Technology M&A Comparative Guide

1. Legal and regulatory framework

1.1 Which legislative and regulatory provisions govern M&A activity in your jurisdiction?

The key laws governing M&A activity involving Cyprus companies are:

• the Companies Law (Cap 113), which forms the backbone of Cyprus company law and governs, among other things, share transfers, mergers, divisions and other corporate reorganisations of Cypriot public and private companies and cross-border mergers;
• in connection with public companies listed on the Cyprus Stock Exchange (CSE) or other regulated markets in Cyprus:
• • the Takeover Bids Law (41(I)/2007) (as amended); and
  • other laws and regulations which are relevant to public and/or listed companies, including:
  • • the Transparency Requirements (Securities Admitted to Trading on a Regulated Market) Law (190(I)/2007); and
    • the Cyprus Securities and Stock Exchange Law (14(I)/1993);
• the Control of Concentrations between Undertakings Law (83(I)/2014) ('Merger Law'), which implements EU merger control principles at the national level;
• in connection with the safeguarding of employment rights in business transfers, the Preservation and Safeguarding of Employees' Rights in the Event of Transfers of Undertakings, Businesses or Parts of Undertakings or Businesses Law (104(I)/2000);
• relevant tax laws and regulations – including, in connection with local and cross-border mergers, the Income Tax Law (118(I)/2002);
• sector-specific laws and regulations, which may impose additional approvals or restrictions for specific industries (eg, banking, insurance, energy and education); and
• general principles of contract law (as codified under the Contracts Law (Cap 149)), which govern key transaction documents including share or asset purchase agreements, shareholders' arrangements and related documentation.

1.2 What special regimes apply to technology M&A transactions in your jurisdiction?

There is no bespoke legal regime applicable to technology M&A transactions.

However, in the context of legal due diligence of technology companies and the implementation of tech M&A deals, specific attention should be paid to IP law, data protection, IT and cybersecurity issues relevant to the target and other applicable laws and regulations.

Tech firms may also be subject to specific technology-related regulations, including in connection with digital security, such as the EU Regulation 2022/2554 on digital operational resilience for the financial sector, and the Security of Networks and Information Systems Law (89(I)/2020).

Finally, the structuring of technology M&A transactions merits consideration of tax-specific provisions which may be relevant (please see question 9.1).

1.3 Which bodies are responsible for supervising M&A activity in your jurisdiction? What powers do they have and what kinds of transactions do these powers apply to?

The main authorities responsible for supervising M&A activity in Cyprus are:

• the Registrar of Companies, which maintains the public register of private and public companies;
• the CSE for listed companies;
• the Cyprus Securities and Exchange Commission (CySEC), which is tasked with the supervision of the public takeover bid process;
• the Commission for the Protection of Competition (CPC), which is responsible for: enforcing the Merger Law and approving (conditionally or unconditionally) concentrations that meet or exceed the statutory jurisdictional thresholds. Transactions that meet the thresholds prescribed under the EU Merger Regulation (139/2004) are instead notifiable to the Directorate for General Competition of the European Commission; and
• other authorities which play a role in the regulation of M&A activity in specific sectors – for example:
• • the Central Bank of Cyprus for acquisitions in the banking and payments sector; and
  • CySEC for other fintech entities (eg, investment firms and crypto-asset service providers).

1.4 Does the government have the power to intervene in technology M&A transactions in your jurisdiction? If so, what is its general approach in doing so?

The CPC has the power to investigate and approve concentrations that meet or exceed the statutory jurisdictional thresholds.

Furthermore, other government authorities may play a role in the regulation of M&A activity in specific sectors (eg, banking and financial services, insurance, energy and education).

Additionally, M&A transactions involving the acquisition of land by non-EU nationals in Cyprus may require the prior approval of the Council of Ministers (Immovable Property (Acquisition by Aliens) Law (Cap 109).

Finally, the Council of Ministers has a residual power to limit direct investments by:

• EU nationals (whether natural or legal persons) into Cyprus where restrictions are imposed on account of public order, national security, national health, or restricting or prohibiting the manufacture or trading of weapons, firearms or other warfare materials; and
• non-EU foreign nationals, on the basis of policy considerations.

We are not aware of instances where this discretionary power has been exercised to limit such investments, including in the field of tech M&A.

As yet, Cyprus has not introduced a national screening mechanism for foreign direct investment as required under EU Regulation 2019/452, although a new bill for its implementation has been submitted to the Cyprus parliament for discussion and voting.

2. Deal structure

2.1 How are technology M&A transactions typically structured in your jurisdiction?

Tech M&A transactions in Cyprus follow standard acquisition structures and typically involve the sale and purchase of shares in a Cypriot tech company. This effectively results in the transfer of all assets and liabilities and allows for business continuity, ease of transfer and the retention of valuable assets (including intellectual property, customer contracts and regulatory licences).

