In this blog post we set out key practical steps for technology-focused deal-making, having regard to the regulatory, antitrust and foreign investment screening issues identified in our earlier blogs here and here.

Key impacts of technology regulation on deal outcomes

The evolving regulatory landscape is having a significant impact on deal outcomes, including (i) longer timelines due to complex regulatory approval requirements; (ii) higher diligence burden, especially around data, AI and ownership transparency; (iii) greater risk allocation pressure in deal terms; and (iv) increased use of creative structures to mitigate regulatory exposure. 

Front-load regulatory mapping

In M&A deals, front-loading the analysis of required regulatory approvals is critical to deal execution and timeline certainty. As discussed in our earlier blogs, this multi-jurisdictional analysis needs to consider antitrust, foreign direct investment, FSR and other regulatory approvals that may be required — and identify potential “red flags” that may impact deal timelines. Red flags may be raised for particular technologies that are most likely to attract regulatory review, e.g. privacy and cybersecurity, data access and sharing, digital markets and (of course) AI technologies. Or the flag may be raised because a particular buyer profile is more likely to be challenged by regulators. Early identification of these issues means that transaction structuring can be optimised to mitigate risks that have the most potential to disrupt deal execution or certainty.   

Diligence

Targeted and risk-focused approaches yield better information

Approaches to diligence need to evolve and be sensitive to relevant risks (including those identified as part of a regulatory mapping exercise). Diligence is essential not just for identifying and mitigating key legal risks, but increasingly to stress-test valuation and forward-looking business projections. It will clearly still be important to identify hidden liabilities, such as unresolved data privacy breaches or non-compliance with customer contracts. But, as the tech regulatory landscape evolves, it is equally as important to question the assumptions that underlie valuations and business models.

For example, if a target relies heavily on monetization of AI technologies, has the technology been developed in accordance with the requirements of the EU AI Act, notably those requiring transparency, documentation, risk management or human oversight? If not, in addition to the potential risk of significant monetary fines, it may be necessary to remediate specific compliance gaps within the target’s AI systems — and that, in turn, may significantly impact future cashflow projections or valuations. Careful collaboration between the business, financial advisers and lawyers will be critical to developing targeted diligence work streams that focus on high-risk issues that may impact deal outcomes. 

Technology

It follows that it is critical to conduct a deep dive into any technology at the core of an M&A or strategic transaction. Depending on the technology at issue, this may include a combination of factors:

Focus AreaDiligence Considerations
AIUnderstanding the model/AI system’s provenance Risk assessment of use cases and mitigations
DataIdentifying key data sources Assessment of legal rights and basis for use Data location (including restrictions on transfer)
CybersecurityImplementation of appropriate policies Clear organisational responsibility and accountability Compliance with relevant standards (NIST, ISO etc). Disclosure of incidents Insurance
ProtectionHave appropriate steps been taken to legally protect the technology (e.g., through patents or the protection of trade secrets)?
Business modelDoes the current and intended business model comply with the legal and regulatory environment? If not, is remediation possible / what is the impact on value?

Deal terms; papering the risk

Deal terms also need to evolve and be tailored to account for the unique issues new technology presents. Whilst each deal is different, the following types of terms should be considered:

  • Tailored representations and warranties that focus on specific areas of risk (e.g., cybersecurity and AI), including with respect to accuracy, ethical use, compliance and localization, as well as assurances that key technologies, products and services have been developed in compliance with new regulatory standards, including any approval requirements. Relatedly, disclosure should be reasonable; it should not unfairly undercut risk allocation resulting from a lack of regulatory compliance approaches.
  • Include targeted risk allocation terms. This means including appropriate indemnities and thinking about fair qualifiers for key risks. For example, a “knowledge” qualification may not necessarily be appropriate for cybersecurity or AI incidents. Similarly, careful consideration should be given to determining an appropriate lookback period for such matters.
  • Stress test “standard” concepts like MAC. A broader approach to defining a MAC event — one which includes cyber incidences and AI bans, along with the relevant consequences — may be appropriate, especially given the new regulatory risks associated with emerging technologies.   
  • Increasingly, complex and nuanced solutions may be required to address the need for regulatory authorisations. For example, we have seen transactions where, clients have proactively negotiated entirely bespoke cybersecurity and source code testing arrangements to pre-empt likely concerns about cybersecurity risk from foreign investment regulators.
  • Structure incentives for compliance and operational support. Consider more detailed interim cooperation covenants that preserve a target’s regulatory posture.  Also, if there are pending regulator authorisations, such as those that may exist under the AI Act, or if ongoing co-operation and support is required to ensure the technology can be used in a compliant manner, consider tying parts of consideration/earn-outs to key approvals and milestones.  Conversely, for targets, consider whether there should be cost caps on mitigation efforts, or whether “hell or high water” obligations should be scoped by jurisdiction.
  • Finally, consider budget and resource planning for pre- and post-closing compliance obligations. As the regulatory landscape evolves, regularly refreshing internal M&A and investment protocols to align with current regulatory realities will be essential to effective deal planning and execution.
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Louise Nash Louise Nash

Louise Nash is a corporate partner based in Covington’s London office.

