Why Due Diligence Decides Whether M&A Deals Survive or Collapse
Table of Contents
India’s mergers and acquisitions activity crossed approximately USD 113 billion in deal value in 2025, a 42 percent year-on-year surge. Behind every one of those transactions sat a due diligence team — lawyers, chartered accountants, and consultants who spent weeks inside virtual data rooms deciding whether the deal made sense. The demand for transactional lawyers with due diligence skills has never been higher: law firms across all tiers are actively hiring associates with M&A experience, and recruiters report that candidates with hands-on deal exposure are among the hardest to find.
Due diligence in the M&A context is the structured investigation that a buyer (or investor) conducts into a target company before completing an acquisition, merger, or investment. It covers legal, financial, tax, regulatory, operational, and commercial aspects of the target. The purpose is straightforward: identify risks, quantify liabilities, validate assumptions, and arm the buyer with the information needed to price the deal accurately, negotiate protective clauses, and decide whether to proceed at all.
This guide exists because no single resource currently covers all 14 categories of due diligence with the regulatory updates that matter in 2026. The Digital Personal Data Protection Act, 2023 (DPDP Act) has created an entirely new category of due diligence risk that did not exist three years ago. The four Labour Codes became effective on November 21, 2025, replacing 29 legacy labour statutes and fundamentally altering employment due diligence. The Competition Commission of India introduced the Deal Value Threshold (DVT) of INR 2,000 crore in September 2024, catching transactions that previously flew under the radar. And the Income Tax Act, 2025 has introduced changes to loss carry-forward provisions that directly affect deal structuring. This guide addresses all of these developments.
Before diving into the checklist, it is essential to understand that the scope of due diligence varies depending on the deal structure. In a share purchase transaction, the buyer acquires the entire entity, inheriting all historical liabilities, contracts, and obligations. The due diligence here must be exhaustive. In an asset purchase transaction, the buyer cherry-picks specific assets and liabilities, so the diligence focuses on title, encumbrances, and transferability of those specific assets. In a scheme of arrangement under Sections 230-232 of the Companies Act, 2013, the merger or demerger is court-supervised, and the due diligence must additionally address the scheme mechanics, creditor and shareholder approvals, and NCLT procedural requirements. The checklist in this guide is primarily oriented toward share purchases, which demand the broadest scope, but it flags where asset purchases and scheme-based transactions require a different approach.
The Legal Framework for M&A Due Diligence in India
Understanding the legal framework is not optional background reading. It is the foundation of every checklist item. A due diligence lawyer who does not understand how Section 230 interacts with SEBI’s SAST Regulations, or how FEMA pricing guidelines affect deal valuation, will miss critical issues. This section maps the key statutes and regulations that govern M&A transactions in India and explains their due diligence relevance.
Companies Act, 2013 — Sections 230-234
The Companies Act, 2013 is the primary statute governing corporate structuring, governance, and transactions in India. For M&A due diligence, several provisions carry direct relevance. The table below maps the critical sections to their due diligence implications.
| Section | Provision | DD Relevance |
|---|---|---|
| Section 230 | Compromise or arrangement with creditors/members | Review any past schemes, check if target has pending NCLT proceedings, verify creditor approvals |
| Section 232 | Merger and amalgamation procedure | Applicable when deal is structured as a scheme; verify compliance with NCLT process, appointed date, swap ratio fairness |
| Section 233 | Fast-track merger (holding-subsidiary or small companies) | Check eligibility criteria; ROC and OL approval required instead of NCLT; simpler but limited applicability |
| Section 234 | Cross-border mergers and amalgamations | Requires RBI approval; verify compliance with Companies (Compromises, Arrangements and Amalgamations) Rules; valuation by registered valuer mandatory |
| Section 188 | Related party transactions | Review all RPTs for board/shareholder approval; check if arm’s length pricing documented; material RPTs in listed targets need enhanced scrutiny |
| Sections 185-186 | Loans to directors and inter-corporate investments | Verify all inter-corporate loans, investments, and guarantees comply with limits; check board/shareholder resolutions |
SEBI Regulations — SAST, LODR, and Insider Trading
When the target is a listed company, SEBI regulations become a critical layer of the due diligence framework. Three sets of regulations demand particular attention.
