Risk Partners Life Sciences Roundtable 2025, thank you very much! 

Intellectual Property (IP) Insurance

Mitigating Intellectual Property Risks in M&A Transactions

Intellectual property rights are often the key factor determining the value of a transaction and, at the same time, represent a risk category that traditional liability and W&I coverage fail to fully address.

Patents, trademarks, know-how, and software IP account for a significant portion of a company’s value in many transactions. At the same time, general liability, D&O, and cyber insurance policies typically exclude claims arising from intellectual property infringements, and even W&I insurance covers IP risks only within the scope of the warranty schedule negotiated in the SPA and the exclusions agreed upon therein. IP insurance can close this gap, but not across the board. The decisive factor is whether the coverage is intended for a currently unknown infringement risk, an already identified individual risk, or a specifically negotiated IP indemnity. These three scenarios follow different underwriting and coverage logics within the context of a transaction.

In the IP context, it is also worth noting IP legal protection and IP liability insurance, the scope of coverage for which can be found at the following link Are patent disputes insurable? We’ve prepared an explanation of IP insurance and which cover IP risks outside the context of a transaction. 

Three types of risk—three different approaches to coverage

In practice, the first step is to determine what type of IP risk should be insured. If the issue involves a future risk of infringement that is not yet specifically known, standalone IP liability coverage is the primary focus. If, on the other hand , the issue involves an already known IP risk that is specifically addressed in the company purchase agreement, the insurance effectively covers a specific indemnification. Finally, if the issue concerns the existence or enforceability of a company’s own intellectual property right—for example, because its validity or scope is in question—this constitutes a third, distinct risk category. While all these solutions are sometimes marketed under the umbrella term “IP Insurance,” they differ significantly in terms of underwriting, retention, exclusions, and claims settlement mechanisms.

When IP Insurance Becomes Relevant

In M&A transactions

In the context of an M&A transaction, IP insurance becomes relevant as soon as the standard IP warranty in the SPA fails to adequately reflect the actual risk; whether because the due diligence results reveal gaps in the chain of intellectual property rights or unresolved freedom-to-operate issues, or because a specific risk of third-party claims has already been identified but not conclusively resolved in the SPA. For buyers and investors, it is not only the potential for damages that is relevant. In IP disputes, the core economic risk often lies in injunctive relief, sales bans, forced licensing negotiations, technical workarounds, redesign costs, or the loss of a key revenue stream. Whether and to what extent such consequential costs are insurable must be explicitly assessed on a case-by-case basis; they should not be tacitly assumed to be covered by general IP insurance. Typical scenarios:

  • Gaps in IP due diligence: The chain of ownership for key patents, trademarks, or software is not fully documented—for example, because founders brought code with them from a previous employment relationship or because inventor attributions are unclear. The W&I warranty alone does not address this risk if the insurer imposes an exclusion for it.
  • Trade Secrets and Know-How: In the case of unregistered technology, its value often does not depend on a property rights registry, but rather on whether the know-how was actually kept confidential, contractually secured, and organizationally protected. Of particular relevance are confidentiality agreements, employee and consultant contracts, IP assignment provisions, access policies, documentation of development work, and the handling of relationships with former employers, service providers, or research partners. If these foundational elements are lacking, a significant portion of the technology’s or company’s value may be legally vulnerable. From an insurance perspective, a distinction must be made here: The theft or unauthorized disclosure of a company’s own trade secrets constitutes first-party loss and is therefore primarily a matter of cyber and crisis cost coverage or targeted security measures, not IP insurance. The subject of an IP policy, on the other hand, is the reverse scenario: the allegation that the target company has itself unlawfully used or appropriated a third party’s trade secrets.
  • Open-Source Risks (Copyleft): If integrated incorrectly, open-source components can give rise to significant licensing and disclosure risks. Copyleft licenses are particularly critical; depending on the license type and the technical integration with in-house developments, they may impose obligations to disclose the source code or to distribute the software under specific licensing terms. The latest Bitkom Open Source Monitor shows that open source is widely used in German companies, but strategic management often lags behind: 73% of companies use open-source software, while only 37% have an open-source strategy in place.
  • Freedom-to-Operate (FTO) uncertainties: An FTO analysis for key products or processes is either unavailable or identifies a residual risk that neither the seller nor the buyer is willing to address through the purchase price or an indemnity.
  • Known or threatened third-party claims: A competitor or a non-practicing entity (NPE) has already filed a property rights claim, issued a cease-and-desist letter, or threatened to file an infringement lawsuit. This individual risk is structured similarly to a specific indemnity or contingent-risk solution and transferred to the market.
  • Carve-back to Standard W&I Exclusions: W&I insurers routinely exclude known or disclosed matters (Known/Disclosed Matters). Where a specific IP risk has been identified during due diligence, a standalone IP policy can close the coverage gap created by the W&I exclusion.

