ABCDEIJKLMNOPQRSTUVWXYZAA
1
~Dual Use - Universe of
Due Diligence Issues		Note: This is a list of fit-for-purpose questions to scrutinise startups in the dual use space during VC due diligence. It is based on a large number of interviews with VC investors and LPs in this space and is the first version of this tool. Feedback is very welcome.
2
ESG areaSub-areaQuestionQuestion
4
2Dual Use - ESGAllDo you consider end-use applications of technologies? Do you exclude any end uses?
5
3Dual Use - ESGAllHow can the technology be intentionally or unintentionally used for malicious activities? Do you have guidance in place to assess this risk?
6
4Dual Use - ESGAllHow do you mitigate the risks associated with potential misuse of the technology?
7
5Dual Use - ESGAllHow do you manage reputational risks associated with the public reception of your dual use, deep tech or defence technology?
9
6General ESGAllDo you have an ESG policy?
10
7General ESGAllDescribe how you have integrated ESG across your company processes?
11
8General ESGAllWhich staff member, if any, is responsible for the overall ESG integration within the company?
12
9General ESGAllAre you or will you be implicated by any ESG regulation (e.g. CSRD)?
13
10General ESGAllDo you report on ESG metrics and processes (e.g. to existing investors and their LPs)?
14
11General ESGAllWhat do you believe are the key material ESG factors for your business?
17
12DEI & equal opportunityAllAre you tracking the diversity split of your employee base, C-Suite, Advisory Committee and Board? Yes/No - then give % women, % minority ethnic, % socioeconomic background (first generation to go to university?)
18
13DEI & equal opportunityAllHow do you ensure diversity in hiring practices (including appointments to the Advisory Committee and Board)?
19
14DEI & equal opportunityAllWho owns the DEI agenda within your company?
20
15DEI & equal opportunityAllHow do you address DEI and gender inclusion specific to founding companies of AI-related dual use technologies?
21
16DEI & equal opportunityLater stageDo you have any policies relating to anti-discrimination, diversity and equal opportunity? [what protected characteristics does this cover? e.g. list of the 9 protected characteristics of the Equality Act in the UK]
22
17DEI & equal opportunityLater stageDo you have any training or support tools for employees or leadership, relating to D&I, unconscious bias or anti-harassment?
24
18Environmental management & impactAllDo you track your environmental and / or carbon footprint? If so, which scopes?
25
19Environmental management & impactAllWhat contributes most to your business' environmental footprint?
26
22Environmental management & impactAllWhere is your data stored? Is it stored in cloud computing facilities that have carbon emission reduction processes in place?
27
21Environmental management & impactLater stageDo you have any initiatives in place to improve environmental performance?
28
20Environmental management & impactLater stageDo you consider the environmental impact of production and use end-stream: i.e. chemical usage, fossil fuel usage of your final product?
29
23Environmental management & impactLater stageWhat are your plans for responsible end-of-life disposal of the technology?
30
24Environmental management & impactLater stageHow does the company manage waste generated throughout the product life cycle, including manufacturing waste and end-of-life disposal?
31
25Environmental management & impactLater stageHow energy and carbon efficient is the code and computing requirements for software development?
32
26Environmental management & impactLater stageAre there measures in place to protect biodiversity and ecosystems affected by the company's operations?
34
27Governance and regulationRegulationAllWhat is the regulatory framework that governs the products and services of the company?
35
28Governance and regulationRegulationAllDo you monitor regulatory changes to ensure compliance with dual-use specific regulations (e.g. export controls) or tech-specific regulation (e.g. AI)? Who monitors this?
36
29Governance and regulationRegulationAllAre you aware of whether the technology exists on specific military critical technology list, national critical technology list, or may in the future?
37
30Governance and regulationCustomersAllWho are you selling to? Who are you intending to sell to? Are there any (export) regulations in place that may control this?
38
31Governance and regulationCustomersAllWho or what entity would you not sell to or take money from (e.g. as investor)?
