Enterprises rarely lose an acquisition because their product was weak. They lose it or watch the valuation drop overnight because a lawyer on the buyer’s side asked, “Who owns this code?” Nobody had a clean answer, a scenario diligence teams flag as a recurring cause of deal delay and valuation cuts in technology M&A. India’s Global Capability Center ecosystem has grown to 2,117 centers generating $98.4 billion in annual revenue and employing 2.36 million professionals, a 32% expansion since FY2021 (Zinnov-Nasscom GCC Value Orbit Report, FY2026).
Intangible assets, including software IP, now account for approximately 92% of S&P 500 market value, up from just 17% in 1975 (Ocean Tomo Intangible Asset Market Value Study, 2025). Patent infringement litigation with $25 million or more at risk carries median costs exceeding $5 million per case through trial. Scale this exposure across an offshore team writing enterprise-critical code, and IP architecture stops being a checkbox. It becomes the asset that either survives due diligence or sinks the deal.
Table of Contents
ToggleWeak IP governance does not surface as a legal problem; it surfaces as a stalled funding round or a collapsed acquisition.
The cost is rarely visible until diligence begins. Missing assignment agreements, undocumented contributors, and unverified open-source components resurface exactly when leverage matters least, during term sheet negotiation or acquirer review, and buyers use every gap to renegotiate price.
Retrofitting ownership after code exists means chasing signatures from engineers who may have left the vendor, the country, or the industry. The defensible position is securing the assignment before the first commit, not after the first audit request.
The NineHertz’s Offshore IP Ownership Architecture (OIOA) is a five-layer framework: engineer work-for-hire, vendor assignment, dual-jurisdiction review, code ownership registry, and investor due diligence package. These are engineered to produce a chain of title that survives hostile scrutiny.
Most enterprises define IP too narrowly, protecting the finished product while leaving the architecture, documentation, and process innovations around it exposed.
Source code, system architecture, algorithms, technical documentation, UI design, and internal tooling all qualify as IP. Enterprises that protect only the shipped application leave the majority of engineering value unassigned.
Cross-border teams introduce jurisdictional ambiguity: the engineer sits in India, the entity contracting the vendor sits in Delaware, and the product ships globally. Each jurisdiction applies different default ownership rules.
By default, the individual author. Employment or a signed work-for-hire agreement is required to shift ownership to the vendor, and a separate assignment is required to shift it again to the enterprise client.
An NDA protects secrets from disclosure. It does nothing to establish who legally owns the code those secrets describe.
NDAs govern confidentiality obligations, not ownership rights. A vendor can honor an NDA completely while still legally owning every line of code its engineers produced.
Confidentiality prevents a third party from using leaked information. Ownership determines who can license, sell, modify, or litigate the underlying work, two entirely separate legal questions enterprises routinely conflate.
“We signed an NDA, so we own the IP” is the single most common assumption in offshore development center engagements, and one of the most expensive to discover is false during acquisition diligence.
A complete stack includes individual work-for-hire agreements, a master vendor IP assignment clause, a code ownership registry, and jurisdiction-specific counsel sign-off on the NDA, which is one document among five.
India protects software as a literary work under the Copyright Act, not as a patentable invention, which changes how ownership must be documented.
Under Indian copyright law, the author of a work is its first owner unless the work was created “in the course of employment,” a distinction that determines whether a contractor’s code belongs to the contractor by default.
Employees’ code generally vests in the employer automatically. Contractor and vendor-model engineers do not receive that automatic protection, which is precisely the structure most ODC engagements use.
India lacks a broad US-style “work made for hire” doctrine for commissioned software; enterprises must rely on explicit contractual assignment rather than assuming statutory default ownership applies.
Investors underwrite the code, not the pitch deck. If ownership cannot be traced to the enterprise with signed assignments, the asset backing the valuation is legally uncertain.
IP due diligence directly shapes deal valuations, and unclear ownership routinely delays or derails transactions before signing, a pattern that applies equally to Series A and later funding rounds.
