BELGIUM Law and Practice Contributed by: Steven De Schrijver and Carl Dotremont, Allegiance Law
9. Due Diligence/Data Privacy 9.1 Due Diligence Process
New Digital EU Regulation The impact of the Digital Services Act and the Digital Markets Act will have to be assessed during the due diligence on targets subject to these new regulations. Attention should be paid to the EU’s Regulation 2024/1689 of 13 June 2024 laying down harmo- nised rules on artificial intelligence (the “EU AI Act”). Adopted on 13 June 2024, the EU AI Act entered into force on 1 August 2024, with a phased implemen- tation schedule. The regulation focuses on specific AI applications in particular contexts and categories based on risk to health, safety and fundamental rights. The impact of the EU AI Act will have to be assessed during the due diligence on targets subject to the new regulation. IP and privacy compliance will vary based on the risk level posed by AI, determining the specific Belgium’s Interfederal Screening Commission (ISC) – operational since July 2023 – has for the first time imposed remedial measures in three high-profile acquisitions involving non-EU investors (from Canada, China, and the United States) targeting critical sectors including space, software development/services and semiconductors. To avert risks to vital process conti- nuity, sensitive data/know-how leakage, and strategic dependencies, the ISC mandated safeguards such as third-party escrow of technology/source code, opera- tional continuity guarantees and compliance officer appointments – likely encompassing the early 2025 acquisition of Flemish IT powerhouse Cipal Schau- broeck (serving 276 local governments) by Canada’s Constellation Software via its Dutch arm. Amid 217 notifications to date (with 197 unconditional approv- als, zero prohibitions, and deal values surging to EUR7 billion in the latest year), sensitive information, digital infrastructure, and energy dominate, primarily from US/UK/Japan/Canada/China investors in Flanders – signalling a pro-investment yet security-first stance that tech M&A practitioners must navigate in 2026 via early ISC engagement and proactive mitigation. obligations for providers and users alike. Foreign Direct Investment Screening
Machine learning, deep learning, neural networks and other forms of artificial intelligence are often already an integral part of a target’s business operations when conducting technology M&A. When conducting the due diligence and drafting M&A documentation in relation to an artificial intelligence (AI) company, buy- ers should give special attention to IP protection of data sets and algorithms (eg, copyright, trade secrets and patents), ownership of intellectual property devel- oped by AI, ownership of content generated by AI, licensing issues, liability issues, regulatory, privacy and cybersecurity. Privacy is also, of course, essential (eg, transparency obligations). EU AI Act Attention should be paid to the European Union’s Regulation 2024/1689 of 13 June 2024 laying down harmonised rules on artificial intelligence, commonly known as the EU AI Act. This regulation aims to har- monise rules on artificial intelligence, emphasising ethics and EU values to foster the responsible devel- opment and use of AI technology. The application of the AI Act began in February 2025, with the first provi- sions becoming mandatory for businesses. Additional key regulations will follow in the months ahead, and the entire law will be applicable from 1 August 2026, except for certain high-risk AI systems. The timeline is as follows: • from 2 February 2025 – prohibitions on AI systems presenting unacceptable risks; • from 2 August 2025 – rules concerning general- purpose AI models come into effect, along with the designation of competent authorities in member states; • from 2 August 2026 – all other provisions, except those for high-risk AI systems, will apply; and • from 2 August 2027 – rules for high-risk AI systems listed in Annex I will be enforced. Compliance with the AI Act varies based on the risk level posed by AI systems, determining specific obli- gations for providers and users. The Act categories AI systems into four risk levels.
28 CHAMBERS.COM
Powered by FlippingBook