Here’s a scenario that plays out more often than anyone in the deal room wants to admit.
An acquirer wins a bid for a distressed SaaS company. The information memorandum highlights a “proprietary platform” with “significant IP assets.” The valuation model runs on those three words. Six months post-acquisition, the new owner discovers that the company’s lead developer, a freelancer working remotely from another country, never signed an IP assignment agreement. The core algorithm? Built on a GPL-licensed open source library that legally requires the entire codebase to be made public. And the co-founder who left two years ago? He’s claiming joint ownership of three patents listed in the asset register.
What looked like a technology asset on paper has become a legal minefield. And the acquirer is standing right in the middle of it.
This isn’t hypothetical. IP ownership failures are one of the most frequent and most expensive, surprises in distressed tech acquisitions. Whether the target sits in Bangalore, London, Singapore, Dubai, or San Francisco, the underlying problem is structural: when companies enter financial distress, the first things to break down are documentation, compliance processes and contractor relationships. The very systems that prove IP ownership stop being maintained long before the asset hits the market.
Why IP Risk Gets Amplified in Stressed Tech Assets?
In a healthy acquisition, IP due diligence is already complicated. In a distressed scenario, whether that’s a Chapter 11 filing in the US, administration proceedings in the UK, judicial management under Singapore’s IRDA, or a CIRP process under India’s IBC, it becomes exponentially harder.
Consider the stakes. Intangible assets now account for roughly 90% of the S&P 500’s market capitalisation, according to Ocean Tomo’s Intangible Asset Market Value Study. Globally, Brand Finance reported that intangible asset value reached $79.4 trillion in 2024, a 28% surge from the previous year. For technology companies, intellectual property isn’t a supporting asset. It is the asset.
Yet in distressed settings, IP is exactly where the most dangerous gaps hide:
- Unpaid contractors and freelancers: Distressed companies almost always have outstanding vendor payments. In most jurisdictions, including the US, UK, UAE and India, a contractor who hasn’t been paid may retain legal ownership of the code they wrote. The specifics vary by jurisdiction (more on that below), but the risk is universal.
- Missing assignment agreements: Proprietary Information and Inventions Assignment Agreements (PIIAAs) are the backbone of IP transfer from creator to company. In well-funded startups, these are standard. In bootstrapped or distressed companies? Often missing entirely, or signed years after the code was written, which may not hold up under scrutiny.
- Key-person departures: When a company enters distress, talent leaves first. CTOs, lead architects and founding engineers walk out, taking institutional knowledge and sometimes claiming IP created during ambiguous employment terms.
- Compressed timelines: Whether it’s a 180-day CIRP window in India, a court-supervised schedule in the UK, or a distressed auction timeline in the US, acquirers are working fast. IP audits get deprioritised in favour of financial and operational due diligence. By the time someone thinks to check the chain of title, the bid is already submitted.
The Global IP Ownership Trap: Why “Who Built It” Doesn’t Mean “Who Owns It”
Here’s what makes IP ownership audits particularly treacherous in cross-border transactions: the rules for who owns what vary dramatically by jurisdiction. A contract that cleanly transfers IP in one country may be entirely unenforceable in another.
If the target company has developers, contractors, or co-founders in multiple countries, which is increasingly common for any tech company, distressed or otherwise, you’re dealing with a patchwork of ownership rules.
