1. What is the current legal landscape for Technology M&A law in Greece

Greece’s Technology M&A landscape is experiencing a transformative moment, characterized by record dealflow, regulatory maturation, and growing international investor confidence. The legal framework now rests on three critical pillars

I) Modernized Corporate Framework

Greece has substantially modernized its corporate legislation over the past decade. The current framework governing Sociétés Anonymes (S.A.) is well-suited to both equity and debt-driven transactions, offering a wider variety of financial tools that allow greater sophistication in deal structuring and in certain cases tax and costs incentives, while the Private Company (IKE) structure remains the preferred vehicle for start-ups and early-stage investments, due to its flexibility and simplified governance.

Law 4601/2019 has streamlined processes relating to mergers, demergers, conversions and other corporate transformations.

More recently, Law 5055/2023 transposing the EU Cross-Border Directive has facilitated cross-border restructurings, while Law 5162/2024 introduced enhanced tax incentives for scientific and technological research, angel investments, and venture capital, as well as visa eligibility for investors, expected to further catalyze M&A activity in the following years.

II) FDI Screening Regime

Greece has now fully aligned with the EU FDI screening framework. Investments involving strategic technologies, critical infrastructure, or data-driven businesses may require notification and regulatory approval prior to closing.

III) Cybersecurity, AI Governance and Sector-Specific Regulation

A critical development is the transposition of the NIS2 Directive through Law 5160/2024. This legislation materially expands the scope of entities subject to cybersecurity obligations across highly critical sectors including digital infrastructure, telecommunications, fintech, and healthcare. The law introduces stringent risk management requirements, structured incident reporting obligations, and personal liability for management bodies, while non-compliance can result in substantial penalties, depending on the severity and classification of the entity.

Additionally, sector-specific regimes – including DORA for financial services, physical infrastructure resilience (CER), telecommunications regulation, and data protection frameworks – may also intersect with Technology M&A transactions, given the rising degree of outsourcing functions and interconnections in the supply chain.

At the same time, the EU AI Act’s regulatory framework is constantly evolving. The extension in compliance timelines and other targeted simplification measures introduced by the European Commission’s Digital Omnibus package are designed to ensure timely, smooth, and proportionate implementation while allowing technical standards and enforcement guidance to be fully developed. However, this regulatory recalibration does not diminish the transformative impact that AI is already having across every facet of business operations and investment activity. AI technologies have already started to reshape how technology companies operate – from product development and customer service to data analytics and cybersecurity.

For Technology M&A, all of this means that due diligence on cybersecurity compliance, governance, and/or resilience has become mission-critical, with buyers increasingly focused on target companies’ compliance status, governance frameworks, and incident history. All the while, AI is simultaneously revolutionizing the M&A process itself, offering enhanced due diligence capabilities, predictive analytics, and transaction automation leading to a significant reduction in cost, time, and effort.

2. What three essential pieces of advice would you give to clients involved in Technology M&A matters?

Based on our Technology practice and recent experience, three strategic priorities consistently stand out:

(A) Elevate Data, IP, Cybersecurity and AI Governance to Core Value Drivers, not plain formalities.

For technology businesses, value resides in software, algorithms, proprietary data, brand assets and talent. The regulatory landscape has fundamentally shifted—what were once “back-office” compliance issues are now core valuation drivers and potential deal-breakers.

For buyers:

• Conduct comprehensive IP ownership verification, including open-source software (OSS) dependency mapping and licensing chain analysis
• Assess GDPR and broader data governance frameworks, with particular scrutiny for AI training datasets and cross-border data flows
• Execute robust cybersecurity technical and legal due diligence aligned with NIS2 requirements and EU AI Act governance expectations
• Review incident history, security architecture maturity, and cybersecurity governance documentation
• Evaluate NIS2 classification status and compliance roadmap – entities newly falling within scope face material implementation obligations

Sellers should proactively “prepare the house,” resolving IP gaps, documenting AI and cybersecurity processes and training data provenance, and mitigating compliance weaknesses before entering the buyer’s data room.