Alternatively, and less commonly, the parties may opt for a business or asset sale – especially where the buyer is only interested in a specific business line or wishes to 'cherry pick' specific assets (eg, software, data, or technology infrastructure) while avoiding legacy liabilities. Asset sales or contributions are often more relevant in the implementation of tech joint ventures.

Finally, in certain cases, the deal may be implemented through a court-sanctioned corporate restructuring (merger, division or other corporate reorganisation) pursuant to Articles 198-201 or a court-approved merger and/or division of public companies pursuant to sections 201A-201H of Companies Law.

The structure will depend on various considerations, including, the parties' strategic objectives, tax considerations, and regulatory requirements.

2.2 What are the potential advantages and disadvantages of the available structures?

A share sale is the most straightforward structure to ensure business continuity and acquire the entire business – including contracts (subject to change of control provisions, negative covenants or similar restrictions), intellectual property and employees – without the need to follow specific formalities for individual assets. However, the buyer inherits all known and unknown liabilities, so a comprehensive due diligence exercise is required – both to:

• ensure the pricing in of risks and/or appropriate contractual protections and the allocation of risk; and
• prepare for post-completion regularisation of identified issues and integration.

In a business sale, the buyer can focus on specific business units or assets (eg, software, data, technology infrastructure or customer contracts) that it wishes to acquire and carve out unprofitable or unwanted business lines or liabilities. However, to 'perfect' an asset sale, the parties will need to adhere to various contractual and/or legal formalities for the valid transfer of specific assets, including:

• assignment or novation of specific contracts;
• third-party consents for key commercial agreements;
• registration procedures for intellectual property; and
• special formalities for real estate.

This renders asset sales complex, time consuming and administratively burdensome. Furthermore, asset sales may trigger higher tax liabilities and detailed tax advice is recommended.

Finally, court-approved corporate restructurings, such as schemes of arrangement, may be appropriate for large or contentious transactions and have the advantage of being binding on all shareholders and creditors once approved. However:

• they are procedurally complex, costly and time consuming;
• the prescribed process involves court hearings and formal shareholder and creditor meetings, which may not suit fast-moving tech transactions; and
• court approval is not guaranteed.

2.3 What formal and substantive requirements must be met to transfer legal title to assets and shares in a technology M&A transaction?

For a share sale, the following formalities are required:

• execution of the instrument of transfer by both parties and delivery to the target's directors;
• delivery of share certificates or indemnity for lost share certificates for cancellation and issue of new share certificates; and
• registration of the transfer in the company's register of members.

Substantively, the parties must:

• comply with any restrictions set out under the target's articles of association (eg, waiver of pre-emption rights); and
• consider any mandatory and/or suspensory regulatory consents required.

Implementation or completion of an asset sale under a business sale agreement involves the assignment or transfer of legal title to each asset individually and in line with requirements prescribed by law, including:

• assignment or novation of specific contracts;
• for real estate, formal transfer deed and registration at the Land Registry;
• for the transfer of patents and trademarks, registration with the IP Section of the Registrar of Companies by submission of the appropriate statutory filings (Form Π.3 for patents and Form Ε.Σ 10 for trademarks); and
• for data, compliance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws and consideration of any required consents.

2.4 What specific considerations should be borne in mind in relation to cross-border technology M&A transactions?

Cross-border technology M&A transactions involving Cyprus entities raise various legal and regulatory considerations including, most relevantly:

• obtaining jurisdiction-specific legal advice in connection to:
• • legal due diligence (with a particular focus on IP rights, given that a significant portion of the assets in a technology target may comprise patents, trademarks, copyrights and software); and
  • completion of the deal and compliance with formal and substantive requirements prescribed under local law (and, where appropriate, in the case of intellectual property, EU or international registries);
• carrying out an appropriate merger control filing scoping and, if required, jurisdictional analysis; and
• considering:
• • foreign direct investment screening regimes;
  • sector-specific approvals; and/or
  • any applicable sanctions or restrictive measures.

Furthermore, in a cross-border technology M&A transaction, there may be increased risk regarding both cybersecurity and data protection. Accordingly, the buyer should carefully assess the target's cybersecurity measures, and compliance with the GDPR and the data protection laws of specific jurisdictions (including for transfers of data).

Finally, for the purposes of structuring, tax input will be required from relevant jurisdictions, including vis-à-vis the applicable IP regime in Cyprus, and in the context of Cyprus' extensive tax treaty network.

