Heading into 2023, Asia’s tech scene is well-positioned for strong growth potential. As with any industry where advancement and innovation are outpacing regulation, the complex landscape can be difficult for businesses to navigate their operations, particularly in the Asia region where a universal approach does not fit. From adapting to new realities in emerging industries such as the metaverse and fintech; to compliance and commitment to environmental, social, and governance (ESG); to a heightened emphasis on national security in deal consideration, including sensitive personal data, global and domestic entities doing business in the region should be aware of key legal trends and regulatory developments in order to remain internationally competitive. In an article based on Morgan Lewis’ inaugural Asia Technology Innovation webinar series, we explore some of these pressing issues and provide some preliminary insights into what can be anticipated for Asia’s tech sector.
“Metaverse” is generally used to describe any virtual world where users can interact using digital avatars. There are seven layers to any metaverse: infrastructure, human interface, decentralization, spatial computing, creator economy, discovery, and experience (such as games, social interactions, esports, theater, and shopping). Users create an avatar and can then enter existing metaverses through a virtual-reality headset or from a computer, tablet, or phone.
China’s Regulatory Outlook
Like many jurisdictions globally, China recognizes the importance of developing its digital economy amid rapid developments around the world. Although it does not reference the metaverse directly, China’s Plan for Development of the Digital Economy includes terms and covers concepts that would be applicable to the metaverse, such as blockchain and virtual reality.
Singapore Regulatory Outlook
There has yet to be any targeted legislation addressing the metaverse; however, there are some regulations that would affect offerings made therein. For example, Singapore’s Remote Gambling Act explicitly prohibits online gambling. If online gambling operators set up a casino in the metaverse, they will need to consider steps to disable access by Singapore users to avoid contravening the law.
Looking Ahead in Asia
In five to 10 years, it is very likely that we will see additional legislation from the region relating to the metaverse and a possible convergence of approach as we learn more from what the metaverse has to offer and how it operates. It is also worth noting that “real-world” regulation, particularly in the financial services space, would likely be sought to be replicated in the virtual metaverse space.
With Forbes calling ESG factors the “biggest economic trend of 2021,” many technology companies are at an inflection point as they evaluate adopting a full suite of ESG strategies into their overall business plans. There is no one-size-fits-all approach for tech companies as executives evaluate the many factors related to ESG. With shareholder advisory firms, environmental groups, stakeholders, government regulators, lawmakers, rating agencies, and lenders more closely scrutinizing ESG-related everything, there are some key issues for tech companies to consider when adopting an ESG strategy.
The E: Environmental
The S: Social
The G: Governance
Tech companies play a unique role in this global transition to embracing ESG. It is not just that tech companies need to consider ESG as part of their own business strategies; the ESG movement needs tech companies to be successful. With a focus on digital transformation and IT innovations in order to meet ESG objectives, new technology will be the lynchpin for nearly all companies to improve their products and processes to meet ESG commitments.
Comprising tiers of specialized IP courts within its court system, China has bifurcated judicial and administrative proceedings for those seeking to protect and enforce against a patent infringement. The judicial route is more commonly used first, in which a case would pass through the Intermediate People’s Courts, High People’s Courts, and ultimately the Supreme People’s Court.
The administrative route operates through a local IP office or, if the case is of national significance, the China National Intellectual Property Administration to request administrative enforcement, such as requests to cease infringement and to issue administrative penalties, but notably no damages are awarded through this route. A patentee or an interested party may take the administrative route first and then the judicial route, but they cannot be undertaken concurrently. An administrative proceeding is much shorter and cheaper than a judicial proceeding. Trends drawn from recent cases in China include:
Patent Litigation
Trade Secrets
Key cases have considered whether a licensee can disclose or use trade secrets after the confidentiality period stipulated in a license agreement expires, as well as the use of customer information by ex-employees in divulging business secrets of their former employers.
Copyright
Some interesting cases have come to light in the copyright space, including the violation of a general public license agreement by abusing open-source code; emphasizing the importance of understanding, monitoring, and tracking an open-source software license; and selecting the one that best suits a business. In addition, in relation to copyright protection sought for gaming maps, it was found by the courts that a game map can be protected as a graphic work, as can its game scene thumbnail, and that the spatial layout structure of a game is the core offering in many cases, especially for shooting games.
Trademark
In 2021, there were some significant rulings in the trademark sphere, ranging from disputes relating to packaging look and feel to the use of certain terms to describe food and beverages. Each provided important guidance for those seeking to enforce on grounds of trademark infringement.
Multinational tech companies handle significant amounts of often potentially sensitive personal data. The three most critical legal frameworks for data protection affecting global tech companies in China are the Cybersecurity Law (CSL), which took effect in 2017, and the Data Security Law (DSL) and Personal Information Protection Law (PIPL), both of which took effect in 2021. These laws demonstrate the Chinese government’s aim in enhancing data protection supervision, specifically with respect to data that will impact data security and national security. Over the last year, a series of guiding regulations and national standards have been rolled out, further clarifying the new regulatory requirements. This includes most recently the Security Assessment Measures for Cross-Border Data Transfers. Effective from September 1, 2022, these apply to corporations transferring data from China to overseas countries/regions, with a six-month grace period for companies to take remedial actions to complete the government security assessment as required.
Issues Affecting Multinational Technology Companies
Proactive Steps to Mitigate Compliance Risks
There are many international and Asia-based investors looking to invest in companies in the United States for both strategic and commercial reasons, and in return they offer attractive sources of funding. Often, financial investments are coupled with strategic partnerships, including licensing, collaboration, and co-development agreements; and joint ventures, with the aim of growing into a market and acquiring technology, products, and talent abroad. US government examination of such investment has been on a steep rise, which seems unlikely to change in the near future.