Louise has over 25 years’ experience of global acquisitions and divestitures for multinational companies as well as complex commercial transactions including joint ventures and licensing transactions. Her practice is international, with virtually…

Louise Nash is a corporate partner based in Covington’s London office.

Louise has over 25 years’ experience of global acquisitions and divestitures for multinational companies as well as complex commercial transactions including joint ventures and licensing transactions. Her practice is international, with virtually all transactions upon which she advises having a cross-border dimension, and she has led global restructuring transactions, including both pre-deal separation and post-merger integration projects in over 100 jurisdictions. As such, she has extensive experience of dealing with the challenges presented by complex cross-border projects. She has particular experience in the consumer goods, life sciences, and technology sectors.

Louise has been recognized by leading directories, including as a “Leading Individual M&A: Premium and Mid-Market Deals” by Legal 500, ranked by Chambers for M&A for 16 years, and as “Best in M&A” by LMG Euromoney on several occasions. Louise served an eight-year term on the firm’s Management Committee and currently chairs the firm’s 500-attorney strong Global Technology Industry Group. Chambers reports, “Louise is highly commercial, extremely skilled technically and very responsive. She takes a holistic approach to the relationship and is very proactive at staying in touch.”

Read more about Louise NashEmail
Show more Show less
Photo of Phil Cheveley Phil Cheveley

Phil Cheveley has a broad corporate practice based on international and domestic transactions. He has a wealth of experience advising clients on cross-border and domestic public company takeovers, mergers, acquisitions, and disposals, as well as primary and secondary equity issues.

Phil’s practice spans…

Phil Cheveley has a broad corporate practice based on international and domestic transactions. He has a wealth of experience advising clients on cross-border and domestic public company takeovers, mergers, acquisitions, and disposals, as well as primary and secondary equity issues.

Phil’s practice spans a number of sectors, including financial services, healthcare, and technology.

Phil has consistently been recognized as a leading M&A lawyer in Chambers and Legal 500. He is described in Chambers as “an exceptional M&A practitioner who combines technical expertise, extensive experience, judgement and sharp commercial acumen”, “is brilliant and has a comprehensive grasp of the issues”, and “has that rare ability to balance being an outstanding technical lawyer and a trusted partner”.

Read more about Phil CheveleyEmail
Show more Show less
Photo of Lyndsey Laverack Lyndsey Laverack

Lyndsey Laverack is a partner in the global private equity practice, based in London. Lyndsey focuses her practice on private equity and cross-border M&A. She regularly represents private equity and other investment funds and REITs on transactions in privately held companies, including acquisitions…

Lyndsey Laverack is a partner in the global private equity practice, based in London. Lyndsey focuses her practice on private equity and cross-border M&A. She regularly represents private equity and other investment funds and REITs on transactions in privately held companies, including acquisitions and disposals, control and minority equity investments, and complex joint ventures. Lyndsey has experience across a range of heavily regulated sectors including life sciences and financial services and she has particular expertise with equity investments into both development and standing operational real estate and social infrastructure assets.

Lyndsey is recognized by Legal 500 in the M&A: Upper Mid-Market and Premium Deals category. One client remarked “Lyndsey Laverack is one of the best M&A and private equity lawyers with whom I have ever worked. While her current practice has a focus on corporate real estate, the breadth of her wider experience ensures she is well placed to advise on a wide range of complex corporate and private equity transactions.”

Lyndsey was seconded to KKR Real Estate from February to October 2019.

Read more about Lyndsey LaverackEmail
Show more Show less
Photo of Joshua Gray Joshua Gray

Joshua Gray is a technology and data-focused lawyer with a distinctly international practice combining commercial and regulatory expertise. Joshua excels in assisting clients for deals with no precedent where technology and data are at the heart of the project.

Joshua’s practice includes structuring…

Joshua Gray is a technology and data-focused lawyer with a distinctly international practice combining commercial and regulatory expertise. Joshua excels in assisting clients for deals with no precedent where technology and data are at the heart of the project.

Joshua’s practice includes structuring and negotiating bespoke technology projects, privacy and GDPR, innovative collaborations involving the use of new (and often data-driven) technologies, and other business critical commercial transactions. Joshua provides “product counselling” to clients looking to launch new digital products and services and he routinely supports multi-jurisdictional projects covering areas such as e-commerce, consumer law, media licensing and telecoms.