3. Due diligence

3.1 What due diligence should the acquirer conduct into the following aspects of a technology target?

1. Intellectual property (registered and unregistered): Verification of ownership and scope of IP rights and, where applicable, registration; objections or oppositions; details of actual or threatened infringements; licence arrangements and software escrow agreements (if any); ownership of IP / assignments from employees and contractors.
2. Software: Confirmation of the development process; review of development agreements and maintenance and/or service level agreements; licence agreements / third-party dependencies and compliance with licence terms; use of open-source code (and licence terms).
3. Cybersecurity: Review and evaluation of IT and cybersecurity policies and systems; penetration testing, business continuity and disaster recovery plans; review and evaluation of past breaches and incident response protocols.
4. Data protection/privacy: Verification of compliance with the General Data Protection Regulation (GDPR) and applicable laws (including, inter alia, appointment of data protection officer, policies, consents, legal bases for data processing, data sharing arrangements, data transfer agreements, record of data processing activities); review of data protection impact assessments (if available); complaints from data subjects and past breaches and/or administrative fines; correspondence with the Office of the Commissioner for Personal Data Protection and other public authorities.
5. Financial: Review of existing debt financing and security documentation; guarantees and indemnities provided to or for the benefit of third parties; review of audited accounts to analyse revenue streams and key contracts.
6. Employment: Review of senior management and key personnel employment terms; template service contracts across employee categories and sample review; IP assignments / ownership; employee incentive plans (including stock option plans); ongoing or threatened labour disputes.
7. Tax: Verification of compliance with tax obligations (including due and proper submission of tax returns and filings); identification of potential tax exposures and risks.
8. Environmental, social and governance (ESG): Verification of compliance with obligation to prepare and review of corporate governance reports and/or sustainability-related disclosures (as applicable); compliance with applicable environmental laws and regulations; review of governance structures.
9. Litigation: Review of actual or threatened material third party disputes (including IP, employment or regulatory disputes); historical disputes, arbitrations or regulatory investigations and trends.
10. Other: (i) Review of material contracts for, inter alia, change of control clauses, exclusivity, pricing and termination rights; (ii) review of licences / authorisations and regulatory checks (if applicable); (iii) merger control desktop review and anti-trust compliance; (iv) analysis of other material commercial contracts to ensure business continuity (e.g., cloud computing and other SaaS arrangements); (v) evaluation of hardware / moveable assets, as well as websites, social media and domain names.

3.2 How is technology used to facilitate due diligence in a technology M&A transaction?

Virtual data rooms (VDRs) have become standard practice for M&A transactions in general and technology deals in particular. Parties share confidential documents and information via secure cloud-based VDRs which offer, among other things:

• protection of confidential or sensitive data (including through multi-factor authentication, permission controls (for full or read-only document access) and print restrictions);
• audit trails with timestamps for document uploads or modifications; and
• automated file categorisation features.

The utilisation of user-friendly VDRs is crucial for the streamlining and time-effectiveness of the due diligence phase.

Law firms are also investing in AI-powered tools (in-house development or licences) for purposes such as, assisting in large volume contract review, locating specific clauses (eg, on IP rights, GDPR or change of control), categorising documents, and conducting high-level analysis of large volumes of agreements for scoping purposes. However, the use of such tools is not yet routine in Cyprus.

3.3 What concerns, considerations and best practices should the acquirer bear in mind when conducting due diligence in a technology M&A transaction?

The buyer should engage legal, financial, tax and, where appropriate, commercial and/or technical advisers (including vis-à-vis commercial concerns such as scalability or market differentiation and, if relevant, post-closing integration) with specific prior experience in technology M&A transactions. Buy-side advisers should be coordinated and share findings. The buyer should agree the due diligence scope (including materiality thresholds) promptly and identify key concerns (which should include key commercial contracts and change-of-control provisions, ownership, registration and protection of IP and licences, use of open-source software, cyber security and data protection, and, if applicable, regulatory approvals). Best practice includes ensuring access to complete and well-organised documents and managing follow-up Q&A rounds and management sessions. Diligence findings should be properly recorded, and the buyer should ensure that each adviser delivers appropriate and realistic recommendations in connection to each finding (including through valuation and pricing, deal structure and contractual protections).

4. Stakebuilding

4.1 Can the acquirer build up a stake in a technology target before and/or during the deal process with a view to increasing its prospects of success? If so, what disclosure obligations apply in this regard?

Yes, stakebuilding is generally possible but specific disclosure requirements and restrictions may apply.

Indicatively, in the context of public takeovers (falling within the scope of the Transparency Requirements (Securities Admitted to Trading on a Regulated Market) Law), any investor whose voting rights in a relevant listed issuer reach, exceed or fall below the thresholds of 5%, 10%, 15%, 20%, 25%, 30%, 50% or 75% may be required to submit a relevant notification to both the issuer entity and the Cyprus Securities and Exchange Commission (CySEC). In addition, mandatory takeover obligations under the Takeover Bids Law may be triggered where certain applicable ownership thresholds are exceeded.

Separately, in line with European-wide transparency requirements, certain limited information in relation to persons that have accumulated an ownership interest of more than 25% in a Cypriot company may need to be included in the Register of Beneficial Owners maintained by the Registrar of Companies.

