28.8.2014

A Well-Functioning Shareholders’ Agreement for a Startup 1/2

One of the key issues in running and maintaining a successful business is to minimise legal risks, also known as unnecessary expenses. Things do not always go as in the movies, but sometimes they do – unfortunately: we all remember what happened in ‘The Social Network’, and nobody wants to experience the same, right?

A shareholders’ agreement (SHA) is an agreement between the shareholders of a company. It is one of the most important ways to avoid trouble in the future. Briefly put, the SHA defines how the company is run by the shareholders and the board of directors, what kind of consents are required in decision-making, and how the shareholders may deal with their shares. Together with the Companies Act and the articles of association, the SHA forms the legal spine of the company.

When starting a company, the parties are all dazzled with excitement, 100% sure that their startup will shake the market and confident that all the founders are motivated and will be working as hard as possible to succeed. However, the first steps in the life span of a startup may be difficult. There is no money coming in, and uncertainty about breakthrough may create dissent or cause some of the shareholders to lose their interest in the whole project. Under these circumstances, it is very important that each of the shareholders is aware of what is in question in the business, what will happen when certain events occur and what is expected from each shareholder.

In our blog post, we will list the most important issues that should be taken into consideration and clearly specified in the SHA. In the first part, we will concentrate on two topics: specifying the roles of the parties and protecting intellectual property rights. In a later post, we will go through three other vital concerns.

Administration and Roles of the Parties

Primarily, the SHA should define the objectives and roles of the parties so that each of the shareholders has a comprehensive idea of its own roles, duties and responsibilities, as well as those of the other parties. This is essential especially in the case of startups, which typically have only a few shareholders who are all tightly involved in managing and running the business.

The purpose of the SHA is to control the decision-making, especially when investors enter the picture. In the beginning, the company often needs to reform its practices, strategies and operation models along the way. Here, agility is key: it is not possible or indeed advisable to bind the company to a fixed long-term plan that cannot be improved if needed. If you are the founder – which probably means you are also the majority shareholder – you want to make sure that all the decisions that need to be made in the company actually get made, whether they are about nominating the board members, raising money or selling the business. However, the parties may have quite diverse objectives and opinions about these issues. In addition, investors also want to have a say in these matters.

The SHA must be prepared carefully. It should give reasonable rights to all parties but keep you in control of the crucial matters. It should specify particulars, such as the number of board members, how new board members may be nominated, the voting system and possible observer rights to investors that are not represented in the board. Furthermore, the SHA should include a list of reserved matters, which can only be decided by a qualified majority or with the prior written consent of one or several shareholders. Reserved matters include amendments of the articles of association, issues of equity securities and other important decisions.

Protecting Intellectual Property Rights and Know-How

The SHA must include a provision ensuring that all the intellectual property rights (IPRs) as well as all technical capabilities, expertise and know-how which have arisen or will arise later in conjunction with the business of the company remain its exclusive property. If a shareholder enters into the SHA with some IPRs of their own, the SHA should state that in certain cases these rights must also be vested in the company as the absolute legal owner and beneficiary. This is particularly true when such IPRs are related to the preparation of the startup.

Having exclusive rights to its intellectual property is highly important for your startup for multiple reasons. For example, for many startups the IPRs may be the only valuable property, which makes them crucial for both the company and the investors.

In the next part of this blog post, we will tell you more about getting prepared for leaver situations, restricting transfer of shares and other essential provisions that should be included in the SHA.

Tuomas Honkinen  

Latest references

We advised WithSecure Corporation in the sale of its cybersecurity consulting business to Neqst. WithSecure is a global cyber security company (listed on NASDAQ OMX Helsinki). Neqst is a Swedish investment firm, focusing on technology companies. The closing of the transaction remains subject to customary conditions and regulatory approvals.
Case published 24.1.2025
We assisted Smarter Contracts Ltd in the process where the Finnish Transport and Communications Agency Traficom confirmed it to be an EU-recognised data intermediation service. Non-EU companies must have a legal representative in some EU country so that they can offer data intermediation services in accordance with the Data Governance Act. Smarter Contracts is based in Great Britain and selected Finland for the task. Smarter Contracts is the first non-EU data intermediation service registered by Traficom. Wayne Lloyd, Founder & CEO of Smarter Contracts, remarked:  The support from the Castrén team was exceptional from start to finish. Pioneering new territory is never without its challenges, and as the first non-EU data intermediation service provider, we faced significant legal uncertainties. Despite these complexities, the Castrén team expertly guided us through each step with remarkable efficiency, providing the certainty we needed. Smarter Contracts leverages its proprietary Pulse Permissions Protocol® to deliver advanced consent and access rights management services. This milestone highlights Castrén & Snellman’s proficiency in navigating intricate regulatory landscapes, whilst recognising the relevance of Smarter Contracts’ innovative approach to secure, compliant data management.
Case published 11.12.2024
We assisted Pharmaca Health Intelligence in its acquisition of Mediaattori Ltd’s PODIUM Connect® and PODIUM Visits businesses. Through the acquisition, Pharmaca Health Intelligence strengthens its extensive service offerings in medical information, data-driven management, and education for both healthcare and pharmaceutical companies. Pharmaca Health Intelligence is a pioneer in digital medical information and a reliable partner for wellbeing services counties, the private healthcare sector and pharmacies. The company invests in the development of technology and service solutions related to pharmaceutical information, also on an international scale.
Case published 5.12.2024
The Finnish Supreme Administrative Court has handed down decision KHO 2024:115 on balancing data protection and national security interests in cyber security incidents. We acted for the Finnish Ministry of Foreign Affairs in this precedent setting case, in which the Supreme Administrative Court agreed with our client’ core submissions and decided to overturn key parts of a data protection authority decision against our client. The court held that the Ministry had acted lawfully when taking a bit of time between discovering information about a cyber incident concerning certain diplomats and notifying all potentially affected people. The key point of principle for our client was the extent to which Article 34 of the GDPR requires such (essentially public) notifications when foreign policy and national security might require a more discrete initial approach. The court’s reasoning is important: since Finland has voluntarily, but not unreservedly, extended the scope of the GDPR to also cover foreign policy and national security, the primacy of EU law does not apply in that extended context. Thus, more specific local Finnish rules on freedom of information/confidentiality in these areas override the general Article 34 notification obligation (under the classic lex specialis derogat legi generali rule), even absent express statutory carve-outs to Article 34. Had Article 34 applied as a matter of EU law, the outcome could have been different, since the GDPR, under primacy, would override all local Finnish rules, irrespective of whether they are lex specialis or not. It’s important to understand why, and on what basis, an EU law applies to any given situation, since this could affect the principles of interpretation so much that the outcome changes significantly. The court did, however, hold that the Ministry will need to notify the DPA itself within the customary deadlines, since the DPA under Finnish law has the right to receive information confidentiality rules notwithstanding. We hope this outcome will contribute to authorities dealing with foreign policy and national security being able to balance all relevant interests going forward. Read the decision in Finnish or in Swedish .
Case published 15.11.2024