OVERVIEW

As companies and businesses incorporate artificial intelligence into their operations or are themselves built on the technology, prospective investors or buyers of these enterprises should include AI-specific inquiries into their routine financial, legal, and operational diligence in connection with the negotiation of any transaction. This diligence insight includes key considerations for how prospective investors and buyers can examine a business's AI use and practices. 

(1) DATA SECURITY & CONFIDENTIALITY

Both generative and agentic AI systems rely on a network of servers and access points, both internal and external, to function. 

Each deployment integration—like within email, word processing, and chat applications—involves transmitting data and information across these systems. In addition, agentic AI schemes typically permit the technology to access and manipulate, on command or automatically, a business's technology infrastructure. 

Prospective investors and buyers should understand a company's practices governing the company's use and integration of AI, including whether the company has up-to-date cybersecurity, document-access, and employee-training policies and procedures designed specifically for the technology.

These may include:

• Policies for double-checking AI outputs to prevent hallucinations.

• Cybersecurity measures and training targeted at deterring increasingly sophisticated phishing and other scams devised by bad actors also leveraging the technology.

• Ensuring standard document-access controls are mapped onto the company's AI portfolio to preclude unauthorized access to sensitive company materials like material nonpublic information (MNPI), trade secrets, ownership information, employment agreements, and other private materials.

• Where agentic AI is used, securing systems against prompt-injection vulnerabilities, which, if successful, can cause disclosure of confidential information or damage a company's internal systems.

(2) CURRENT & PROJECTED NEEDS

Using large language models generally requires purchasing a requisite number of seat licenses and also tokens, which are quantifiable units of measurement built into the pricing models of both subscription and pay-as-you-go plans.

The volume of token use will vary depending on a company's unique AI strategy and demands. Certain plans and software applications offer subsidized onboarding periods for licenses, tokens, or both, during which a company can implement AI generative and agentic systems at a promotional price that may not be indicative of future cost.

Financial models and diligence should include an understanding of how a company manages and projects costs and expenses associated with AI use, especially if promotional pricing is expected to expire or the company's future growth is anticipated to require additional tokens and/or seat licenses.

Diligence might also investigate third-party AI vendors to determine whether the vendors' own reliance on specific LLM models might have an impact on future end-user costs and AI access.

(3) RELIANCE ON SPECIFIC MODELS

If a company's business or back-end functions depend on particular LLM models, diligence should include:

• Whether the company has viable contingency plans in the event relied-upon models become generally unavailable or prohibitively expensive.

• Understanding user agreements and licensing plans for the deployed models to determine how contract changes (which in some instances may be made unilaterally by the provider) might have an impact on the business’s operations and financial outlook.

• Given the changing regulatory environment, how legislation and regulations in relevant jurisdictions might have a general impact on all LLM providers or a disproportionate impact on only certain ones.

Diligence of these matters should focus not only on the financial and practical effects of model irreplaceability, but also on the accuracy and speed of alternative LLM models as compared to those currently in use.

(4) MODEL & OPERATIONAL LIMITS

Some providers of AI services also require users to have enough quota, in addition to the required number of tokens, to perform AI functions. Providers implement quota requirements to manage limited resources, prevent the technology's use by bad actors, or both. 

Quota, which may be applicable even for access plans styled as "unlimited" or "enterprise," can limit a business’s access to AI functions at any given time. If the allotted quota is exceeded, processing functions may slow down or a less advanced model may be the only alternative.

Quota allotments come in a variety of forms: limitations on access to particular LLM models, restrictions on server processing in designated geographies, constraints on certain executory or command functions, and others. 

Diligence should include understanding whether a company's use of AI is dependent on quota allotments and, if so, how and when specific allotments apply, what happens if the allotments are exceeded, and the process (and, in some instances, costs) of acquiring additional quota.

(5) IP CONSIDERATIONS

Routine intellectual property diligence should include specific considerations relating to content generated by AI. In particular, the interplay between AI-generated content and traditional copyright law is a rapidly developing area of the law, both domestically and internationally, with jurisdictions taking a variety of different approaches that in some cases may conflict.

CONCLUSION

Due diligence of a business should include a validation of the long-term financial, legal, and operational stability of a company's AI systems.

EDUCATION & INFORMATION ONLY

This insight is provided by Conigliari PC for educational and informational purposes only and is not intended, and should not be construed as, legal advice. This insight may be considered advertising under applicable state laws.