In
Fresh legal insights from Baker McKenzie
to power your business globally
Briefed
Tokenization is transforming the financial sector, with tokenized assets projected to reach USD 19 trillion by 2033.
We sat down with Baker McKenzie partners Conrad Ruppel (Frankfurt) and Yves Mauchle (Zurich) to understand why tokenization is the financial trend of the moment –
and the future.��
The concept of tokenization and its application have origins dating back to the early 2000s, where tokens were introduced as a data protection mechanism. Why is this such a hot topic for financial institutions in 2025?
Yves: Of course, the rise of the distributed ledger technology (DLT) fundamentally elevated the technological possibilities compared to the early 2000s. Financial institutions are eager to leverage the DLT. However, given how intensively they are regulated, financial institutions needed to see some support for tokenization from financial regulators. That support has begun to materialize. The UK Financial Conduct Authority has a “digital sandbox”, offering GDPR compliant datasets in a secure environment, mentorship from industry experts and access to the FinTech Community to help enable experimentation and scaling for proof of concepts. Meanwhile, the Monetary Authority of Singapore has initiated “Project Guardian” – a collaborative initiative between policymakers including Switzerland’s FINMA and the financial industry to enhance liquidity and efficiency of financial markets through asset tokenisation.
We’re also seeing more mature regulatory frameworks come into force – like MiCAR (Markets in Crypto-Assets) in the EU, which focuses on stablecoins and other unregulated crypto assets. Interest from financial institutions has increased in tandem with these developments.
�Why tokenization? What problem can this solve for financial institutions?��Conrad: Tokenization is on the rise. Where it initially focused on digital bonds – simple debt instruments that can be tokenized relatively easily – it is now expanding to cover other real-world assets including investment funds, e.g. money market funds, and equities. Countries including Germany, Luxembourg and Switzerland have distinct securities laws for those types of digital assets.
Yves: Under Swiss law, for example, uncertified securities could not be transferred without a written signature, except in the form of intermediaries securities. Ledger-based securities solved that problem by creating a level playing field and allowing the transfer of tokenized securities to all market players. However, it is not only issuers and new market entrants that are interested in ledger-based securities, but also financial institutions. The reason is that the ledger-based securities framework provides a positive regulation of claims under private law akin to a traditional security and therefore creates legal certainty.
Conrad: Aside from securities, tokenization also allows the provision of “cash on chain” and even requires this to realize many use-cases, e.g. buy/sell transactions or 24/7 payments. For example, certain stablecoins are tokens linked to underlying currencies, such as the dollar or euro, and tokenized deposits allow book money claims against a commercial bank to be registered on the distributed ledger technology (DLT). Both these use cases aim at enabling faster and more secure payment transactions, including in cross-border payment or securities buy/sell transactions, which can be more difficult and time-consuming.
What hurdles remain to the broad adoption of tokenization?
Yves: Regulatory and legal analysis of tokens is still in its initial stages and there are myriad ways to classify different kinds of tokens. At present there is little international consensus and coordination between lawmakers and regulatory authorities. Standard-setting and guidance has been limited outside specific fields such as anti-money laundering.
The validity of transfers is another consideration. The Swiss law I referenced earlier offers a solid framework and some legal certainty – but there is little international coordination and standardization, so potential buyers need to engage in due diligence around transactions, which can increase transaction costs and therefore remove the efficiency that tokenization is designed to provide.
Conrad: At present, we’re lacking interoperability of tokenized assets and platforms. Different platforms and solutions need to be able to talk to one another to allow digital securities and tokenized cash to be exchanged. Traditional infrastructures and DLT are likely to coexist for some time yet.
Cost is another challenge, particularly for pioneers. Eventually, the efficiencies created will benefit all market players, but there is a way to go.
Yves: And perhaps most importantly, there is a need for extensive development and testing to provide the reliability and resilience expected by financial market participants, especially institutional investors.
How is Baker McKenzie advising in the developing field of tokenization?
