Artificial intelligence and open-source considerations in M&A

Artificial intelligence (AI) and open-source software (OSS) have become critical components of modern business, making their evaluation a key aspect of merger and acquisition transactions (M&A transactions).

While these technologies drive innovation and reduce costs, they also introduce unique risks, particularly around intellectual property, compliance and integration. Proper due diligence is essential to ensure that these assets add value, rather than liability, in M&A transactions.

A primary consideration is the ownership and licensing of AI technologies. Target companies relying on AI systems should be able to demonstrate clear ownership of their proprietary algorithms and models or, alternatively, that such target company is licenced to use the same. This includes assessing whether the data used to train these models is proprietary, licensed, or sourced from publicly available datasets, as this impacts data privacy and intellectual property considerations.

It is also crucial to understand whether the target company has either developed or procured the AI system. Depending on the scope of deployment of AI systems, these systems may be at different stages of the AI lifecycle. The acquiring company should consider raising some of the following questions with the target company:

Where do ownership rights in the AI model, training and testing data, and inputs and outputs reside?
Does the target company have mechanisms, such as policies and training, in place to regulate internal usage of the AI systems and to protect the integrity of confidential information, personal information, and sensitive proprietary or corporate information?
Have the relevant AI Terms and Conditions been vetted?
Has an Ethical Impact Assessment been conducted on the AI system?
Has a Privacy Impact Assessment been conducted on the AI system?
Generally, does the AI system comply with applicable laws and internationally accepted standards for the ethical and responsible use of AI?
Will or has the AI system impacted on any jobs and, if so, have the relevant labour law requirements been complied with?
Has the deployment of AI resulted in any tension between job losses and automation and, if so, what reputational impact has this had on the target company?
How is AI governance treated by the target company?
Does the board of directors of the target company have full line-of-sight as to how AI is being deployed and governed?

Some other important AI considerations include:
(i) whether the target company has implemented processes to monitor and mitigate data and algorithmic bias;
(ii) whether the AI system is actively monitored for cybersecurity risks; and
(iii) whether the AI system has been properly audited and accurate audit logs maintained.

Based on the risks identified in the target company’s use of AI systems, the acquiring company should consider including AI-specific representations, warranties and indemnities to bring the identified risk level within the acquiring company’s risk appetite.

While the risks around AI can be mitigated through representations and warranties insurance, the question for acquiring companies always remains whether the acquirer is in the business of purchasing insurance or whether they seek to purchase a company with a functioning AI system.

Understanding the target company’s use of OSS is equally critical. Open-source components often form the backbone of IT systems, but their use is usually governed by various licensing terms, such as General Public Licence (GPL), Apache, or MIT. These terms commonly address, inter alia, patent use, source disclosure, licence and copyright notice, liability, warranties, and trademark use. Non-compliance with such licence terms can lead to legal claims, including requirements to open-source your proprietary code or to renegotiate licensing agreements. Therefore, it is important to understand whether the target company has utilised any OSS software and, if so, whether it has complied with software security and licensing requirements. Identifying and addressing these issues early in M&A transactions is vital to avoid incurring unanticipated costs, either during or post completion of the transaction.

OSS dependencies also introduce operational risks. Acquiring companies should evaluate whether the target company has a clear process for tracking, updating and managing OSS components, such as whether the target company has implemented and maintained an up-to-date Technology Stack List (also referred to as a Software Bill of Materials), documenting which OSS and other technologies have been used or incorporated into other software or systems, and what the applicable licencing terms are.

From a cybersecurity perspective, use of outdated or unsupported open-source libraries can expose the company to security vulnerabilities, allowing hackers to gain unauthorised access to corporate systems or data. Acquiring companies should consider sunsetting any OSS software which is outdated, or mitigating to newer OSS to avoid the cybersecurity vulnerabilities and risks introduced by outdated or unsupported OSS.

Finally, the integration of AI and OSS into the acquirer’s IT infrastructure poses strategic and technical challenges. Differences between the target company and acquiring company’s technology stacks, licensing models and/or licence compliance practices can complicate post-transaction integration. A clear roadmap for harmonising these systems will realise the acquirer’s strategic vision as envisioned by the M&A transaction. Additionally, acquirers should consider how AI and OSS assets align with their broader business strategy to ensure that they deliver long-term value.

AI and OSS introduce both opportunities and risks to M&A transactions and are key components of any credible IT environment. Conducting a comprehensive due diligence on the ownership, licensing, cybersecurity and operational management of AI and OSS technologies, and the extent of their use within the target company, is critical to mitigating risks and maximising the value that can be harnessed by these technologies post transaction completion.

Ridwaan Boda is an Executive and Head of Department and Alexander Powell a Candidate Legal Practitioner in Technology, Media and Telecommunications | ENS.

This article first appeared in DealMakers, SA’s quarterly M&A publication.

DealMakers is SA’s M&A publication.
www.dealmakerssouthafrica.com

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Subscribe

Artificial intelligence and open-source considerations in M&A

LEAVE A REPLY Cancel reply

GHOST BITES (BHP | Capital & Regional – Growthpoint | 4Sight | Prosus / Naspers | South32 | Workforce Holdings)

GHOST WRAP – Five Insights from December 2024

GHOST BITES (African Rainbow Minerals | Anglo American | Curro | Grindrod | NEPI Rockcastle | Redefine)

GHOST BITES (Accelerate | AECI | Bell Equipment | Cilo Cybin | Gemfields | Prosus – Naspers | Thungela)

Short Stories v.05: Ideas for good

DealMakers

Who’s doing what this week in the South African M&A space?

Weekly corporate finance activity by SA exchange-listed companies

Who’s doing what in the African M&A and debt financing space?

Looking ahead: private equity trends in 2025

Subscribe To Our Newsletters