Recently, we discussed the crucial role that a target company’s cybersecurity background plays in due diligence for mergers and acquisitions. Today, we want to focus on due diligence involving another critical technology: Artificial Intelligence (AI). As AI continues to advance and become more ubiquitous in various industries, it is becoming increasingly essential to understand the unique risks and challenges associated with acquiring, or investing in, a company that utilises AI. In this blog, we will explore why and offer a few insights into how to navigate this complex landscape.
The Data Source
During due diligence, considering the risks associated with the input data used to train the AI system should be at the top of your list. The nature and sensitivity of the data often determine the risks, which could include:
Accessibility
You should verify that the acquisition received their data legally to avoid any issues in using the data after the acquisition. Problematic data may impair the AI model’s capacity to produce predictive solutions and prevent the system from functioning as planned.
Bias
Input data may contain racial, gender, disability and other biases, resulting in an AI system that is susceptible to errors (which, in some cases, could raise ethical concerns). You can reduce the likelihood of collecting problematic data by ensuring that the acquisition prioritises data ethics and has processes to identify and eliminate biases in the AI system.
Compliance
Another critical aspect of AI due diligence is ensuring that the business has taken the necessary steps to comply with ever-changing data privacy regulations and prioritise cybersecurity. So, the following elements must be investigated throughout the due diligence procedure:
Data Privacy
It’s imperative to ensure they comply with all applicable laws and regulations governing the collection, use, storage, and protection of personal information. Legislation controlling data privacy may change in the future, and it is vital to confirm that the target’s data practices conform with applicable privacy regulations during the due diligence stage.
Cybersecurity
The susceptibility of data to cyberattacks and the presence of policies or procedures that would improve cyber preparation and resilience should be considered. In some circumstances, it may be wise for you to seek advice from cybersecurity professionals who can spot any cyber-related flaws that need to be fixed. You should also be aware of how security vulnerabilities could affect the accuracy of input data.
Intellectual Property Rights
Identifying the various intellectual property (IP) rights that might exist in the AI system while performing due diligence is also critcal. You should pay particular attention to the following:
Identifying Rights and Registrations
Obtain a list of all the IP material owned by the company, including the AI system, as there may be copyrights and trade secrets protecting various components of the AI system that may or may not be registered in each relevant jurisdiction.
IP Ownership
Confirm that the business has taken appropriate actions to protect the ownership of the intellectual property (IP) rights in the AI system. Where trade secrets protect an AI system, it’s vital to establish that steps have been taken to ensure that these trade secrets remain confidential (e.g., through non-disclosure agreements).
Takeaways
The number of mergers and acquisitions in the AI space, or involving companies heavily engaged with AI systems, will only increase. Whilst it’s an exciting prospect, with this growth comes a need for caution and careful consideration of the risks and challenges of acquiring these targets. Understanding the latest due diligence methods and thoroughly analysing AI’s potential benefits and drawbacks before taking any steps is crucial.