Pre-Due Diligence Checklist for LATAM Startups: 20 Items to Clear
The worst time to discover an IP problem is during investor due diligence. When a VC's counsel identifies a contractor ownership gap, an AGPL v3 contamination in the core product, or a misclassification liability in the Brazilian engineering team, it becomes leverage — investors use it to reduce the valuation, request an indemnification escrow, or in the worst case, walk away from the deal. The solution is systematic pre-due diligence preparation: identifying and remediating issues before the data room opens.
This checklist covers 20 items that LATAM startups should clear before entering a fundraising process. Work through this list at least six months before your anticipated raise — some items require legal work that takes time to complete.
IP Ownership Items (1-7)
| # | Item | Action Required | Priority |
|---|---|---|---|
| 1 | Founder IP assignment agreements | Execute or verify signed agreements transferring all pre-company IP to the company | Critical |
| 2 | Employee IP assignment (all current employees) | Verify employment contracts include IP assignment clauses compliant with local law | Critical |
| 3 | Contractor IP assignment — current contractors | Execute IP assignment agreements with all active contractors who created production code | Critical |
| 4 | Contractor IP assignment — former contractors | Execute retroactive IP assignments with former contractors who contributed to production code | High |
| 5 | Advisor IP (if any code contribution) | Verify advisor agreements include IP assignment if advisor contributed to technical work | Medium |
| 6 | Open source contribution policy | Implement a policy requiring approval before employee or contractor contributions to external open source projects | Medium |
| 7 | Prior employer IP analysis | Verify that founders did not misappropriate IP from prior employers in starting the company | High |
Open Source Compliance Items (8-12)
| # | Item | Action Required | Priority |
|---|---|---|---|
| 8 | Complete dependency scan (all repos) | Run FOSSA, Snyk, or equivalent across all production repositories | Critical |
| 9 | AGPL v3 component identification | Flag all AGPL v3 components in production SaaS products and assess compliance/replacement path | Critical |
| 10 | GPL v3 contamination check | Identify any GPL v3 components combined with proprietary code and assess compliance obligations | Critical |
| 11 | SBOM generation | Generate SPDX-format Software Bill of Materials for all production codebases | High |
| 12 | License policy implementation | Implement a written license policy defining approved, review-required, and prohibited licenses | High |
Contractor Compliance Items (13-16)
| # | Item | Action Required | Priority |
|---|---|---|---|
| 13 | Brazil contractor classification audit | Apply CLT four-factor test to all Brazilian contractor relationships; quantify misclassification liability | Critical |
| 14 | Argentina contractor classification audit | Apply Ley 20.744 subordination test; identify high-risk long-term exclusive arrangements | High |
| 15 | Mexico REPSE verification | Verify all Mexican specialized service providers are REPSE-registered; obtain IMSS certificates | High |
| 16 | DPA execution for data-processing contractors | Execute LGPD/LPDP-compliant Data Processing Agreements with all contractors accessing personal data | High |
Registration and Data Protection Items (17-20)
| # | Item | Action Required | Priority |
|---|---|---|---|
| 17 | Trademark registrations in operating markets | File or verify trademark registrations in LATAM markets where company operates or plans to operate | High |
| 18 | Domain registrations in LATAM TLDs | Register .ar, .br, .mx, .co domains to prevent brand squatting during fundraising period | Medium |
| 19 | LGPD compliance documentation | Verify privacy policy, consent management, DPA registry, and breach notification protocol are in place | High |
| 20 | Copyright registration (core software) | Consider filing INPI (Brazil), INPI (Argentina), or INDAUTOR (Mexico) registrations for core software | Medium |
Six-Month Preparation Timeline
The pre-due diligence preparation timeline should work backward from your anticipated data room opening date:
- Month 6 (M-6) — Commission GitHub IP Audit Standard ($299) for all production repositories. Engage LATAM counsel for contractor classification assessments. Begin trademark clearance searches in target markets.
- Month 5 (M-5) — Execute IP assignment agreements with all contractors identified in Step 1. Begin retroactive IP assignment outreach to former contractors. File trademark applications in priority markets.
- Month 4 (M-4) — Remediate critical open source violations (AGPL/GPL). Implement CI/CD license scanning. Execute DPAs with all data-processing contractors. Address Brazil misclassification through EOR conversion or restructuring.
- Month 3 (M-3) — Commission Full IP Due Diligence ($1,200) to validate remediation and identify any remaining issues. Obtain LGPD compliance documentation. Register core software with INPI/INDAUTOR.
- Month 2 (M-2) — Assemble the IP section of the data room: IP assignments, SBOM, trademark registrations, Full DD report, LGPD compliance documentation.
- Month 1 (M-1) — Final review with counsel. Confirm all Critical and High items are cleared. Prepare IP representations for term sheet.
Frequently Asked Questions
What happens if we can't reach a former contractor for an IP assignment?
