Intellectual Property

Intellectual Property (“IP”) risks are often overlooked during a due diligence exercise on a company in a potential transaction.  Parties involved in the transaction may treat IP as a mere checkbox when assessing the company.  However, the impact of IP on a company’s risk profile should not be underestimated.

In many modern businesses, particularly those operating in technology, manufacturing, brand-driven or content-based sectors, IP constitutes a core component of the business.  A superficial review of IP assets may therefore result in significant blind spots that only emerge after completion of the due diligence exercise.

From a risk management perspective, IP due diligence should not be treated as a mere formality.  It should be approached as a substantive exercise designed to identify legal, commercial and operational risks.

There are several issues that legal practitioners should consider when conducting due diligence on a company’s IP assets.

(1) Evaluation of IP Assets

It is often assumed that IP risks can be adequately addressed by verifying a list of registered assets (such as trademarks, patents or industrial designs) and confirming that they are recorded in the target company’s name.  While this is an important starting point, it is rarely sufficient on its own.

Many valuable IP assets are not registrable or remain unregistered by their nature.  Confidential information, trade secrets, know-how, software source code, algorithms and business plans are examples of IP that do not appear on public registers.  Protection of these assets depends largely on contractual controls, internal policies and employee discipline.  Where due diligence focuses only on registered IP, unregistered IP assets are often overlooked or poorly documented.  This increases the risk of misuse or leakage, particularly where contractual protections or internal safeguards are weak or absent.

These risks can be mitigated by confirming that employees, contractors and vendors have entered into agreements that clearly assign IP to the company and impose appropriate confidentiality obligations.  Where such protections are missing or unclear, companies should implement updated agreements, obtain confirmatory assignments where necessary and restrict access to sensitive information, such as source code or technical know-how.

Where a company holds registered IP assets, registration alone does not guarantee that such assets are enforceable or aligned with the business's actual operations.  For instance, trademarks may be registered in classes of goods or services that do not reflect actual use, potentially exposing the company to non-use cancellation actions in court or limiting enforcement options.  Further, information recorded in public IP registers should not be accepted at face value.  In practice, IP assets may have been assigned or licensed by the company without the relevant changes being recorded, creating discrepancies between the legal position on record and the company’s actual rights of ownership or control.

These risks can be addressed by verifying internal IP records against the information recorded in public registries.  Where there are inconsistencies, corrective measures should be taken to ensure that the registers accurately reflect the company’s registered IP assets.  This exercise should be supported by a review of any agreement with third parties that affect ownership or use of the IP, including assignments or licences.  Ultimately, effective IP due diligence should confirm whether the company truly owns and controls the IP assets in its portfolio.

(2) Reliance on Open-Source Materials

In the course of conducting IP due diligence, it is important to identify whether the company relies on open-source software or components in its business operations or in the creation of new IP assets.  Open-source materials are commonly used, particularly by small and medium enterprises and startups to manage and reduce operational costs.  However, the use of open-source materials can carry legal and commercial implications if not properly managed.  Certain open-source licences impose conditions on how software or components may be used, modified or distributed and, in some cases, may require the disclosure of source code or restrict the company’s ability to commercialise proprietary developments.

Due diligence should identify which open-source materials are used, the applicable licence terms and whether the company’s actual use complies with those terms.  Failure to do so may create compliance issues that disrupt business operations and undermine the company’s long-term ability to develop, commercialise and benefit from its IP.  Where higher-risk licences are identified, early action should be taken to adjust the company’s development practices and safeguard proprietary IP.

(3) Infringement and Third Party Risk Exposure

The target company should be assessed for potential exposure to IP infringement claims by third parties.  The absence of ongoing litigation does not necessarily indicate a low-risk profile, as potential infringement issues may exist without having been challenged or detected.  In many cases, such issues remain dormant because the company’s business has not yet attracted attention from competitors or other rights holders.

Infringement risk often arises in competitive markets where branding, software, product designs or marketing materials are adopted quickly without formal clearance.  Therefore, it is prudent to check whether the company has procedures in place to review and clear the use of IP belonging to third parties for the company’s business activities.  The absence of such controls increases the likelihood of inadvertent infringement, which may only surface at a later stage.

To mitigate the risk of IP infringement, it is advisable for companies to involve their legal department or external lawyers in the review and clearance process on a regular basis.  This ensures that any decision to use a particular third-party IP right is based on legal reasoning rather than personal discretion.  Early legal oversight can help identify potential issues before they escalate into disputes or disrupt the transaction.

Conclusion

IP due diligence warrants the same level of attention and rigour as financial or regulatory review.  A due diligence exercise is only complete when IP risks are properly identified, understood and assessed in their commercial context.  In practice, due diligence is often led by teams with strong corporate expertise but limited focus on IP.  As a result, material IP issues may be overlooked or under-analysed.  Involving IP specialists at an early stage is therefore essential to ensure that the due diligence exercise is robust and that IP risks are addressed before they crystallise into post-completion problems.

This article was originally published at the PRAKTIS website.

This article examines the preservation and protection of traditional knowledge of indigenous communities in Malaysia and the role of international treaties and local legislation in deterring biopiracy and unfair exploitation of traditional knowledge.

‍

This article explores the protection of sui generis or unique IP rights in Malaysia and key issues pertaining to geographical indications, layout designs of integrated circuits and protection of plant varieties.

‍

Nadarashnaraj Sargunaraj and Stanley Lee Wai Jin have recently contributed their insights to the Malaysia Q&A Chapter of the International Comparative Legal Guide -Product Liability 2024 published by the Global Legal Group. The publication covers common issues pertaining to laws and regulations on product liability in Malaysia – including causation, defences, legal procedures, limitation periods, remedies and potential costs of litigation. The publication can be viewed at ICLG’s website or alternatively, a copy of the publication can also be downloaded in the link provided below.

The article explores key issues pertaining to ownership of IP assets created by employees, including some pointers for employers to consider before entering into a Confidential Information and Invention Assignment Agreement (“CIIAA”) with an employee based in Malaysia.

The article looks at recent amendments to the Copyright Act 1987 to tackle the growing problem of online piracy of copyrighted media.