A company’s reputation when it comes to open source software (OSS) and license compliance can have significant impacts on its relationships with customers and partners. As Mark Radcliffe, a partner in the Silicon Valley office of DLA Piper specializing in IP and open source, explains, “For people who license software, how companies treat OSS has now become one of the biggest issues, in part because there are not very good standards right now.”
Heather Meeker, a partner in the Silicon Valley office of O’Melveny & Myers specializing in copyright and open source, adds, “Once you become a serious company, you have to have compliance processes. For example, if you want to sell a product to a customer, the customer these days may very well ask you to disclose what your open source usage is and will definitely ask you to undertake an indemnity for any violation of open source licenses that happens in the course of you providing the product. If you can't show that you have been responsible about compliance, customers may very well refuse to deal with you.”
Non-Compliance Can Slow, Devalue, or Break Deals
Similar to business relationship risk, open source non-compliance can negatively impact a company’s ability to obtain funding or complete transactions, like mergers and acquisitions (M&As). According to Meeker, “When you go to get an investment round or you go to get an exit, your open source position will be examined. At that time, an audit will be done and they'll look into the processes you're using internally. If you can't pass muster on those elements, then it's going to slow down deals, devalue deals, or occasionally break deals.”
The potential impact of non-compliance on those relationships increases as companies get bigger. While non-compliance at early-stage companies may go unnoticed in many circumstances, “these issues definitely come home to roost when you do corporate transactions,” says Meeker. “A lot of companies can fly under the radar before then, but they won't be able to do it once they have a serious business.”
As Heather Meeker further explains, the most common result when there is rampant open source non-compliance in an M&A deal is that an audit is performed, problems are identified, and the target company must figure out remedies if it wants the deal to close. Those remedies can be included in post-closing covenants or as closing conditions, depending on the degree of the non-compliance or the risk appetite of the acquiring company.
As M&As Heat Up in the 2020s, So Does OSS License Compliance
Given the uncertainty in current market conditions, M&A activity can be expected to increase rapidly for the foreseeable future. With the expansive nature of open source, now estimated by Gartner in its 2019 Software Composition Analysis Report to account for up to 90% of every piece of software, OSS license management inherently redefines the scope of the risk companies must evaluate when considering an M&A.
In order to remove any friction from an M&A, both the target and acquiring companies must be prepared to do a thorough and speedy audit and deliver comprehensive reports and documentation on their open source license compliance as part of the technical due diligence process. So we’ve put together an infographic of seven straightforward steps to follow for M&A due diligence. By focusing on the full lifecycle of the software and the sync up between the target and acquirer, from confidentiality to onboarding, these seven steps not only help unblock any oncoming M&A, but also remove friction from downstream activity.