Conrad: We are advising on the legal framework for stablecoins in the EU – the regulation of markets in crypto-assets known as MiCAR. We’re also working on exciting private sector solutions to provide cash on chain through tokenized deposits. Baker McKenzie has a strong well-connected team with experts around the world advising for example global investment banks, fund managers, digital platforms and financial infrastructure provider on the forefront of digital assets projects, and increasingly in cooperations between market players, all in the spirit of interoperability.
Yves: As an example, we advised UBS, SBI Securities and DBS in relation to Project Guardian – the Singapore Monetary Authority’s collaboration between regulators and the financial industry. Our specific project tested the feasibility of applications in asset tokenization while managing risks to financial stability and integrity. It saw the world's first live cross-border repurchase agreement and natively-issued digital bond with payments fully executed and settled on a public blockchain.��
How Digital Assets are Reshaping Finance
Data and M&A Strategies
Opportunity in India
IP Reimagined
The Token Economy
Cloud-Based Solutions in FI
CONTACT US
SHARE
At present there is little international consensus and coordination between lawmakers and regulatory authorities.
Conrad Ruppel
Partner, Frankfurt
Partner, Zurich
Yves Mauchle
What benefits does distributed ledger technology (DLT) confer?
Conrad: DLT allows for flexible programmability: smart contacts can be used to automate complex processes such as dividend payments for security holders or faster and more efficient cross-border payments. DLT also makes transactions more transparent and safer as the platform provides an unchangeable and transparent record. Eventually, transactions should be more efficient compared to the traditional world.
Share
Contact us
4 M&A Strategies for the Digital Age
In today’s data-driven economy, cybersecurity and data privacy aren’t just operational concerns in M&A transactions — they’re deal-critical. When a company’s value is built on code, data and algorithms, even a minor breach can have major consequences. Deals have been derailed by legacy vulnerabilities, terminated over hidden data exposure and hit with millions in fines due to undiscovered breaches. As Leif King, M&A partner based in Palo Alto, puts it: “Technology is all about being ahead. If IP is leaked, the competitive gap narrows — and so does value.”
For buyers, the risk is inheriting invisible liabilities. For sellers, it’s reputational damage, penalties and loss of trust. Managing these risks demands focus across four critical fronts: rigorous due diligence, targeted contractual protections, verifiable compliance and integration strategies that extend across borders. In this environment, protecting digital assets is protecting the deal.
�
Conduct due diligence: From breaches to blind spots
As cyber threats grow more sophisticated, due diligence must go beyond checklists and policy reviews. Today’s M&A environment demands forensic-level scrutiny — particularly when personal or sensitive data is involved. Buyers increasingly rely on penetration testing, dark web scans and specialized consultants to uncover hidden vulnerabilities. “There’s no substitute for understanding the risk before buying the company,” says King. “It’s the best way to preserve the expected deal value.”
When considering a deal, companies should immediately assess data exposure. Vinod Bange, Data and Cyber partner based in London, suggests starting even earlier. “With the right expertise, you can check whether a target’s data is already for sale on the dark web,” he says. “If a business has underinvested in tech, threat actors probably already know — and may already be in the system.”
For sellers, the takeaway is just as urgent: audit your cyber position before the buyer does. “Threat actors time their attacks around live transactions,” Bange warns. “We’ve seen ransomware hit exactly when disruption will hurt the most.”
2. Contract for risk
Once vulnerabilities are identified, the next challenge is assigning responsibility. “There are three places that risk can go: to the buyer, the seller or a third-party insurance company,” says King. Contracts must be structured accordingly — through appropriate representations and warranties, specific indemnities or specialized insurance coverage.