The SEBI (Substantial Acquisition of Shares and Takeovers) Regulations, 2011 (SAST) impose mandatory open offer obligations. The primary trigger is the acquisition of 25 percent or more of voting rights in a listed target. Once triggered, the acquirer must make an open offer for at least 26 percent of the target’s share capital. The due diligence must identify all persons acting in concert (PAC) and aggregate their holdings to determine whether the threshold is breached. The creeping acquisition limit of 5 percent per financial year for existing shareholders above 25 percent is another common area of scrutiny.
The SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (LODR) govern continuous disclosure, corporate governance, and related party transaction approval for listed entities. During due diligence, verify that the target has complied with all disclosure obligations, that its board composition meets independence requirements, and that material related party transactions have received audit committee and shareholder approval under the SEBI RPT framework.
The SEBI (Prohibition of Insider Trading) Regulations, 2015 (PIT) are relevant both during and after the due diligence process. M&A due diligence inherently involves access to unpublished price sensitive information (UPSI). The due diligence team must ensure that Chinese walls are in place, that all persons with access to UPSI are identified and tracked, and that no trading occurs during the process. Confidentiality agreements should specifically address PIT compliance.
CCI and Competition Act — Merger Control 2.0
The Competition Act, 2002, as amended by the Competition (Amendment) Act, 2023, governs merger control in India. The Competition Commission of India (CCI) must approve combinations that exceed prescribed thresholds before the transaction can be consummated.
The traditional thresholds under Section 5 are based on assets and turnover. For the target enterprise, the thresholds are assets exceeding INR 2,000 crore or turnover exceeding INR 6,000 crore in India. For the group, the thresholds are higher. These thresholds are periodically revised by the government.
The most significant recent development is the Deal Value Threshold (DVT), which became effective on September 10, 2024. Under the DVT, any transaction where the deal value exceeds INR 2,000 crore and the target has “substantial business operations” in India must be notified to the CCI, regardless of the target’s assets or turnover. This catches asset-light digital businesses and startups that previously fell below the traditional thresholds. The Green Channel route allows automatic approval for combinations with no horizontal, vertical, or complementary overlaps, but the filing must still be made. Gun-jumping — consummating a transaction before CCI approval — carries penalties of up to one percent of the total turnover or assets of the combination, whichever is higher.
FEMA and RBI — Cross-Border M&A
The Foreign Exchange Management Act, 1999 (FEMA) and RBI regulations govern foreign investment in Indian companies. For any cross-border M&A transaction, the due diligence must verify the FDI route (automatic or government approval) and applicable sector caps.
Key sector caps as of 2026 include: insurance at 100 percent (raised from 74 percent in Union Budget 2025, subject to the condition that the entire premium collected is invested in India), defence at 74 percent under the automatic route and 100 percent with government approval where modern technology access is involved, and multi-brand retail at 51 percent under the government route. The due diligence must verify that the target’s sector permits the proposed level of foreign investment and that all prior FDI has been properly reported.
Pricing guidelines under FEMA are non-negotiable. Shares issued to non-residents must be at or above fair market value determined by a SEBI-registered merchant banker (for listed companies, at SEBI-prescribed price). Shares transferred from a resident to a non-resident must also comply with pricing norms. FC-GPR (Foreign Currency Gross Provisional Return) and FC-TRS (Foreign Currency Transfer of Shares) filings with the RBI must be verified for all historical foreign investment rounds.
Press Note 3 of 2020 requires government approval for FDI from countries sharing a land border with India (including China (including Hong Kong), Pakistan, Bangladesh, Nepal, Myanmar, Bhutan, and Afghanistan). This extends to beneficial ownership, meaning that even if the immediate investor is from a non-restricted country, government approval is needed if the beneficial owner is from a restricted country. This has significant implications for downstream investment structures.
