Technology-focused deals are driving many of the largest global M&A and strategic transactions—whether digital infrastructure, artificial intelligence (AI), digital services or gaming. The successful execution of these transactions and ultimate success of the business opportunities promised by them, depends on understanding how emerging technology, regulation and market norms are evolving. In this three-part blog series, from an EU and a UK perspective, we will cover: (1) the new regulatory landscape for tech, (2) the evolving antitrust and foreign investment screening environment and (3) recommendations for planning, structuring and executing technology-focused M&A and other strategic transactions.

Tech as a regulated sector

The view that the technology sector is an unregulated “wild west” is well and truly antiquated —the technology sector is increasingly subject to a dizzying array of new requirements. In the EU, this now includes the Digital Markets Act (DMA) (2022), the Digital Services Act (DSA) (2022), the Data Act (2023) and the AI Act (2024). In the UK, the Online Safety Act (2023), Digital Markets Competition and Consumers Act (DMCCA) (2024) and Data (Use and Access) Act (DUAA) (2025) all create new obligations for technology businesses. Executing a technology-focused M&A or strategic deal in this context means not only understanding how to locate the key commercial value in an asset or business model, but also how that value is likely to be impacted by the regulatory environment.

Key regulatory developments

Whilst each technology is different, we see five primary risk areas from a technology-focused regulatory perspective: privacy and cybersecurity, data access and sharing, digital markets, product liability and (of course) AI. Additionally, there’s increasing attention from an antitrust and foreign direct investment perspective, which we cover in part 2 of our blog series (see here).

The table below summarises some key sources of regulation and associated deal considerations. Note — where a technology does not meet relevant standards, the key questions to consider are: (1) can the issue be remediated effectively and efficiently, (2) what is the timeline for doing so, (3) what does good risk allocation look like in the deal (and, in particular, the risk of regulatory fines or action prior to closing) and (4) are there reputational issues that cannot be contractually allocated, but which can otherwise be mitigated or assumed?

Regulatory AreaSourcesValue Impacting Considerations
Privacy and cybersecurityGDPR NIS 2 Cyber Resilience Act DORA (Financial Services)  If the technology involves the large-scale use of personal data, including for the development or application of AI tools to make decisions in relation to individuals, has development and deployment of the technology been done in accordance with legal requirements? The technology may be subject to a range of cybersecurity standards —do the core products/services meet the applicable cybersecurity requirements? Are the cybersecurity and technology practices (including as currently implemented and as may be required by regulation) compatible with the envisaged business model? If not, is there still a deal?
Data access and sharingData Act Data Governance Act European Health Data SpaceAre key sources of data likely to be subject to any requirements of sharing or access, and does that change the value of the potential opportunity? If providing a cloud service, do switching and interoperability rules prevent or limit the intended business model? For example, health sector, cloud and Internet of Things (IoT) / connected device deals require careful analysis of these requirements.
Digital marketsDigital Markets Act Digital Services ActDoes the deal involve the acquisition of a “gatekeeper”? The deal might be subject to notification and additional scrutiny. Does the technology rely on key protections under the DSA? Do content moderation obligations or other obligations (e.g. reporting) apply to the technology, and have the costs and risks of these obligations (e.g., the implementation of appropriate policies and procedures) been factored into the business case?
Product liabilityProduct Liability DirectiveDigital products, including software and AI systems, are subject to an enhanced no-fault liability regime. Are appropriate design controls and procedures in place, along with relevant contract terms for both customers and any third-party suppliers, to mitigate PLD risks?
AIAI Act General Purpose AI Models Code of PracticeHas the technology been developed in compliance with AI Act requirements? Is there a pattern of compliance demonstrated by impact assessments and/or other policies and procedures that provides confidence to any acquirer/counterparty? Is the technology likely to be used in any “high risk” scenario?

Implications for dealmakers

Tech dealmakers in the EU and UK must understand the regulatory landscape, and how any contemplated transaction and intended commercial value will be shaped by it, to properly assess the opportunity and structure transactions.

For example, a proper understanding of the value of a technology business or an asset requires an understanding of the following:

  • Is the technology, in its current or planned form, post-acquisition, subject to regulatory or compliance requirements?
  • Was the technology developed to operate in compliance with regulatory requirements, and, if so, how was compliance achieved? For example, has an AI-focused business been designed to adhere to the requirements of the EU AI Act or GDPR.

In the rest of our series, we will consider key antitrust and FDI issues and then provide practical insights to smoothly structure M&A and other strategic transactions.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Louise Nash Louise Nash

Louise Nash is a corporate partner based in Covington’s London office.