 

Protecting Against Known IP Risks Through an Indemnification Clause in a Sales Contract

In addition to the general IP warranty, the SPA in many transactions includes a specific indemnification provision for a known, narrowly defined IP risk—such as an unresolved ownership or licensing issue regarding a specifically named software component. In these cases, the policy does not cover a general future risk of infringement but rather provides insurance coverage for the specific indemnification clause that was negotiated. The relevant SPA provisions, the associated due diligence reports, the data room materials, any Q&A responses, and—as a rule—a declaration at closing stating that there are no known claims are then decisive. This structure resembles the W&I mechanism but is tailored to a single, already identified IP risk. It should therefore be classified as Specific Indemnity Insurance with an IP-specific subject matter, not as standalone IP liability coverage.

Such an individual risk is insurable only if it is sufficiently defined in legal terms and the risk exposure can be well justified. This may be the case, for example, with a pending or threatened IP dispute if, in the assessment of the legal advisors involved, the prospects of success clearly favor the target company. By contrast, pure uncertainties regarding facts—such as the likelihood of a claim arising from a known risk area—cannot generally be resolved through such a structure. In these cases, purchase price adjustments, escrow, closing conditions, or an uninsured seller indemnity typically remain the more robust instruments.

 

Outside of a running transaction (standalone)

IP insurance is not tied to an ongoing transaction. Companies with IP-intensive business models (particularly tech, deep-tech, and life sciences companies) can insure against defense and, in some cases, enforcement risks regardless of whether a deal is signed or closed:

  • Preparing for growth, funding rounds, or an exit: An existing IP policy strengthens a company’s position in the next funding round, during the sale process, or in the context of an IPO, as it already covers a key risk before it is identified during due diligence.
  • Ongoing Business Operations Involving Third-Party Licenses: Companies that license or integrate third-party components, software, or processes face an ongoing risk of infringement, regardless of M&A activity.
  • Self-enforcement of intellectual property rights: Companies with a valuable IP portfolio that wish to take action against infringers but do not want to bear the risk of litigation costs on their own (see the section on IP enforcement below).

AI-Specific IP Risks

When it comes to AI target companies, the traditional focus on software and source code is often insufficient. The economic value frequently lies in the interplay of AI models, training and validation data, algorithms, interfaces, infrastructure, system documentation, trade secrets, and contractually secured rights of use and exploitation. It is therefore crucial for buyers, sellers, and insurers that these components be examined separately during due diligence, assessed from an economic perspective, and reflected in the SPA as distinct warranty items.