DPDP Act, 2023 — The New DD Category Nobody Can Ignore
The Digital Personal Data Protection Act, 2023 has created what is effectively the fourteenth category of M&A due diligence. Before this legislation, data protection was a peripheral concern addressed in a few paragraphs of the IT contracts section. Now, it demands its own dedicated workstream.
The DPDP Act imposes penalties of up to INR 250 crore for data security breaches and up to INR 200 crore for breach notification failures. For acquirers, the critical question is successor liability: when you acquire a company that has been non-compliant with data protection requirements, do those penalties transfer to you? The answer, based on established principles of corporate successor liability in share purchase transactions, is yes. The acquiring entity steps into the shoes of the target, including its non-compliance history.
Due diligence under the DPDP Act requires examining the target’s data inventory and mapping, consent management systems, data processing agreements with third parties, breach history and notification records, cross-border data transfer mechanisms, and data retention policies. The Act also introduces the concept of Significant Data Fiduciaries (SDFs), which face enhanced compliance obligations including the appointment of a Data Protection Officer and independent data audits. Whether the target qualifies or is likely to be classified as an SDF is a critical due diligence question.
India M&A 2026
Legal Framework for M&A Due Diligence
6 Key Statutes & Regulators Every M&A Lawyer Must Know
1
Companies Act, 2013
Sec 230–234
Mergers & amalgamations, fast-track mergers, cross-border mergers framework
2
SEBI Regulations
SAST · LODR · PIT
Takeover code, listing disclosure obligations, insider trading prevention
3
CCI / Competition Act
DVT ₹2,000 Cr · Sec 5/6
Deal value threshold of ₹2,000 crore, combination notification, anti-competitive assessment
4
FEMA / RBI
FDI Routes · Sector Caps
Automatic vs. approval route, sector-specific caps, pricing guidelines for cross-border deals
5
DPDP Act, 2023New
Penalty up to ₹250 Crore
Data due diligence now essential — consent audits, cross-border transfer rules, breach history review
6
Labour Codes, 2025New
4 Consolidated Codes
Expanded wage definition, social security for gig & platform workers, simplified compliance
Source: Official statutes & regulatory guidelines, 2026lawsikho.com
The Complete M&A Due Diligence Checklist (14 Categories)
This section presents the comprehensive due diligence checklist organized into 14 categories. Each category includes a table identifying specific items to check, the applicable law or regulatory provision, and common red flags that should trigger deeper investigation. While this checklist is designed for share purchase transactions, annotations indicate where the scope would differ for asset purchases or scheme-based transactions.
1. Corporate and Entity Structure
Corporate structure due diligence is the starting point of every M&A investigation. It establishes what the target entity actually is, who owns it, who controls it, and whether its corporate existence is legally valid. Errors here cascade into every subsequent category. A mismatch between the shareholding pattern in the MCA filings and the actual cap table, for instance, can derail an entire transaction.