39
32Governance and regulationCustomersAllDo you have internal policies (e.g. code of ethics) in place to designate whether you will sell to / work with certain companies (e.g. producing technologies with potentially offensive capabilities)?
40
33Governance and regulationIPAllWho has paid for the research into the technology? Do you have safeguards in place to prevent adversarial capital situations?
41
34Governance and regulationIPAllWhich entity, or which national or international authority manages and control the IP of the technology?
42
35Governance and regulationPolicyLater stageDo you have a public policy presence, e.g. lobbying or political donations? If so, have you assessed the potential positive or negative reputational impact of investing in the company?
43
36Governance and regulationInternal GovernanceLater stageDo you have whistleblowing mechanisms in place or a third-party mechanism for reporting an incident, e.g. fraud or misconduct?
44
37Governance and regulationInternal GovernanceLater stageDo you have an ethics committee set up at the board level?
46
38Supply chain resilience & capacityYES/NODoes the company rely on a supply chain to deliver its product or services?
47
39Supply chain resilience & capacityAllWhat is the geographical scope of the supply chain?
48
40Supply chain resilience & capacityAllWhat steps have you taken to ensure compliance with export control regulations and trade sanctions?
49
41Supply chain resilience & capacityAllDo you conduct screenings to identify possible ESG risks (e.g. human rights, modern slavery) in the supply chain?
50
42Supply chain resilience & capacityLater stageWhat are specific bottlenecks, supply chain disruptions, dependencies or regulations that you foresee could affect procurements of component parts for e.g. hardware or software dual use technologies? (specifically microchips, rare earth materials and minerals; e.g. changing legislation on procurement of microchips from China)
51
43Supply chain resilience & capacityLater stageDo you have a supplier code of conduct or a supplier code of ethics? Does your supplier code of conduct incorporate human rights, labour standards and environmental standards? Is this regularly updated? Do you do ask for an existing code as a part of the procurement process? Do you (or a third paty) conduct onsite inspections to verify code-of-conduct claims?
52
44Supply chain resilience & capacityLater stageDo you have processes in place to asses traceability and responsible materials sourcing, specifically of critical component parts?
53
45Supply chain resilience & capacityLater stageDo you have initiatives in place to monitor and improve your procurement practices and supply chain? If so, please comment (e.g. D&I, pay practices, environmental impacts)
54
46Supply chain resilience & capacityLater stageWhat is the level of traceability and accountability throughout the supply chain, specifically of component parts - add BII interview
55
47Supply chain resilience & capacityLater stageWhat efforts are being made to reduce the carbon footprint and environmental impact of the technology's supply chain operations?
57
48Dual Use - Data security & privacy/dataYES/NODoes the company develop products or services with data security and privacy issues?
58
49Dual Use - Data security & privacy/dataAllHow do you address concerns about privacy and surveillance in the deployment of the technology?
59
50Dual Use - Data security & privacy/dataAllWhat ethical considerations do you take into account with regards to the collection and use of data?
60
51Dual Use - Data security & privacy/dataAllDo you, through your product or service, collect any sensitive information - including, but not limited to, Personally Identifiable Information (PII)?
61
52Dual Use - Data security & privacy/dataAllHow do you ensure good data privacy management and good data security management practices?
62
53Dual Use - Data security & privacy/dataAllHas the company experienced any data breaches? If so, please comment.
63
54Dual Use - Data security & privacy/dataAllDo you have processes in place to identify cyber attacks, protect and secure network infrastructure, respond (incident analysis, mitigation) and recover?
64
55Dual Use - Data security & privacy/dataAllIs your data stored in a secure facility, secure from cyber security threats?
65
56Dual Use - Data security & privacy/dataLater stageDo your team have necessary cyber and data protection literacy to ensure compliance with GDPR, secure critical systems and prevent malicious attacks?
66
57Dual Use - Data security & privacy/dataLater stageCan you disclose SOC1 and SOC2 reports to give an indication of data security maturity?
68
58Responsible Product DesgnYES/NODoes the technology, product or service involve: AI, quantum, space, biotechnology or nuclear-related materials?