If a former contractor is unreachable, document your outreach attempts thoroughly. Investors will want to understand the scope of the gap and the risk mitigation steps taken. In some cases, a legal opinion can support that the gap is immaterial or that alternative ownership theories apply under local law. Our Full IP Due Diligence report addresses this scenario and provides a risk quantification for unremediated gaps.
Do we need to disclose all open source components in the data room?
Yes — provide the SBOM as part of the IP data room. Investors' technical counsel will review it. Providing an accurate, complete SBOM proactively is far better than having it discovered incomplete or inaccurate during due diligence. The SBOM demonstrates systematic compliance management and reduces the risk of post-close indemnification claims.
How much does full pre-due diligence preparation cost?
A complete pre-due diligence preparation cycle — GitHub IP Audit Standard, contractor classification assessments, retroactive IP assignments, DPA execution, Full IP Due Diligence report, and trademark filings — typically costs $2,500-$5,000 in legal services, depending on the number of jurisdictions and contractor relationships involved. This is a small fraction of the valuation reduction or deal restructuring cost that undiscovered IP issues can trigger at Series A.
Start Your Pre-Due Diligence Prep
GitHub IP Audit Standard — $299. Full IP Due Diligence — $1,200. Fixed price. 48-hour delivery.
Related Resources
IP Due Diligence Checklist VC Portfolio Legal Shield Open Source Audit for Series ALATAM IP and Regulatory Resources
The following authoritative sources provide the legal and regulatory foundation for the topics covered in this guide. All LATAM jurisdictions are signatories to the WIPO treaties that form the international IP framework, and domestic laws implement TRIPS Agreement minimum standards.
- TRIPS Agreement — WIPO — The foundational international IP treaty binding all WTO member states, including Argentina, Brazil, Mexico, Colombia, Chile, and Peru.
- INPI Brazil — Brazil's National Institute of Industrial Property; administers software registration, patents, and trademarks under Lei 9.279/1996 and Lei 9.609/1998.
- INPI Argentina — Argentina's IP office; manages software registration under Ley 11.723 and trademark protection.
- Open Source Initiative License List — Authoritative catalog of OSI-approved open source licenses including GPL v2, GPL v3, AGPL v3, MIT, and Apache License 2.0.
- SPDX License List — Machine-readable license identifiers used in Software Bill of Materials (SBOM) generation and CI/CD compliance tooling.
- IMPI Mexico — Instituto Mexicano de la Propiedad Industrial; administers patents and trademarks under the LFPPI.
For startups operating across LATAM, compliance with LGPD (Brazil), LPDP (Argentina — Ley 25.326), LFPDPPP (Mexico), and the TRIPS Agreement framework is not optional. Each framework creates distinct obligations that require jurisdiction-specific legal review. Our fixed-price audit packages provide this review with 48-hour delivery, so your team can move quickly without sacrificing legal certainty.
Treaty-Level IP Documentation for Series A
Pre-due diligence preparation for LATAM startups should produce documentation that demonstrates compliance at both the domestic and international levels. Series A investors from US or EU funds are accustomed to the international IP framework — they understand that Berne Convention reciprocity means Brazilian INPI registrations are enforceable in the US, and TRIPS Agreement obligations mean that open source license violations in Argentina are actionable under US copyright law. Providing documentation that explicitly references this international framework signals IP sophistication and reduces the educational burden on investor counsel.
The documentation package for a LATAM startup's Series A IP data room should include: (1) IP assignment agreements that explicitly reference the applicable national law (Ley 11.723, Lei 9.609, LFDA) and international framework (Berne Convention, TRIPS Agreement); (2) INPI/INDAUTOR registration certificates for core software products; (3) SBOM in SPDX format with SPDX license identifiers for all dependencies; (4) trademark registration certificates in operating markets; (5) LGPD/LPDP compliance documentation; and (6) the LexMap IP due diligence report that ties all of these elements together in investor-ready format.
For open source compliance specifically, the SPDX SBOM should be accompanied by a written license policy that defines the company's approved license categories, the review process for borderline licenses (such as LGPL), and the prohibited license categories (GPL v3, AGPL v3 for commercial use without compliance). This policy documentation demonstrates systematic compliance management — not a one-time scan — and provides the process framework that investors look for in due diligence readiness.
The Open Source Initiative's compliance framework and the REUSE specification from the Free Software Foundation Europe provide process standards that map directly to the due diligence documentation investors expect. Implementing REUSE — which adds machine-readable SPDX license declarations to individual source files — creates per-file license documentation that goes beyond what most startups provide and immediately distinguishes your IP data room from competitors. Combined with INPI Brazil / INPI Argentina registration, WIPO-backed international IP protection, and LexMap's attorney-reviewed due diligence report, REUSE implementation signals the level of IP sophistication that institutional investors at Series A expect from founders who take IP seriously. Our Full IP Due Diligence package at $1,200 validates the complete documentation chain and delivers a finalized report within five business days — designed to open the Series A data room on time and on terms you control.