Given AI's hype, asking the 'right questions' will determine risk
With artificial intelligence technology developing at a rapid pace, prospective investors and acquirers must keep in mind the rate of development and the changing legal and regulatory landscape to ensure a focused approach to assessing target companies, says Mark Mahoney, partner with the business law group at Dentons Canada in Toronto.
Asking the “right questions” and understanding the drivers of risk in the AI space can help avoid “unwelcome surprises,” says Mahoney. He is a co-author of recent blog posts on critical factors that lawyers and dealmakers should consider when drafting M&A transaction documents to address unique issues in acquiring an AI company, along with legal questions that prospective investors and acquirers should consider during the due diligence process.
He points out that the artificial intelligence industry has seen rapid growth, raising more than $84 billion in venture financings in 2021 – almost double the amount raised in 2020 - and creating over $166 billion in value through initial public offerings (IPOs) and mergers and acquisitions (M&A). This rate of adoption makes it essential for lawyers working on transactions to educate themselves on unique AI structuring considerations to draft sound transactional documents to protect their clients’ interests.
Says Mahoney: “I’ve certainly heard from a lot of portfolio companies and fund managers [about the] need to get in front of the technology, the changes in the markets, the changes in the regulations to understand how investors are looking at these issues.… With every opportunity comes a high level of risk, and there will be winners and losers. And folks want to understand where those are likely to land.”
The Dentons team contacted AI experts on due diligence concerns to determine what dealmakers must consider. It learned there is a “clear race” to monetize AI technology across all industries, and there will inevitably be “winners and losers in this competition.” The AI companies likely to be the ones most valuable are those that help traditional businesses build their own AI solutions to address their particular needs. This echoes the old Gold Rush adage: “When everybody is digging for gold, it’s good to be in the pick and shovel business.”
Co-author Arik Broadbent, a Vancouver-based Dentons partner with the venture technologies and emerging companies group, says firms across all industries are asking “how AI will disrupt us? They are in the “learning phase,” he adds, looking at whether the technology is going to pan out to be useful for them.”
He adds that those on the “bleeding edge” of technology are active in AI investment or acquisition potential, “but a lot of traditional industries are waiting in the wings.” Still, pressure is building, and there is growing interest in investing in AI to “ensure they have those [AI] capabilities.”
Read next: Considering employees during mergers and acquisitions
Noah Walters, an associate at Dentons whose practice includes venture tech and emerging technology, notes that the “hype cycle” around AI also creates risk because some things being touted as AI predate what today is considered true generative AI.
He adds: “Our goal as lawyers is to ensure that our clients know what they’re buying and help identify the right questions to ask and to make sure what they are getting is truly valuable.”
Mahoney says an important distinction between traditional software companies, which develop platforms tailored to specific industry environments, and AI companies is most notably the value of their respective intellectual property.
A conventional software company’s primary IP asset is the software code it develops to perform certain functions. However, for AI companies, the value is most often in their “data moat”—their ownership of, or exclusive right to, underlying datasets—or the proprietary models developed by the company to manipulate that data.
How an AI company develops and uses these data inputs and outputs “will necessarily have major legal and risk implications” that prospective acquirers and investors must consider.
As for due diligence in AI transactions, Mahoney and the Dentons team offer some advice that prospective acquirers should consider when determining an AI company’s value and risk profile. These include:
Intellectual Property:
· Registered IP: Determine all intellectual property of the target company (filed, registered, in process, or applied for), including patents, trademarks, domain names, copyrights, service marks and applications, and trade names owned by the AI company, including description of items and the jurisdictions where they are registered.
· Non-registered IP: Look for non-patented proprietary information, including trade secrets, processes, and programs.
· Training data: How does the target AI company obtain training data, and what is the type of training data used? Ensure there is a list of all data sources and any licenses obtained by owners of the training data.
· Third-party AI inputs and outputs: Identify the owner or owners of the AI technology and all inputs and outputs. Have the target company provide all contracts that may establish such third-party rights.
· Company AI outputs: Identify the owner of the AI outputs provided to clients or other recipients by the AI company.
Technology Matters
· AI technology: Consider what technology the target company develops or uses, such as machine learning, deep learning or any others that may reasonably be considered AI technology.
· Software development processes: Review the AI company’s general software development processes, policies and procedures.
· Data architecture: Provide an overview of the data architecture, including customer-related ones.
· Bias: Look for evidence of any steps the target AI company took to detect and remediate algorithm biases.
Privacy and data protection
· Policies: All internal and external privacy policies, statements or notices, as well as types of personal information collected.
· Safeguards for personal information: Determine the target company’s internal practices, procedures and systems for dealing with current or past management of personal information, including measures relating to electronic and physical data security, IT systems management and data encryption, retention and destruction.
· Third-party disclosures: Have the target firm disclose agreements with third parties to whom personal information has been disclosed, such as outsourcing agreements, joint alliances or marketing agreements.
· Breaches: Ask for details of any known instances of past or ongoing unauthorized use of or access to the AI company’s AI, including details of any general data security breach in the last two years.
Regulatory matters
· Regulatory approvals: Look for key documents relating to material regulatory approvals for the AI company and copies of any correspondence with any regulator.
· Licenses: Ensure all AI licenses or authorizations and the terms under which such licenses were provided to or obtained by the target company