4.2 What other legal and regulatory considerations should be borne in mind in relation to stake-building in a technology target?

As referenced in question 1.3, acquisitions of qualifying shareholdings in regulated targets may require additional approval from a relevant competent authority (eg, the Central Bank of Cyprus or CySEC).

Additionally, if the stake building meets jurisdictional turnover thresholds under the Control of Concentrations between Undertakings Law or the EU Merger Regulation and results in a concentration of qualifying significance, it must be notified to the Commission for the Protection of Competition (or the European Commission) and clearance must be obtained for the transaction to proceed.

5. Representations and warranties

5.1 What representations and warranties are typically made in technology M&A transactions in your jurisdiction?

As is common for all M&A transactions, buyers will demand customary fundamental warranties on title, authority and capacity. Additionally, buyers may expect a full suite of business representations and warranties which will form the basis of risk allocation (subject to negotiated limitations including time limits, de minimis thresholds, baskets and caps) and, additionally, will drive disclosure from management and the sellers. Furthermore, buyers may require additional bespoke business warranties or specific indemnities depending on the target's sector or organisational features, as well as to protect against specific risks identified during the due diligence exercise (especially to the extent such risks are not priced in).

In technology deals, buyers will be particularly focused on specific protections in connection with:

• IP rights and ownership;
• cybersecurity;
• information technology, software and databases;
• data protection;
• compliance with applicable laws and regulations; and
• compliance with licence terms.

5.2 Does the survival period of representations and warranties vary depending on the type of representation or warranty?

Typically, yes. Commonly, buyers will insist on fundamental warranties (title, authority and capacity), tax warranties (and, if applicable, the tax covenant) and, if possible, any specific indemnities to be subject to statutory time limits only (broadly, six years under the Limitation of Actionable Rights Law 66(I)/2012).

For other business representations and warranties, claims are typically time barred by contractual time limits of 12 to 36 months (often linked to the buyer having sufficient cover for one or two full audit periods post-completion).

Survival periods are negotiated and are a relevant factor in the final agreement for risk allocation between the parties.

On this basis, they may also be influenced by the availability of warranty and indemnity (W&I) insurance.

5.3 What are the typical consequences of breach of the representations and warranties in a technology M&A transaction?

A breach of representations and warranties typically entitles the buyer to seek contractual remedies, most commonly indemnification for losses suffered. Damages are the typical remedy for a breach of warranty to put the aggrieved party in the position it would have been in had the warranty been true (eg, by reference to the impact on share price). The measure of loss typically includes direct financial damages and may extend to cover costs of investigation, mitigation, or third-party claims.

Losses may also be extended to cover indirect or consequential damages or loss of profit whereas, in some cases, buyers may insist on recovery on an indemnity basis. The extent of recovery is typically subject to negotiated limitations such as time limits, financial thresholds (de minimis and baskets) and financial caps, although in certain cases (eg, fraud), the limitations will not apply. Furthermore, a breach of representation may give rise to a tortious claim, as well as, in certain cases, right of recission to set aside the contract and, therefore, gives buyers flexibility in enforcement and remedies.

Finally, if W&I insurance is in place, recovery may be sought under the policy, though certain exclusions may apply.

5.4 What are the prevailing trends with regard to the use of representation and warranty indemnity insurance in technology M&A transactions in your jurisdiction?

W&I insurance is not customary or widely used or available in Cyprus. However, there is a clear advantage in the use of W&I insurance and, for mid to high value transactions, it may be an efficient way to bridge the gap between buyers requiring increased warranty protection and sellers seeking a clean exit (including by reducing escrow or withheld consideration and limiting post-closing exposure).

Further, in startups or early-stage tech companies, where founders may remain vested in the target, W&I insurance may be a helpful tool to minimise potential disputes and, ultimately, a breakdown in relationships. Finally, buy-side W&I insurance may be a useful tool to enhance competitiveness in auction processes.

The availability and terms of W&I insurance will vary depending on various factors including:

• local and/or international insurers' risk appetite to underwrite Cyprus deals;
• transaction size;
• target industry; and
• the quality of the due diligence exercise.

The involvement of insurers may lengthen and complicate the due diligence exercise and contract negotiations and, accordingly, early engagement is recommended. Further, although W&I insurance is becoming increasingly sophisticated and capable of underwriting tech-specific risks or even providing cover in high-growth sectors (eg, AI), exclusions may apply (including with regard to known issues, data breaches and forward-looking statements).

6. Deal process

6.1 What documents are typically executed in the initial preparatory stage of an M&A transaction?

The main documents typically executed at the initial stages of an M&A transaction are:

• a confidentiality agreement (non-disclosure agreement (NDA)) to protect sensitive information during preliminary discussions and due diligence;
• engagement letters with buy-side advisers and scoping;
• an exclusivity agreement;
• in competitive auction processes, a process letter setting out the terms of engagement, timelines, and document requirements; and
• a non-binding offer letter and/or heads of terms setting out the main terms of the transaction, such as purchase price, consideration, payment mechanics, conditionality, and other key commercial terms and timeline.