71
Diversity & InclusionAIHow do you address DEI and gender inclusion specific to founding companies of AI-related dual use technologies, which are disproportionately non-diverse?
72
Diversity & InclusionAIHow do you address DEI and gender inclusion specific to AI-related dual use technologies founding companies, which may suffer disproportionately from bias?
73
Diversity & InclusionAssess diversity of management, board and team
1020
59Responsible Product DesignAI, Data & AnalyticsAllWhat data was used in training models, and how was this obtained? Do you risk being sued by the data owner?
1021
60Responsible Product DesignAI, Data & AnalyticsAllHave you captured that development of software (including AI and ML) should adhere to the NCSC's 'secure by design' principles?
1022
61Responsible Product DesignAI, Data & AnalyticsAllWhat measures have you taken to prevent the spread of misinformation and disinformation through the use of the technology?
1023
62Responsible Product DesignAI, Data & AnalyticsAllHow do you assess and manage levels of bias in AI-related dual use technologies? How do you ensure that the technology does not perpetuate existing biases and inequalities?
1024
63Responsible Product DesignAI, Data & AnalyticsAllHow do you assess and manage principles on responsibility and 'human-in-the-loop' in AI-related and autonomous dual use technologies?
1025
64Responsible Product DesignAI, Data & AnalyticsAllFor technologies with a cyber security or cyber-surveillance remit: are you aware of national authorization requirements?
1026
65Responsible Product DesignAI, Data & AnalyticsAllFor VR, AR and metaverse technologies: Have you considered, and how do you ensure safety from online and digital harms?
1027
66Responsible Product DesignQuantum TechAllDo you consider the possible end use of your quantum technology and exclude certain ones: e.g. medical imaging and diagnostics versus precision surveillance?
1028
67Responsible Product DesignQuantum TechAllHave you considered cryptographic risks and vulnerabilities associated with quantum technologies? Do you have processes in place to mitigate these risks?
1029
68Responsible Product DesignSpace and Satellites AllGiven the lack of policy regulation and guidance, how do you mitigate against regulatory uncertainty of your space technology?
1030
69Responsible Product DesignSpace and Satellites AllGiven international commercial legislation on the peaceful use and development of technologies in space, how do you ensure that your technology complies?
1031
70Responsible Product DesignSpace and Satellites AllWhat measures do you have in place to ensure responsible use of satellite imagery and geospatial data?
1032
71Responsible Product DesignSpace and Satellites Later stageHow do you ensure responsible space debris management and mitigate risks of space debris created during satellite deployment?
1033
72Responsible Product DesignSpace and Satellites Later stageHow do you ensure responsible life cycle disposal of your space-based technologies?
1034
73Responsible Product DesignBio-scientific and biochemical technologyAllAre you aware of and compliant with regulatory requirements and industry standards governing the responsible development and deployment of biotechnologies?
1035
74Responsible Product DesignBio-scientific and biochemical technologyAllCould your technology facilitate genetic engineering and manipulation, for instance in terms of germ-line editing? Can genomic data be used to identify populations or groups?
1036
76Responsible Product DesignBio-scientific and biochemical technologyAllDoes your company have specific safety measures in place to prevent biosecurity risks?
1037
75Responsible Product DesignBio-scientific and biochemical technologyAllAre your treatments and therapeutics designed with full-population representation?
1038
74Responsible Product DesignBio-scientific and biochemical technologyAllHow accessible are your technologies in terms of equitable access, affordability and distribution?
1039
75Responsible Product DesignNuclear materials, facilities and equipmentAllAre your materials subject to regulatory controls and international treaties, such as the Treaty on the Non-Proliferation of Nuclear Weapons (NPT) and control regimes? How do you ensure compliance?
Link: to Treaty on the Non-Proliferatioin of Nuclear Weapons
1040
76Responsible Product DesignNuclear materials, facilities and equipmentAllWhat are the potential risks associated with building a company with nuclear-related materials, including geopolitical tensions, nuclear accidents, and security breaches? How do you mitigate these risks?