Legal due diligence in M&A is the structured investigation a buyer's lawyers run on a target company before a merger or acquisition closes, to confirm that the company owns what it says it owns, owes only what it admits to owing, and carries no hidden legal liability. It answers one practical question for the buyer: what am I actually paying for, and what risks come attached? The exercise reviews the target's corporate records, contracts, litigation, regulatory standing, employees, property, and intellectual property, and feeds the findings into the price, the warranties, and the conditions for closing.
For Indian transactions, the review is anchored in the Companies Act, 2013 and a cluster of allied laws — and getting it wrong can convert a promising deal into an expensive inheritance of someone else's problems. This guide explains the scope, the checklist, the red flags to watch, and what a due diligence report should contain.
Why legal due diligence in M&A matters
In a share purchase, the buyer steps into the target's shoes — it inherits the company as it is, including liabilities the seller may not have disclosed. In an asset or business-transfer deal the exposure is narrower, but tax, employee, and contractual obligations can still follow the assets across. Diligence exists to surface those exposures before signing, so the buyer can:
- Price the deal accurately (a known liability becomes a price adjustment or an escrow holdback).
- Decide the deal structure (share deal vs. asset deal vs. slump sale).
- Draft protective contract terms (representations, warranties, indemnities, and conditions precedent).
- Walk away if the risk is unmanageable.
Diligence is risk allocation in advance, not a formality. The findings directly shape the share purchase agreement (SPA) or business transfer agreement.
Scope: what legal due diligence in M&A covers
A thorough review usually spans these workstreams. The depth depends on deal size, sector, and whether the target is private or listed.
| Workstream | Key documents reviewed | Primary law / source |
|---|---|---|
| Corporate & constitutional | MoA, AoA, board/shareholder minutes, share register, statutory registers, MCA filings | Companies Act, 2013 (e.g. s.88 registers, s.92 annual return) |
| Capital structure | Cap table, share certificates, ESOPs, convertible instruments, prior fundraises | Companies Act, 2013; SEBI rules (if listed) |
| Material contracts | Customer/vendor agreements, leases, loans, JV/shareholder agreements | Indian Contract Act, 1872 |
| Litigation & disputes | Pending suits, arbitrations, notices, regulatory proceedings | Civil/criminal procedure; Arbitration & Conciliation Act, 1996 |
| Regulatory & licences | Sectoral approvals, FEMA/FDI compliance, environmental clearances | FEMA, 1999; sector regulators |
| Employment | Employment contracts, PF/ESI/gratuity compliance, key-person retention | Labour codes / extant labour statutes |
| Intellectual property | Trademarks, patents, copyrights, assignments, IP ownership | IP statutes (Trade Marks Act, Copyright Act, etc.) |
| Real estate & assets | Title deeds, leases, encumbrance certificates | State property/registration laws |
| Tax | Income-tax assessments, GST returns, disputes, TDS | Income-tax Act, 1961; GST law |
| Data & IT | Privacy policies, data-handling practices | Digital Personal Data Protection Act, 2023 |
A note on numbering: India recently overhauled several statutes — the Indian Penal Code became the Bharatiya Nyaya Sanhita (BNS), 2023, the Code of Criminal Procedure became the Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023, and the Indian Evidence Act became the Bharatiya Sakshya Adhiniyam (BSA), 2023. If the target has criminal or quasi-criminal exposure, references may appear under either the old IPC/CrPC sections or the new BNS/BNSS sections depending on when proceedings began. Always verify the current section number and the applicable statute as on the diligence date. The Companies Act, 2013 itself is unchanged in name and structure, though amendments keep arriving — confirm the live text on India Code.
The legal due diligence in M&A checklist
A working checklist keeps the review disciplined and the data room organised. Below is a condensed version of what a buyer-side team typically requests and verifies. Treat it as a starting template, not an exhaustive list — sector-specific items (RBI, IRDAI, telecom, pharma) get added as needed.
1. Corporate records and standing
- Certificate of incorporation, MoA and AoA (and all amendments).
- Statutory registers under the Companies Act, 2013 — register of members (s.88), register of charges (s.85), register of directors.
- Board and general meeting minutes, resolutions.
- Annual returns and financial statements filed with the MCA (s.92, s.137).
- Confirmation that the company is “active” on the MCA portal and not struck off or under inquiry.
2. Capital and ownership
- Cap table reconciled with the share register and PAS/SH forms.
- Share certificates, share transfer records, any pledges.
- ESOP pool, convertible notes, SAFE/CCPS terms.
- Founder and investor rights under any shareholders' agreement.
3. Charges and financing
- Register of charges and ROC charge filings (CHG forms).
- Loan agreements, guarantees, security documents, and any default history.
4. Material contracts
- Top customer and vendor contracts — term, termination, exclusivity, penalties.
- Change-of-control clauses (these often require counterparty consent for the deal).
- Leases, licences, franchise, and distribution agreements.
5. Litigation and notices
- All pending and threatened litigation, arbitration, tax disputes, and statutory notices.
- Outcomes of past disputes and any unsatisfied decrees.
6. Regulatory and FDI
- Required licences and their validity.
- FEMA/FDI compliance, especially for cross-border deals and prior foreign investment.