Obtaining third-party cybersecurity assessments and, where appropriate, ISO 27001, SOC 2 or equivalent certifications, and ensuring the management body has formally approved cybersecurity risk management measures as legally required may also prove critical for attracting institutional, sophisticated or later-stage investments or EU or state funds.

(B) Prioritize Regulatory Mapping Early: Competition, FDI & Sector Clearances

Regulatory approvals are increasingly affecting deal feasibility and timelines. This includes:

• Competition clearance (domestic and EU-level, if applicable).
• FDI screening, particularly critical for non-EU investors or transactions touching on regulated technologies, critical ICT infrastructure, or sensitive data.
• Sector-specific approvals (telecoms, fintech, healthcare, energy, defense and others).

We strongly advocate initiating regulatory assessment early in the preliminary due diligence stage, which enables:

• Informed negotiation of long-stop dates and conditionality structures
• Early identification of potential remedies or structural solutions
  • Appropriate risk allocation mechanisms
• Realistic project planning and stakeholder management

(C) Use Deal Structuring to Manage Risk and Incentivize Key Talent

Technology M&A transactions rarely conclude at signing. Key structuring considerations should include:

• Talent continuity mechanisms: Plan and discuss earn-outs tied to technological milestones or targets, employee stock option plans (ESOPs), retention incentives to ensure talent continuity.
• Risk mitigation instruments: Consider using escrows, holdbacks, W&I insurance and tailored indemnities to address technology-specific risks, including data breaches, OSS exposure and gaps in AI model compliance or IP licensing chain or provenance.

Effective deal structuring protects value, manages innovation risk, facilitates regulatory transition, and aligns stakeholders around long-term objectives and sustainable value creation.

3. What are the greatest threats and opportunities in Technology M&A law in the next 12 months?

Key Threats

The most significant challenge ahead is the full implementation of the FDI screening regime.

Technology sectors are directly implicated: highly sensitive sectors triggering the 10% threshold include AI, cybersecurity, port and borderland tourism infrastructure and defense, while Information and Telecommunication Technology (ICT) and digital infrastructure fall in the sensitive sectors, triggered at 25%.

Although aligned with the EU’s established framework, practical application by Greek authorities may present timing, coordination and predictability risks for cross-border transactions and especially non-EU investors. This may affect certainty of closing and, in certain cases, introduce geopolitical considerations.

Beyond FDI, the transposition of the NIS2 Directive through Law 5160/2024 significantly broadens cybersecurity compliance obligations, introducing personal liability for management and substantial fines. This creates heightened due diligence requirements for technology targets, particularly those operating in digital infrastructure, cloud services, telecommunications, and ICT management sectors.

Other than these, there seem to be no other material legal disruptions expected in the coming 12 months, and the regulatory environment is generally stabilizing rather than expanding.

Key Opportunities

A strong growth trajectory continues across the Greek Technology M&A market and technology ecosystem, which witnessed a significant uptick in deal volume and value in the past couple of years.

Aligning with global innovation trends, the most funded sectors lately include artificial intelligence, biotechnology, and healthtech, while digital health, fintech, agritech, robotics, and maritime technology have also seen increased activity and interest recently. Over €555 million was invested in more than 90 Greek startups in 2024, representing 15% growth compared to the previous year, when European markets saw a 5% decline. (source: Startups in Greece: Venture Financing Report 2024-2025, Foundation in collaboration with EIT Digital, available here).

In addition, the Hellenic Development Bank of Investments (HDBI) continues to embrace its role as the main Greek sovereign anchor investor, expanding its fund portfolio to 30 private equity/venture capital funds, with the number expected to grow by year-end (Ibid.).

Coupled with recently passed incentives to promote investments in start-ups (enhanced tax incentives for angel investors and Greek venture capital funds and the introduction of a new visa for investments in Greek venture capital funds), this demonstrates the competitiveness of Greek innovation and increasing investor confidence and cross-border interest in the ecosystem.