6.2 Are pre-signing market checks required in your jurisdiction?

There are no statutory requirements for pre-signing market checks in Cyprus.

6.3 Are pre-signing exclusivity agreements typically entered into in your jurisdiction?

Exclusivity arrangements are common in private M&A transactions in Cyprus, including in the technology sector. They are especially frequent in high-value transactions or where sophisticated buyers are involved and committing significant time and resources to due diligence and negotiations. Exclusivity arrangements (whether as binding provisions within a memorandum of understanding or term sheet or as standalone exclusivity letters) restrict the seller from running parallel due diligence exercises or negotiations with other prospective buyers for a defined period (typically ranging from one to three months, as appropriate for size and complexity of transaction).

6.4 Are break fees permitted in your jurisdiction? If so, under what conditions will they generally be payable? What restrictions or other considerations should be addressed in formulating break fees?

Break fees are not expressly prohibited by statute, but they are not common and are more relevant in public or high-value private M&A transactions.

Break fees are generally payable to one of the parties if a specified event materialises which prevents the transaction from proceeding – for example, breach of exclusivity, acceptance of a competing offer, or failure to obtain shareholder approval.

To be enforceable, the fees must represent a genuine pre-estimate of loss (due diligence costs and adviser fees, management time and other economic loss). A high or punitive break fee or otherwise a break fee structured as a penalty may be challenged or deemed unenforceable. Furthermore, break fees should be structured to avoid deterring competing bids where regulatory or fiduciary considerations apply.

Finally, to the extent that break fees are payable by the target itself, parties should also consider whether payment of break fees would constitute unlawful financial assistance (which would render the arrangement void and unenforceable), and if so, whether it is capable of being approved by a whitewash resolution.

When formulating break fee provisions, the triggers, timing and payment mechanics should be carefully defined. When acting for a seller, it may also be worth considering whether reverse break fees should also be payable, for example for failure to obtain regulatory approval or failure to secure financing (although, in the context of an auction process or initial negotiations, it may be more appropriate for the seller to request evidence of the financing commitment (eg, equity commitment letter or debt commitment papers).

6.5 What valuation methods are typically used in technology M&A transactions in your jurisdiction?

Technology companies are typically valued using a combination of approaches such as:

• EBITDA multiples (for mature or revenue-generating businesses);
• discounted cash-flow analysis where future cash flows are material and predictable; or
• for earlier-stage or high-growth tech companies:
• • revenue multiples;
  • user-based metrics;
  • projected exit value discounted to determine current pre-money valuation (venture capital approach); or
  • benchmarking against market peers.

Asset-based valuation is typically not appropriate for tech M&A transactions.

Valuation will depend on various factors, such as:

• the stage and nature of the target;
• the market segment in which the target operates (eg, gaming, information technology services, cybersecurity, software, hardware or fintech);
• an analysis of precedent transactions and comparable companies; and
• financial and commercial due diligence by the buyer.

Furthermore, specific factors – such as strategic value (eg, on the basis of geographic expansion or user acquisition), proprietary intellectual property and potential synergies – may justify premiums. The valuation may also be influenced by recent funding rounds or investor term sheets (eg, in venture-backed businesses).

6.6 What confidentiality obligations apply throughout the various stages of a technology M&A transaction?

Confidentiality obligations are relevant throughout the various stages of a technology M&A transaction and appropriate NDAs should be entered into at the outset and before the commencement of formal negotiations or due diligence. NDAs are crucial to ensure that the prospective buyer, together with its permitted disclosees and advisers, protect and maintain confidential the seller's and the target's non-public or proprietary information and use such information solely for the purposes of deal financing and implementation.

In certain cases, where the buyer will also be sharing confidential information (eg, in the context of integration planning or transitional services or where the seller will receive equity in the buyer's group), a mutual NDA may be appropriate. In any case and, at a minimum, the buyer may want to maintain confidentiality on its interest in the transaction and key commercial terms.

At the stage of signing, the main transaction documents will also typically include confidentiality provisions to, among other things, keep the terms of their transaction confidential and ensure any public announcements are controlled and agreed by both parties.

