The acquisition of a tech start-up is one of the most complex forms of business transactions. Unlike the purchase of a traditional company—where value lies predominantly in tangible assets—the value of a tech start-up rests to a great extent on intellectual property, the technical team, the user base, and contractual relationships. Legal due diligence in this context is not a formality: it is the foundation on which the value and price of the acquisition are built.
This text is for informational purposes only and does not replace individual legal advice.
Why Is Tech Due Diligence Different?
In the acquisition of a tech start-up, a buyer faces risks that do not exist in classic M&A (mergers and acquisitions) transactions. It can happen that a company does not hold clean ownership of its source code because the developers who wrote it did not sign appropriate agreements for the assignment of rights. Or that key employees—without whom the product cannot function—are free to leave the day after the acquisition. Or that the software uses open-source components under a licence that restricts commercial use.
Each of these scenarios can radically alter the value of a transaction or render it entirely undesirable. The purpose of legal due diligence is to identify these risks before the transaction closes.
Intellectual Property Review: The Core of Tech Due Diligence
Intellectual property is typically the most valuable asset of a tech start-up. Due diligence in this area covers several levels:
Code ownership: Who wrote the source code? Have all developers—employees, freelancers, outsourcing agencies—signed agreements that clearly assign all proprietary copyright to the company? Particular attention is given to code written by co-founders during the period before the company was formally incorporated.
Patents and trade marks: Does the company hold registered patents or trade marks that form part of its brand value? Registration, validity, and the geographic scope of protection are verified, as are any disputes with third parties.
Open-source analysis: Commercial software almost always uses open-source libraries. All open-source (OSS) components must be identified and their licence terms reviewed—in particular GPL and AGPL licences, which may impose an obligation to publish the entire codebase.
Confidentiality and non-compete agreements: Have key employees and former employees signed NDAs (non-disclosure agreements) and non-compete agreements that protect the company’s trade secrets after their departure?
Compliance with Data Protection Regulations
Tech start-ups typically process significant volumes of users’ personal data. The key regulatory frameworks are the GDPR (General Data Protection Regulation, Regulation (EU) 2016/679) and, for the processing of data in Serbia, the Law on Personal Data Protection (Official Gazette of the Republic of Serbia, No. 87/2018) (Serbian: Zakon o zaštiti podataka ličnosti — ZZPL), which is substantially aligned with the GDPR. Data protection due diligence verifies:
- Whether a valid and up-to-date privacy policy exists
- The legal basis on which users’ data is processed
- Whether DPA (Data Processing Agreement) agreements have been concluded with all data processors
- Whether any data breaches or complaints to the supervisory authority have been reported
- How transfers of data outside the EU are governed (Standard Contractual Clauses or equivalent)
GDPR non-compliance discovered after the transaction closes becomes the buyer’s problem. Subsequent fines and remediation costs can be substantial.
Review of Key Contracts and Contractual Risks
The review of contractual documentation covers several categories:
Client agreements: Are there limitations of liability? What are the SLA (Service Level Agreement) obligations and what are the penalties for breach? Do any agreements contain change-of-control clauses permitting termination in the event of an acquisition?
Supplier and provider agreements: Agreements with cloud infrastructure providers (AWS, Azure, GCP), SaaS tools, and API providers. It is particularly important to verify whether these services can be transferred to a new owner without the provider’s consent.
Licence agreements: All licences the company uses or grants to third parties must be reviewed to identify potential obstacles or obligations that the buyer will assume.
Employment Law Aspects and Retention of Key Talent
The value of a tech start-up often depends directly on a small number of key individuals. Due diligence must establish:
- The employment law status of all persons contributing to the company (employees, service contracts, freelancers) and the risks of misclassification
- Whether key employees are bound by vesting agreements that incentivise them to remain after the acquisition
- Any outstanding obligations to employees (unpaid wages, unused annual leave)
- The existence and content of retention bonuses or equity packages for key people
The loss of key technical talent immediately after an acquisition is one of the most common reasons for the failure of tech M&A transactions.
Frequently Asked Questions (Q&A)
How long does legal due diligence for a tech start-up take? The duration depends on the size and complexity of the company and on how well-organised the documentation is. For an early-stage start-up with clear documentation, the process typically takes two to four weeks. For larger companies with complex structures, a period of six to twelve weeks is not unusual. The seller’s transparency and an organised data room significantly accelerate the process.
Who bears the costs of due diligence? As standard practice, the costs of due diligence are borne by the buyer. The seller bears the costs of preparing the documentation and engaging its own advisers. This is a negotiating position that can be modified, but a buyer who does not conduct due diligence assumes disproportionate risks.
Is due diligence also conducted in the case of a minority investment? Yes. Even in the case of a minority investment, the investor should understand the condition of the company in which it is investing, particularly with regard to intellectual property and contractual obligations. The scope of due diligence can be scaled to the size of the investment.
What if issues are discovered during due diligence? Discovered issues can lead to: renegotiation of the price (price adjustment), conditioning the transaction on the resolution of specific matters before closing, excluding certain risks from the transaction (carve-out), or, in the final analysis, withdrawal from the transaction. Due diligence does not mean that the transaction cannot close—it means that it closes with a full understanding of what is being acquired.
Conclusion
Legal due diligence in the acquisition of a tech start-up protects the buyer from overpaying for assets encumbered by hidden risks. Particularly in the areas of intellectual property and data protection, problems discovered after the transaction closes can be many times more costly than the cost of adequate pre-transaction due diligence.
Our team combines expertise in corporate law, intellectual property, and data protection—a necessary multidisciplinary framework for any tech M&A transaction.
Schedule a consultation to find out how we can help ensure your acquisition rests on solid legal foundations.
Sources: – https://www.lexology.com/library/detail.aspx?g=2e65c01b-c192-411a-8280-9942a5a07c72 – https://www.investopedia.com/terms/d/duediligence.asp – https://www.dlapiper.com/en/insights/publications/techlaw-blog/2021/05/due-diligence-in-tech-ma – https://gdpr-info.eu/ – https://www.paragraf.rs/propisi/zakon_o_zastiti_podataka_o_licnosti.html