  • Rights to Models, Data, and System Components: With AI systems, the issue of rights extends beyond just the source code. In particular, it is important to examine the basis on which the target company uses models, datasets, training processes, model weights, documentation, interfaces, and third-party components. Critical issues include unclear licensing chains, a lack of rights transfers from developers or service providers, insufficient documentation of training and validation data, and dependencies on external model or data providers.
  • Training Data and Data Scraping: The origin, quality, and authorization to use the training data are key areas of review. If data is collected automatically, obtained from publicly available sources, or licensed from third parties, it must be clear whether its use for training, validation, further development, and commercial exploitation is permitted. Legal deficiencies at the data level do not automatically mean that every output infringes the law. However, they can give rise to third-party claims, limit the system’s usability, or significantly impair the valuation of the target company.
  • Dependence on Third-Party and Foundation Models: Many AI products do not rely entirely on proprietary technology, but rather on foundation models, APIs, or infrastructure from external providers. This creates dependencies that can extend beyond traditional supplier risks. If a provider changes its licensing terms, prices, access options, or compliance requirements, this can have a direct impact on the target company’s business model. Due diligence should therefore not only examine whether a third-party model is being used, but also which functions, revenues, and product components actually depend on it.
  • Open-Source Models and Licensing Risks: For AI companies, open-source risks are not limited to traditional software libraries. When open-source base models, datasets, or model components are used, the risk often affects the core of the product. Depending on the licensing model, obligations may arise regarding attribution, distribution, disclosure, restrictions on commercial use, or compliance with additional terms of use. The decisive factor is not merely whether an open-source component is present, but how it is technically integrated, modified, distributed, and commercially exploited.
  • Output, product, and liability risks: AI systems can generate results that are erroneous, infringe on legal rights, or raise regulatory concerns. This is particularly relevant when the output is incorporated into customer products, used to prepare automated decisions, or deployed in regulated sectors such as healthcare, financial services, mobility, or human resources. A key factor in insurability is whether the target company has established transparent control, testing, and approval processes, and whether customer contracts, liability limitations, and recourse options against third-party providers align with the actual risk profile.
  • AI Governance and Regulatory Requirements: The absence of AI governance—or governance that exists only on paper—has a direct impact on risk assessment. Of particular relevance are documented responsibilities, model and data documentation, approval processes, human oversight mechanisms, monitoring, incident response processes, and determining whether the target company is a provider, operator, or user of an AI system. In addition, there are copyright, data protection, and sector-specific requirements, as well as requirements under European AI regulations. The more thoroughly the target company has documented the development, training, deployment, and monitoring of its AI systems, the easier it is to assess the risk for insurers.

 

In terms of insurance coverage, this means that AI-specific warranties can generally be covered under a W&I insurance policy. However, they do not replace a technical, legal, and commercial review of the AI value drivers. Blanket software warranties are often insufficient for AI targets because they do not capture the relevant sources of risk with sufficient precision. It makes sense to establish separate definitions and warranties regarding models, training and validation data, third-party components, open-source usage, documentation, governance, and regulatory compliance.

Whether and to what extent such guarantees are insurable depends largely on the quality of the due diligence. Thorough documentation of data sources, model architecture, license chains, technical dependencies, and AI governance improves the starting position in the underwriting process. If these points remain unaddressed, insurers typically respond with inquiries, restrictions, or exclusions. Early coordination with the W&I insurer is therefore particularly advisable for AI targets, before the SPA warranty schedule is finalized.

Distinction from W&I, Cyber, D&O, and IP Legal Protection

The term “IP insurance” is used inconsistently in practice and is often confused with related products. A precise definition is necessary both for risk classification and for market expectations:

Regarding W&I insurance: The W&I policy covers financial losses resulting from a breach of the IP warranty agreed upon in the SPA. This coverage is part of the overall program, is tied to the wording of the warranty, and is subject to the general W&I exclusions, in particular “Known/Disclosed Matters.” A standalone IP policy applies where W&I coverage is excluded due to a specific, known risk or where the SPA does not contain an IP warranty with sufficient scope.

Regarding Specific Indemnity Insurance: Where an IP risk is already known and has been formulated in the SPA as a standalone indemnity clause, the resulting policy is structurally a specific indemnity insurance policy covering IP-specific risks, not liability coverage against a future, unknown infringement risk. The basis for underwriting is then not an FTO/validity analysis, but rather the SPA clause itself and the associated due diligence reports. It is therefore crucial to determine whether an unknown infringement risk or a previously negotiated indemnity is to be insured.

Regarding cyber insurance: Cyber insurance policies primarily cover IT security incidents, data breaches, business interruption, and the associated liability and crisis-related costs. Rights to software, databases, training data, trademarks, or patents are not comprehensively covered by these policies. To the extent that individual media or content modules cover IP-related risks, this typically involves narrowly limited partial coverage, not intellectual property insurance.

Regarding Product Liability and D&O: D&O coverage protects officers and directors against personal liability claims, not the company against the financial consequences of an intellectual property infringement. Product liability and general liability insurance typically cover bodily injury and property damage; purely intellectual property-related financial losses, injunctive relief claims, back license payments, or patent-related litigation costs are generally not covered under these policies.