IP Ownership Rules: How They Differ Across Key Markets
| Jurisdiction | Employee-Created IP | Contractor-Created IP | Key Trap for Acquirers |
| United States | Employer owns copyright under the “work made for hire” doctrine if created within scope of employment. Patents: employee owns by default unless written assignment exists. | Contractor owns by default. “Work for hire” only applies to 9 narrow statutory categories with a written agreement. | Many companies assume all contractor work is “work for hire”, it usually isn’t. Without a signed assignment, the contractor owns the code. |
| United Kingdom | Employer is first owner of copyright for works created by employees in the course of employment (CDPA 1988, s.11). Patents: employer owns if made in course of duties. | Contractor owns by default. No work-for-hire doctrine for contractors under UK law. | Engaging a “contractor” who is functionally an employee creates grey zones around IP ownership that courts resolve unpredictably. |
| Singapore | Similar to UK employer owns copyright for employee works created during employment. Patents follow the Patents Act provisions. | Contractor retains ownership unless explicitly assigned. Singapore’s IRDA includes ipso facto clause restrictions that affect contract termination in restructuring. | Cross-border teams common in Singapore hub companies. IP created by teams in neighbouring jurisdictions (Malaysia, Indonesia, Vietnam) follows local law, not Singapore law. |
| UAE | Under the 2021 Copyright Law (Federal Decree-Law No. 38), employer is generally considered legal author of “work made for hire” created by employees. | Assignment must be in writing, specify rights assigned and state purpose and geography. A simple “work for hire” clause is insufficient under UAE law. | Many companies operating in DIFC or ADGM use common-law-style contracts that don’t comply with UAE federal copyright requirements. Dual legal systems create confusion. |
| India | Under the Copyright Act 1957, employer owns copyright for works made during course of employment. Contracts are key for anything beyond default scope. | The creator owns copyright unless a valid written contract assigns it to the commissioning party. Unpaid contractors have strong ownership claims. | India’s massive freelancer ecosystem means many critical codebases were built by contractors with verbal agreements and outstanding invoices. |
The practical takeaway is this: if the target company has even one developer, designer, or technical contributor who worked as a contractor, in any of these jurisdictions, you cannot assume the company owns the IP unless you’ve seen a signed, jurisdiction-appropriate assignment agreement.
The Chain of Title Audit: Where Most Acquirers Start and Stop Too Early?
The first question in any IP ownership audit is deceptively simple: does the company actually own what it claims to own?
Most acquirers check for a list of patents, trademarks and registered copyrights. That’s table stakes. The real work is tracing the chain of title, verifying that ownership transferred cleanly from the original creator to the company, at every step.
What a Thorough Chain of Title Review Covers?
| Audit Area | What You’re Looking For | Red Flag in Stressed Assets |
| Employee IP Assignments | Signed PIIAAs or equivalent clauses in employment contracts for every developer who contributed to core IP | Contracts missing, signed retroactively, or covering only a subset of work performed |
| Contractor/Freelancer Assignments | Explicit IP assignment clauses in consulting agreements that comply with local law where the contractor is based | Unpaid invoices; verbal agreements; code committed by developers with no written contract |
| Co-founder IP Allocation | Founder agreements specifying that all IP created during the venture belongs to the company, not individual founders | Founders who left during disputes; no formal IP transfer at incorporation; equity-for-IP swaps never documented |
| Joint Development Agreements | Clear ownership terms where IP was co-developed with clients, universities, research institutions, or partner companies | Joint ownership that restricts licensing, modification, or transfer especially problematic when the co-developer is a competitor of the acquirer |
| IP as Collateral / Liens | Whether any IP assets have been pledged as security to lenders, creditors, or as part of prior financing arrangements | Liens on patents or trademarks that could block transfer during asset sale; this is especially common in venture debt scenarios |
The Cisco–Linksys case remains one of the most cited cautionary tales. When Cisco acquired Linksys, it failed to discover that certain Linksys software products contained open source code licensed under the GPL. The Free Software Foundation brought a copyright infringement action and Cisco ultimately had to release the Linksys source code to the public, forfeiting the licensing revenue that justified part of the acquisition price. That was a well-resourced acquirer buying a healthy company. Imagine the gaps when the target is already financially distressed.
The Open Source Trap: Why 96% of Codebases Carry Hidden IP Risk?
Open source software is everywhere. Industry data consistently shows that over 96% of commercial codebases contain open source components. That’s not inherently a problem, most modern software is built on open source foundations. The problem is how it’s used and whether the company has tracked its obligations.
The Three Tiers of Open Source Licence Risk
| Risk Level | Licence Type | What It Requires | Deal Impact |
| High (Copyleft) | GPL, AGPL, LGPL | Any modified or combined work must also be open-sourced under the same licence | Could force the acquirer to release proprietary source code publicly or pull the product from market entirely |
| Medium (Weak Copyleft) | MPL, EPL, CDDL | Changes to the licensed component must be shared, but proprietary code can remain closed if properly separated | Requires careful architectural review to verify clean separation between open source and proprietary modules |
| Low (Permissive) | MIT, Apache 2.0, BSD | Minimal obligations, usually attribution in documentation | Generally safe, but attribution failures can still trigger compliance issues in regulated industries |
In distressed companies, open source governance is typically the first compliance process to collapse. Developers pull in libraries without logging them. No one maintains a Software Bill of Materials (SBOM). Licence scanning tools, if they were ever configured, haven’t run in months. The result is a codebase where no one can tell you with certainty what’s proprietary and what carries a copyleft obligation.
