Corporate & Commercial Law

Legal Due Diligence in M&A: What It Is and How It Works

By Advocate Sharan Jain  · 

Legal Due Diligence in M&A: What It Is and How It Works

Legal due diligence in M&A is the structured investigation a buyer's lawyers run on a target company before a merger or acquisition closes, to confirm that the company owns what it says it owns, owes only what it admits to owing, and carries no hidden legal liability. It answers one practical question for the buyer: what am I actually paying for, and what risks come attached? The exercise reviews the target's corporate records, contracts, litigation, regulatory standing, employees, property, and intellectual property, and feeds the findings into the price, the warranties, and the conditions for closing.

For Indian transactions, the review is anchored in the Companies Act, 2013 and a cluster of allied laws — and getting it wrong can convert a promising deal into an expensive inheritance of someone else's problems. This guide explains the scope, the checklist, the red flags to watch, and what a due diligence report should contain.

In a share purchase, the buyer steps into the target's shoes — it inherits the company as it is, including liabilities the seller may not have disclosed. In an asset or business-transfer deal the exposure is narrower, but tax, employee, and contractual obligations can still follow the assets across. Diligence exists to surface those exposures before signing, so the buyer can:

  • Price the deal accurately (a known liability becomes a price adjustment or an escrow holdback).
  • Decide the deal structure (share deal vs. asset deal vs. slump sale).
  • Draft protective contract terms (representations, warranties, indemnities, and conditions precedent).
  • Walk away if the risk is unmanageable.

Diligence is risk allocation in advance, not a formality. The findings directly shape the share purchase agreement (SPA) or business transfer agreement.

A thorough review usually spans these workstreams. The depth depends on deal size, sector, and whether the target is private or listed.

WorkstreamKey documents reviewedPrimary law / source
Corporate & constitutionalMoA, AoA, board/shareholder minutes, share register, statutory registers, MCA filingsCompanies Act, 2013 (e.g. s.88 registers, s.92 annual return)
Capital structureCap table, share certificates, ESOPs, convertible instruments, prior fundraisesCompanies Act, 2013; SEBI rules (if listed)
Material contractsCustomer/vendor agreements, leases, loans, JV/shareholder agreementsIndian Contract Act, 1872
Litigation & disputesPending suits, arbitrations, notices, regulatory proceedingsCivil/criminal procedure; Arbitration & Conciliation Act, 1996
Regulatory & licencesSectoral approvals, FEMA/FDI compliance, environmental clearancesFEMA, 1999; sector regulators
EmploymentEmployment contracts, PF/ESI/gratuity compliance, key-person retentionLabour codes / extant labour statutes
Intellectual propertyTrademarks, patents, copyrights, assignments, IP ownershipIP statutes (Trade Marks Act, Copyright Act, etc.)
Real estate & assetsTitle deeds, leases, encumbrance certificatesState property/registration laws
TaxIncome-tax assessments, GST returns, disputes, TDSIncome-tax Act, 1961; GST law
Data & ITPrivacy policies, data-handling practicesDigital Personal Data Protection Act, 2023

A note on numbering: India recently overhauled several statutes — the Indian Penal Code became the Bharatiya Nyaya Sanhita (BNS), 2023, the Code of Criminal Procedure became the Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023, and the Indian Evidence Act became the Bharatiya Sakshya Adhiniyam (BSA), 2023. If the target has criminal or quasi-criminal exposure, references may appear under either the old IPC/CrPC sections or the new BNS/BNSS sections depending on when proceedings began. Always verify the current section number and the applicable statute as on the diligence date. The Companies Act, 2013 itself is unchanged in name and structure, though amendments keep arriving — confirm the live text on India Code.

A working checklist keeps the review disciplined and the data room organised. Below is a condensed version of what a buyer-side team typically requests and verifies. Treat it as a starting template, not an exhaustive list — sector-specific items (RBI, IRDAI, telecom, pharma) get added as needed.