Louise has over 25 years’ experience of global acquisitions and divestitures for multinational companies as well as complex commercial transactions including joint ventures and licensing transactions. Her practice is international, with virtually…

Louise Nash is a corporate partner based in Covington’s London office.

Louise has over 25 years’ experience of global acquisitions and divestitures for multinational companies as well as complex commercial transactions including joint ventures and licensing transactions. Her practice is international, with virtually all transactions upon which she advises having a cross-border dimension, and she has led global restructuring transactions, including both pre-deal separation and post-merger integration projects in over 100 jurisdictions. As such, she has extensive experience of dealing with the challenges presented by complex cross-border projects. She has particular experience in the consumer goods, life sciences, and technology sectors.

Louise has been recognized by leading directories, including as a “Leading Individual M&A: Premium and Mid-Market Deals” by Legal 500, ranked by Chambers for M&A for 16 years, and as “Best in M&A” by LMG Euromoney on several occasions. Louise served an eight-year term on the firm’s Management Committee and currently chairs the firm’s 500-attorney strong Global Technology Industry Group. Chambers reports, “Louise is highly commercial, extremely skilled technically and very responsive. She takes a holistic approach to the relationship and is very proactive at staying in touch.”

Read more about Louise NashEmail
Show more Show less
Photo of Phil Cheveley Phil Cheveley

Phil Cheveley has a broad corporate practice based on international and domestic transactions. He has a wealth of experience advising clients on cross-border and domestic public company takeovers, mergers, acquisitions, and disposals, as well as primary and secondary equity issues.

Phil’s practice spans…

Phil Cheveley has a broad corporate practice based on international and domestic transactions. He has a wealth of experience advising clients on cross-border and domestic public company takeovers, mergers, acquisitions, and disposals, as well as primary and secondary equity issues.

Phil’s practice spans a number of sectors, including financial services, healthcare, and technology.

Phil has consistently been recognized as a leading M&A lawyer in Chambers and Legal 500. He is described in Chambers as “an exceptional M&A practitioner who combines technical expertise, extensive experience, judgement and sharp commercial acumen”, “is brilliant and has a comprehensive grasp of the issues”, and “has that rare ability to balance being an outstanding technical lawyer and a trusted partner”.

Read more about Phil CheveleyEmail
Show more Show less
Photo of Lyndsey Laverack Lyndsey Laverack

Lyndsey Laverack is a partner in the global private equity practice, based in London. Lyndsey focuses her practice on private equity and cross-border M&A. She regularly represents private equity and other investment funds and REITs on transactions in privately held companies, including acquisitions…

Lyndsey Laverack is a partner in the global private equity practice, based in London. Lyndsey focuses her practice on private equity and cross-border M&A. She regularly represents private equity and other investment funds and REITs on transactions in privately held companies, including acquisitions and disposals, control and minority equity investments, and complex joint ventures. Lyndsey has experience across a range of heavily regulated sectors including life sciences and financial services and she has particular expertise with equity investments into both development and standing operational real estate and social infrastructure assets.

Lyndsey is recognized by Legal 500 in the M&A: Upper Mid-Market and Premium Deals category. One client remarked “Lyndsey Laverack is one of the best M&A and private equity lawyers with whom I have ever worked. While her current practice has a focus on corporate real estate, the breadth of her wider experience ensures she is well placed to advise on a wide range of complex corporate and private equity transactions.”

Lyndsey was seconded to KKR Real Estate from February to October 2019.

Read more about Lyndsey LaverackEmail
Show more Show less
Photo of Joshua Gray Joshua Gray

Joshua Gray is a technology and data-focused lawyer with a distinctly international practice combining commercial and regulatory expertise. Joshua excels in assisting clients for deals with no precedent where technology and data are at the heart of the project.

Joshua’s practice includes structuring…

Joshua Gray is a technology and data-focused lawyer with a distinctly international practice combining commercial and regulatory expertise. Joshua excels in assisting clients for deals with no precedent where technology and data are at the heart of the project.

Joshua’s practice includes structuring and negotiating bespoke technology projects, privacy and GDPR, innovative collaborations involving the use of new (and often data-driven) technologies, and other business critical commercial transactions. Joshua provides “product counselling” to clients looking to launch new digital products and services and he routinely supports multi-jurisdictional projects covering areas such as e-commerce, consumer law, media licensing and telecoms.

Joshua otherwise advises on the full spectrum of technology transactions, including IT services agreements, outsourcing, software development and licensing, cloud computing and infrastructure, M&A and joint ventures.