As a result, we expect continued momentum in inbound investment, especially from the EU, US and regional corporate buyers, and VC and PE funds.

4. How do you ensure high client satisfaction levels are maintained by your practice?

Client experience is central to our service model. Our approach rests on five key pillars:

I. A Fully Integrated Technology M&A Team

Clients benefit from a unified approach combining corporate/M&A execution with deep expertise in data protection, emerging technologies, cybersecurity regulation and digital legal frameworks.

Our team’s combined expertise enables us to navigate the convergence of traditional M&A practice with complex regulatory compliance and technical understanding of emerging technologies, offering legal support which can seamlessly integrate these considerations into transaction structuring and due diligence.

II. Partner-Led Execution

Senior lawyers remain actively involved throughout the lifecycle of the transaction—not only at signing but through regulatory approval processes and post-closing integration. Clients receive direct strategic input rather than delegated oversight.

III. Clear Communication and Project Governance

We prioritize clarity and efficiency through:

• concise, risk-based reporting,
• coordinated timelines and accountability mapping across multiple workstreams, and
• early escalation of issues that may impact valuation or feasibility.

Given the complexity introduced by overlapping regulatory regimes, we advocate for early regulatory mapping and a coordinated, streamlined, and strategic sequencing of approvals.

IV. Business-Focused Decision Support

We translate legal findings into strategic, commercial and operational implications—enabling informed decisions rather than theoretical assessments.

V. Post-Closing Continuity and Feedback Culture

Support continues beyond completion, particularly with integration, regulatory alignment and corporate governance. We maintain close monitoring of regulatory developments and market trends, enabling us to provide clients with forward-looking strategic advice. Client feedback is also actively built into continuous improvement of our delivery model.

5. What technological advancements are reshaping Technology M&A law and how can clients benefit?

Technology M&A law is experiencing a fundamental transformation driven by artificial intelligence, advanced data analytics, and enhanced digital infrastructure.

AI-assisted legal and technical due diligence enables more efficient contract analytics, anomaly detection, regulatory compliance mapping and workflow automation.

Recent advancements in artificial intelligence and machine learning are being leveraged to offer smarter document management and data insight capabilities within virtual data rooms (VDRs), with AI algorithms automatically organizing documents, managing permissions, and analyzing document content to highlight information requiring attention. All the while, blockchain, web3 and smart contracts are starting to emerge as alternative innovative tools enhancing data integrity and security.

These developments are reshaping every stage of the M&A lifecycle—from target identification and due diligence to transaction execution and post-merger integration, leading to accelerated timelines, enhanced risk detection, and cost efficiency.

To maximize the benefits of these technological advancements, clients should:

• Adopt Early and Strategically: Integrate AI tools at the transaction’s outset, not as an afterthought.
• Maintain Human Oversight: Technology enhances but does not replace legal expertise. Explicit permission to use AI platforms needs to be obtained from possibly hesitant counterparties, and humans must scrutinize AI-generated outputs for inaccuracies, hallucinations, and bias. This is even more crucial in Greek M&As, where language and local law and jurisdiction may pose an impenetrable barrier for AI models trained primarily (if not exclusively) on English-language, common law and/or foreign market practice.
• Ensure Data Security and Confidentiality: Work with counsels who understand both the technological capabilities and limitations. Virtual data room providers are generally mandated by sellers, and data in VDRs is usually well protected with the sell side often not willing to have their confidential information used for AI training. Proper protocols must be established for AI use in sensitive environments.
• Leverage Technology for Competitive Advantage: Without AI, firms will not stay competitive, particularly when seeking to pre-empt auction processes where accuracy must be complemented by speed. Early adopters gain significant advantages in deal execution speed, diligence quality, and strategic insight.

The convergence of AI, blockchain, and advanced analytics is not merely improving existing processes—it is fundamentally redefining what is possible in Technology M&A. Clients and counsels who embrace these tools strategically, while maintaining rigorous legal and commercial oversight, position themselves to execute faster, smarter, and more successful transactions in Greece’s dynamic technology ecosystem.