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | CIN verification on MCA portal | Companies Act, Sec 7 | Mismatch between CIN details and represented company information; active vs struck-off status |
| 2 | MOA and AOA review (objects clause, share transfer restrictions) | Companies Act, Sec 4-5 | Restrictive objects clause limiting target’s business; outdated AOA not aligned with Table F |
| 3 | Shareholding pattern and capitalisation table | Companies Act, Sec 88; LODR Reg 31 | Discrepancy between MCA filings and actual cap table; unresolved share transfer disputes |
| 4 | Board composition and DIN status of directors | Companies Act, Sec 149, 152, 164 | Disqualified directors (Sec 164); directors with multiple disqualifications on MCA; missing DIN |
| 5 | Statutory registers (members, directors, charges, contracts) | Companies Act, Sec 88, 170, 77, 189 | Incomplete or unavailable registers; unregistered charges; undisclosed related party contracts |
| 6 | Group structure chart (subsidiaries, associates, JVs) | Companies Act, Sec 2(87), 2(6) | Undisclosed subsidiaries; circular holdings; entities in tax havens without business rationale |
| 7 | RoC filings — AOC-4 (financials), MGT-7 (annual return) | Companies Act, Sec 92, 137 | Delayed or missing filings; additional fees paid indicating non-compliance; inconsistencies between filings |
| 8 | Shareholder agreements, voting agreements, side letters | Contract law; Companies Act, Sec 58 | Pre-emptive rights, tag-along/drag-along, consent rights that restrict the proposed transaction |
| 9 | Registered charges on MCA (CHG-1 filings) | Companies Act, Sec 77-87 | Undisclosed or unsatisfied charges; charge modification without lender consent |
2. Financial and Accounting
Financial due diligence is typically led by chartered accountants, but legal counsel must understand the financial position to assess legal risks. Audit qualifications, contingent liabilities, and off-balance-sheet arrangements often have legal underpinnings. A qualified audit opinion on revenue recognition, for instance, may indicate undisclosed disputes with customers or regulatory concerns about the target’s business practices.
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | Audited financial statements (3-5 years) with audit qualifications | Companies Act, Sec 129, 143 | Qualified or adverse audit opinions; emphasis of matter paragraphs on going concern |
| 2 | Management accounts and MIS (monthly/quarterly) | Internal governance | Significant variance between management accounts and audited financials; inconsistent reporting |
| 3 | Working capital analysis — debtors and creditors aging | Ind AS 109 (expected credit loss) | Overdue receivables exceeding 180 days; concentration risk with single debtor exceeding 20% of revenue |
| 4 | Debt schedule, loan agreements, and covenant compliance | Companies Act, Sec 180; Contract Act | Covenant breaches; change of control clauses triggering acceleration; cross-default provisions |
| 5 | Contingent liabilities (notes to accounts) | Ind AS 37 | Large unquantified contingent liabilities; inadequate provisioning for probable losses |
| 6 | Off-balance-sheet items (guarantees, commitments, derivatives) | Ind AS 107, 109 | Undisclosed corporate guarantees for group entities; derivative positions without hedging policy |
| 7 | Revenue recognition policies and consistency | Ind AS 115 | Changes in revenue recognition policy without business justification; channel stuffing indicators |
| 8 | Related party transaction pricing and disclosure | Ind AS 24; Companies Act, Sec 188 | Non-arm’s-length pricing; transactions without board approval; RPTs not disclosed in financial statements |
| 9 | Capital expenditure commitments and pending contracts | Ind AS 16, 37 | Material uncommitted capex that affects valuation; long-term contracts at unfavorable terms |
3. Tax (Direct and Indirect)
Tax due diligence can make or break M&A deals. Undisclosed tax liabilities directly erode deal value, and in share purchase transactions, all historical tax obligations transfer to the acquirer. The introduction of the Income Tax Act, 2025 (effective from tax year 2026-27) has added new complexities around transition provisions and loss carry-forward treatment that must be carefully examined.
