Tech M&A – what are the key deal risks?

The past 12 months have seen significant changes in the tech M&A market in Australia, driven by digital acceleration, global interest in Australian startups, evolving regulatory considerations and shifting asset prices. Despite macroeconomic uncertainty and a slowdown in leveraged buyouts, M&A activity continues to play a critical role in unlocking value in the tech industry.

The benefits of investing in tech companies are clear: tech fosters innovation and creates new opportunities for investors and strategic acquirers who are seeking growth and financial gain. Tech companies can operate with lean teams and boast scalability with low levels of capital investment.

Less clear are the unique challenges and risks associated with investing in tech companies. This article discusses four key deal risks to consider when investing in tech companies, and how they can be mitigated throughout the transaction process. While not exhaustive, understanding these risks can help mitigate them and maximise value in transactions.

1. Intellectual property (IP)

Intellectual property is crucial to the success and value of a tech company, often underpinning its core products and services (i.e. its proprietary software). This includes a company’s copyright, trade marks, designs, logos, patents, inventions, discoveries, know-how and confidential information.

Investors must ensure the company has clear ownership of, or appropriate rights to use, all IP necessary for its operations. The rapidly accelerating development and use of AI, under current laws not designed to regulate AI, creates uncertainties in both ownership of IP in AI-generated outputs, and potential third-party IP infringement in the use of AI and AI inputs.

Understanding who developed and owns the IP is critical. Confirming that key IP has been developed by employees of the company within the scope of their employment, or has otherwise been assigned to the company, is imperative. Using developer contractors and service providers under informal or inadequate contract terms can create significant gaps in IP ownership. If the IP is not owned by the company, the company needs to have the necessary rights to use it, such as through licensing arrangements. These arrangements should be thoroughly examined to identify any counterparty rights that could affect the use and value of the IP, such as options to acquire or royalty rights.

Key takeaway: Identifying any risks to IP ownership, and of third-party IP infringement, during the due diligence process is essential. This includes examining how the company is using AI. These risks should also be mitigated through deal protections to safeguard value and reduce the risk of third-party infringement claims.

2. Cyber security and data

Recent large-scale data breaches in Australia and globally have highlighted the need for stringent data and cyber security practices. Ignoring these aspects can lead to severe financial and operational consequences, including regulatory penalties, reputational damage, and significant value loss. Investors may also take on liability for significant regulatory penalties for breaches of a target company (such as under the Privacy Act 1988 (Cth)), and the risk of future class actions.

This is particularly important for tech companies, who are increasingly collecting and processing data (including personal information), not just to supply their core technologies, but also for analytics, service improvement and even monetising data as new business lines. Investors must have a clear understanding of the company’s cyber security stance and ensure adequate measures are in place to protect data and systems from theft, loss, or damage, and to recover from cyber incidents. This requires diligent examination of data flows and data governance frameworks, legal and regulatory compliance including consents and notifications, incident response plans and previous data breaches, to identify necessary pre-investment steps. Addressing any deficiencies is essential to safeguarding value.

Key takeaway: Robust data practices and cyber security measures are crucial to reducing the risk of financial loss, operational disruptions, regulatory penalties, and damage to reputation. Ensuring these protections are in place is vital for maintaining and enhancing company value. Investors also need to have a clear understanding of future risks in light of further privacy and cyber security law reforms, which are underway but not yet fully articulated.

3. Regulatory considerations

Mergers of tech businesses can raise complex questions regarding their impact on markets and competitors, which often attracts regulatory scrutiny in multiple jurisdictions. Identifying competition and anti-trust (and other regulatory) issues across multiple jurisdictions early is crucial.

Many investors are also caught unaware by the reach of the ‘foreign government investor’ rules across jurisdictions. For example, in Australia:

• Many financial sponsor buyers require Australian Foreign Investment Review Board (FIRB) approval by virtue of the nature of their upstream investors, regardless of transaction value.
• Investing in tech businesses that handle sensitive data, such as personal information, financial data, or data related to critical infrastructure, can also trigger the requirement of FIRB approval.

Key takeaway: Early identification of regulatory issues, asking the right questions, and having experience with regulators (including FIRB in Australia) are essential for successfully navigating mergers and acquisitions in the tech sector.

4. Corporate structure

Tech companies often have different classes of securities reflecting investments from various sources, such as venture capitalists, private equity firms and angel investors. Additionally, stock options or warrants may be granted to the company’s employees to incentivise their contribution to the company’s growth.

