NETHERLANDS Trends and Developments Contributed by: Herald Jongen, Maarten de Boorder, Samuel Garcia Nelen and Jelmer Kalisvaart, Greenberg Traurig, LLP
able. This is particularly important in M&A, where sus- taining the community and maintaining development momentum post-acquisition are key to the long-term success of the open-source project. In this respect, the academic track record in technology and the start- up scene is a key driver. It is essential to be aware of the risk of losing intel- lectual property (IP) and related value associated with using copyleft licences – eg, the GNU General Public License (GPL) and the Mozilla Public License (MPL) – which require that any software incorporating open-source code also be released under the same copyleft licence; this risks making the entire platform open source and available to others for free. This is an important topic for due diligence. Generally, if the answer to the question “do you use OSS?” is “no”, this should be cause for concern as, realistically, every company uses OSS. As part of due diligence in Dutch tech M&A, compa- nies must also ensure robust cybersecurity protocols around the use of OSS. With the rise of cybersecu- rity regulations like the EU’s Network and Information Security Directive 2 (NIS2) and the General Data Pro- tection Regulation (GDPR), companies in the Neth- erlands are under pressure to manage open-source vulnerabilities proactively. For example, any failure to patch known vulnerabilities or handle data breaches involving OSS can result in regulatory penalties. This has pushed companies to enhance their security audits of open-source components during the M&A process. Continued Regulatory Pressures Regulatory scrutiny has increased, particularly for larger tech deals, as Dutch authorities align with EU regulations to curb monopolistic behaviours and protect market competition. This has extended the timeline for larger deals and prevented some of these deals from proceeding. In 2024–25, an increasing number of jurisdictions subjected foreign and national investments to prior screening by means of a system known as “foreign direct investment screening”. On 1 June 2023, the Netherlands introduced its National Security Invest- ment Act ( Wet veiligheidstoets investeringen, fusies en
overnames , or the “NSI Act”), following the publication of two ministerial decrees: the Sensitive Technology Decree ( Besluit toepassingsbereik sensitieve technol- ogie ) and the Decree on Technical Aspects ( Besluit veiligheidstoets investeringen, fusies en overnames ). Based on this new legislation, investments that pose risks to Dutch national security can be blocked. The act is country-neutral and as such applies to Dutch, non-Dutch and non-EU investors. In essence, the NSI Act establishes a national security regime rather than a foreign direct investment regime. The NSI Act establishes a screening procedure for investments targeting vital providers, companies active in sensitive technology sectors and operators of business campuses. A company that operates, man- ages or makes available a service whose continuity is vital to Dutch society is considered a vital provider, such as key financial market infrastructure providers like significant banks, payment services providers and trading platforms, main transport hubs (Schiphol Air- port and the Port of Rotterdam), heat network and gas storage operators, and extractable energy and nuclear power companies. The NSI Act will have a substantial impact on acqui- sitions in the Netherlands, specifically acquisitions involving tech companies that are dealing with sensi- tive technologies. The screening can lead to delays in the acquisition timeline and may even be blocked by the Dutch authorities if it poses a risk to national security. It will require careful assessment of whether a transaction falls within its scope. Parties should expect an additional administrative burden and an impact on their transaction timetables if their M&A activities fall within the scope of the NSI Act. And this is especially true for companies that are active in the various Dutch tech sectors, as the Sensi- tive Technology Decree designates quantum technol- ogy, photonic technology, semiconductor technology and high-assurance products as “highly” sensitive. If an undertaking is active in these technologies, the relevant threshold for highly sensitive technologies is the acquisition or increase of “significant influence”: the possibility of the acquiring party exercising at least 10% of the votes at the general meeting. This espe- cially relevant for start-ups in highly sensitive technol-
209 CHAMBERS.COM
Powered by FlippingBook