For acquirers, this means the “proprietary platform” described in the information memorandum might be legally required to be made open source the moment you distribute it. That’s not a valuation haircut. That’s a write-off.
| What to Watch For in Every Open Source Audit? GPL or AGPL components embedded directly in the application (not isolated as separate services or microservices)Dependencies that changed their licence terms in recent versions, a growing trend in the OSS ecosystem, where projects shift from permissive to restrictive licencesCode contributed by developers who were never under contract, making the licence status of their contributions legally ambiguousForked open source projects where the company modified the source but never tracked the original licence obligationsAI-generated code that may have been trained on copyleft-licensed repositories, a newer risk that most audit frameworks don’t yet cover |
Beyond Code: Trade Secrets, Lapsed Registrations and the Quiet Erosion of IP Value
IP ownership isn’t just about source code. Acquirers frequently overlook three categories of IP that deteriorate rapidly when a company enters financial distress.
1. Trade Secrets That Aren’t Actually Protected
For a trade secret to hold its legal status, whether under the US Defend Trade Secrets Act, the UK’s common law framework, Singapore’s Confidential Information provisions, or the UAE’s Penal Code protections, the company must demonstrate it took reasonable measures to keep the information confidential. In distressed companies, you routinely find proprietary algorithms stored in shared drives with no access controls, former employees with active credentials to development environments and NDAs that were never executed with key technical staff. If the company can’t prove it took steps to protect the secret, the legal basis for calling it one starts to crumble.
2. Lapsed Registrations and Maintenance Fees
Patent maintenance fees, trademark renewals and domain registrations all require ongoing payment, across every jurisdiction where the IP is registered. Distressed companies routinely miss these deadlines. A patent that lapses because a maintenance fee wasn’t paid doesn’t just lose value, it enters the public domain. A trademark that goes unrenewed can be registered by a competitor. These are assets that actively degrade when cash flow tightens and multi-jurisdictional portfolios compound the risk because different countries have different renewal schedules.
3. Change-of-Control Clauses in Licence Agreements
Many software licence agreements include provisions that terminate the licence if the company undergoes a change of ownership. In a distressed asset sale, whether through a 363 sale in the US, a pre-pack in the UK, a scheme of arrangement in Singapore, or a CIRP resolution plan in India, this trigger is almost guaranteed. If the target relies on licensed third-party technology (databases, API access, embedded SDKs), the acquirer needs to verify whether those licences survive the transaction. Singapore’s IRDA includes restrictions on ipso facto clauses for contracts entered after July 2020, which provides some protection but this doesn’t apply to all agreements and the rules differ in every other jurisdiction.
The IP Ownership Audit Checklist: A Practical Framework for Acquirers
Based on patterns we see across technical due diligence engagements in the US, UK, Singapore, UAE and India, here’s the practical checklist every acquirer of a distressed tech asset should follow.
| # | Audit Step | Key Actions | Priority |
| 1 | Complete IP Inventory | Catalogue all patents, trademarks, copyrights, trade secrets and domain names across every jurisdiction. Cross-reference with the data room’s IP schedule. | Critical |
| 2 | Chain of Title Verification | For every material IP asset, trace ownership from creator to company. Review employee contracts, contractor agreements and founder IP assignments, checking compliance with local law in each contributor’s jurisdiction. | Critical |
| 3 | Open Source Licence Scan | Run automated scanning tools (FOSSA, Black Duck, Snyk, or equivalent) across the full codebase. Flag copyleft components and assess whether the application architecture allows isolation or replacement. | Critical |
| 4 | Multi-Jurisdictional Registration Check | Verify that all patent maintenance fees, trademark renewals and domain registrations are current in every jurisdiction where the IP is registered. Identify any that have lapsed. | High |
| 5 | Lien and Encumbrance Search | Confirm that no IP assets are pledged as collateral to lenders and that no creditor claims encumber the IP being transferred. Check UCC filings (US), Companies House charges (UK), ACRA filings (Singapore). | High |
| 6 | Freedom to Operate (FTO) Analysis | Assess whether the company’s technology infringes on any third-party IP. Review prior art searches and any existing FTO opinions, particularly in the acquirer’s target markets. | High |
| 7 | Licence Agreement Review | Examine all inbound and outbound licence agreements for change-of-control clauses, assignment restrictions, exclusivity terms and territorial limitations. | High |
| 8 | Trade Secret Security Audit | Evaluate whether trade secrets are actually protected: access controls, NDA coverage, credential management, off-boarding procedures and documentation practices. | Medium |
| 9 | Key-Person IP Dependency | Identify whether critical IP knowledge is held by individuals who have left or are at risk of leaving. Assess documentation of their contributions and whether their contracts include valid IP assignment clauses. | Medium |
| 10 | IP Valuation & SWOT | Commission an independent assessment of IP strength, competitive defensibility and untapped monetisation opportunities—including abandoned patents or unused trademarks that still carry market value. | Medium |
How IP Audit Findings Should Shape Your Deal?
