In most startups the founders are excited by a novel technology. Or maybe a new marketing approach or distribution strategy. Rarely is a group of founders enthused to be thinking about potential legal issues for startups that might trip them up. Unless there’s a lawyer among the founders, of course:-) But for almost every tech startup company, there are at least a couple of key legal areas that ABSOLUTELY need to be considered early on. Otherwise, the ultimate value of the company may be compromised.
Here’s a look at 4 areas where issues often arise:
IP Legal Issues for Startups
The very essence of what makes most “tech” companies is innovation. If that innovation isn’t properly protected, a software or hardware startup can lose it’s ability to compete in the marketplace of their choosing. Most startup companies have many severe disadvantages in comparison to existing market incumbents. Size, brand, reputation, cash flow, distribution, etc, etc. What levels the playing field and in the best cases, tilts the field toward the startup company? Its innovation of one form or another, which must be institutionalized and protected as Intellectual Property (IP).
The need for this protection starts very early on; sometimes even before a company is founded. It’s critical that the founders give it some thought to common legal issues for startups at the earliest possible moment, which doesn’t always happen. In my experience there are roughly two categories of founders when it comes to this topic:
- Those who embrace the idea of IP protection with gusto and strive to patent any and everything possible from the earliest days
- Others who don’t think formal IP protection is that valuable, OR may realize the value of IP but don’t feel like they can afford the large amount of attorney’s fees required for patent filings at this point of their startup. “We’ll address that down the road” is often their approach. Sometimes it never happens, or it happens too late to be effective.
Like many things in life (and startups) the optimal road is often somewhere in between these two extreme approaches. Unless you’re independently wealthy or have a huge pot of venture capital funding at the earliest stages of your company’s development, it may not be wise to spend the maximum possible amount of dollars patenting everything in sight. It’s of little use for a product-oriented company to blow much of their total budget on IP protection, and then run out of money before they are able to fully develop the product and/or launch it in the market. If the idea is to develop strictly a licensing company, that’s a different story, of course. In this case IP protection may be a primary budget item.
So one approach may be to fully patent the most critical idea or process and initially use less expensive provisional patenting for secondary IP (although this is controversial for some). Also, some things are better protected as company trade secrets than formal patents, or even copyrights. Lastly, it’s important to make sure your employee and contractor agreements address this issue properly.
The key to this area is to think through your IP strategy at the earliest possible date, even before you formally found a company, if possible. Consider IP protection in the context of its importance to the company’s overall success, including budgetary considerations for all critical operating activities.
The Cap Table and Ownership
This should really be straightforward; it’s really not that hard to do correctly. The biggest rule of thumb is DO NOTHING ORALLY. Don’t promise “if this happens” or if “you do this” we’ll give you X amount of equity. Do everything on paper, and be very firm, honest and up front with everyone you’re discussing equity with. Make sure they know that nothing is final until it is not only on paper, but the signatures are dry.
This seems easy enough, but it’s shocking how often in a fast moving, informal startup environment it doesn’t go down this way.
Even just putting everything in writing is often not enough to prevent issues. I was the VP-Sales & Marketing for a small public company many ago. My 3 year employment contract stated that I need to reach “X” as a goal for my options to vest in the first year of my contract. I reached that goal and my options vested. The contract stated that in the following 2 years my options would vest based upon meeting “mutually agreed upon goals” in those years. Everyone else in the company, including all of the other officers, had no such conditional language. Their options were to vest if they were simply still employed on the vesting date.
No one ever mentioned this conditional clause again, nor provided me with new annual goals and I basically forgot about it. My options vested normally in the second year on the appropriate date. As my contract was expiring and after the vesting options date in my third year, I went to exercise my options and was told they weren’t vested. We recently had gone through a change at the CEO level and the new guy was playing hardball in a number of ways, including using this as leverage against me. I was livid.
Even though they eventually offered to give me a new contract and vesting of my current options, I ended up quitting. The company and I became embroiled in a legal dispute over my options, which dragged on for quite some time. I eventually settled for 40 cents on the dollar of what my options should have been worth had the company simply vested them on the date of the contract. It also cost the company 3X the number of shares it originally would have; again, if they had simply vested them on time. So everyone lost, due to needlessly complex and confusing terminology in the contract. This was the only time in my business career I’ve ever had to personally retain a lawyer.
It’s easier than you think for ownership legal issues to occur. Many people are greedy, and others have a tendency to hear and interpret things as they’d like them to be. My advice:
- Avoid at ALL COST any verbal agreements, or discussions that can be taken as such
- Keep the number of outside investors to the absolute minimum possible. This isn’t always practical, as some companies need to fund their operations with the assistance of a large number of angel investors.