Regarding IP legal protection and patent liability insurance: For ongoing patent, trademark, or other intellectual property disputes that are not part of a transaction, standalone IP legal protection and patent liability coverage may be considered. These differ from the M&A-related IP insurance described here because they are not linked to SPA warranties, due diligence findings, or a negotiated indemnification, but rather to the defense against or enforcement of intellectual property claims arising from day-to-day business operations. A more detailed description of this product line can be found in our article on IP insurance in the Insurance Wiki.

What Insurers Need for an Initial Assessment

The underwriting approach depends on which IP risk is to be insured. Standalone IP liability coverage, coverage for the validity or enforcement of one’s own intellectual property rights, and insurance for a specific SPA indemnity follow different underwriting logics. To ensure a sound market assessment, it is therefore necessary to clarify which structure is actually needed before approaching insurers.

In the case of IP liability or defense coverage, the central question is whether the company’s products, software, processes, use of trademarks, or technologies could infringe on the rights of third parties. To this end, insurers require, in particular, a clear description of the affected products, technologies, and markets; an overview of relevant competitors; existing intellectual property searches and freedom-to-operate analyses; information on previous cease-and-desist letters, disputes, license negotiations, and settlement discussions; and an assessment of the economic significance of the affected products or revenue streams.

For software companies, this is supplemented by a software bill of materials, existing open-source scans, a classification of the licenses used, and a technical assessment of how the individual components are integrated, modified, distributed, or used solely for internal purposes. Copyleft licenses such as GPL, LGPL, or AGPL are particularly relevant because the legal assessment depends on whether the software is used as a SaaS solution, an on-premises product, an embedded component, or an internal application. In addition, the economic significance of the affected products or revenue streams must be assessed: The decisive factor here is whether the IP risk affects a business-critical product, a core technology, or a major revenue driver.

When it comes to risks regarding the legal validity or enforceability of one’s own intellectual property rights, the focus shifts. In such cases, the emphasis is less on defending against third-party claims and more on the validity, scope, and economic enforceability of one’s own patents, trademarks, or other intellectual property rights. Of particular relevance are portfolio analyses, validity opinions, information on opposition, invalidity, cancellation, or infringement proceedings, the status of licensing, FRAND, or settlement negotiations, as well as a realistic assessment of litigation costs, the duration of proceedings, and the economic interest in enforcement. In such cases, insurers examine particularly closely whether the intellectual property right is legally sound, economically valuable, and reasonably enforceable in court.

When insuring a specific IP indemnity in the SPA, the starting point is different. In this case, it is not a general future risk of infringement that is insured, but rather a specific risk already defined in the purchase agreement. The underwriting basis then consists primarily of the specific indemnity clause, the relevant list of warranties, the disclosure treatment, the relevant due diligence reports, the data room status, any Q&A responses, and the economic calculation of the potential damages. The insurer also regularly requires a declaration at closing stating that there are no known claims. Subsequent amendments to the SPA, settlements, or admissions without the insurer’s consent may impair or exclude coverage. This structure resembles the W&I mechanism but is tailored to a single, already-identified IP risk.

In all cases, the quality of the due diligence determines the quality of the coverage that can be obtained. Red-flag reports are often sufficient for an initial assessment, but they frequently leave open the question of how significant an IP risk actually is from an economic standpoint. It is precisely this economic assessment that is crucial for insurers: Does the risk affect a byproduct, an internal application, or the core of the valuation thesis? Are there technical alternatives, workarounds, substitute licenses, or recourse options against third parties? Can the risks of injunctions, sales suspensions, redesign costs, or retroactive license payments be plausibly quantified?

The more precisely these points are addressed before approaching the market, the greater the chance of securing a tailored coverage position. Conversely, a vague description of risks regularly leads to blanket exclusions, higher deductibles, or a lack of willingness to underwrite. The added value therefore lies not in merely forwarding due diligence documents, but in translating the IP risk into a risk and loss logic that insurers can assess.