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | Income tax returns and assessment orders (6 years) | Income Tax Act; IT Act 2025 | Open assessments; additions made by assessing officer; pending appeals at CIT(A) or ITAT |
| 2 | Pending tax demands and appeals | Income Tax Act, Sec 143, 147, 148 | Large outstanding demands; matters pending at High Court or Supreme Court; demands not stayed |
| 3 | Transfer pricing documentation and orders | Income Tax Act, Sec 92-92F | TP adjustments in assessment; missing contemporaneous documentation; high-value international transactions |
| 4 | GST compliance — GSTR-1/3B reconciliation, ITC claims | CGST Act, 2017 | Mismatch between GSTR-1 and GSTR-3B; ITC reversals under Section 17(5); pending GST audits |
| 5 | TDS and TCS compliance | Income Tax Act, Chapter XVII-B | Short deduction or non-deduction of TDS; pending TDS demands; defaults under Sec 201 |
| 6 | Section 56(2)(x) exposure (deemed income on receipt of property below FMV) | Income Tax Act, Sec 56(2)(x) | Past share issuances at below fair market value; gift transactions without adequate consideration |
| 7 | Loss carry-forward status (8-year limit; transition under IT Act 2025) | Income Tax Act, Sec 72; IT Act 2025, Sec 536 | Losses nearing expiry; change in shareholding exceeding 49% triggering loss of carry-forward under Sec 79; reliance on losses as deal value driver |
| 8 | Stamp duty compliance on instruments and property transfers | Indian Stamp Act, 1899; State stamp laws | Unstamped or inadequately stamped agreements; instruments inadmissible as evidence; retrospective stamp duty demands |
| 9 | Advance rulings and tax opinions relied upon | Income Tax Act, Sec 245N-245V | Rulings obtained based on incomplete disclosure; positions taken contrary to settled law |
4. Labour and Employment
Labour and employment due diligence has undergone a fundamental transformation with the implementation of the four Labour Codes effective November 21, 2025. These codes — the Code on Wages 2019, the Industrial Relations Code 2020, the Code on Social Security 2020, and the Occupational Safety, Health and Working Conditions Code 2020 — replace 29 legacy labour statutes. The transition creates a unique due diligence challenge: target companies must demonstrate compliance with both the repealed laws (for the period before November 2025) and the new codes (for the period after).
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | Key managerial personnel employment contracts | Companies Act, Sec 2(51), 203 | Non-standard termination clauses; change of control severance packages that inflate deal cost |
| 2 | PF and ESI registration and compliance | Code on Social Security, 2020; EPF Act | Non-registration of eligible employees; arrears in PF/ESI contributions; pending assessment orders |
| 3 | Gratuity fund status and actuarial valuation | Code on Social Security, 2020; Payment of Gratuity Act | Unfunded gratuity liability; absence of actuarial valuation; non-compliance with funding requirements |
| 4 | POSH policy and Internal Complaints Committee | Sexual Harassment of Women at Workplace Act, 2013 | No ICC constituted; policy not compliant with the Act; pending complaints; no annual report filed |
| 5 | Standing orders (certified and model) | Industrial Relations Code, 2020 | No certified standing orders for establishments with 300+ workers; outdated standing orders not updated for new codes |
| 6 | Contract labour licenses and compliance | OSH Code, 2020; Contract Labour (R&A) Act | Unlicensed use of contract labour; deemed employment risk; contractor non-compliance exposing principal employer |
| 7 | ESOP schemes — documentation, vesting, exercise, and tax treatment | Companies Act, Sec 62(1)(b); SEBI ESOP Regulations | Non-compliant ESOP scheme; accelerated vesting triggered by change of control; large ESOP pool diluting acquirer |
| 8 | Non-compete and non-solicitation agreements | Indian Contract Act, Sec 27 | Unenforceable non-competes (Sec 27 renders post-employment non-competes void); inadequate non-solicitation protections |
| 9 | Pending labour disputes and conciliation proceedings | Industrial Relations Code, 2020 | Strikes, lockouts, or threatened industrial action; pending references before labour courts; mass retrenchment claims |
| 10 | Gig and platform worker classification (new under Labour Codes) | Code on Social Security, 2020 | Workers misclassified as independent contractors; social security obligations for gig workers not accounted for |
Note that under the new Labour Codes, the definition of “wages” has been revised to require that basic wages constitute at least 50 percent of total remuneration, which directly impacts PF contribution calculations. The two-day timeline for final settlement of dues upon termination is another area requiring compliance verification.
5. Real Estate and Property
Real estate due diligence in India is notoriously complex due to the multiplicity of land record systems across states, the prevalence of disputed titles, and the intersection of revenue law, municipal law, and environmental law. For asset purchase transactions, this category becomes the central focus of the entire due diligence exercise.
