Technology M&A 2025

DENMARK Trends and Developments Contributed by: Simon Milthers, Thomas Bøgedal Kristiansen, Mikkel Friis Rossa and Emil Steenberg, Bech-Bruun

NIS2 compliance is expected to be a critical focus during due diligence in M&A transactions. Essential entities may face fines of up to EUR10 million or 2% of their total annual global turno- ver for non-compliance with NIS2. Important entities are subject to fines of EUR7 million or 1.4% of their annual global turnover. Competent supervisory authorities are authorised to con- duct on-site inspections, ad hoc audits, security scans and other checks on entities within NIS2’s scope. Authorities may also suspend services or activities carried out by the company in question in cases of non-compliance. Additionally, the Digital Operational Resilience Act (DORA) regulates the EU’s financial sec- tor and ICT service providers, requiring robust governance frameworks to manage ICT risks (including incident management and technology testing). DORA also mandates that third-party ICT suppliers meet information security stand- ards through contractual assurances. Failure to comply with DORA can, much like NIS2, result in significant penalties. This high- lights the importance of meeting new cyberse- curity standards that are critical for businesses in affected sectors. As the regulatory framework evolves, companies should begin preparing for the impact of these regulations to ensure they are ready to meet the new compliance requirements when they come into effect. Leveraging data Data is a crucial resource in today’s digital econ- omy. The Data Governance Act ( Forordning om datastyring ), effective as of September 2023, facilitates data sharing across sectors and EU countries. The Data Governance Act clarifies the

conditions under which data can be used and shared, promoting innovation and collaboration. In addition, the Data Act – applicable in Septem- ber 2025 – complements the Data Governance Act, creating a robust legal framework for data management within the EU. The Data Govern- ance Act established processes and structures to promote voluntary data sharing. In contrast, the Data Act specifies who can derive value from data and under what conditions, setting clear and fair rules to support a trusted and secure data economy. Together, these regulations aim to foster an internal EU data market, benefiting sectors across the economy and areas of pub- lic interest by facilitating fair access to and use of data – ultimately advancing Europe’s digital transformation. The foregoing will be supplemented by the EU’s Cyber Resilience Act, which seeks to establish the foundational requirements for the creation of secure digital products. These include obligat- ing manufacturers of both hardware and soft- ware products to prioritise security throughout the entire life cycle of their products in order to minimise vulnerabilities. For tech companies, the ability to leverage data effectively is becoming increasingly important. M&A transactions will likely focus on companies with valuable data assets, particularly in sectors such as healthcare and life sciences where data utilisation can drive significant advancements. Embracing SaaS and PaaS models A key trend in the M&A market is the increasing relevance of software as a service (SaaS) and platform as a service (PaaS) models. SaaS and PaaS models are characterised by their recur- ring revenue streams and the provider’s ability to introduce updates and changes to the servic-

138 CHAMBERS.COM

Powered by