7. Final transaction documents

7.1 What types of ancillary agreements are typically executed in a technology M&A transaction in your jurisdiction?

In addition to the main transaction documentation (eg, share purchase agreement or asset purchase agreement), various ancillary agreements may be required to implement a tech M&A transaction, including the following:

• Shareholders' agreement and equity documents: A shareholders' agreement may be appropriate:
• • where the seller or founders retain equity in the target or receive equity in the buyer's group; and/or
  • for the implementation of management incentive plans.
• Bespoke articles of association may also be required to ensure alignment with the shareholders' agreement or to create a new class of shares.
• Escrow agreement: Escrow agreements may be relevant for the retention of part of the purchase price for warranty claims or earnouts.
• Employment arrangements: Employment agreements may be required for key personnel (including, among other things, appropriate non-compete and non-solicit undertakings), as well as founders or other sellers, to continue to be actively engaged in the management.
• Transitional services agreements: These (often accompanied by service level agreements) are relevant where the seller continues to provide services for a defined period post-completion. Software or data migration agreements may also be used for transfer in phases.
• Other: Various other ancillary documents may be required to implement the transaction – including, more specifically for tech M&A deals:
• • regulatory filings;
  • IP assignment or licence agreements; and
  • change of control consent letters.

These agreements may be executed on signing or on completion (although for key commercial agreements, they should be in an agreed form on signing to avoid renegotiation).

7.2 What pre and post-closing conditions are typically included in the transaction documents?

Broadly, common pre-closing conditions include the following:

• Regulatory approvals:
• • Commission for the Protection of Competition or merger control clearance; or
  • Where applicable, foreign direct investment consents or regulatory approval from the relevant supervisor (eg, where the target operates in a regulated sector, such as fintech).
• Third-party consents: Change of control notifications or consents from key commercial counterparties (eg, key licensors, major customers or landlords).
• Pre-closing reorganisation or approvals: In some cases, the following might be required:
• • IP assignments;
  • employee transfers;
  • carve-out steps or pre-closing reorganisation; and
  • shareholders' approvals and/or waiver of pre-emption rights.
• Material adverse change/accuracy of warranties at completion: The buyer may also negotiate, in certain cases, for the right to withdraw from the deal post-signing if there is a material adverse change in the business or a breach of a material warranty between signing and completion.

Commonly, however, and especially in competitive auction processes, completion is only subject to mandatory and suspensory competition clearance and regulatory approvals required by applicable law.

Furthermore, various post-completion covenants may be agreed (and are often relevant to deal with certain non-material or operational issues identified in the course of diligence), including:

• transitional support (under a transitional services agreement) for the migration of software or data or communications with specific regulators and/or key customers or other third parties);
• earn-out conditions or deferred consideration mechanics; and
• statutory filings (including notification to the Registrar of Companies with regard to the share transfer and changes to the target's beneficial ownership).

7.3 Are technology-related indemnities included in the transaction documents? If so, what do these typically address?

Technology-related risks identified during the due diligence exercise may be addressed either through pricing by adjusting the consideration to account for such exposures or, otherwise, through specific indemnities.

Furthermore, specific indemnities may be appropriate for risks that are either difficult to quantify or otherwise unlikely to materialise (and, therefore, pricing these in may render the bid uncompetitive or uncommercial). Common specific indemnities in tech M&A deals often focus on:

• infringement of third-party IP rights or unresolved IP ownership or licences;
• non-compliance with data protection laws;
• cybersecurity and/or technological infrastructure; and
• other specific IP or technological assets.

7.4 What limitations to liabilities under the transaction documents (including for representations, warranties and specific indemnities) typically apply?

The total liability of sellers is typically capped at an amount equal to the aggregate purchase price for fundamental warranties and, often, tax covenants and specific indemnities (on a cumulative basis).

Caps for breach of other warranties usually range from 10% to 25% of the purchase price or enterprise value of the target. Time limitations also apply, with general warranties surviving for 12 to 36 months, and fundamental warranties, specific indemnities and tax warranties and/or the tax covenant being subject to statutory time limits only.

Commonly, sellers will also request the inclusion of de minimis thresholds (individual and aggregate), which must be exceeded for the buyer to be able to raise a claim (excess only or tipping basket). Finally, various other limitations of liability may be considered by the parties when agreeing the allocation of risk, including:

• buyer awareness (actual, imputed or constructive);
• no double recovery; and
• recovery for indirect or consequential losses or loss of profits.

Finally, limitations do not typically apply in case of fraud and/or wilful misconduct.

7.5 Are earnouts or contingent consideration provisions typically included in the transaction documents? If so, what additional issues do they involve?

Earnouts or contingent consideration provisions are often appropriate for tech M&A transactions, especially for early-stage startups with limited historical profitability or uncertain future performance. Such arrangements may also be appropriate if there is uncertainty regarding client or user retention or integration with the buyer's group. Finally, earnouts may also be relevant where the seller or founders will continue to be actively involved in the day-to-day management of the target business post-completion – although a similar outcome may be achieved through equity or the careful structuring of management incentive plans.

These provisions allow for part of the purchase price to be paid post-completion based on the target achieving certain agreed performance metrics (commonly revenue, EBITDA or user growth) over a defined period. Objective and auditable performance targets should be clearly defined in the key transaction documents, coupled with appropriate calculation methodologies, accounting principles, access rights to monitor performance, as well as dispute resolution mechanics. Sellers may also request covenants for post-completion conduct of business to ensure that the buyer does not adversely impact earnout achievement.

