Intellectual property due diligence is a structured investigation of a target company's IP assets, IP risks, and IP-related obligations, conducted as part of the broader due diligence process in an acquisition, merger, investment, or licensing transaction. Its purpose is to verify that the IP rights the target claims to own or have the right to use are actually owned or licensed, are in good standing, are free of encumbrances, and have the value attributed to them in the deal. IP due diligence is relevant in any transaction where IP is a material component of the target's value, which in the current technology and brand-intensive commercial environment means most transactions above a de minimis size.
The scope of IP due diligence varies with the nature of the transaction and the IP profile of the target. A technology company's patent portfolio requires different investigation than a consumer brand's trademark registrations, and the IP implications of a software product acquisition differ from those of a manufacturing business with process patents. The starting point is always an IP audit: a structured inventory of all IP assets claimed by the target, covering trademarks, patents, registered designs, copyrights, trade secrets, domain names, and software.
The most fundamental question in IP due diligence is ownership: does the target actually own the IP it claims to own? Ownership is frequently more complex than it appears. IP developed by employees is typically owned by the employer under employment law, but only if the development occurred in the course of employment and the employment contracts contain adequate IP assignment provisions. Freelancers and contractors who develop IP do not automatically assign that IP to the commissioning company: a written assignment is required. IP developed in collaboration with academic institutions, research partners, or joint venture partners may be jointly owned or subject to licence restrictions. If the chain of title is unclear or there are gaps in written assignments, the acquirer may be acquiring less than expected.
Patent ownership should be verified against the official register in each relevant jurisdiction: the legal owner is the registered owner, and discrepancies between the register and the target's internal records need to be resolved. For trademark portfolios, ownership and renewals should be verified at EUIPO, BOIP, and the relevant national offices. Domain names should be checked in WHOIS databases to confirm registrant details align with the target's ownership claims.
Even validly owned IP may be subject to restrictions that affect its value in the transaction. Exclusive licences granted to third parties may limit the acquirer's ability to use the IP in the way intended. Security interests or pledges over IP may need to be discharged on completion. Change of control provisions in licence agreements may require licensor consent to the transaction or may terminate the licence on change of control. Open source software incorporated into a target's products may impose licence obligations (including copyleft requirements) that affect the target's freedom to operate.
In-licence agreements should be reviewed to identify their scope, term, exclusivity, sublicensing rights, and any conditions or limitations that affect the acquirer's post-transaction use of the licensed IP. Out-licence agreements should be reviewed to assess whether they create any restrictions on the acquirer's use of the target's own IP and whether any exclusivity provisions limit the commercial value of the portfolio.
The most common issue is incomplete assignment of IP developed by contractors and freelancers. Companies routinely commission work (website development, software modules, design work, marketing content) without obtaining written IP assignments from the contractors who created the work. Under most European laws, the default rule is that the creator of a work owns the copyright unless there is a written assignment to the contrary. Discovering during due diligence that material IP is owned by a former contractor rather than the target is a significant finding that requires remediation, either by obtaining a retroactive assignment from the contractor or by accepting a risk discount in the transaction value.
Data protection issues in M&A due diligence arise at two levels. First, the due diligence process itself involves the disclosure of personal data about employees, customers, and others to the acquirer, which must be managed in compliance with GDPR. The use of clean rooms, data rooms with controlled access, and anonymisation of personnel data where possible are standard risk management measures. Second, the target's own data protection compliance position is itself a due diligence item: GDPR violations, regulatory investigations, data subject complaints, and inadequate processing records all represent value and liability risks that need to be assessed and, where material, addressed in the deal terms through representations, warranties, and indemnities.
IP warranties and indemnities in acquisition agreements should cover the key IP due diligence findings and any residual risks that were not fully resolved. Standard IP warranties include: the target owns all material IP; the IP is in good standing and not subject to challenge; the target is not infringing any third-party IP; and there are no ongoing disputes, claims, or threatened proceedings involving the IP. For higher-risk areas (such as unresolved ownership questions, known third-party claims, or open source compliance issues) specific indemnities provide more targeted protection than general warranties. The scope, cap, and survival period of IP indemnities should reflect the materiality of the IP to the transaction and the severity of the identified risks.
%402x.svg){kind=icon}
%402x.svg){kind=small}
%402x.svg){kind=icon}