The IP ownership audit isn’t an academic exercise. It directly impacts three things that matter to every acquirer:
- Bid pricing and valuation adjustments: IP that can’t be cleanly transferred is IP you can’t monetise. Unresolved ownership disputes, copyleft contamination, or lapsed registrations should result in a valuation adjustment, not a post-acquisition surprise. Research from Ocean Tomo suggests that companies with defensible IP moats can achieve EBITDA multiples significantly higher than companies with weaker IP positions, while unclear ownership structures trigger substantial risk discounts from buyers.
- Deal structure decisions: The severity of IP issues should inform whether you pursue an asset purchase (where you can cherry-pick clean IP) versus a share purchase (where you inherit all liabilities). In distressed contexts, asset purchases are often preferred precisely because they allow acquirers to leave problematic IP behind.
- Post-acquisition roadmap feasibility: If the technology platform depends on a GPL-tainted codebase or a licence that terminates on change of control, your entire product roadmap may need to be rewritten. Any resolution plan or post-acquisition business plan needs to account for these realities and the time and capital required to remediate them.
How Dextra Labs Approaches IP Risk in Stressed Asset Due Diligence?
At Dextra Labs, IP ownership verification is a core pillar of our technical due diligence practice. We work with acquirers, PE firms, VCs and strategic investors evaluating tech assets across the US, UK, Singapore, UAE and India, in both healthy M&A and distressed scenarios.
Our approach combines automated codebase scanning with manual review of contracts, contributor histories and IP registrations across jurisdictions. We don’t stop at telling you what’s in the codebase. We tell you whether you can legally own it, transfer it and build on it, in the specific jurisdictions that matter for your deal.
What makes our process different:
- We use the RCOI framework (Risk, Complexity, Opportunity, Investment) to map IP findings against deal economics, so you know exactly how each risk translates into pricing and timeline impact, regardless of whether the target is in Mumbai, London, or Austin.
- We run open source licence scans alongside architecture reviews, so we can tell you not just that a copyleft component exists, but whether the application’s architecture allows it to be isolated, replaced, or remediated within your deal timeline.
- We assess IP ownership across the contributor map, checking assignment validity against local law for every jurisdiction where developers, designers and contractors are based, because a PIIA signed in Delaware doesn’t automatically cover a contractor in Dubai.
- We deliver actionable outputs: not a 200-page report that gathers dust, but a prioritised risk register with specific remediation steps, cost estimate and timeline recommendations.
If you’re evaluating a distressed tech asset and need to know whether the IP is real before you commit capital, let’s talk.
FAQs:
What is an IP ownership audit?
An IP ownership audit is a systematic review of all intellectual property assets claimed by a company, verifying that legal title has properly transferred from original creators (employees, contractors, co-founders) to the company itself, across every relevant jurisdiction.
Why is IP due diligence critical for stressed asset acquisitions?
Stressed companies frequently have broken documentation, unpaid contractors who may retain code ownership and lapsed IP registrations, creating hidden risks that can destroy the value of an acquisition.
What are the biggest IP risks in open source software?
The biggest risk is copyleft licence contamination, where GPL or AGPL-licensed code embedded in a proprietary product can legally require the entire codebase to be made public.
How does IP ownership law differ across the US, UK and UAE?
In the US and UK, employers generally own copyright in employee-created works by default. In the UAE, the 2021 Copyright Law introduced a work-for-hire concept, but assignment requirements are stricter, requiring written agreements that specify rights, purpose and geography.
What does an IP audit checklist include?
A comprehensive IP audit covers: complete IP inventory, chain of title verification, open source licence scan, multi-jurisdictional registration checks, lien searches, freedom to operate analysis, licence agreement review, trade secret security assessment, key-person dependency analysis and IP valuation.
