Kyle Krpata, left, and Joe Ferrari, right, of Weil Gotshal.

In 2017, the autonomous vehicle industry experienced an unprecedented year of growth that included over 190 investments with an aggregate value of over $4.4 billion. Investors continued this trend in 2018 and increased the total dollars invested in the industry. In just the first three quarters of 2018, CB Insights reported 116 investments with an aggregate value of $5.8 billion, led by blockbuster transactions including Softbank’s $2.25 billion investment in GM’s self-driving arm Cruise, Toyota’s $500 million investment in Uber, Zoox’s $500 million financing and SenseTime’s $1.2 billion financing. With an expected market size of $54 billion by the end of this year and $556 billion by 2026, investments in autonomous vehicle companies are positioned to continue at a rapid pace this year and beyond.

Corporate investors and traditional venture capital, growth equity and private equity investors are all exploring ways to put capital to work in this space. According to data compiled by CB Insights, through 2017 and continuing through the first three quarters of 2018, corporate venture capital accounted for 48% and 47%, respectively, of the total investments in autonomous vehicle and related companies, while all other investors accounted for the remaining 52% and 53%, respectively. This demonstrates that investors view the autonomous vehicle industry as one that not only can provide a meaningful return on investment, but also an opportunity for strategic alliances between established companies vying to accelerate the development of an autonomous vehicle. With that opportunity comes a unique set of issues and considerations—applicable to traditional private capital investors and corporate investors alike—that should be considered in connection with such investments, including those related to intellectual property, privacy and cybersecurity, regulatory and the sensitivity around protecting technical and confidential information.

Intellectual Property

At the intersection of the automotive, hardware and software industries, autonomous vehicles are the byproduct of traditional automotive features fused with intellectual property and technological advancements relating to, among other things, advanced sensors, radar and LiDAR, geolocation, artificial intelligence algorithms and connectivity and telecommunication mechanisms and the software required to collect and process data from such technologies. The rise of non-traditional players, armed with intellectual property portfolios that cover those key technological advancements, into the automotive arena is producing a shift in the industry’s balance of power. As a result, traditional automotive players are increasingly motivated to make investments in and enter into development arrangements with these partners. The intellectual property terms of those arrangements require substantial attention in pre-investment due diligence, particularly with respect to shared ownership arrangements and concomitant regimes regarding licensing, enforcement and exploitation of jointly-owned intellectual property, related background intellectual property owned by the collaborators independently and subsequent improvements of jointly-owned intellectual property developed independently by the collaborators or their licensees. This shift is also prompting traditional and non-traditional automotive players to enter into cross-licensing arrangements and to make nuanced, strategic decisions about how best to leverage copyright, patent and trade secret laws in a complex international landscape in order to most effectively protect technical innovations. The terms of such licensing agreements and strategic decisions regarding intellectual property protection and enforcement must be a prime focus in pre-investment due diligence, in addition to a host of other intellectual property topics, including: involvement in intellectual property disputes; commitments to or involvement in standards-setting organizations or patent pools; practices surrounding the protection of trade secrets and other confidential information; university and government involvement in intellectual property development; and the use of open source software.

Privacy and Cybersecurity

Traditionally, car manufacturers did not have to grapple with the privacy issues that are inherent in the autonomous vehicle space. The ability of autonomous vehicles to operate is dependent on the vehicle’s ability to communicate with its external surroundings. In addition, the extremely broad definition of “personal information” in privacy laws such as the EU General Data Protection Regulation and the California Consumer Privacy Act likely extends to the user travel data and in-car activity collected, used and stored by autonomous vehicles. From a cybersecurity perspective, the National Highway Traffic Safety Administration (“NHTSA”) released a proposal mandating certain vehicle-to-vehicle (“V2V”) communication technology that will allow autonomous vehicles to interact with one another, which the NHTSA frames as a critical safety feature that will allow vehicles to determine and react to potential crash threats as they develop. However, that continuous interaction with other cars and a connected network necessarily means that autonomous vehicles are susceptible to unauthorized access, especially considering that V2V utilizes a wireless protocol similar to Wi-Fi technology. As a result, any investment in an autonomous vehicle company should include meaningful diligence regarding the privacy and cybersecurity policies and protocols then-existing or in development at the company. Given the storage and use of such a significant amount of data, investment diligence should focus on what the target company is doing to actively think about data management and the existing safeguards in place to not only prevent unauthorized access to a users’ whereabouts, travel destinations, or other actions taken in the car, but also to prevent remote access of the underlying software that powers the vehicle and the V2V technology.

Investors (and the companies they invest in) should also monitor industry and regulatory guidelines related to the privacy practices of autonomous vehicle companies that may be enforced in the near future. For example, in 2014, the Alliance of Automobile Manufacturers and the Association of Global Automakers—of which, Toyota, Nissan and Honda (among others) are members—published a set of “Privacy Principles” governing the collection, use, and disclosure of driver behavior information retrieved from self-driving vehicles. Although a promising starting point for addressing the privacy concerns related to this space, it is more likely that federal agencies will step in to raise the bar regarding privacy protections and mandates. Indeed, in 2018 the Federal Trade Commission and NHTSA held a joint workshop aimed at collaboratively examining consumer privacy and security issues applicable to autonomous vehicle companies. As a result, an autonomous vehicle company must keep the privacy issues and concerns at the forefront of its product development ambitions.

