Software comes in all shapes and sizes, serving a diversity of customers broadened by the internet and strengthened by the onset of generations for whom its application is second nature. Whilst selling a software business will meet unique challenges, there are a number of common threads when considering the legal side. This blog covers a range of topics that, if the seller takes on board, could ensure a buyer’s trust and cooperation when negotiating an agreement.

Selling a Software Business – Intellectual Property Rights

A buyer will want to know that the software owns or has sufficient rights to use all of the material intellectual property rights (IPRs) required to operate the business. If there appear to be issues or uncertainties with the chain of titles for any key software products, the first solution should be to obtain an assignment or confirmatory assignment from the relevant employees or consultants who may own such rights. If this is not possible, particularly in the case of former consultants and ex-employees, indemnities might be the only way to satisfy a buyer.

When selling a software business, if the software uses licenced-in IPR’s i.e. any IPR’s that the business uses under licence from a third party, then it would be prudent to carry out reviews of the licences to ascertain the extent of the rights granted. A buyer may well wish to establish if the licences provide the necessary rights to enable them to sub-licence these rights to their customers.

Open source software (OSS) code is software code that is like any other except that it is provided under a licence (usually free of charge) which grants certain freedoms to the licensee. Companies such as BlackDuck offer tools that can search through the source code of products to highlight whether they incorporate OSS. Once all the uses of OSS have been identified, the seller should go about satisfying any IPR uncertainties or should expect to grant warranties / indemnities to the buyer.

Selling a Software Business – Existing Customers

When selling a software business, a buyer is going to want to assess the revenues of your business, the reliability of such revenue and risks involved with providing services to each customer. Issues likely to arise in customer contracts include:

  • Limits and exclusions of liability.
  • Post-contract services such as maintenance and support obligations.
  • Termination rights – whether through an explicit change of control clause or termination periods, or by unclear drafting in the contract. Much can rest upon whether or not a buyer can rely upon long-term customers to continue to use the software after purchase.
  • Non-compete, exclusivity and similar restrictions. As well as affecting the software’s freedom to operate under such restrictions, they may give rise to competition law issues.

Selling a Software Business – Employee retention

When selling a software business, employee retention is often a particular issue for a buyer because losing key employees can materially impact the value of the acquisition and lead to loss of important information and know-how. If this information and know-how is not reduced into writing in a form that can pass to the buyer (by way of the Software Documentation, for example) then it may be lost forever.

Selling a Software Business – Technology Infrastructure

When selling a software business, the issue of technological infrastructure is changing. Before the existence of such readily available online platforms with which companies can access and build their own software, technological infrastructure was, for the most part, hardware. This meant that infrastructure was often difficult to integrate into a buyer’s system.

A seller needs to consider whether the technological infrastructure is shared with anyone (say a subsidiary or other company in the seller’s group), whether they plan to integrate the software into the buyer’s technological infrastructure and whether the software is in any way being provided by a third party:

  • Infrastructure shared with other members of the seller’s group – a number of solutions exist to this issue, the most common being licensing or transitional services arrangement within the group that is often limited in time and to particular services.
  • Integration in to buyer’s infrastructure – as well as technical issues of integration and compatibility, if the infrastructure is duplicated, the target should undertake an assessment of whether these duplications can be eliminated and if the seller can terminate relevant supplier contracts.
  • Third parties – issues arising from shared ownership and use of technology are becoming less common as such software is increasingly being provided through third-party services. By way of example, in data centres, the traditional set up provided a dedicated server for each customer, or a shared server among several customers for more moderate use. A modern trend is for complete virtualisation of the hosting and computing environment. This means that seller’s will often be reliant on the third-party data centre or platform provider to meet their service levels. A seller should be careful to check any agreements relating to such services.

Selling a Software Business – Data protection

Data protection is an increasingly important issue when selling a software business. In assessing your business, and its IT systems, it is important to understand what personal data is handled, the protections and policies surrounding this, including any instances of breach of these policies, and the applicable laws such as the UK GDPR (for information on how Brexit has affected data protection law read our blog). It is attractive for a buyer to know that the seller takes data protection seriously and has built-in mechanisms to support it.

A point to consider when selling a software business is that the more the software provides by subscription, or in relation to user accounts that can identify a particular person, or stores personal data for its customers (for instance, if it supplies software under a software as a service (SaaS) model), the more likely it is for it to have data protection issues. Software sold anonymously, and without updates, external content, or other means to identify the user, and where the software is not storing personal data for its customers, is likely to give rise to few data protection issues. This is a fast-moving area of technology and law, and both may well be different between when the business created their data protection policies and the time it is put on the market.

Cybersecurity

When selling a software business, similar to data protection, cybersecurity is set to become an increasingly important issue for sellers in any software acquisition. On 10 May 2018, the Network and Information Systems Regulations 2018 (SI 2018/506) (NIS Regulations) came into force. The NIS Regulations place minimum cybersecurity and incident notification obligations on relevant digital service providers. If the software qualifies as an in-scope digital service provider under the relevant legislation, then it will be important for the seller to understand:

  • What network and information systems it relies upon to provide its services.
  • What measures it takes to manage the risks posed to the security of those systems (including with a view to ensuring continuity of its digital services).
  • What means it has of monitoring and assessing any incidents that have a substantial impact on the provision of its digital service.
  • How it reports such incidents to the Information Commissioner’s Office (ICO), the UK regulator in this area, and in what timescales.
  • Failure to abide by the minimum cybersecurity standards and incident notification requirements set out in the NIS Regulations, can attract substantial regulatory fines in the UK of up to £17 million. Relevant digital service providers are also under an obligation to ensure that they have adequate documentation available to enable the ICO to verify compliance with the relevant security obligations, meaning that in practice the ICO may request to see (and buyers will want to diligence) various policies including those relating to system security, incident handling, security monitoring, business continuity management, and compliance with international standards.

Here to help

Selling a software business comes with a range of challenges, whether or not it involves software. Software does, however, introduce some specific issues. The greatest change in recent times has been from software sold for on-premises installation, to software being available to sell via, in most instances, a SaaS platform. This means that, as a software business owner, you are more likely to rely upon third parties to deliver your services. Making sure that your relationship with these third parties is transferrable to a buyer is important. Equally significant is the likelihood of intellectual property rights being scrutinised by a potential buyer. Knowing that you own all aspects of the business you intend to sell will always be high on a buyer’s list of assurances. Software has a uniquely high chance of infringing IPR’s without being aware of it. For more information on this read our blogs Open Source Software and Legal Protection of Software.

EM law specialises in technology and corporate law. Get in touch if you need advice on selling a software business or have any questions on the above.