- I’m a big advocate of stock options for EVERY employee in most tech companies, as I believe it motivates folks to act as owners rather than bureaucrats. But keep the terms simple and consistent to avoid confusion and potential hard feelings.
Data Protection and Privacy
There are two major sets of regulations that currently frame this discussion:
General Data Protection Regulation (GDPR) – The GDPR went live in May of 2018, and is intended to modernize laws protecting individual’s personal information. .In addition, it was designed to increase the rights of individuals, giving them significantly more control over their own personal data. The GDPR applies to any company collecting personal information from citizens of EU countries. In practice, from the viewpoint of a startup software or hardware company the law is quite complex and arcane. This makes it difficult for young companies to implement procedures to ensure compliance.
California Consumer Privacy Act (CCPA) – The CCPA went into effect in January of 2020. While similar to the GDPR in it’s intended effect to protect customer data, its implementation and scope is quite different. It applies to for-profit companies doing business in the state of California which meet certain criteria, as well as those companies’ subsidiaries and holding companies.
Taken together, these regulations realistically apply to most technology companies on the planet. Who doesn’t want to do business in either California or the EU, usually both? Even if you don’t actively solicit business in these areas, in the age of the Internet you are likely to end up with inquires from one of these locales, potentially putting you at risk if you don’t handle the data properly.
My advice on how to deal with these new regulations is “Don’t try to deal with them yourself”. Even more importantly, don’t ignore them or put off dealing with them until you have a problem. Then it’s too late. Most startups can and should seek to comply by hiring outside help to guide you in the form of a specialist consultant. These Regs are complex, but they shouldn’t change frequently; so the greatest expense should be the “one-time” initial setup. This lends itself very well to a consulting solution to this potential problem.
The fact that both of these recently implemented regulations have come into existence are generally viewed as nothing but trouble by tech startups. It’s not all bad news, however. Simply being caught publicly “misusing” or “inadequately protecting” customer data can in itself cause severe harm to your companies brand and reputation, with serious consequences to your operating results. With both regulatory and reputational risk a reality in this era, it’s important to deal with the situation head-on and make sure your company is in compliance.
Other Regulatory Legal Issues for Startups
There are many issues simply related to being a software or hardware company in general. But may tech companies also need to be cognizant of regulations in the particular vertical markets that they serve. For example, healthcare IT, banking software and telecom hardware & software companies all compete in markets which are highly regulated by various domestic and international bodies. Here are a few of the most prominent legal issues for startups outside of the data security and privacy regulations discussed above.
- HR issues – General employee relations issues such as proper job classifications (exempt/non-exempt; independent contractors); pay practices, equal pay laws and timekeeping.
- Technological export controls – There are many different types of technologies that might apply to export controls. I’ll address the US, specifically. In the software arena, for example, encryption is considered very sensitive technology with respect to export. The general rule here is novel technologies that could be used by rival nations for military or espionage purposes often have restrictions.
- Export controls to “enemy states” – A classic example of this is the severe restrictions on US companies in doing almost any business with Iran, not just the export of sensitive technology.
- Healthcare IT companies– Healthcare is a highly regulated industry; HIPPA and FDA compliance are two of the most notable areas that companies in this vertical need to be very cognizant of.
- Banking IT – Much like healthcare, banking is a highly regulated industry, some of which can spill over to affect hardware and software companies selling into this vertical. In the US, for example, there is an alphabet soup of regulators, including the FDIC, CFPB, Federal Reserve, OCC and a number of others. Examples of key regulations include the OCC’s part 21 and the FDIC’s part 26.
- AI regulation – Lastly, as artificial intelligence technology becomes pervasive across nearly every vertical market, there is an emerging set of regulations governing the application of AI tech. Again, this is an emerging area which is far from fully developed and is evolving differently in individual countries. Areas being addressed by these new regulations include data protection/privacy, human oversight, transparency, surveillance, public administration/services, autonomous vehicles as well as lethal autonomous weapons systems.
The above list is just a few short examples of regulatory and compliance legal issues for startups in tech, outside of the privacy/security issues that are most prominent in the news. I list them to stimulate your attention to the laws that may apply to your specific country, market and company.
What legal issues have tripped you up? There is a quick discussion of some common legal issues for startups which are not always properly addressed SaaS, hardware or mobile software businesses. Use the comment field below to educate us with your own experience.
Follow Phil Morettini and Morettini on Management via Twitter, Facebook, LinkedIn, RSS, or the PJM Consulting Quarterly Newsletter. To ask a question or discuss a consulting or interim engagement, contact Phil directly at firstname.lastname@example.org
If you liked this post please share it with your colleagues using the “share” buttons below:
I have seen a lot of results from watching your blog. Know a lot about the law.