7. Employment and HR
- Provident Fund, ESI, gratuity, and bonus compliance.
- Key-employee contracts and non-compete/retention arrangements.
8. Intellectual property and data
- Ownership and registration status of IP; proper assignment from founders/contractors.
- Data-protection practices under the DPDP Act, 2023.
9. Tax
- Income-tax and GST filings, assessments, and pending demands.
Common red flags in M&A due diligence
The point of diligence is to catch the red flags early. Some recur often enough to deserve a named list. Spotting them does not always kill a deal — but each one needs a fix in the contract (a warranty, indemnity, condition, or price cut) before signing.
| Red flag | Why it matters | Typical fix |
|---|---|---|
| Unregistered or expired charges / hidden debt | Buyer inherits the security and the lender's claim | Repayment as a condition precedent; charge satisfaction (CHG-4) |
| Change-of-control clauses in key contracts | Major customers can exit on the deal closing | Obtain counterparty consents before closing |
| Defective IP ownership (no assignment from founders/devs) | Core technology may not belong to the company | Execute assignments pre-closing; specific indemnity |
| Pending tax or GST demands | Crystallises as a post-closing liability for the buyer | Escrow / holdback against the disputed amount |
| Litigation not disclosed or under-reserved | Surprise liability after closing | Specific indemnity; representation on completeness |
| Non-compliant statutory registers / late MCA filings | Signals weak governance; possible penalties | Rectification + warranty on compliance |
| FEMA/FDI breaches on prior foreign investment | Regulatory penalty and compounding exposure | Compounding before closing; indemnity |
| Promoter-related-party transactions on non-arm's-length terms | Value leakage; possible challenge | Unwinding; disclosure; price adjustment |
| Employee dues (PF/ESI/gratuity) unpaid | Statutory liability follows the business | Settlement as a condition precedent |
A practical tip: a disclosure schedule annexed to the SPA lets the seller list exceptions to the warranties. Cross-checking the diligence findings against that schedule is how you confirm the seller has actually disclosed what diligence revealed.
What the due diligence report contains
The deliverable is the due diligence report (often a “red flag report” for speed, followed by a detailed report). A useful report does not merely catalogue documents — it tells the buyer what to do. A typical structure:
- Executive summary — the deal-breakers and the headline risks, up front.
- Scope and limitations — what was and was not reviewed, the cut-off date, and reliance assumptions.
- Workstream findings — corporate, contracts, litigation, IP, tax, employment, regulatory, each with the facts found.
- Risk rating — high / medium / low against each finding.
- Recommendations — conditions precedent, warranties, indemnities, escrow, or price adjustments to address each risk.
- Annexures — document index and the data-room log.
A “red flag report” front-loads only the high-risk findings so the deal team can decide quickly whether to proceed; the detailed report follows. The report's recommendations then translate directly into the transaction documents.
How long does legal due diligence in M&A take?
There is no statutory timeline — it depends on the target's size, record quality, and sector. A small, well-organised private company can be reviewed in two to four weeks; a larger or regulated target with poor records can take months. Closing timelines in the SPA are usually set after diligence reveals which conditions precedent (consents, approvals, charge satisfactions) are needed, since those drive the calendar.
For the firm's corporate and transactional advisory work, see our corporate and commercial law practice. Because M&A deals frequently carry dispute-resolution and IP dimensions, you may also find our explainers on the arbitral award in India, institutional vs. ad hoc arbitration, and copyright registration in India useful when reviewing a target's disputes and IP ownership. For the governing statute, refer to the Companies Act, 2013 on India Code.
Frequently Asked Questions
What is legal due diligence in M&A?
It is the lawyer-led investigation of a target company before a merger or acquisition, confirming its ownership, contracts, liabilities, litigation, and regulatory compliance so the buyer understands the legal risks before signing.
Who carries out legal due diligence in a deal?
Usually the buyer's external legal counsel, often alongside financial and tax advisors. In some deals the seller commissions vendor due diligence to present the company in an organised data room.
What is the difference between a share deal and an asset deal for due diligence?
In a share deal the buyer inherits the whole company including its history and hidden liabilities, so diligence is broad. In an asset deal only identified assets and liabilities transfer, so the review can be narrower — though tax and employee obligations can still follow.
What are the most common red flags in M&A due diligence?
Hidden or unregistered debt, change-of-control clauses in key contracts, defective IP ownership, undisclosed litigation, pending tax or GST demands, FEMA/FDI breaches, and unpaid statutory employee dues.
What does a due diligence report contain?
An executive summary, the scope and limitations, workstream findings, a risk rating for each issue, recommendations (conditions, warranties, indemnities, escrow), and annexures with the document index.
Which law governs companies in Indian M&A due diligence?
Primarily the Companies Act, 2013, supported by the Indian Contract Act 1872, FEMA 1999, tax statutes, the Arbitration and Conciliation Act 1996, and the DPDP Act 2023. Verify current section numbers on the date of review.
How long does legal due diligence take?
There is no fixed statutory period. A small, well-organised private company may take two to four weeks; a large or regulated target with poor records can take several months.
This article is for general informational purposes only and does not constitute legal advice. Laws change and every situation is different; please consult a qualified advocate about your specific matter.