8. Employment issues

8.1 What limitations are applicable to non-compete agreements in your jurisdiction?

Non-compete provisions in employment agreements are not unusual, though more common in contracts of senior executives, managers or higher skilled or remunerated employees.

Under Cyprus law, non-compete clauses restricting lawful trade and commerce are generally void and unenforceable. The limits of these legislative protections have not been definitively settled in an employment context in the Cypriot courts. However, on the basis of academic guidance and relevant international case law, to mitigate the risk of such restrictions being unenforceable, they should be:

• strictly limited in duration and scope of application (eg, in terms of geographical locations and competing employment positions in the industry); and
• justified to protect the employer's legitimate and reasonable interests.

In a technology M&A transaction, a closer review of key employees' contracts is recommended to assess the enforceability of any such non-compete restrictions and, to the extent any heightened risks are identified, to consider any potential mitigating solutions.

8.2 How is employee equity treated in technology M&A transactions in your jurisdiction?

There are no specific regulations or special rules on employee (equity participation) incentive plans, other than limited exceptions to certain company law principles to facilitate employee participation. However, such plans may be subject to employment, tax and other considerations of more general application.

Employee incentive plans are generally not widespread in Cyprus, with a number of local businesses relying on a more traditional discretionary or performance-based bonus structure. However, these plans have become increasingly common in recent years among newly founded or relocated businesses with an international focus (including in technology), as the use of such structures is more widespread in the sectors and markets in which they operate.

During the due diligence phase, the acquirer should assess, amongst others, the existence of any employee incentive plans and any existing stock options or other rights that may vest or be triggered as a result of the transaction.

In addition, if a new management scheme is to be set up as part of the acquisition, specialised legal and tax advice is recommended to ensure that the company's needs and the buyer's business plan and exit strategy are aligned with applicable Cyprus laws and regulations, including taxation and employee benefits.

8.3 What other key concerns and considerations should be borne in mind by the parties to technology M&A transactions in your jurisdiction from an employment perspective?

During the structuring and due diligence phase, due consideration should be given, without limitation, to the following key issues:

• in the context of asset or business sales, whether the provisions of the relevant legislation protecting the rights of employees would be triggered (ie, under the Preservation and Safeguarding of Employees' Rights in the Event of Transfers of Undertakings, Businesses or Parts of Undertakings or Businesses Law);
• whether the employment agreements of the target:
• • are drafted in accordance with the requirements of the Transparent and Predictable Working Conditions Law (25(I)/2023);
  • contain any change of control provisions that may be triggered by the transaction; or
  • ensure that any intellectual property created by employees is owned by or irrevocably assigned to the target group;
• any collective bargaining agreements or employee consultation obligations;
• whether the employer has duly paid social insurance and other employer contributions;
• whether the employer is duly covered by employer's insurance;
• whether any foreign employees have been duly employed after obtaining all necessary permits; and
• any past, ongoing or threatened litigation related to unfair dismissal or other employment or human resources-related disputes or complaints.

9. Tax issues

9.1 What key concerns and considerations should be borne in mind by the parties to technology M&A transactions in your jurisdiction from a tax perspective?

Generally, Cyprus offers an attractive and transparent tax framework for technology companies, in line with international standards. For example, Cyprus has:

• a favourable IP regime;
• a growing network of double taxation treaties;
• no withholding on outgoing dividend, interest or royalty payments (subject to certain limited exceptions); and
• reduced income tax rates for new tax residents and non-Cyprus domiciled individuals.

In addition, broadly, the sale of shares in a Cyprus company does not typically trigger capital gains tax (provided that it does not own any real estate situated in Cyprus).

However, notwithstanding the above, the key concerns and considerations on matters of tax in technology M&A transactions (and similar to M&A transactions more generally) may vary considerably depending on a number of factors, such as:

• any adverse due diligence findings on the tax affairs of the target group;
• the structure of the transaction; and
• the identity of the seller(s) and the buyer(s).

Specialised tax advice should therefore be sought at an early stage to ensure that any material issues are identified, addressed and, to the extent possible, mitigated during any pre-contractual negotiations between the parties.

Finally, stamp duty may be payable in M&A transactions with a Cypriot nexus. The duty varies from nil to 0.20% and is calculated based on the value of the transaction. The maximum stamp duty payable is €20,000 per transaction (with any documents relating or ancillary to the same transaction being subject to nominal stamp duty of €2 each).

10. ESG issues

10.1 What key concerns and considerations should be borne in mind by the parties to technology M&A transactions in your jurisdiction from an ESG perspective?

Environmental, social and governance (ESG) factors have received increased attention in the European Union and Cyprus in recent years. The extent to which a company may be subject to ESG requirements will depend on numerous factors, including: its legal status, size of operations, type of activities and existing or target investor profiles.