Due Diligence
Against an increasingly complex US regulatory landscape, it is critically important for foreign investors and their counsel to carefully assess the multiple regulatory regimes that could potentially apply to a transaction. Foreign investors should also consider issues that are likely to be of interest to regulators, including an investment’s source of funding, financial and commercial resources, ownership and control, investment authority, reputation, and regulatory status—for example, whether it is subject to any US sanctions or export restrictions or was a company of concern in prior Committee on Foreign Investment in the United States (CFIUS) filings.
Export Control, Sanctions, and FCPA Compliance
It is key to understand the export-control status of any technology or equipment that might be exported as part of a transaction. Note that exports can be made in the United States by giving a non-US investor or its representatives access to certain technology in the United States. So-called “deemed exports” can occur with hiring non-US citizen or permanent-resident alien employees. Sufficient lead time should be allowed for obtaining any required export licenses. As part of the assessment, a foreign investor should also confirm that it is not subject to US sanctions or export restrictions by reference to various US government lists (e.g., the Consolidated Screening Lists).
Because certain foreign investors are government-owned and controlled, and their representatives are considered foreign government officials, due diligence should also include an assessment of any FCPA risks in any transaction. With transactions that involve strategic partnerships that go beyond a straight investment by a foreign investor in the US company, care must be taken by the US company so that no funds transferred to the foreign investor or its representatives violate the FCPA antibribery provisions or will be used by the foreign investor or its representatives in violation of the FCPA with respect to foreign government officials.
US Government Restrictions
If the US company has any grants, contracts, or other sources of funding from the US government, there may be further compliance obligations. US government rights under the Bayh-Dole Act may also require manufacturing in the United States, although waivers may be granted in certain situations.
The US government is increasingly using federal assistance as a means of ensuring domestic production and supply. One recent example is the CHIPS and Science Act, which requires that any US semiconductor company that receives federal financial assistance under the CHIPS Act must notify the Department of Commerce and seek clearance of any significant transactions involving the material expansion of semiconductor manufacturing capacity in China.
CFIUS
A key focus of FIRRMA, the latest comprehensive amendment to national security reviews adopted in 2018, is Technology, Infrastructure, and Data businesses. It is important for international investors in US companies to determine whether the US companies have “critical technology,” “critical infrastructure,” or “sensitive personal data” for CFIUS purposes. With respect to sensitive personal data in particular, even if it is not a core part of the business, data is an increasingly prevalent part of many businesses, and it should be assessed to determine whether data, even if collected and maintained incidental to a company’s business activities, triggers CFIUS jurisdiction.
Recent statistics released by CFIUS suggest an increased use of the new, streamlined Declaration process for lower-profile, noncontroversial cases, including ones for which a mandatory filing is required but the parties do not anticipate any national security concerns. In 2021, almost three-quarters of Declarations received CFIUS clearance.
Although CFIUS has reportedly been devoting increased resources to “non-notified” transactions, in 2021 CFIUS only reached out to parties in 135 transactions, and, of those, only pulled eight in for review. However, companies still need to carefully consider their potential liability for not filing in a transaction subject to CFIUS jurisdiction and assess both the risk of CFIUS pulling in the transaction and the potential remedies that CFIUS might seek, which could include mitigation or divestment.
Contractual language can be included to address CFIUS issues, and various strategies may be developed to address CFIUS concerns.
Outbound Investment Review
Although the outbound investment review process contained in the America COMPETES Act was not ultimately included in the CHIPS and Science Act, both Congress and the executive branch remain interested in reviewing US outbound investment for national security risk. If Congress does not include outbound investment in other legislation, the White House may unilaterally establish such a regime through an executive order. While such a regime would be carefully scoped, it would still be a significant change and would open up large numbers of transactions to new regulatory review.
Conflict often arises in the venture capital sector when there is a fundamental mismatch between expectations between investors, management, and/or the founder of the company. This could be driven by a number of factors such as an investor’s lack of deep knowledge of a startup company; lack of trust in the broadest sense, not just relating to competence or business acumen, but in the sector; and jurisdictional expertise of a founder or investor. Founders can also sometimes feel there is excessive management oversight, and founders actively try to curtail investor control due to the investors’ lack of understanding of the business and its aims.
Typical disputes tend to occur when investors would like to remove the founder and replace management. There might be an investigation into misconduct if the founder has fraudulent accounts, which is often a reason for conflict. Convertible loan defaults and breaches of contract or fiduciary duties are also common reasons for disputes. Business entities should consider some risk-mitigation tools:
Mergers and acquisitions (M&A) activity in Asia’s technology sector raises unique considerations for both buyers and sellers around deal structure and regulatory nuances that various sectors and jurisdictions present. Those related to the financial sector, e.g., insurtech and fintech businesses, tend to be highly regulated and may come with additional oversight. With governments stepping up deal intervention on the grounds of national security, the likelihood of regulation increases.
Sometimes the end goals of respective parties do not align, making certain deals unviable. It is important to conduct thorough due diligence to ensure both buyer and seller are on the same page.
Below are some specific due diligence considerations:
Data Privacy
Intellectual Property
Open-Source Code
Employees
For those engaged in Asia’s technology scene, there is a great deal of opportunity but much yet to navigate on the regulatory front. It is therefore prudent to fully understand the jurisdiction and sectoral nuances before diving in.