposed on themselves and their clientele. This oversight can occur when a solution initially tailored for a particular industry or jurisdiction is later offered to customers operating in different regulatory environments. Regulations are constantly evolving, therefore products and services must be monitored and continually updated to reflect these changes to avoid regulatory offences.

Buyers must verify that the target company’s AI aligns with the legal and regulatory requirements applicable to all involved parties. Additionally, they should anticipate potential legal changes to ensure the longevity of the AI solution and prevent unforeseen regulatory breaches. Failure to meet regulatory standards could expose the target company to substantial liabilities from customers, third parties, and governmental entities.

Beyond regulatory compliance, the dynamic nature of disruptive AI solutions necessitates considering the life cycle of the target company’s AI solution. In conjunction with legal and financial due diligence, cyber diligence efforts should assess the scalability, functionalities, and growth potential of the AI solution slated for acquisition in the M&A transaction.

5. Addressing the Risk

Upon identifying issues, buyers should assess the feasibility of mitigating these risks and how they can be addressed. Depending on the gravity of the issue, the target company might have the capacity to rectify concerns before the closing of the deal. Buyers may opt to tackle identified issues pertaining to the AI solution through the representations and warranties outlined in the share purchase agreement.

In instances where issues cannot be rectified pre-closing, such as concerns surrounding the utilization of open-source software in the target company’s products or services, buyers are advised to negotiate a reduction in the purchase price to reflect the assumed risk and the anticipated cost of post-closing remedies. Additionally, buyers may contemplate securing a specific indemnity to address known issues and consider withholding a portion of the purchase price, which can be utilized to offset losses stemming from identified issues post-closing. The parties involved may also explore restructuring the transaction to alleviate associated risks.

Certain issues, such as significant infringement of third-party intellectual property or non-compliance with privacy laws, may not be possible to address prior to closing. Consequently, buyers must weigh the potential reputational risk of proceeding with the transaction without resolving such concerns.

6. Cybersecurity

Ensuring data security is paramount in safeguarding a business’s assets and operations. A breach in data integrity can inflict severe damage on a company’s worth. Unauthorized access to confidential business data or sensitive customer information has the potential to cause significant financial losses and tarnish the company’s reputation, thereby impacting credibility and revenue streams. Cybersecurity due diligence, commonly referred to as « cyber diligence, » serves as a proactive measure to mitigate the risk of future data breaches, regulatory penalties, and privacy infringement litigations.

Engaging in cyber diligence is advantageous for buyers as it allows for a comprehensive review of a target company’s cybersecurity practices, identification of potential vulnerabilities, and preemptive measures to address cybersecurity risks before they materialize into threats. Furthermore, cyber diligence should meticulously evaluate the sensitivity or value of stored data and monitor any gaps in data security protocols. The criticality of data dictates the necessity for stringent security measures. Engaging cybersecurity experts may be necessary to assess the adequacy of security measures and identify vulnerabilities within the system. Buyers should also scrutinize the target company’s cyber response plan to ascertain its readiness in managing, mitigating, or resolving cyber threats should they arise.

Conclusion

The points discussed in this article are by no means an exhaustive list of all issues relating to M&A where the target has developed or incorporated AI solutions. The aim here was to highlight certain unique challenges inherent in the AI landscape. The issues identified should be closely monitored and thoroughly assessed during the due diligence phase of any transaction. Based on the findings, it is advisable to address these concerns in the share purchase agreement. This approach not only safeguards the interests of buyers but also facilitates an accurate valuation of the target company. By incorporating and mitigating risks through adjustments in the purchase price, this strategy helps mitigate liability and prevents potential intellectual property infringement claims.

Engagement of legal counsel well-versed in AI solutions and experienced in AI M&A transactions is crucial for both buyers and sellers. Such expertise ensures comprehensive protection of their respective interests throughout the transaction process.