Pro tip: Have counsel confirm, in writing, that assignment clauses satisfy both Indian Copyright Act requirements and the representations a US or EU buyer will expect during diligence.
Every failed IP audit traces back to one of four repeatable patterns, regardless of industry, deal size, or how carefully the engagement was contracted.
No signed transfer from individual engineer to vendor, or from vendor to enterprise client is the single most common gap found in ODC diligence.
Copyleft licenses embedded without review can force disclosure obligations on proprietary code, an outcome most enterprises discover only when a buyer’s counsel flags it.
Engineers who rotated off the project, left the vendor, or worked as subcontractors leave ownership gaps if their contributions were never individually assigned.
An assignment valid under Indian law may not satisfy US or EU enforceability standards, and vice versa, without dual-jurisdiction drafting.
| IP Risk | Business Impact |
|---|---|
| Missing assignment agreements | Deal delay or valuation discount during diligence |
| Unverified open-source components | Forced disclosure or re-engineering obligations |
| Incomplete contributor records | Ownership disputes after key engineers depart |
| Single-jurisdiction contracts only | Assignment unenforceable in buyer’s home jurisdiction |
OIOA converts IP protection from a reactive legal task, handled after a problem surfaces, into a structured, five-layer system built before development starts.
Every engineer signs an individual assignment before touching the codebase, closing the authorship gap at its source rather than after the fact.
A master agreement between vendor and enterprise client assigns all work product upstream, independent of individual engineer turnover.
Indian and US/EU counsel jointly review every assignment clause so the chain of title is structured to withstand scrutiny in both the country of creation and the country of enforcement. No assignment structure can guarantee enforceability outcomes in advance; the objective is a defensible, well-documented position, not an absolute guarantee.
A living record linking every commit, contributor, and assignment document, maintained continuously rather than reconstructed during an audit.
Pre-assembled documentation set, such as assignments, registry exports, and license audits, is ready to hand to any investor or acquirer without a scramble.
Pro tip: The layer most enterprises skip is Layer 4. Assignments get signed at onboarding and then forgotten. Nobody maintains a live link between commits and the humans who wrote them. That gap is exactly what a diligence team finds first, and exactly what turns a two-week diligence process into a two-month one.
A defensible chain of title is built commit by commit, contributor by contributor, not assembled retroactively the week a term sheet lands.
Ownership must move in a documented sequence: engineer to vendor, vendor to client, with no unassigned link anywhere in that chain.
Git commit history alone is not legal proof of ownership; it must be paired with the signed assignment covering that contributor’s work.
New engineers, subcontractors, and vendor changes each require fresh assignment paperwork – ownership management is continuous, not a one-time setup task.
Every deliverable should map to a named contributor and a signed assignment; anything that cannot be mapped is a diligence finding waiting to happen.
A single-jurisdiction contract is a single point of failure the moment a dispute, acquisition, or funding round crosses borders, which most ODC engagements eventually do.
An assignment enforceable in Bengaluru may not be enforceable in Delaware without jurisdiction-specific clauses addressing governing law and dispute resolution.
Assignment of future works, moral rights waiver (where permitted), governing law, dispute resolution forum, and audit-cooperation obligations are non-negotiable.
Assigning the assignment should incorporate governing law in the assignment that may be different from the governing law for the overall commercial contract.
Indian counsel drafts for enforceability under the Copyright Act and Indian Contract Act; US/EU counsel confirms the same clause satisfies buyer-side representations and warranties.
| Jurisdiction | Key Consideration |
|---|---|
| India | Copyright Act governs software; no broad work-for-hire doctrine for contractors |
| United States | Work-for-hire doctrine applies to employees; contractor works need explicit assignment |
| European Union | Moral rights are often non-waivable; assignment clauses must account for this |
| UAE | Federal IP law requires registered assignment for full enforceability |
A registry turns “we believe we own this” into “here is the signed document proving it,” the difference diligence teams are trained to test.
Buyers and investors do not accept representations alone; they expect a documented trail from contributor to assignment to deliverable.