Joshua otherwise advises on the full spectrum of technology transactions, including IT services agreements, outsourcing, software development and licensing, cloud computing and infrastructure, M&A and joint ventures.

Joshua has deep industry knowledge and experience in the technology, life sciences, digital health, media, telecoms and travel sectors. This experience has been bolstered through client secondments to Illumina Inc, Barclays Bank and du, a leading telecoms operator in the UAE.

Read more about Joshua GrayEmail
Show more Show less
Photo of Claudia Berg Claudia Berg

Claudia Berg is a partner in the London office. Prior to joining the firm, Claudia served as General Counsel of the UK Information Commissioner’s Office (ICO), and as Senior Legal Director for Antitrust Enforcement at the UK Competition & Markets Authority (CMA). 

Claudia…

Claudia Berg is a partner in the London office. Prior to joining the firm, Claudia served as General Counsel of the UK Information Commissioner’s Office (ICO), and as Senior Legal Director for Antitrust Enforcement at the UK Competition & Markets Authority (CMA). 

Claudia advises on all aspects of antitrust law, digital regulation and related litigation. Drawing on her considerable experience at the CMA and the ICO, her practice covers the full range of behavioural issues, merger control, government investigations and litigation, and the intersection of antitrust and privacy law. Claudia has strong experience in the technology and life sciences sectors.

As General Counsel of the ICO from 2021-2024, Claudia headed up the ICO Legal Service, oversaw the ICO’s litigation portfolio, and advised the Information Commissioner and the Board. During her time, she oversaw high-profile investigations into issues ranging from children’s privacy to AI. At the CMA, from its inception in 2014, she led a large team of antitrust attorneys working on the largest and most complex antitrust matters at the CMA, including successfully defending its decisions in the Courts. During Claudia’s tenure, the CMA’s strategic focus was on antitrust issues in the life sciences and tech sectors such as excessive pricing, pay for delay, information exchange, market sharing, multi-party concerted practices, parental liability, and most favoured nation clauses. Claudia worked closely with antitrust authorities in Europe, the US and throughout the world to co-ordinate investigations. She also regularly represented the CMA and the ICO at key international organisations, such as the International Competition Network and the Global Privacy Assembly.

Claudia advises on the critical intersection between antitrust and privacy, counselling clients on digital regulation in Europe (including the EU Digital Markets Act (DMA) and the UK’s Digital Markets, Competition and Consumers Act (DMCC)), data protection, and AI.

Prior to the CMA, Claudia worked at a leading global law firm advising clients on all aspects of EU and UK merger control and conduct issues.

Read more about Claudia BergEmail
Show more Show less
Photo of Ross Evans Ross Evans

Ross Evans is a leading foreign investment controls lawyer, who focuses on helping clients navigate the shifting global landscape of foreign direct investment (FDI) and national security reviews and regulations, and other regimes providing for security and public interest related geopolitical interventions in…

Ross Evans is a leading foreign investment controls lawyer, who focuses on helping clients navigate the shifting global landscape of foreign direct investment (FDI) and national security reviews and regulations, and other regimes providing for security and public interest related geopolitical interventions in corporate, commercial and financial transactions.

His practice covers foreign investment and international trade laws, encompassing FDI, national security and public interest review and approvals, inbound and outbound investment screening, and export control/sanctions matters, alongside related licensing and compliance and internal and regulator-facing investigations.

Ross regularly advises major multinational companies and a broad range of strategic and financial investors. With nearly a decade of global experience managing engagement with UK, EU and international authorities, and a deep understanding of the trade and investment issues connected to critical and strategic assets and technologies, Ross provides strategic and commercial guidance to clients, general counsel and C-suite decision makers, across industries including technology and telecommunications, infrastructure, life sciences, aerospace and defence, engineering, and financial services.

Ross frequently presents on legal developments and trends to industry bodies and trade groups in the United Kingdom and internationally. He has worked in Singapore and Stockholm, and has spent over a year on two separate secondments with a multinational technology company in London and California.

As an elected member of the National Security Committee of techUK, a technology industry trade association, Ross works alongside committee members drawn from the technology and security sector to break down the impact of new law and policy and to advance engagement and understanding between industry and government in the UK. In connection with his expertise in sensitive and emerging technologies, Ross provided industry focused input at the request of the UK Government on drafting secondary legislation and guidance in connection with the UK’s National Security and Investment Act (NSIA).

Read more about Ross EvansEmail
Show more Show less
Photo of Gabrielle Ohlsen Gabrielle Ohlsen

Gabrielle Ohlsen is an associate in the firm’s Technology and IP Transaction Practice Group. Her practice covers a range of commercial contracts involving technology, data and intellectual property. Gabrielle represents clients in a range of industries including technology, digital health and media.

Read more about Gabrielle OhlsenEmail