IP Due Diligence Checklist for Startups: The Complete Framework
Intellectual property due diligence is the systematic process by which investors, acquirers, and their counsel verify that a startup actually owns the IP assets it claims to own, that those assets are free from encumbrances, and that the company has not inadvertently acquired liabilities through its use of third-party code, open source software, or contractor-created works. For LATAM startups raising Series A capital from US or EU investors, a rigorous IP due diligence checklist is not optional — it is a prerequisite for closing.
The World Intellectual Property Organization (WIPO) defines intellectual property as creations of the mind — inventions, literary and artistic works, designs, symbols, names, and images used in commerce. For software startups, the core IP assets are source code (protected as a literary work under copyright law), trade secrets (algorithms, training data, system architecture), trademarks (brand identity), and in some jurisdictions, software patents.
1. Code Ownership Verification
The first and most critical section of any IP due diligence checklist concerns code ownership. Investors need confirmation that the company — not individual founders, not contractors, not former employers — holds clear title to all production code. In LATAM jurisdictions, this is frequently where problems surface.
Under Argentina's Ley 11.723 (Intellectual Property Law), software is protected as a literary work. The default rule is that copyright vests in the author — meaning the individual who wrote the code. For employment relationships, Article 4 of Ley 11.723 provides that works created within the scope of an employment relationship belong to the employer. However, contractors are not employees, and absent a written IP assignment agreement, code created by an Argentine contractor belongs to the contractor, not the startup.
Brazil's framework under Lei 9.610/1998 (Copyright Law) and Lei 9.609/1998 (Software Law) similarly protects software as an author's right. Article 4 of Lei 9.609 provides that, for employment and service contracts, economic rights belong to the contracting party. But this provision requires a formal service agreement — oral arrangements or informal understandings do not suffice under Brazilian law.
2. Open Source License Audit
The second pillar of IP due diligence is a comprehensive audit of all open source software dependencies. Modern startups routinely incorporate hundreds of open source packages into their products. Each package carries a license, and each license imposes obligations. Failure to comply with those obligations can constitute copyright infringement, create disclosure obligations, or give competitors access to your proprietary source code.
The critical distinction for IP due diligence purposes is between permissive licenses and copyleft licenses. Permissive licenses — such as the MIT License, the Apache License 2.0, and the BSD licenses — allow commercial use with minimal restrictions, typically limited to attribution and preservation of the license notice. Copyleft licenses — including GPL v2, GPL v3, and AGPL v3 — impose far more significant obligations, including requirements to release derivative works under the same license.
AGPL v3 is particularly dangerous for SaaS startups. It extends GPL's copyleft obligations to network use — meaning that if you run AGPL-licensed software as a service and users interact with it over a network, you may be required to provide them with the complete source code of your application. This is the scenario that most frequently creates IP liability for funded startups.
3. Patent Clearance
Patent risk analysis is the third pillar of IP due diligence. Software patents present particular complexity in LATAM markets. Argentina does not grant software patents under Ley 24.481 — the Argentine Patent Law explicitly excludes abstract ideas and mathematical methods from patentability. Brazil similarly restricts software patents under Lei 9.279/1996, though the Brazilian Patent Office (INPI) has developed practice around computer-implemented inventions that functions similarly to software patent protection in practice.
Mexico, by contrast, provides broader protection for computer-implemented inventions through the Instituto Mexicano de la Propiedad Industrial (IMPI). For startups with significant product innovation, a freedom-to-operate analysis in the Mexican market may be warranted as part of Series A due diligence.
Even in jurisdictions that restrict software patents, hardware-implemented inventions, telecommunications protocols, and methods implemented in software that achieve a technical effect beyond the software itself may qualify for patent protection. Startups operating in deep tech, fintech, and healthtech sectors should include patent clearance as a standard component of their IP due diligence process.
4. Trade Secret Protection Audit
Trade secrets — algorithms, training data, system architecture, customer lists, pricing models — constitute some of the most valuable IP assets a startup possesses. Unlike patents, trade secrets do not require registration. They derive their legal protection from the fact that they are kept secret and have commercial value precisely because they are not generally known.
In Argentina, trade secrets are protected under Ley 24.766 (Confidential Information Law). In Brazil, trade secret protection derives from the Lei 9.279/1996 Industrial Property Law and, increasingly, from LGPD provisions that restrict the processing and disclosure of commercially sensitive information. Mexico provides trade secret protection under the Federal Law for the Protection of Industrial Property (Ley Federal de Protección a la Propiedad Industrial).
The IP due diligence checklist for trade secrets should verify: (1) that the company has implemented reasonable measures to maintain secrecy, such as access controls, NDA agreements, and compartmentalization; (2) that employee and contractor agreements include robust confidentiality and non-disclosure provisions; and (3) that the company can demonstrate a chain of custody showing that the trade secrets were developed internally rather than misappropriated from a third party.
5. Trademark and Brand Protection
Trademark clearance confirms that the startup's brand identity — name, logo, domain, and product names — does not infringe registered marks in the jurisdictions where the business operates. For LATAM expansion, this means searching trademark databases in Argentina (INPI Argentina), Brazil (INPI Brazil), Mexico (IMPI), and other target markets before committing to a brand.
IP due diligence should also verify that the company has actually registered its trademarks in the jurisdictions where it operates, that domain registrations align with trademark rights, and that there are no pending opposition proceedings or cancellation actions that could threaten the brand.