1. Corporate records and standing

  • Certificate of incorporation, MoA and AoA (and all amendments).
  • Statutory registers under the Companies Act, 2013 — register of members (s.88), register of charges (s.85), register of directors.
  • Board and general meeting minutes, resolutions.
  • Annual returns and financial statements filed with the MCA (s.92, s.137).
  • Confirmation that the company is “active” on the MCA portal and not struck off or under inquiry.

2. Capital and ownership

  • Cap table reconciled with the share register and PAS/SH forms.
  • Share certificates, share transfer records, any pledges.
  • ESOP pool, convertible notes, SAFE/CCPS terms.
  • Founder and investor rights under any shareholders' agreement.

3. Charges and financing

  • Register of charges and ROC charge filings (CHG forms).
  • Loan agreements, guarantees, security documents, and any default history.

4. Material contracts

  • Top customer and vendor contracts — term, termination, exclusivity, penalties.
  • Change-of-control clauses (these often require counterparty consent for the deal).
  • Leases, licences, franchise, and distribution agreements.

5. Litigation and notices

  • All pending and threatened litigation, arbitration, tax disputes, and statutory notices.
  • Outcomes of past disputes and any unsatisfied decrees.

6. Regulatory and FDI

  • Required licences and their validity.
  • FEMA/FDI compliance, especially for cross-border deals and prior foreign investment.

7. Employment and HR

  • Provident Fund, ESI, gratuity, and bonus compliance.
  • Key-employee contracts and non-compete/retention arrangements.

8. Intellectual property and data

  • Ownership and registration status of IP; proper assignment from founders/contractors.
  • Data-protection practices under the DPDP Act, 2023.

9. Tax

  • Income-tax and GST filings, assessments, and pending demands.

Common red flags in M&A due diligence

The point of diligence is to catch the red flags early. Some recur often enough to deserve a named list. Spotting them does not always kill a deal — but each one needs a fix in the contract (a warranty, indemnity, condition, or price cut) before signing.

Red flagWhy it mattersTypical fix
Unregistered or expired charges / hidden debtBuyer inherits the security and the lender's claimRepayment as a condition precedent; charge satisfaction (CHG-4)
Change-of-control clauses in key contractsMajor customers can exit on the deal closingObtain counterparty consents before closing
Defective IP ownership (no assignment from founders/devs)Core technology may not belong to the companyExecute assignments pre-closing; specific indemnity
Pending tax or GST demandsCrystallises as a post-closing liability for the buyerEscrow / holdback against the disputed amount
Litigation not disclosed or under-reservedSurprise liability after closingSpecific indemnity; representation on completeness
Non-compliant statutory registers / late MCA filingsSignals weak governance; possible penaltiesRectification + warranty on compliance
FEMA/FDI breaches on prior foreign investmentRegulatory penalty and compounding exposureCompounding before closing; indemnity
Promoter-related-party transactions on non-arm's-length termsValue leakage; possible challengeUnwinding; disclosure; price adjustment
Employee dues (PF/ESI/gratuity) unpaidStatutory liability follows the businessSettlement as a condition precedent

A practical tip: a disclosure schedule annexed to the SPA lets the seller list exceptions to the warranties. Cross-checking the diligence findings against that schedule is how you confirm the seller has actually disclosed what diligence revealed.

What the due diligence report contains

The deliverable is the due diligence report (often a “red flag report” for speed, followed by a detailed report). A useful report does not merely catalogue documents — it tells the buyer what to do. A typical structure:

  1. Executive summary — the deal-breakers and the headline risks, up front.
  2. Scope and limitations — what was and was not reviewed, the cut-off date, and reliance assumptions.
  3. Workstream findings — corporate, contracts, litigation, IP, tax, employment, regulatory, each with the facts found.
  4. Risk rating — high / medium / low against each finding.
  5. Recommendations — conditions precedent, warranties, indemnities, escrow, or price adjustments to address each risk.
  6. Annexures — document index and the data-room log.