Every commit author should map to a signed assignment on file, searchable by name, date, and repository.
To be reviewed prior to merge, each third-party component must have a logged license type and compliance status, and not be discovered after release.
Embedded assignment status checks in the pipeline ensure that unassigned contributors are not allowed into production.
| Registry Element | Purpose |
|---|---|
| Contributor identity log | Links every commit to a named, assigned individual |
| Assignment document index | Confirms signed transfer exists for each contributor |
| Open-source license ledger | Tracks license type and compliance status per dependency |
| Jurisdiction tag | Records governing law applicable to each assignment |
Open-source components accelerate delivery, but left unmanaged, they quietly attach licensing obligations to proprietary code that surface only when a buyer’s counsel goes looking.
Permissive licenses like MIT rarely cause issues; copyleft licenses like GPL can require source disclosure if merged carelessly into proprietary systems.
Pre-merge license scanning, backed by a defined approval list, stops risky dependencies before they enter the codebase.
Every library needs an owner, a documented purpose, and a renewal check; undocumented dependencies age into unmanaged risk.
Continuous scanning tools flag new vulnerabilities and license changes in dependencies already in production, not only at initial merge.
The enterprises that raise capital fastest are the ones that assembled their IP package before anyone asked for it.
Reconstructing two years of contributor history under deal-timeline pressure produces gaps; building the record continuously does not.
Signed assignments, the code ownership registry export, open-source audit results, and dual-jurisdiction counsel opinions form the baseline package.
A ready package shortens diligence timelines and removes one of the most common levers buyers use to renegotiate valuation.
Quarterly internal reviews keep the package current, so a funding conversation never starts with a six-month documentation catch-up project.
Pro tip: Treat the IP due diligence package as a living deliverable, reviewed on the same cadence as financial statements, not a document produced once during a raise.
Governance is what keeps OIOA functioning long after the initial setup, turning a one-time implementation into a durable, repeatable operating discipline.
Written policies should define assignment timing, registry ownership, and escalation paths before the first engineer is onboarded.
Access controls, code review requirements, and repository permissions reduce the risk of unassigned or unauthorized contributions entering the codebase.
Repository access should be tied to signed assignment status: no assignment, no commit access, enforced systematically rather than by memory.
An assignment signature belongs in onboarding; a documented IP handover and access revocation belong in offboarding, every time, without exception.
Quarterly registry reconciliation catches gaps while they are cheap to fix, rather than during a due diligence deadline.
Every mistake in this section is avoidable, and every one of them shows up repeatedly in real ODC diligence findings.
Waiting until “later” to formalize the assignment means chasing signatures from engineers who have since left the vendor.
Skipping dual-jurisdiction review to save time upfront routinely costs more in renegotiated deal terms later.
Verbal agreements and informal Slack approvals do not survive diligence scrutiny; only signed, dated documents do.
A vendor’s master services agreement without an explicit IP assignment clause leaves ownership with the vendor by default.
Without periodic audits, small gaps compound silently across every sprint until they surface as one large diligence finding.
The NineHertz builds IP protection into the Build, Run, and Evolve lifecycle from day one, engineering ownership into every phase rather than treating it as a separate legal workstream.
OIOA applies from the first engineering hire, before a single commit is written, and is not introduced only after a client raises ownership concerns during diligence, funding, or an acquisition conversation.
Every engagement carries dual-jurisdiction agreements, drafted with joint Indian and US/EU counsel input, covering future-works assignment, moral rights, and governing law, as the contractual default rather than an optional upgrade.
Repository access, assignment verification, and open-source scanning run continuously through the ContinuumAI framework’s security and auditability principles, checked at every commit before code reaches production, not once at project close or handover.
Engagements are structured to satisfy the specific representations and warranties buyers and investors expect during diligence, across acquisition, funding, and audit scenarios alike. The defensible standard is global enforceability, not local compliance minimums.
Clients receive registry access on request, not only at exit, with a full contributor-to-assignment export available at any point in the engagement. Ownership visibility stays continuous, engineered as an operating capability, not a deliverable assembled under deadline pressure.