Special Case: Intellectual Property Enforcement (IP Enforcement)

In addition to defending against third-party claims, the cost risks associated with actively enforcing intellectual property rights may also become relevant in certain cases. This applies to companies that wish to enforce their own patents, trademarks, or other intellectual property rights against alleged infringers but do not want to bear the full risk of litigation costs themselves. Such solutions are significantly more case-specific than traditional defense coverage and typically require a sound assessment of the validity, scope, nature of the infringement, litigation strategy, and the economic interest in enforcement.

In the context of a transaction, the enforceability of one’s own intellectual property rights may become particularly relevant when a significant portion of the valuation is based on a patent or trademark portfolio, or when ongoing opposition, invalidity, infringement, or FRAND proceedings influence the valuation thesis. Whether an insurance solution, a litigation finance structure, or a risk allocation provision in the purchase agreement is appropriate in such cases must be assessed on a case-by-case basis.

Typical Coverage Parameters and Limits

The following parameters describe typical market ranges for standalone IP liability policies. They are provided for illustrative purposes only and do not replace an individual market analysis; the actual terms depend largely on the sector, the intellectual property portfolio, the jurisdiction profile, and the claims history.

To put this into context: The pricing of standalone IP liability coverage varies greatly on a case-by-case basis. Key factors include, in particular, the technology, industry, intellectual property portfolio, relevant jurisdictions, past litigation and licensing history, and the quality of the legal and technical due diligence performed. A blanket benchmark, such as that used for standardized financial lines programs, is of limited use.

Parameters Standard market characteristics
Scope of Coverage Legal defense costs and damages in the event of an allegation or actual infringement of third-party patents, trademarks, design patents, copyrights, or trade secrets (Defense). May be supplemented in part by costs associated with the company’s own enforcement of its rights (Enforcement), subject to confirmed market access.
Geographical Scope The geographic scope must be assessed based on intellectual property rights, the markets involved, potential opposing parties, applicable law, and the likely venue for litigation. A list of intellectual property rights covering the entire world does not automatically mean worldwide insurance coverage. European disputes, including UPC-related patent proceedings before the Unified Patent Court, must be assessed differently from exposures in the U.S. or China. For the latter, higher deductibles, sublimits, exclusions, or a separate capacity review may be required.
Insurance Coverage Highly dependent on the specific case; typical market rates range from low six-figure amounts for standardized risks to tens of millions for transaction-related or high-exposure portfolio risks.
Deductible Structure for IP Indemnity Insurance For policies that cover a specific, already known risk, the deductible may be significantly higher than for a standard IP liability policy, since the insurer does not first assess the risk but instead assumes a specific, quantifiable exposure. The exact ratio between the deductible and the limit must be negotiated on a case-by-case basis and cannot be specified in general terms.
Retroactive Coverage Depending on the information available at the time of underwriting; known or pending legal proceedings are generally excluded or require a specific-risk solution.
Transfer of Ownership Upon Sale of the Intellectual Property Right Insurance coverage does not automatically transfer to the purchaser upon the sale of an intellectual property right; in the context of a transaction, this must be taken into account when structuring the transfer.

Typical Real-World Cases

Due diligence identifies a specific, individually identifiable software component with an unclear chain of ownership or licensing—for example, because early development work was not properly transferred to the target company or because the use of a third-party component is not sufficiently documented. If the risk is addressed in the SPA through a specific indemnification provision and can be sufficiently defined in legal terms, this indemnification may, under certain circumstances, be covered by a separate insurance policy. The general W&I warranty is generally not the appropriate instrument for this purpose if the facts are already known or have been disclosed.

A central patent or supplementary protection certificate is the subject of opposition, invalidity, or infringement proceedings. What is insurable is not the scheduled expiration of a property right, but rather, at most, a specifically defined legal risk related to the validity, scope, or enforceability of the property right.

An existing FTO analysis indicates a residual risk associated with a core product. An IP policy addresses this risk before it becomes a point of discussion in the next due diligence process.

The purchase price depends largely on a patent or software portfolio. Additional coverage is only an option if the key intellectual property rights, license chains, and conflict risks have been analyzed to such an extent that the insurer can independently assess the residual risk.

