FRANCE Law and Practice Contributed by: Bertrand Barrier, Anne Toupenay-Schueller and Cyril Deniaud, Jeantet
7.7 Currency Control/Central Bank Approval In France, prudential control applies to transactions involving regulated financial institutions such as banks, insurers and investment firms. The Prudential Supervision and Resolution Author- ity ( Autorité de contrôle prudentiel et de résolution or ACPR) must authorise any acquisition reaching 10%, 20%, 30% or 50% of capital or voting rights. The process begins with a formal notification by the acquiring party, followed by an assessment period of up to 60 working days during which the Prudential Supervision and Resolution Authority may request additional information. The authority evaluates the financial strength, governance and reliability of the buyer and ensures that the merged entity will remain solvent and well managed. The Prudential Supervision and Resolution Author- ity may approve, conditionally approve, or reject the transaction based on prudential criteria. 8. Recent Legal Developments 8.1 Significant Court Decisions or Legal Developments The Towercast ruling (Case C-449/21, 16 March 2023) from the European Court of Justice represents the most significant recent legal development for French technology M&A. The ruling established that transac- tions falling below mandatory notification thresholds can still face ex-post review for abuse of dominant position if they strengthen a dominant firm’s market position. This particularly impacts tech acquisitions of small start-ups or “predatory” transactions previously con- sidered safe from scrutiny. In June 2024, for example, the Paris Court of Appeal ordered the French Com- petition Authority to re-examine TDF’s 2016 below- threshold acquisition of Itas for potential abuse of dominant position. The key implications are that acquirers in the tech sec- tor must now assess dominance risks even for sub- threshold deals. In this regard, due diligence should
evaluate competitive effects beyond mere notifica- tion requirements, as parties face potential regulatory challenges in the years post-closing, fundamentally altering risk assessment for technology M&A trans- actions.
9. Due Diligence/Data Privacy 9.1 Due Diligence Process
In recent years, issues relating to data protection, intellectual property and regulatory compliance have become increasingly important in due diligence. These issues are particularly important in the technol- ogy sector, where it is not uncommon for customer or user personal data to be handled, or where intel- lectual property rights (software, code, trade marks, etc) constitute a large part of a company’s value. Thus, if the company does not comply with the GDPR or does not own the intellectual property necessary for its business, it exposes itself to significant risks that few buyers are willing to take on. The issue of compliance is also becoming increasingly important, particularly since the introduction in 2016 of the obligation for certain companies to implement an internal compliance plan. 9.2 Technology Company Due Diligence In public M&A deals, most information is already avail- able through mandatory disclosures (financial reports, regulated announcements). However, in friendly trans- actions, additional information may be shared by the target company with all bidders in a data room, sub- ject to AMF guidance. Data room access must be limited to serious bid- ders under confidentiality agreements, the informa- tion shared must be strictly necessary, and any inside information must be restored in all material respects to the market via the offer documentation, ensuring equal treatment of competing bidders. 9.3 Data Privacy In France, data privacy regulations impose some con- straints on due diligence for technology companies. Applicable law establishes stringent requirements
137 CHAMBERS.COM
Powered by FlippingBook