While open source software (OSS) has been around for decades, companies are just starting to appreciate the importance of focused OSS due diligence in the M&A context. In this context, purchasers are most concerned with unknowingly inheriting the target's OSS issues, such as reciprocal licences or deficient code, or overvaluing the target based on misinformed assumptions of the proprietary nature of its software. This is particularly worrisome considering that less than 50% of companies have OSS governance or monitoring policies and it is estimated that more than 50% of source code is licensed pursuant to unknown or reciprocal licences. Exacerbating these concerns is the fact that most companies do not know what is in their source code, despite being under the assumption they do.

Generally speaking, OSS is source code that is made available by the copyright holder to the general public under a licence that allows the licensee to freely study, change and/or distribute the source code. While the commonality among such licences is encouraging public collaboration in software development, the nature of the licences sometimes differs with respect to the reciprocal obligations of the user. For example, more restrictive open source licences require derivative code to be made available to the public under identical licence terms. In contrast, other, more permissive open source licences, allow users to specify the applicable licencing terms of the derivative code.

Considering that proprietary software is accounting for an increasing percentage of many companies' valuations, it is imperative that purchasers have a solid understanding of the software they seek to acquire. Likewise, it is highly beneficial for potential targets to be cognizant of their OSS and address any related issues in order to make the company more appealing to potential purchasers. Inadequate OSS due diligence and awareness can lead to lost deals, delayed deals, lost revenue and target devaluation. A purchaser and target having a firm grasp on the licence terms applicable to a target's OSS can mitigate these risks and result in a more efficient and cost-effective transaction.

For these reasons, it is important that a potential purchaser and target work harmoniously in OSS due diligence where the target has a material software component. Before signing the letter of intent, the parties should always discuss the concept of OSS due diligence. Some targets may be skeptical of allowing a potential purchaser access to its source code. However, such concerns can likely be alleviated through open dialogue and procedures designed to protect the confidentiality of the target's source code. Once the parameters have been set, OSS due diligence should involve a collaborative effort between the target and either the potential purchaser's internal technical team or a third party specialist. The potential purchaser, or third party specialist, should access the target's OSS to make an independent assessment as to its impact on the transaction and request the rectification of any issues prior to closing. The purchaser should continue to integrate and monitor the acquired OSS with its own standard processes and OSS policies post-closing to ensure a seamless transition.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.