Complete IP Due Diligence Checklist
| Category | Item | Priority |
|---|---|---|
| Ownership | Founder IP assignment agreements | Critical |
| Ownership | Employee IP assignment in employment contracts | Critical |
| Ownership | Contractor IP assignment agreements | Critical |
| Open Source | SBOM generation (all repos) | Critical |
| Open Source | Copyleft component identification | Critical |
| Open Source | AGPL/GPL compliance verification | High |
| Patents | Freedom-to-operate search | High |
| Trade Secrets | NDA coverage for all personnel | High |
| Trademarks | LATAM trademark registrations | Medium |
| Data | LGPD/LPDP compliance for training data | High |
Frequently Asked Questions
When should we complete IP due diligence?
Ideally before your Series A data room opens. Investors will commission their own IP review — completing yours first lets you identify and remediate issues before they become deal blockers or price-chips.
What is an SBOM and why does it matter?
A Software Bill of Materials (SBOM) is a formal record of all components in a software product, including their licenses and versions. US Executive Order 14028 requires SBOMs from federal contractors; investors now routinely request them as part of technical due diligence.
Do LATAM countries enforce IP rights?
Yes. Argentina, Brazil, and Mexico are all signatories to the TRIPS Agreement and maintain active IP enforcement regimes. Brazil in particular has robust IP litigation through the specialized IP courts in São Paulo and Rio de Janeiro.
How long does a full IP due diligence take?
Our Full IP Due Diligence package at $1,200 delivers a complete report within 5 business days. The GitHub IP Audit Starter at $149 delivers a license map within 48 hours — sufficient for most early-stage fundraising conversations.
Get Your IP Due Diligence Report
Fixed-price packages starting at $149. 48-hour delivery. Investor-ready format. LATAM specialists.
Related Resources
GPL Contamination Risks for Startup Code Open Source Audit for Series A Funding Contractor Code IP Assignment in LATAMLATAM IP and Regulatory Resources
The following authoritative sources provide the legal and regulatory foundation for the topics covered in this guide. All LATAM jurisdictions are signatories to the WIPO treaties that form the international IP framework, and domestic laws implement TRIPS Agreement minimum standards.
- TRIPS Agreement — WIPO — The foundational international IP treaty binding all WTO member states, including Argentina, Brazil, Mexico, Colombia, Chile, and Peru.
- INPI Brazil — Brazil's National Institute of Industrial Property; administers software registration, patents, and trademarks under Lei 9.279/1996 and Lei 9.609/1998.
- INPI Argentina — Argentina's IP office; manages software registration under Ley 11.723 and trademark protection.
- Open Source Initiative License List — Authoritative catalog of OSI-approved open source licenses including GPL v2, GPL v3, AGPL v3, MIT, and Apache License 2.0.
- SPDX License List — Machine-readable license identifiers used in Software Bill of Materials (SBOM) generation and CI/CD compliance tooling.
- IMPI Mexico — Instituto Mexicano de la Propiedad Industrial; administers patents and trademarks under the LFPPI.
For startups operating across LATAM, compliance with LGPD (Brazil), LPDP (Argentina — Ley 25.326), LFPDPPP (Mexico), and the TRIPS Agreement framework is not optional. Each framework creates distinct obligations that require jurisdiction-specific legal review. Our fixed-price audit packages provide this review with 48-hour delivery, so your team can move quickly without sacrificing legal certainty.
IP Due Diligence in the LATAM Investment Context
Latin America presents a unique IP due diligence environment that differs meaningfully from pure US or EU startup transactions. LATAM-based startups frequently combine engineering teams across multiple jurisdictions — Argentine backend developers, Brazilian frontend engineers, Mexican mobile specialists — each operating under a distinct national IP law. The TRIPS Agreement provides a common international minimum standard, but the domestic implementation of those standards varies considerably across Argentina (Ley 11.723), Brazil (Lei 9.609 and Lei 9.610), Mexico (LFDA and LFPPI), Colombia (Ley 23/1982 and Decisión Andina 351), Chile (Ley 17.336), and Peru (Decreto Legislativo 822).
An IP due diligence checklist that works for a US startup — focused primarily on US copyright registration, work-made-for-hire under 17 U.S.C. § 101, and USPTO patent filings — is inadequate for a LATAM startup. The key differences are: (1) contractor work-made-for-hire does not apply under LATAM law (requiring explicit IP assignment agreements); (2) moral rights cannot be waived under Argentine, Brazilian, and Mexican law (requiring moral rights management clauses); and (3) data protection law (LGPD, LPDP) imposes obligations that have IP dimensions for AI and data-intensive startups.
For US and EU investors who are accustomed to standard IP due diligence frameworks, the LATAM additions are not burdensome — they require approximately the same effort as US IP diligence, but with different substantive focus. A LATAM-experienced attorney can complete the full IP due diligence checklist for a typical early-stage startup in five business days. Our Full IP Due Diligence at $1,200 is designed to fit this timeline. The investment in pre-fundraising IP diligence pays for itself the first time it prevents a valuation reduction or deal restructuring triggered by a preventable IP gap discovered during investor due diligence.
The open source compliance dimension deserves particular attention. Modern startups — even those in LATAM — build on global open source ecosystems that include components licensed under GPL v3, AGPL v3, and other copyleft licenses. The Berne Convention and TRIPS Agreement ensure that these licenses are enforceable in every LATAM jurisdiction. A startup with GPL v3 contamination in its production codebase has a compliance obligation that is actionable in Argentine courts under Ley 11.723, in Brazilian courts under Lei 9.610, and in Mexican courts under the LFDA — regardless of where the GPL-licensed code was originally authored. The SPDX license list and the Open Source Initiative license catalog provide the authoritative reference for understanding these obligations.