Regulatory

As it stands today, the federal government has yet to enact a complete and comprehensive set of legislation related to autonomous vehicles. Certain states have attempted to fill that void, but most laws relate solely to the testing of autonomous vehicles—for example, California’s Department of Motor Vehicle requires entities interested in testing autonomous vehicles to obtain a permit and comply with certain reporting requirements related to collisions and technology disengagements. The lack of a comprehensive framework means that, on the one hand, companies are not bogged down with jumping through regulatory hurdles at this stage. Instead, companies can strategize on how best to influence future regulatory frameworks. On the other hand, however, is the possibility that federal policies will limit the ability of autonomous vehicle companies to fully roll out their products in a timely manner and the threat that public interest groups—representing everyone from ordinary drivers, to motor vehicle enthusiasts, to the professional drivers who respond to emergencies or deliver products intrastate and interstate—will engage in lobbying efforts to promote such restrictions. For example, an organization advocating for professional drivers urged the state of New York to ban self-driving cars from the state’s roads for 50 years. Any such lobbying efforts will be faced with strong opposition from pro-autonomous vehicle coalitions such as the Self-Driving Coalition For Safer Streets, an association involving Ford, Lyft, Uber, Volvo Cars and Waymo. In any event, future legislation could result in slower consumer adoption in key market segments and limit the expansion of autonomous vehicles into the delivery and logistics segment of the market, which could shrink the addressable market (and impact the valuation of autonomous vehicle companies as a result). As a result, investors should monitor the regulatory developments in this industry and consider thinking about how a company can meaningfully interact with local, state and federal government to craft policies and regulations that will allow the target company to contribute meaningfully to future legislation.

Protecting Technical and Confidential Information

Given the nascent status of the autonomous vehicle industry and the extremely competitive environment in which these companies operate, technical and other confidential information are the oil that makes the engine run, leading to an increased level of sensitivity regarding access to that information by investors and other third parties. In 2017, that sensitivity was on display when Waymo sued Uber alleging that an ex-employee of Waymo (who was subsequently hired at Uber) was accelerating Uber’s development of key autonomous vehicle technology based on access to documents and other information allegedly downloaded by the ex-employee shortly before his resignation from Waymo and subsequent employment at Uber. While distinguishable from an investor exploiting confidential information from a company, the lawsuit highlighted the potential vulnerability of a company’s confidential and technical information.

Autonomous vehicle companies are focused on ensuring that their technical and other confidential information does not end up in the hands of their competitors, whether intentionally or unintentionally, as a result of investors investing in multiple companies in this space, and companies do not appear to be content to rely on conventional confidentiality provisions alone. When negotiating with potential investors, the ideal outcome for a company in order to protect such information would be to obtain a complete restriction on the investor’s ability to invest in competitors of the company. In practice, however, this is not a realistic outcome, as any investor would rightfully reject an attempt to restrict its ability to make other investments in the autonomous vehicle space. A more reasonable approach for the company would be to negotiate restrictions on the type of information that is available to an investor or even an investor-designated director, including, in some instances, an outright restriction on access to the company’s technical information or excluding directors or board observers from board conversations related to technical information. Investors crave data to monitor their investments and understand the growth trajectory of the relevant company, but it may be prudent for an autonomous vehicle company to take additional steps to limit disclosure of and protect its most sensitive information. Under any scenario, the investor and the company should discuss these issues upfront and agree upon reasonable restrictions such that the company’s desire to preserve the confidentiality of its technical information is balanced with the investor’s desire to monitor its investment and understand the company’s business.

Conclusion

Autonomous vehicle companies present a unique set of issues and considerations for investors to consider. As the industry continues to evolve, investors should proactively address the issues discussed in this article in order to balance the concerns of a target company with the investor’s goals.

Kyle C. Krpata is a partner at Weil, Gotshal & Manges’ Silicon Valley office specializing in Private Equity and Mergers & Acquisitions. Representing private equity firms and public and private companies in a variety of industries, he has a wide-ranging corporate law practice with particular emphasis on private equity transactions, public and private mergers and acquisitions, dispositions, distressed and bankruptcy acquisitions and growth equity and venture capital transactions.

Joe Ferrari is an associate at the firm in the Silicon Valley. He participates in the representation of public and private companies in a variety of transactional matters, including domestic and cross-border mergers and acquisitions, equity investments and divestitures.

Marisa Geiger is a senior associate in Weil’s Techology & IP Transactions practice, where she focuses on the representation of clients with respect to standalone intellectual property transactions and the intellectual property, privacy and technology aspects of mergers and acquisitions and other corporate transactions, such as corporate divestitures and spin-outs.