When considering German laws and regulations implicated in technology M&A transactions, one may distinguish between foreign direct investment restrictions that generally apply in the event of a ‘threat’ to national security and certain overlapping rules applicable to regulated industries.
Foreign direct investment rules
Pursuant to the German Foreign Trade and Payments Act (AWG) and the German Foreign Trade and Payments Ordinance (AWV), the German Federal Ministry for Economic Affairs and Energy (BMWi) is entitled to review inbound transactions by foreign investors based outside the European Union or the European Free Trade Association (EFTA). The BMWi may prohibit or restrict an acquisition should it be deemed to pose a threat to the ‘public order or security’ of Germany.
The AWV distinguishes between a cross-sectoral review for all industries (typically having a strong nexus to technology) and a sector-specific review that applies to certain sensitive industries. The scope of the latter includes arms and military equipment as well as encryption technologies and other key defence technologies, such as reconnaissance, sensor and protection technology. Both types of review apply irrespective of the size or enterprise value of the business acquired.
The BMWi is entitled to review all acquisitions, whether by way of asset and share deal or by non-EU-based investors. With respect to share deals, this applies to direct or indirect share acquisitions reaching or exceeding a 25 per cent threshold of the target’s equity or voting rights. The calculation of voting rights will take into account certain undertakings that may be attributed to the ultimate owner, such as an agreement on the joint exercise of voting rights. Asset deals require a comparable test for the respective asset values, that is, 25 per cent of the assets of the acquired business. In contrast to the sector-specific review, which is applicable to all foreign buyers, the general review process only applies to non-EU or non-EFTA-based investors.
An intervention by the BMWi requires a threat to public policy or security that is assumed for investments into the following (nonexhaustive) list of technology assets:
- operators of critical infrastructure that is of particular importance for the functioning of the community;
- companies developing or changing industry-specific software for the operation of critical infrastructure;
- companies entrusted with organisational monitoring measures for telecommunication facilities;
- companies providing cloud computing services above a certain volume; and
- companies engaged in the area of telematics infrastructure.
The completion of the investment review process for cross-sector reviews is by law not required for the consummation of a transaction. However, foreign investors often decide to initiate the review process by submitting an application to the BMWi for a non-objection certificate to obtain legal certainty for a transaction. Depending on the transaction at hand, the parties may also be subject to a general notification obligation.
Recent acquisitions have shown that the BMWi has become more sensitive to acquisitions by non-EU or non-EFTA investors, especially in the technology sector (see ‘Update and trends’ for further outlook on this subject and recent proposals on the European level).
Both European and German export control restrictions may also impact M&A transactions in cases where the acquirer is considering ‘exporting’ technology (including intellectual property, know-how and software) outside Germany to facilitate integration with other group functions.
Sector-specific rules applicable to media, broadcasting and fintech
To provide broadcasting services in Germany, as regulated under the German Federal Broadcasting Treaty, a media provider must obtain permission from either the Commission for Approval and Control at the federal government level or the state media authority at the state government level. The Federal Broadcasting Treaty applies to the provision of broadcasting services in the form of linear information and communication services in picture or sound via radio frequencies, including digital information and communication services, such as those used by livestream providers (eg, Twitch or YouTube). In addition, acquisitions (including certain minority investments) of a media or broadcasting company providing services in Germany are subject to the prior approval of the relevant media authority, subject to the provider operating on a state or federal level. In the absence of such approval, the relevant authority may revoke the broadcasting licence previously granted to the provider.
Certain technology business models within the financial industry (such as fintech and insurtech) may constitute regulated activities, the acquisition of which is subject to an ownership control procedure. As part of such proceedings, the acquirer’s creditworthiness and financial soundness will be accessed by the German Federal Financial Supervisory Authority (BaFin). In the case of the acquisition of a majority stake, the future business plan is subject to review by BaFin as well. Even if the target considers itself as unregulated, a buyer should in any event perform its own analysis of whether a regulatory licence is required at present or upon the business model advancing further to avoid unforeseen regulatory issues.
With respect to technology targets that are regulated entities, BaFin may exercise extensive interference rights if an investor acquires shares in such entity without fulfilling the clearance prerequisites. This may, in a worst-case scenario, result in the transfer of the voting rights to a trustee or a disposal order.
Relevant federal intellectual property statutes
Other German statutes relevant for technology transactions include federal acts specifically addressing:
- copyright (including rights in databases and rights in software);
- patents (which may also be granted for software);
- utility models;
- semiconductor topography rights;
- plant varieties;
- trademarks; and
As technology M&A transactions often involve a transfer of data, data protection laws applicable in Germany (ie, the directly applicable provisions of the EU General Data Protection Regulation (GDPR) and the additional provisions of the Federal Data Protection Act) may be relevant.
Back to top