BELGIUM Law and Practice Contributed by: Steven De Schrijver and Carl Dotremont, Allegiance Law
• Unacceptable Risk Level – AI systems that violate EU fundamental rights and values are fully prohib- ited. • High-Risk Level – AI systems impacting health, safety and fundamental rights are permitted but must meet additional obligations. Providers must conduct conformity assessments, establish risk management systems, adhere to data governance requirements, maintain technical documentation, keep records and provide information to deployers. • Transparency Risk Level – AI systems at risk of impersonation, manipulation or deception are subject to specific information and transparency requirements. • Minimal Risk Level – Common AI systems posing minimal risks to safety, health and fundamental rights have no specific obligations or regulations. Internet of Things and Autonomous Driving Internet of things (IoT) devices often contain compo- nents of different manufacturers. They are often low- price devices with low levels of security. So, when acquiring manufacturers or operators of IoT devices buyers should properly review liability, intellectual property, privacy, IT security and consumer protection (such as the new digital sales rules) issues. However, the IoT could also raise additional environmental (eg, waste management) or health and safety issues. Key technologies relating to autonomous or semi- autonomous driving include, among others, auto- mated automotive technologies, collision avoidance technologies, artificial intelligence and machine learn- ing. When acquiring companies in this field, sellers should focus on the ownership of these technolo- gies (eg, patents, trade secrets), ownership of data, regulatory issues (eg, government authorisations, test results) and insurance. Data If a target is involved with big data, the seller should, during its due diligence, prioritise the following areas of the target’s business operations related to informa- tion and its related risks and liabilities:
• regulatory inquiries; and • insurance policies covering information-related topics (including data breach and infected system issues). FDI The Belgian FDI screening mechanism became effective as of 1 July 2023. During the due diligence, whether the transaction at hand would fall under the scope of the FDI regime (see 7.3 Restrictions on For- eign Investments ) should be assessed. 9.2 Technology Company Due Diligence Public M&A In the context of a recommended bid, it is advisable – albeit not mandatory – to undertake due diligence before initiating a public takeover bid, particularly to validate the bid price. This process includes releasing an information memorandum on the target, conduct- ing management presentations, and reviewing spe- cific documents accessible through a data room. The target board has the authority to decide when and what information about the target will be disclosed, taking into account factors such as the corporate interest of the target, confidentiality obligations, equal treatment of shareholders, and considerations related to insider dealing and competition. If the target board is hesitant to disclose sensitive information, it can opt for vendor or third-party due diligence, ensuring that the same information is provided to any competing bidder per the Takeover Decree. Bidders are cautioned against obtaining insider deal- ing information and, if acquired, it must be disclosed in the prospectus. In the case of a hostile bid, the bidder typically relies on publicly available information in order to decide whether to proceed with the bid. Private M&A Due diligence in technology M&A transactions – par- ticularly with regard to IP assets, privacy and cyber- security concerns – is crucial for acquiring technology companies. Emphasis is placed on analysing owned and third-party IP, IP disputes and IT assets. The review includes a focus on IP ownership under Belgian copyright law, recognising that software pro-
• data privacy; • data security; • information governance;
29 CHAMBERS.COM
Powered by FlippingBook