Joshua has deep industry knowledge and experience in the technology, life sciences, digital health, media, telecoms and travel sectors. This experience has been bolstered through client secondments to Illumina Inc, Barclays Bank and du, a leading telecoms operator in the UAE.

Read more about Joshua GrayEmail
Show more Show less
Photo of Claudia Berg Claudia Berg

Claudia Berg is a partner in the London office. Prior to joining the firm, Claudia served as General Counsel of the UK Information Commissioner’s Office (ICO), and as Senior Legal Director for Antitrust Enforcement at the UK Competition & Markets Authority (CMA). 

Claudia…

Claudia Berg is a partner in the London office. Prior to joining the firm, Claudia served as General Counsel of the UK Information Commissioner’s Office (ICO), and as Senior Legal Director for Antitrust Enforcement at the UK Competition & Markets Authority (CMA). 

Claudia advises on all aspects of antitrust law, digital regulation and related litigation. Drawing on her considerable experience at the CMA and the ICO, her practice covers the full range of behavioural issues, merger control, government investigations and litigation, and the intersection of antitrust and privacy law. Claudia has strong experience in the technology and life sciences sectors.

As General Counsel of the ICO from 2021-2024, Claudia headed up the ICO Legal Service, oversaw the ICO’s litigation portfolio, and advised the Information Commissioner and the Board. During her time, she oversaw high-profile investigations into issues ranging from children’s privacy to AI. At the CMA, from its inception in 2014, she led a large team of antitrust attorneys working on the largest and most complex antitrust matters at the CMA, including successfully defending its decisions in the Courts. During Claudia’s tenure, the CMA’s strategic focus was on antitrust issues in the life sciences and tech sectors such as excessive pricing, pay for delay, information exchange, market sharing, multi-party concerted practices, parental liability, and most favoured nation clauses. Claudia worked closely with antitrust authorities in Europe, the US and throughout the world to co-ordinate investigations. She also regularly represented the CMA and the ICO at key international organisations, such as the International Competition Network and the Global Privacy Assembly.

Claudia advises on the critical intersection between antitrust and privacy, counselling clients on digital regulation in Europe (including the EU Digital Markets Act (DMA) and the UK’s Digital Markets, Competition and Consumers Act (DMCC)), data protection, and AI.

Prior to the CMA, Claudia worked at a leading global law firm advising clients on all aspects of EU and UK merger control and conduct issues.

Read more about Claudia BergEmail
Show more Show less
Photo of Ross Evans Ross Evans

Ross Evans is a leading foreign investment controls lawyer, who focuses on helping clients navigate the shifting global landscape of foreign direct investment (FDI) and national security reviews and regulations, and other regimes providing for security and public interest related geopolitical interventions in…

Ross Evans is a leading foreign investment controls lawyer, who focuses on helping clients navigate the shifting global landscape of foreign direct investment (FDI) and national security reviews and regulations, and other regimes providing for security and public interest related geopolitical interventions in corporate, commercial and financial transactions.

His practice covers foreign investment and international trade laws, encompassing FDI, national security and public interest review and approvals, inbound and outbound investment screening, and export control/sanctions matters, alongside related licensing and compliance and internal and regulator-facing investigations.

Ross regularly advises major multinational companies and a broad range of strategic and financial investors. With nearly a decade of global experience managing engagement with UK, EU and international authorities, and a deep understanding of the trade and investment issues connected to critical and strategic assets and technologies, Ross provides strategic and commercial guidance to clients, general counsel and C-suite decision makers, across industries including technology and telecommunications, infrastructure, life sciences, aerospace and defence, engineering, and financial services.

Ross frequently presents on legal developments and trends to industry bodies and trade groups in the United Kingdom and internationally. He has worked in Singapore and Stockholm, and has spent over a year on two separate secondments with a multinational technology company in London and California.

As an elected member of the National Security Committee of techUK, a technology industry trade association, Ross works alongside committee members drawn from the technology and security sector to break down the impact of new law and policy and to advance engagement and understanding between industry and government in the UK. In connection with his expertise in sensitive and emerging technologies, Ross provided industry focused input at the request of the UK Government on drafting secondary legislation and guidance in connection with the UK’s National Security and Investment Act (NSIA).

Read more about Ross EvansEmail
Show more Show less
Photo of Gabrielle Ohlsen Gabrielle Ohlsen

Gabrielle Ohlsen is an associate in the firm’s Technology and IP Transaction Practice Group. Her practice covers a range of commercial contracts involving technology, data and intellectual property. Gabrielle represents clients in a range of industries including technology, digital health and media.

Read more about Gabrielle OhlsenEmail