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | 30-year title search (60 years for high-value properties) | Transfer of Property Act; Registration Act | Gaps in chain of title; unregistered sale deeds; pending title suits |
| 2 | Encumbrance certificate from Sub-Registrar’s office | Registration Act, 1908 | Undisclosed mortgages or liens; pending attachments; lis pendens entries |
| 3 | Revenue records (7/12 extract in Maharashtra, Patta/Chitta in Tamil Nadu, Khata in Karnataka) | State revenue laws | Mismatch between revenue records and title documents; mutation not recorded; agricultural land restrictions |
| 4 | Building plan approvals and occupancy certificate | Local municipal laws; RERA | Unauthorized construction; missing occupancy certificate; deviations from approved plan |
| 5 | Land use classification and zoning compliance | State town planning acts; development control rules | Industrial use on agricultural land; commercial use in residential zone; SEZ land with restrictions |
| 6 | Lease agreements and change of control clauses | Transfer of Property Act; Contract Act | Lease termination triggered by change of control; lease expiring within deal timeline; rent escalation clauses |
| 7 | Charges registered on immovable property | Companies Act, Sec 77; SARFAESI Act | Multiple charges on same property; priority disputes between secured creditors |
| 8 | Environmental clearance for land use | Environment Protection Act, 1986; EIA Notification 2006 | Missing or expired environmental clearance; property in eco-sensitive zone; CRZ violations |
6. Intellectual Property
For technology companies, pharmaceuticals, consumer brands, and creative businesses, intellectual property is often the primary driver of deal value. A trademark registration that is about to expire, an IP assignment that was never executed, or an open-source license violation can fundamentally alter the economics of a transaction. IP due diligence must be conducted with the same rigour as financial due diligence.
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | Complete IP schedule — trademarks, patents, copyrights, designs | TM Act, Patents Act, Copyright Act, Designs Act | Key IP not registered; applications pending opposition; IP owned by promoter personally, not by the company |
| 2 | Registration certificates and renewal status | Respective IP statutes | Lapsed registrations; missed renewal deadlines; trademark in non-use for 5+ years (vulnerable to cancellation) |
| 3 | IP assignment agreements from founders and employees | Copyright Act, Sec 17-19; Patents Act, Sec 68 | Missing assignment deeds; IP created by contractors without assignment; joint ownership complications |
| 4 | License agreements — inbound and outbound | Contract law; respective IP statutes | Exclusive licenses limiting commercial exploitation; royalty obligations surviving change of control; territorial restrictions |
| 5 | Open source software audit (for tech targets) | Specific OSS licenses (GPL, MIT, Apache) | Copyleft license (GPL) contamination of proprietary code; license violations; undocumented open source usage |
| 6 | Domain name portfolio | ICANN policies; .in domain policy | Key domains not owned by the company; domains expiring soon; cybersquatting disputes |
| 7 | Trade secret protection measures | Contract law; Information Technology Act | No NDA framework; trade secrets not documented or classified; former employees with access to secrets working at competitors |
| 8 | Pending IP disputes (infringement, opposition, cancellation) | Respective IP statutes | Ongoing infringement suits; opposition proceedings likely to succeed; invalidity challenges to key patents |
7. Litigation and Disputes
Litigation due diligence extends beyond simply listing pending cases. It requires assessing the probability of adverse outcomes, quantifying potential liability, and understanding how existing disputes could interact with the proposed transaction. A winding-up petition, for example, may technically be pending but dormant — or it may be at an advanced stage with a real risk of liquidation.