Justine Phillips, Data and Cyber partner based in Los Angeles, emphasizes that contract language must evolve with the threat landscape. “Cyber risk — like all types of risk — must first be identified. Once you understand the cyber threats and risk in the deal, then businesses can decide to accept, avoid, mitigate or transfer the risk. Contracts are the primary vehicle for risk transference. That means looking beyond boilerplate clauses and tailoring protections to the realities of the deal and risk appetite. ”
For buyers, that often means negotiating robust contractual protections: broad representations covering compliance with data privacy, cybersecurity and AI laws as well as specific indemnities where a known issue — like a historic breach or unresolved regulatory matter — is identified during diligence. Sellers, in turn, should expect this scrutiny and prepare disclosures that clarify the matter and risk at hand.
�
To bridge risk allocation when negotiation hits a wall, dealmakers are increasingly turning to third-party tools like cyber insurance and representations and warranty insurance. “That insurance is often fairly reasonably priced and readily available,” King notes — particularly when there’s no significant history of breaches.
3. Avoid the compliance trapdoor
An often overlooked risk in M&A is the gap between policy and practice. A company may appear compliant on paper, but buyers must verify whether privacy policies — like those referencing GDPR, CCPA — are actually followed. Buyers must test operational compliance: Is data collected with proper consent? Are third-party sharing protocols in place? Are security controls applied consistently across jurisdictions?
The role of the M&A lawyer is to ask: is the company doing what it promises with its data?” King says. “Often, there’s a mismatch. That gap can lead to fines—or even derail the deal.”
A major hospitality acquisition illustrates the risk: a legacy breach, undiscovered at closing, threatened an initial £99 million ($132 million) fine, which was later reduced upon appeal. “It’s no different than buying a property with hidden pollution,” King adds. “You inherit the liability if you don’t investigate it properly.”
Bange adds that readiness can’t be faked. “A company that’s genuinely investing in cyber governance will be able to paint a much clearer picture of its risk profile,” he says. “And that confidence matters — especially when buyers are trying to price uncertainty.”
4. Plan across borders: Integration without exposure
The real test of cybersecurity and data governance often begins after the ink dries, as systems, staff and sensitive data begin to merge. Cross-border deals face added pressure from data localization laws and differing breach notification rules. “Integration plans must be built around more than culture and systems — they must be built to shield value,” says King. “Rolling out cybersecurity protocols and aligning privacy frameworks across entities needs to happen from day one.”
This becomes especially critical when large acquirers take on smaller companies with looser controls. “Part of the post-deal roadmap is closing the gap between how the buyer operates and what the target has been doing,” he says.
Bange emphasizes the operational pitfalls. “You can’t just hand integration over to your IT team,” he says. “You need external specialists to address vulnerabilities flagged during diligence. Otherwise, those ‘orange flags’ can turn red fast.”
Cybersecurity and data privacy are now central to the success of any complex M&A deal. The four pillars — due diligence, risk allocation, compliance validation and integration strategy — are essential to de-risking transactions and preserving value. As King says, “Deals today hinge on questions that didn’t exist a decade ago — because the threats didn’t either.” The legal function is no longer just about execution; it’s a strategic partner in building resilient deals built to succeed in the long term.
�
Where Growth Meets Global Opportunity
India’s high-growth market is attracting international investment and attention. With the government targeting over one hundred billion US dollars in annual foreign direct investment, India is positioning itself as a destination for investors from Europe, Asia and the US.
�
There are significant opportunities in both inbound and outbound legal work. It’s not just multinational companies coming in, many Indian conglomerates are looking at outbound opportunities, too.”
M&A & FDI activity has room to soar��Indian deal-making has peaked at a three-year high in value in 2025. In Q1 2025, India recorded 669 M&A transactions totaling USD 29 billion, the highest quarterly volume since Q1 2022 and the largest value since Q3 2022.1
“India's expanding market opportunities, cost efficiencies, and competitive advantages have captured the interest of global investors. The government's ongoing efforts to improve the ease of doing business and implement progressive economic reforms further accelerate this trend, solidifying India as a destination of choice for M&A activity and foreign investment.” - Mini Menon vandePol, Global India Practice Chair
Recent legislation requires specific attention:
Deal Value Threshold introduces an additional regulatory hurdle for investments that might otherwise have escaped merger review in India due to low asset values and revenues.�
New Combination Regulations set an industry-specific substantial business operations (SBO) in India for businesses in the digital sector.�
SBO criteria considerations, which include specific conditions pertaining to Gross Merchandise Value (GMV), turnover and transactional value.
