Discussion: Tech due diligence code scans in M&A

Mar 7, 2024
min read

Last week, there was an interesting LinkedIn discussion about third party workstreams for M&A deals. Here are 4 key points that Sema founder and CEO Matt Van Itallie responded to the discussion:

  • Technical due diligence, looking at the code of software companies or companies with software assets, has changed significantly in the last few years and more change is on the way.
  • What began as a qualitative-only process has become enabled by quantitative code scans. Among sophisticated PE investors, for example, a code scan to look for Open Source legal risk is all but required.
  • Some investors have expanded diligence code scans beyond Open Source legal risk to encompass security, code quality, development process and team.
  • Looking ahead, GenAI will become a key part of technical due diligence. This will encompass both:

Risks from GenAI in the code itself. Just like Open Source, it's code not written by the internal team, and comes with great benefits but also IP / security/ maintainability risks; and

Regulatory / legislative risk. These span thousands of GenAI policies that are being proposed. Acquirers / Investors will need to understand how laws from the continental policy like the EU AI Act to state-level rules can affect the companies' ability to operate while powered by AI.

Have a question for Matt or our team at Sema? Drop us a note 👉 contact us here. Or feel free to connect with Matt on LinkedIn. 

Keeping track of global GenAI compliance standards 

Periodically, Sema publishes a no-cost newsletter covering new developments in Gen AI code compliance. The newsletter shares snapshots and excerpts from Sema’s GenAI Code compliance Database. Topics include recent highlights of regulations, lawsuits, stakeholder requirements, mandatory standards, and optional compliance standards. The scope is global.

You can sign up to receive the newsletter here.

About Sema Technologies, Inc. 

Sema is the leader in comprehensive codebase scans with over $1T of enterprise software organizations evaluated to inform our dataset. We are now accepting pre-orders for AI Code Monitor, which translates compliance standards into “traffic light warnings” for CTOs leading fast-paced and highly productive engineering teams. You can learn more about our solution by contacting us here.


Sema publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only. To request reprint permission for any of our publications, please use our “Contact Us” form. The availability of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.

Table of contents

Gain insights into your code
Get in touch

Are you ready?

Sema is now accepting pre-orders for GBOMs as part of the AI Code Monitor.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.