For scaleups in technology and data, protecting IP is more than a legal formality; it is the currency of growth, investment, and survival. Algorithms, datasets, and platforms are the crown jewels of a scaling business. Yet, they are fragile: infinitely replicable, difficult to lock down, and increasingly contested in courts around the world.
Unlike startups, which often treat IP as an afterthought, and big tech, which weaponises it as a fortress, scaleups must strike a delicate balance. They need protection strong enough to reassure investors and deter rivals, but flexible enough to keep pace with rapid innovation and limited budgets.
This article maps the biggest risks and lays out practical strategies to defend and make the most of your IP.
Legal foundations: Securing the right protections
Copyright: Covering code, not concepts
IP law generally protects source code as a “literary work” (a creative written expression—such as books, poems, plays, or code—protected by copyright for its original wording). But the ideas and algorithms behind it are not. That means rivals can often re-implement your logic without consequence. The risk escalates when training AI models: ongoing lawsuits (NYT v OpenAI, Disney v Midjourney) show the law is unsettled on whether using copyrighted works to train AI counts as fair use.
Strategy: secure clean data licenses, avoid questionable datasets, and document provenance to strengthen your legal footing.
Patents: Proving the “technical effect”
Patents remain powerful, but software claims are only accepted if they show a genuine technical advance. Abstract algorithms rarely qualify. AI adds complexity: only humans can be inventors, even when machines contribute heavily.
Strategy: focus patents on practical implementations, that is, optimised ML pipelines, hardware integrations, or measurable performance gains. File early; delay risks forfeiting rights.
Trade secrets: Power that evaporates on exposure
Your most valuable assets—models, data, algorithms—may best be guarded as trade secrets. But secrecy is fragile: once leaked, protection is lost forever. Jurisdictions differ in enforcement strength, though China and the EU are toughening remedies.
Strategy: create layers of protection: NDAs, strict access controls, encrypted environments, and a culture that treats confidentiality as sacred.
Open source: The double-edged sword
Open source accelerates growth, but licenses carry obligations. Copyleft code (GPL/AGPL) can force disclosure of your proprietary software. Investors regularly flag poor compliance in due diligence.
Strategy: maintain a live OSS inventory, train engineers on licensing obligations, and align your own releases with a dual-licensing model if possible.
Technical safeguards: Hardening leaky assets
- Algorithms and models: Reverse engineering and model-extraction attacks are real threats. Use obfuscation, secure enclaves, watermarks, and privacy techniques to slow down theft.
- APIs and scraping: Public APIs invite scraping. Courts (e.g. hiQ v LinkedIn) have limited companies’ ability to block it. Technical controls—rate limiting, CAPTCHAs, authentication—are essential.
- Datasets: Data can be copied infinitely. EU database rights offer some help, but technical controls matter more—access logs, honeypots, and partitioning to limit exposure.
Business risks: People, partners, and power
Employee mobility
Departing staff often take know-how with them. Non-competes are weak or unenforceable in many regions.
Countermeasure: pair NDAs with rigorous exit processes and limit access to critical systems.
Cloud and vendors
Misconfigurations or over-permissive provider terms can leak your IP. Regulators may also compel access.
Countermeasure: encrypt assets, segment networks, and negotiate strong contractual protections.
Licensing and antitrust or competition
Exclusive deals may speed up partnerships but invite regulatory scrutiny.
Countermeasure: structure licensing agreements around FRAND principles and avoid “all eggs in one basket” exclusivity.
The global patchwork
- United States: Strong rights and flexible fair use, but aggressive litigation and antitrust oversight.
- European Union: Strict copyright rules, AI Act obligations, and historically tough competition law.
- China: Higher damages and specialist IP courts, but ongoing concerns around enforcement consistency.
- Emerging markets: Mixed regimes, rising data-sovereignty rules, and unpredictable enforcement.
Scaleups need layered portfolios: don’t just file locally, prioritise filings in markets that matter most to your growth.
The scaleup blueprint
| Layer | Action | Protects |
|---|---|---|
| Legal | Patents, copyrights, trademarks, NDAs | Code, algorithms, brand, ownership |
| Technical | Obfuscation, watermarking, API security | Models, datasets, algorithms |
| Business | OSS inventory, strategic licensing, cloud contracts | Integrity, revenue, partnerships |
| Cultural | Confidentiality training, regular audits | Company-wide discipline |
How ITLawCo can help
For scaleups, IP is both shield and sword. Neglect it, and you invite copycats, lawsuits, and investor hesitation. Over-engineer it, and you drown in cost and complexity. The winners will be those who treat IP as a strategic, layered, global discipline: patents where they make sense, trade secrets where secrecy is realistic, rigorous OSS compliance, and technical hardening to reduce leakage.
At ITLawCo, we specialise in guiding scaleups through this terrain. We help founders and leadership teams:
- Build IP playbooks that balance protection with growth.
- Design clean data and OSS compliance frameworks to reduce hidden risks.
- Structure licensing and partnership agreements that unlock revenue while avoiding antitrust pitfalls.
- Navigate the global IP patchwork with practical, enforceable protections.
![Taskflow (Pty) Ltd v Aluxium (Pty) Ltd [2024] ZAGPPHC 857](https://itlawco.com/wp-content/uploads/2024/09/Taskflow-Pty-Ltd-v-Aluxium-Pty-Ltd-2024-ZAGPPHC-857-600x403.jpg)