�
“Regulatory complexities may extend deal timelines and increase compliance costs. Businesses should adopt a pragmatic approach to deal timing and meticulously design deal terms that will enable the company to function effectively over an extended period. This strategy will provide assurance to sellers and maintain the integrity of the business for buyers.” - Alan Zoccolillo, Partner, New York
Relaxation of FDI limits:
The general trend has been one of continued FDI policy relaxation. Alongside changes to FDI thresholds across a number of key sectors including insurance, defense, telecoms and oil and gas, the Start-up India Initiative has also worked to boost foreign venture and early-stage growth capital into India’s booming start-up community.
"Private equity investment is playing a pivotal role in India's M&A landscape. Buyouts are gaining traction as a key strategy for private equity firms aiming to capture the country's rapid growth, with the IT, manufacturing, financial services, and pharmaceuticals sectors emerging as hotspots for buyout activities." - Jannan Crozier, Partner, London
Indian equities have shown resilience, with the Nifty 50 continuing to gain. India's GDP growth remains strong, driven by private consumption and rising investments.
“While geopolitical tensions continue to pose risks, progress on bilateral free trade deals are positive factors for India’s economy.” - Ashok Lalwani, Partner, Dallas
“India’s tech sector has been a hot spot for M&A, with multinationals eager to tap into the country's burgeoning tech ecosystem, particularly in areas such as AI, machine learning, and big data analytics. With the enactment of the new merger control regime, it is imperative that businesses work closely with their advisors to determine if their transaction value will require notification to the Competition Commission of India.” - Amar Budarapu, Partner, Dallas
�
Key takeaways
Sunny Mann, Global Chair-Elect and Partner, London, shares that, “India’s recent bilateral trade deal with the United Kingdom is the latest example of how diversification is creating new collaborations that can produce significant benefits for both India and its trading partners.”
H2 2025 brings rising investor confidence and liberalized FDI presents opportunity for businesses: As India continues its growth trajectory, underpinned by an increasingly liberalized FDI policy and business-friendly regulatory reform, the M&A landscape is expected to evolve. Investors will need to navigate this landscape carefully, leveraging India’s strategic advantages while staying abreast of the latest legal and regulatory developments to maximize their investment potential.
Businesses keen to unlock opportunities in the market need advisors who can simplify complexity and provide practical, actionable guidance. For more information, please contact Mini Menon vandePol.
This article is being provided as general information and does not constitute legal advice. Baker McKenzie does not practice Indian law and where Indian law advice is needed, we work closely with top India-qualified lawyers. We’d be happy to discuss your needs in India.
1. Grant Thornton, India’s M&A Outlook in 2025��
�
Creative Strategies for Emerging Threats
Intellectual property (IP) is one of – if not the most – valuable assets an organization has, driving innovation, competitiveness and even dealmaking. The stakes for a company to protect its IP have always been high, but technological advancements like AI along with the rise of social media are changing the way that companies need to develop their IP strategy.
Findings from our annual Global Disputes Forecast underlined the significance of IP protection. IP/Brand/Patent disputes ranked as one of the top concerns for technology and consumer goods & retail organizations as well as healthcare and life sciences companies.
�
�
Our changing world demands innovative IP strategies, but there is a route to success: businesses must be creative in their use of registered and unregistered IP rights, take a holistic view on protection and enforcement, and keep a close watch on legislative and policy trends.”
Andy Leck, (Head of the Singapore Intellectual Property and Technology practice, Baker & McKenzie Wong & Leow*)
*Baker & McKenzie Wong & Leow is a member of Baker & McKenzie International, a Swiss Verein.
