Open-source software (OSS) representations and warranties are an integral part of the intellectual property (IP) representations and warranties in mergers and acquisitions (M&A) transactions and financings, as M&A transaction documents regularly include requests for a seller to represent and warrant that it has policies in place regarding the use of OSS, has provided such policies to the acquirer or investor, and has not deviated from such policies. These representations and warranties are important, but they are routinely and necessarily backstopped by the due diligence process.
Adequate due diligence provides a “check” on the representations and warranties, allowing a buyer (and its investors and financers) to further drill down on, and review, a seller’s use of OSS and determine the impact of such use on the value of the seller’s IP.
One additional important legal consideration in connection with the acquisition of a company and the assessment of the value and the proprietary nature of a company’s IP is whether OSS is generated by the seller’s use of generative artificial intelligence (AI) platforms and if that use is adequately disclosed to the potential buyer.
A standard OSS request regarding due diligence in connection with an acquisition is: “Please describe seller’s open-source policy (if any) and provide information regarding whether seller uses open-source software and in particular any viral code in any product that is distributed by seller.”
Common responses to such question would be “we don’t have an open-source policy,” “please see our open-source policy,” “attached please find a list of the open-source software we use,” or “we don’t use any open-source software,” among other responses. This gives the buyer the information it needs to ask further questions and/or determine whether the seller’s representations are adequate and/or if the buyer’s IP is at risk (in terms of proprietary rights or value) due to its use of such OSS.
These questions and answers have been fairly standard for years, but, in light of recent advancements in technology related to creating software code, a buyer should also consider whether a seller uses (or its open-source policy allows for the seller’s use of) generative AI programs or platforms to write its software code, and whether the seller has a separate AI use policy or AI guidelines, as in certain circumstances the generated code could include pieces of OSS or third-party code.
It’s important to note that not all generative AI programs or platforms are the same or have the same use parameters or output, and as such it’s critical to understand how each program/platform works and whether it is in line with the company’s information security and open-source policies. Regardless, the use of generative AI to create software code could add potential additional risk of the existence of OSS that the seller may not have considered to be OSS since it was “created” by its engineers and therefore not adequately disclosed in connection with representations and warranties.
Summer associate Cooper J. Attig contributed to this post.