When acquiring assets from an insolvency proceeding, the chain of ownership and licensing for key intellectual property rights or software is often incompletely documented, and the usual scope of due diligence is limited due to time or cost constraints. Insurance may be an option in such cases if the individual risk is sufficiently documented and legally assessable despite the limited due diligence.

A competitor has issued a cease-and-desist letter to the target alleging trademark infringement. The risk is known and is therefore excluded from the W&I coverage; a specific-risk solution closes the gap, provided the market is willing to underwrite that specific risk.

The target company uses training data obtained through data scraping, the copyright compliance of which has not been fully documented. The SPA warranty schedule will be expanded to include AI-specific definitions; the insurability of the relevant warranties will be coordinated with the W&I insurer at an early stage.

What Matters Most in Structuring

  • Distinguish between liability and indemnity logic: Before conducting market inquiries, it should be clear whether coverage is needed for a generic, as-yet-unknown infringement risk (liability logic, with FTO/validity review as the underwriting basis) or whether a specific risk already negotiated in the SPA is to be incorporated into a policy (indemnification, SPA clause, and due diligence reports as the underwriting basis). Both are referred to in the market as “IP Insurance,” but they follow different logic regarding premiums, deductibles, and exclusion structures.
  • Check jurisdiction coverage, not just intellectual property coverage: Insurance coverage must be assessed based on the likely venue of litigation, not just on the formal list of intellectual property rights. European jurisdictions, including UPC-related patent disputes before the Unified Patent Court, generally require a different assessment than exposures in the U.S. or China. For the latter, capacity, deductibles, sublimits, and exclusions must be reviewed with particular care.
  • Document the distinction from W&I coverage: In the context of a transaction, it must be clearly defined which risks are covered by which policy in order to avoid duplicate coverage or gaps at the interface.
  • Determine the Risk’s Disclosure Status: Before conducting a market survey, it should be determined whether the risk to be insured is already known, disclosed, or the subject of ongoing proceedings. This determines whether a standard policy or a specific-risk structure is the appropriate approach.
  • Assessing the depth of underwriting in FTO analysis: A superficial freedom-to-operate review often results in narrower exclusions or higher premiums. The quality of the underlying legal review has a direct impact on the depth of coverage.

Not every IP risk belongs in an insurance policy. If the risk is primarily commercial in nature, has not been sufficiently addressed from a technical standpoint, or is legally unresolved, a solution incorporated into the purchase agreement is often more robust than transferring the risk through insurance. Options to consider include, in particular, purchase price adjustments, escrow arrangements, closing conditions, specific seller indemnities, or a clearly defined liability provision. Insurability should therefore not be assessed in isolation, but always in relation to the transaction structure.

Who Should Consider IP Insurance

IP insurance is particularly relevant when a company’s value depends significantly on software, patents, data sets, know-how, or other intellectual property rights. This applies primarily to tech, deep-tech, and life sciences companies, but also to private equity and venture capital investors, as well as strategic buyers who wish to acquire, integrate, or protect such assets in their portfolios. M&A attorneys and corporate finance advisors benefit from an early assessment of insurability when IP issues are identified during due diligence as risks relevant to the deal, particularly in cases where the standard W&I warranty reaches its limits.

IP insurance doesn’t just come into play when a loss occurs. Its value is established as early as the risk transfer structuring phase: What IP risks are present, what coverage approach is appropriate, and which provisions are better included in the SPA, in a purchase price adjustment, or in an escrow arrangement? If these issues are clarified before approaching the market, the chances of securing a robust policy increase. At the same time, this helps prevent known IP issues from leading to blanket exclusions, high deductibles, or a refusal to underwrite only during the underwriting process.

This article is intended for general informational purposes only and does not constitute specific legal, tax, or insurance advice. Whether and to what extent insurance coverage is available depends on the specific facts of the case, a legal review, the insurers’ underwriting requirements, and the final terms of the policy.

How does Risk Partners provide support?

We are available on short notice to provide an initial assessment of the insurability, marketability, or structuring of an actuarial solution.

Call us at +49 89 6223383-0 or email us at dealinsurance@riskpartners.de.

Your question has not been answered?
We will be happy to advise you in a free initial consultation.