Knowing the corporate structure is crucial for several reasons, including:

• Managing dilution risk: Investors need to assess the potential dilution of their ownership stake due to the issuance of new securities or the conversion of existing securities.
• Investor rights: Different classes of securities may come with varying rights and privileges, such as voting rights, dividend preferences, or liquidation preferences. Understanding these rights is essential for evaluating the potential impact on investment returns and decision-making processes post-acquisition.

Key takeaway: Understanding the corporate structure and securities issued by a tech company is vital for investors, enabling them to manage dilution risk effectively and assess the impact on investor rights.

Other matters to consider

The issues identified above are by no means exhaustive. There are a range of other questions to ask, including:

• Intragroup considerations: If the tech business operates globally, are there intragroup IP use policies or transfer pricing policies in place? If so, are they well-documented and based on arm’s length principles?
• Transitional services arrangements: Are transitional services arrangements required post-acquisition to ensure business continuity? These arrangements should be performed to a pre-closing standard until the parties can operate independently, and include the ability to add omitted services not identified prior to closing.
• Long-term arrangements: What longer-term ongoing arrangements are required post-acquisition? For example, brand “splitting” or co-existence agreements or access agreements.

Addressing the risk

Despite the unique challenges and risks associated with investing in tech companies, many of these can be effectively mitigated throughout the transaction process:

• Pre-close: Many challenges and risks can be addressed with management pre-closing. For instance, if there are issues with the assignment or waiver of IP rights by third parties or employees, the third parties can be required to enter into confirmatory agreements to resolve these issues.
• At close: IP, IT, data and cyber warranties in the sale agreement can complement due diligence findings and be used to allocate risk and seek disclosure. Specific indemnities or price reductions can address serious issues that cannot be mitigated.
• Post-close: Implementing post-acquisition actions, such as migrating or integrating technical assets, along with restrictive covenants, formalising ongoing IP and IT licensing arrangements, and uplifting the company’s data, privacy and cyber security frameworks.

JWS’ specialty in tech M&A

JWS’ particular speciality in tech M&A has attracted some of the most active technology PE/VC funds in Australian and North American markets. This has contributed to JWS completing over 50 technology deals last year and resulted in the firm being named Technology, Media and Telecom M&A Legal Adviser of the Year in the Mergermarket M&A Awards Australia (2023).

Recent transactions include acting for:

• Accel-KKR-owned Humanforce on its successful bid for IntelliHR, an ASX-listed human resources tech platform;
• Acclivis Group-owned Z Software, on the acquisition of Medi-Map, a medication management software company;
• Archer Capital on the sale of illion, a leading consumer and commercial credit bureau in Australia and New Zealand;
• Alpine Investors on its acquisitions of OSINT Combine, NexusXplore and non-profit fundraising platform, Raisely;
• Fireblocks on the acquisition of BlockFold, a blockchain company;
• Insight Partners on its acquistions of Cirrus, a SaaS backup solution for cloud workloads, and NetSuite partner specialising in international Payroll & Employee Centric solutions;
• Kangarootime (a childcare software for early learning) on the divestment and merger of its Australian operations with Juice Technologies;
• Level Equity on its acquisition of SaaS anti-fraud payment protection company, eftSure;
• Potentia Capital on its successful bid for Nitro Software, an ASX-listed company specialising in PDF, eSign and document productivity software, and its successful exit from Newbook, a bookings software company;
• Serent Capital-owned Actionstep, on its acquisitions of legal software businesses, LawMaster and FilePro;
• Spotify in its acquisition of podcast tech platform Whooshkaa; 
• Vector Capital on its acquisition of ActivePipe, a real estate tech offering; and
• Vertica Capital on its investment in Rezdy, a leading independent online booking and distribution platform.

If you have any comments on this article or would like to discuss Tech M&A considerations in further detail, please contact James Rozsa and Helen Clarke.

Important Disclaimer: The material contained in this article is comment of a general nature only and is not and nor is it intended to be advice on any specific professional matter. In that the effectiveness or accuracy of any professional advice depends upon the particular circumstances of each case, neither the firm nor any individual author accepts any responsibility whatsoever for any acts or omissions resulting from reliance upon the content of any articles. Before acting on the basis of any material contained in this publication, we recommend that you consult your professional adviser. Liability limited by a scheme approved under Professional Standards Legislation (Australia-wide except in Tasmania).