Legal due diligence is led by the buyer's M&A attorney and is fundamentally a hunt through the data room's contracts, litigation files, and corporate records for the legal red flags that create deal risk. Four categories dominate, and each one can materially change the value or feasibility of the transaction.
Undisclosed Litigation
The seller's disclosure schedules are supposed to list pending and threatened litigation, but legal review verifies this against the actual contracts, correspondence, and corporate records in the room. Undisclosed litigation — a lawsuit, a regulatory action, a threatened claim the seller didn't surface — is a primary red flag, because it represents a liability the buyer would inherit unknowingly.
Change of Control Provisions
Many contracts contain change-of-control provisions that trigger when the company is sold: a customer can terminate, a lender can call the debt, a key supplier can renegotiate, or a license can lapse. These clauses are scattered across customer agreements, leases, loan documents, and licenses, and a single one in a major contract can undermine the deal thesis. Finding all of them requires reading every agreement.
IP Ownership and Data Privacy
IP ownership issues — where the target may not actually own the technology it depends on — are covered in their own depth, but they sit in the legal workstream alongside data privacy compliance. Legal diligence verifies the target has appropriate data processing agreements, privacy policies, and consent mechanisms for frameworks like GDPR, CCPA, or HIPAA, and that there are no unreported data breaches creating pending regulatory exposure. The AI agent reads every legal document for all of these flags. It's demonstrated at omnionlinestrategies.com/ai-agent-ma-due-diligence.