IP architecture decided at ODC setup protects valuable years before anyone asks for the paperwork. OIOA gives enterprises a repeatable way to secure engineer-level assignment, vendor-level transfer, dual-jurisdiction enforceability, registry-based traceability, and an investor-ready package before development begins, not after a buyer’s counsel finds the gap.
Pro tip: Schedule an IP architecture assessment before the next engineering hire, not before the next fundraise.
Under Indian copyright law, software is protected as a literary work, and the default owner is the individual who wrote the code, even when the enterprise pays for the engagement in full. Ownership shifts to the vendor, then to the enterprise client, only through a signed work-for-hire or assignment agreement naming the specific work product. Payment, an NDA, or a verbal understanding never transfers title. Require signed individual assignments before development begins, not after code ships.
No. An NDA governs confidentiality, not ownership, two separate legal questions. A vendor can honor every NDA term while still legally owning the code, since ownership requires employment or a signed assignment agreement. This gap surfaces expensively during acquisition or investment due diligence, when buyers’ counsel asks for proof of ownership, not confidentiality. Enterprises need individual work-for-hire agreements and vendor-level assignment layered on top of the NDA, not instead of it.
OIOA is The NineHertz’s proprietary five-layer framework for building a defensible chain of title across India ODC engagements: individual engineer work-for-hire agreements, vendor-level IP assignment, dual-jurisdiction legal review, a code ownership registry linking commits to signed assignments, and an investor- and acquirer-ready due diligence package. Together, the five layers replace an NDA-only approach with a structured, auditable ownership system built from the first line of code, not retrofitted later.
India applies the Copyright Act to software and lacks a broad, US-style work-for-hire doctrine for contractors, so an assignment drafted only for Indian enforceability can fail under US, EU, or UAE law, and vice versa. Dual-jurisdiction review has Indian, and US/EU counsel jointly confirm the same clause holds up in both the country of creation and the country where the enterprise raises capital or is acquired, closing the most common cause of unravelled assignments.
The fix is treating this as a continuous operational discipline, not a one-time setup task. Every commit maps to a named contributor with a signed assignment on file before merge, and repository access stays tied to assignment status. Quarterly registry reconciliation catches gaps, such as unassigned new hires, subcontractors, and vendor changes, while they’re still inexpensive to fix, not during a due diligence deadline, when leverage has already shifted to the buyer.
Signed individual work-for-hire agreements from every contributing engineer, a master vendor-level IP assignment agreement, an exportable code ownership registry linking commits to contributors and assignments, an open-source license audit confirming no unmanaged copyleft dependencies, and written enforceability opinions from both Indian and US/EU counsel. Assembling and updating this package quarterly at ODC setup means it’s ready to hand over on short notice, not built under active-deal time pressure.
The NineHertz applies OIOA from the first engineering hire, not after a client raises ownership concerns. Every engagement carries dual-jurisdiction legal review, continuous repository access controls, assignment verification, and open-source license scanning enforced through the ContinuumAI framework’s security and auditability principles. Clients get registry access on request at any point, not only at exit, built into the Build, Run, and Evolve engagement model by default, so governance scales with the ODC.
As the Chief Growth Officer at The NineHertz, I specialize in curating personalized strategies that help enterprises and brands globally to scale through AI, app development, and IT services. I have worked with companies across construction, insurance, logistics, supply chain, entertainment and healthcare for more than 15 years, understanding their operational realities and translating them into meaningful technology outcomes.
Key Takeaways India’s dominance in offshore engineering is strengthening as 1580 GCCs are already operating in India, generating $50 billion…
Key Takeaways Jaipur delivers 35–45% lower operating costs than Bangalore, with attrition running 12–16% versus the 28–35% Tier-1 average and…
Key Takeaways Choosing the wrong offshore engagement model has a measurable financial cost. According to a global survey, only Deloitte's…
Take a Step forward to Turn Your Idea into Profit Making App