A “red flag report” front-loads only the high-risk findings so the deal team can decide quickly whether to proceed; the detailed report follows. The report's recommendations then translate directly into the transaction documents.

There is no statutory timeline — it depends on the target's size, record quality, and sector. A small, well-organised private company can be reviewed in two to four weeks; a larger or regulated target with poor records can take months. Closing timelines in the SPA are usually set after diligence reveals which conditions precedent (consents, approvals, charge satisfactions) are needed, since those drive the calendar.

For the firm's corporate and transactional advisory work, see our corporate and commercial law practice. Because M&A deals frequently carry dispute-resolution and IP dimensions, you may also find our explainers on the arbitral award in India, institutional vs. ad hoc arbitration, and copyright registration in India useful when reviewing a target's disputes and IP ownership. For the governing statute, refer to the Companies Act, 2013 on India Code.

Frequently Asked Questions

What is legal due diligence in M&A?

It is the lawyer-led investigation of a target company before a merger or acquisition, confirming its ownership, contracts, liabilities, litigation, and regulatory compliance so the buyer understands the legal risks before signing.

Who carries out legal due diligence in a deal?

Usually the buyer's external legal counsel, often alongside financial and tax advisors. In some deals the seller commissions vendor due diligence to present the company in an organised data room.

What is the difference between a share deal and an asset deal for due diligence?

In a share deal the buyer inherits the whole company including its history and hidden liabilities, so diligence is broad. In an asset deal only identified assets and liabilities transfer, so the review can be narrower — though tax and employee obligations can still follow.

What are the most common red flags in M&A due diligence?

Hidden or unregistered debt, change-of-control clauses in key contracts, defective IP ownership, undisclosed litigation, pending tax or GST demands, FEMA/FDI breaches, and unpaid statutory employee dues.

What does a due diligence report contain?

An executive summary, the scope and limitations, workstream findings, a risk rating for each issue, recommendations (conditions, warranties, indemnities, escrow), and annexures with the document index.

Which law governs companies in Indian M&A due diligence?

Primarily the Companies Act, 2013, supported by the Indian Contract Act 1872, FEMA 1999, tax statutes, the Arbitration and Conciliation Act 1996, and the DPDP Act 2023. Verify current section numbers on the date of review.

How long does legal due diligence take?

There is no fixed statutory period. A small, well-organised private company may take two to four weeks; a large or regulated target with poor records can take several months.

This article is for general informational purposes only and does not constitute legal advice. Laws change and every situation is different; please consult a qualified advocate about your specific matter.

What it answers

What the buyer is actually paying for, and what risks come attached — confirming the target owns what it claims, owes only what it admits, and hides no liability.

Why it matters

The findings price the deal, decide the structure (share vs asset), shape the warranties and indemnities, and can justify walking away.

Nine workstreams

Corporate, capital, material contracts, litigation, regulatory/FDI, employment, IP and data, real estate, and tax — anchored in the Companies Act, 2013 and allied laws.

Watch the red flags

Hidden debt or unregistered charges, change-of-control clauses, defective IP ownership, undisclosed litigation, pending tax demands, FEMA breaches, and unpaid employee dues.

Each flag needs a fix

A red flag rarely kills a deal, but each one needs a contractual fix — a condition precedent, warranty, indemnity, escrow, or price adjustment — before signing.

The report drives the deal

The report moves from data room to findings, risk rating and recommendations, which translate directly into the SPA terms.

Related Legal Services

Dealing with a matter like this? Our Bangalore advocates can help. Explore the relevant practice areas:

SJ

About the Author

Advocate Sharan Jain

Advocate based in Bangalore, practising before the Karnataka High Court and District, Sessions, Consumer and Family courts. Writes on civil, criminal, corporate, family and constitutional law to make Indian law more accessible.

Related Articles

S Jain & Attorneys · Legal Consultation

Have a Legal Question? We're Here to Help.

Our experienced lawyers in Bangalore offer confidential consultations tailored to your specific legal needs.

All matters handled with complete confidentiality and legal discretion.