Increasingly, companies are turning to more creative alternatives to traditional IP regimes like patents, trademarks and copyright, as well as creative strategies for enforcement, to protect their IP against new and evolving threats. And even long-held legal concepts in these traditional regimes are currently being debated in the context of AI:
Tech companies increasingly rely on trade secrets to protect their competitive edge
For technology companies, trade secrets have become a preferred method to protect their IP – including algorithms, processes, datasets and customer lists – over more traditional regimes, such as patents which can be more costly and time-consuming.
Kim Sartin (Partner, London), Robin Samuel (Head of US Labor & Employment practice, Los Angeles), Bradford Newman (Chair of North America Trade Secrets practice, Palo Alto) and Jonathan Isaacs (Head of China Employment practice, Hong Kong) discussed how AI and other rapid technological advancements are both increasing the use of trade secret protection as well as the risk that these trade secrets might be acquired by bad actors.
"The same actions a business should take to mitigate the exposure of trade secrets in the first place will also help if they need to enforce their trade secret rights - though careful planning is needed to align both preventative and reactive measures.” - Robin Samuel, Head of US Labor & Employment practice, Los Angeles
�
The same actions a business should take to mitigate the exposure of trade secrets in the first place will also help if they need to enforce their trade secret rights - though careful planning is needed to align both preventative and reactive measures.”
Robin Samuel, Head of US Labor & Employment practice, Los Angeles
2. Tackling dupes requires creative approaches from luxury, fashion and cosmetics companies
Dupes are on the rise. Often promoted by social media influencers and skirting the typical characteristics of trademark infringement like counterfeit items, dupes mimic the style, design, shape, colors and functionality of the original product usually at a fraction of the price. This lack of clear infringement makes it more difficult to challenge with legal action, all while causing just as much harm.
Julia Dickenson (Of Counsel, London) joined the Off the Shelf video podcast series to discuss how brands can tackle this growing issue with creative approaches such as non-traditional trademarks, designs, copyright and unfair competition.
"Dupes are increasingly something that brands can't afford to ignore." - Julia Dickenson, Of Counsel, London. Read the recap.
3. AI raises questions around the future IP landscape globally
AI is raising questions over a fundamental concept of copyright law: is there a need for a “natural person” (e.g. a human author/inventor) to establish ownership and protectability? While both the US and Europe have continued to uphold this as a key element, the debate is likely to continue as AI increases in sophistication, AI-assisted content blurs the lines of what is legally protected and other jurisdictions potentially take differing stances on this issue.
Eva-Maria Strobel (EMEA Chair, Commercial Practice, Zurich) and Cynthia Cole (Partner, Palo Alto) published an article in the Los Angeles & San Francisco Daily Journal examining these considerations, their potential impact on future IP regulation and the importance of looking ahead of this evolving regulatory landscape.
So what's next?
Technological advancement is proving to be a double-edged sword as companies look to protect their intellectual property.
The advent of social media and influencer culture has introduced a new and more personal way for brands to reach consumers but also has propelled the popularity of dupes. Technology is transforming the tech sector and driving innovation but is also making tech companies more vulnerable to bad actors looking to get a hold of trade secrets. And while AI can enrich creative outputs, it is also challenging long-held definitions of ownership and authorship and will continue to raise legal uncertainty.
Proactive strategy, a keen understanding of both the current and future IP regulatory landscape and thinking outside of the box remain key to navigating these new challenges and protecting your organization's IP.
"Keeping your eye on the changing landscape is the challenge behind creation in today’s AI age.” - Eva-Maria Strobel, EMEA Chair, Commercial Practice, Zurich
Building Trust in
Cloud-Based Solutions
Cloud-based solutions are a key element of digitized business models for financial institutions. They offer cost reduction opportunities through lowering capital expenditure, facilitating flexible consumption models and new technologies. But what risks arise through the adoption, operation and maintenance of such cloud services? �
Cloud approvals and demonstration of compliance�Each jurisdiction of operation may stipulate differing regulatory standards to follow for cloud services. These standards can extend from authorization to demonstrating compliance.�
Contractual protection with cloud service providers
Businesses should ensure contracts with cloud service providers have clear stipulations over regulatory audits and data access, with particular attention to the scope and limits of any shared-responsibility models.