Indicatively, ESG reporting requirements apply to companies to varying degrees under the financial reporting and governance section of the Companies Law (Articles 141 to 157ID). Enhanced governance requirements may also apply to companies listed on the Cyprus Stock Exchange and/or operating in regulated sectors (eg, in banking and insurance). In addition, fintech companies, such as investment firms, fund managers and banks, may also be subject to EU Regulation 2019/2088 on sustainability-related disclosures in the financial services sector (SFDR). Entities falling under the scope of the SFDR must, among other things, disclose how ESG-related factors are taken into account in their investment decision-making and remuneration policies. Sector-specific legislation may apply in other circumstances (eg, in relation to environmental matters).

Parties to technology M&A transactions should closely monitor the rapidly evolving ESG landscape to ensure that they:

• conduct appropriate due diligence checks (if applicable);
• cater for identified ESG risks with proper warranties and indemnities or price adjustments; and
• maintain compliance with their regulatory obligations.

11. Trends and predictions

11.1 How would you describe the current technology M&A landscape and prevailing trends in your jurisdiction? What significant deals took place in the last 12 months?

In the past few years, Cyprus has been actively promoting the development of the technology sector via multiple private sector initiatives and governmental efforts to position itself as a technology hub. Its 3.4% GDP growth in 2024 has been partially attributed to the expansion of the information and communication technology sector (ICT), whose contribution to the island's gross value added has surged to €7 billion. The country is enjoying a steady influx of foreign technology companies setting up headquarters or branches, resulting in many international ICT organisations having an established presence in Cyprus. Major multinationals spanning sectors such as software (Microsoft, NCR Atleos, Logicom), cloud computing (Oracle), fintech (XM Group, eToro, Exness), online publishing (TheSoul Publishing) and online gaming (Wargaming) have selected Cyprus to establish or expand their operations.

Notable technology M&A transactions completed in the last 12 months include:

• a significant investment round into Eschatology Entertainment led by KRAFTON Inc and GEM Capital and The Games Fund; and
• local cybersecurity company Odyssey Consultants Ltd raising capital from Greek private equity firm DECA Investments to expand its market reach.

The positive growth and substantial size of this sector, coupled with recent M&A activity, indicate a positive environment for increased M&A opportunities and transactions in this sector in Cyprus in the coming years.

11.2 Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?

As referenced in question 1.4, Cyprus has not introduced a national screening mechanism for foreign direct investments as required under EU Regulation 2019/452. A new bill for the implementation of a national screening mechanism was submitted to the Cyprus parliament in July 2025 for discussion and voting.

In addition, a tax reform proposal is under examination by the Ministry of Finance and, subject to approval from the House of Representatives, could potentially take effect within the next 12 months. The proposal envisages the increase of statutory corporate income tax from 12.5% to 15%, abolishing the 'deemed dividend distribution' rules, and reducing the 'special defence contribution' rate applicable to dividend income from 17% to 5%. It is anticipated that the IP regime will remain intact. Notwithstanding these changes, as referenced in question 9.1, the tax framework for technology companies should broadly remain attractive. In addition, specialised tax advice should be sought by transaction parties regarding these changes at any early stage of an M&A transaction to ensure that these are addressed appropriately.

Further, it is expected that Cyprus will transpose EU Directive 2022/2555 on measures for a high common level of cybersecurity across the European Union ('NIS2 Directive') into national law within 2025. Assessing a target's compliance, or anticipated compliance, with any applicable requirements of the NIS2 Directive (and any associated costs involved with ensuring such compliance) is recommended.

12. Tips and traps

12.1 What are your top tips for smooth closing of technology M&A transactions and what potential sticking points would you highlight?

To ensure a smooth closing, the parties should ensure that any regulatory filings and accompanying documents are prepared promptly and, if legally permitted and practical, in parallel with deal negotiations, to ensure filings are submitted promptly after signing to minimise the gap to closing.

Further, if, in the context of completion, any bank debt will be repaid and/or bank security and guarantees released, or conversely, if the deal will be financed with debt, early engagement with the banks is crucial to agree on the relevant banking and/or release documents, the timeline and completion and release mechanics, and clear know-your-customer requirements.

Similarly, to the extent that an escrow agent will be appointed (whether in the context of bank debt repayment and release mechanics, withheld consideration or otherwise), the parties should initiate discussions to implement the escrow agreement and facilitate the opening of the escrow account.

Similarly, to the extent that any third-party notifications or consents are required (eg, in the context of key customer contracts, critical licences or cloud services), the parties should, prior to signing, agree on the approach to be adopted vis-à-vis such third-party communications between signing and closing.

Finally, in tech M&A, buyers should also begin early integration planning, including alignment of systems, product roadmaps, and organisational structures – but subject always to legal advice to ensure such pre-closing coordination does not amount to a breach of competition laws (gun jumping).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.