Third-party risk management
High standards of due diligence and ongoing monitoring are key to mitigating third-party risk with external cloud providers. This should include regulatory compliance for the cross border access and storage of data.
��
The dispersed nature of cloud solutions, with data stored and accessed in multiple jurisdictions, can create compliance challenges under local laws, including in relation to financial services regulation, data privacy, and security laws. Understanding the landscape is important, but getting integrated advice is even more crucial.”
Sue McLean, Partner, London
Managing cloud services is especially complex when you consider the intricacies of regulated outsourcing and uneven regulatory landscape across the globe.
Access the Baker McKenzie Cloud Compliance Center, which provides a snapshot of the legal and regulatory position of cloud computing in key jurisdictions. Access simple answers to headline questions around regulatory oversight, audit rights, data protection and third-party risk management.
��
Protect the Data, Secure the Deal
India
IP Reimagined
The Token Economy
FINANCIAL INSTITUTIONS
Share
Contact us
Partner, London
Sue McLean
Share
Contact us
Partner, Palo Alto
Leif King
Share
Contact us
Share
Contact us
Global India Practice Chair
Mini Menon
vandePol
BACK TO TOP
Deep due diligence and cooperation between parties
Operational compliance validation
Thoughtful contractual risk allocation
Cross-border integration planning
45%
... of respondents view cybersecurity and data privacy disputes as the top legal concerns for 2025.
Source: Baker McKenzie Disputes Forecast Report 2025
Sector Insights
Consumer Goods and Retail (CGR)
Artificial Intelligence
37%
IP/Brand/Patent
37%
Consumer/Product Quality
33%
Tax
Cybersecurity/Data Privacy
31%
30%
Employment
29%
What type of disputes present the greatest risk to your organization in 2025? (Ranked top three)
Partner, London
Vinod Bange
Partner, Los Angeles
Justine Phillips
Safeguarding the Deal: 4 Pillars of Cyber- and Data-Ready M&A
1.
Across industries and geographies, opportunities for growth are taking shape through transactions, strategic risk mitigation and the power of technology.
1
2
3
4
1.
Source: Ripple and Boston Consulting Group.
Today’s market for tokenized assets is USD 0.6 trillion.
Read more about tokenization in The Next Decade in Fintech
Read about AI’s impact on storytelling and IP laws
Listen to the full episode on dupes and lookalikes
Uncover the top strategies for tech organizations to safeguard their trade secrets.
Which Sectors are Hotspots for India Inbound M&A and FDI?
What do the Latest Amendments on Merger Control
Mean for Dealmaking in India?
Trade
26%
Commercial/Contract
20%
Corporate/Securities/Post-M&A
16%
Environmental, Social & Governance
Antitrust
11%
11%
Public Law
11%
Restructuring & Insolvency
8%
Sector Insights
Consumer Goods and Retail (CGR)
�
�
Sector Insights
Technology
�
�
Artificial Intelligence
56%
IP/Brand/Patent
54%
Consumer/Product Quality
33%
Tax
29%
Cybersecurity/Data Privacy
27%
Employment
17%
What type of disputes present the greatest risk to your organization in 2025? (Ranked top three)
Trade
16%
Commercial/Contract
15%
Corporate/Securities/Post-M&A
14%
Environmental, Social & Governance
11%
Antitrust
11%
Public Law
10%
Restructuring & Insolvency
7%
Data and M&A Strategies
Opportunity in India
IP Reimagined
The Token Economy
Source: Baker McKenzie Disputes Forecast Report 2025
Source: Baker McKenzie Disputes Forecast Report 2025
Source: Baker McKenzie Disputes Forecast Report 2025
Source: Baker McKenzie Disputes Forecast Report 2025
Disclaimers
Privacy & Cookies Statement
Attorney Advertising | © 2025 Baker McKenzie