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | Pending litigation schedule — civil, criminal, regulatory, tax, arbitration | CPC; CrPC/BNSS; Arbitration Act | Material suits exceeding 10% of net worth; multiplicity of cases suggesting systemic issues |
| 2 | Threatened claims and legal notices received | Contract Act; CPC, Order II | Statutory notices under Sec 80 CPC (government litigation); demand notices from regulators |
| 3 | Past settlements and consent decrees | Relevant statute | Settlements with confidentiality clauses preventing disclosure; recurring settlements indicating underlying compliance failures |
| 4 | Criminal cases against directors and KMP | Companies Act, Sec 447; BNS; PCA 1988 | Fraud charges (Sec 447); money laundering investigations; arrest warrants; director disqualification proceedings |
| 5 | Winding-up and insolvency petitions | IBC, 2016; Companies Act, Sec 271 | Pending CIRP applications; operational creditor petitions under Sec 9 IBC; NCLT orders pending |
| 6 | Consent orders and undertakings given to regulators | SEBI Act; Competition Act; sector regulators | Breached consent orders; ongoing monitoring by regulators; conditions limiting business operations |
| 7 | Contingent liability quantification and provisioning | Ind AS 37; Companies Act, Sec 129 | Inadequate provisioning for probable losses; contingent liabilities not disclosed in financial statements |
| 8 | Disputes with government authorities (land acquisition, customs, excise) | Relevant revenue statutes | Show cause notices from government departments; pending adjudication proceedings; demands under protest |
8. Regulatory and Compliance
Regulatory due diligence is sector-specific and jurisdiction-specific. A pharmaceutical company’s regulatory profile looks entirely different from a fintech company’s. The objective is to confirm that the target holds all licenses and permits necessary for its operations and that there are no pending or threatened regulatory actions that could disrupt the business post-acquisition.
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | All licenses, permits, and registrations (sector-specific) | Sector-specific statutes | Expired licenses not renewed; conditions attached to licenses not being complied with; licenses held by individuals, not the entity |
| 2 | RBI and FEMA compliance (for targets with foreign investment or NBFC license) | FEMA; RBI Master Directions | Non-compliance with ECB norms; delayed FC-GPR/FC-TRS filings; pricing guideline violations in past rounds |
| 3 | SEBI compliance (for listed targets) | SEBI LODR; SAST; PIT Regulations | SEBI show cause notices; non-compliance with disclosure norms; adjudication proceedings |
| 4 | CCI filing assessment | Competition Act, Sec 5, 6 | Prior transactions not notified to CCI; pending CCI investigations; gun-jumping risk assessment |
| 5 | Shops and Establishments registration | State Shops and Establishments Acts | Unregistered establishments; non-compliance with working hours and leave provisions |
| 6 | Secretarial audit reports (for listed and large companies) | Companies Act, Sec 204 | Qualifications in secretarial audit; recurring non-compliances; delayed filings noted in audit |
| 7 | Director disqualification check (Sec 164) | Companies Act, Sec 164 | Directors serving on boards of defaulting companies; DIN deactivation; pending disqualification proceedings |
| 8 | CSR compliance (Sec 135) | Companies Act, Sec 135; CSR Rules | Unspent CSR amount not transferred to designated fund within 30 days; inadequate CSR reporting; non-constitution of CSR committee |
9. Environmental and ESG
Environmental due diligence has evolved from a niche concern for manufacturing companies into a mainstream requirement for virtually all M&A transactions. The consequences of environmental non-compliance — including closure orders, remediation costs, and criminal liability for directors — can be devastating. Additionally, ESG reporting requirements have made environmental compliance a matter of public disclosure for large listed companies.
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | Environmental clearance (EC) from MoEFCC | EIA Notification, 2006; EP Act, 1986 | Operations commenced without EC; conditions in EC not complied with; EC obtained for different activity |
| 2 | Consent to Establish (CTE) and Consent to Operate (CTO) from SPCB | Water (Prevention and Control of Pollution) Act; Air Act | Expired CTO; conditions violated; SPCB closure directions issued |
| 3 | Hazardous waste authorization | Hazardous and Other Wastes Rules, 2016 | Unauthorized storage or disposal; contaminated site requiring remediation; non-compliance with manifest system |
| 4 | Pollution monitoring reports and emission data | EP Act; SPCB directions | Exceedances of prescribed standards; non-functional pollution control equipment; CEMS not installed |
| 5 | Show cause notices and environmental prosecution | EP Act, Sec 15; NGT Act | Pending NGT proceedings; criminal prosecution of directors; monetary penalties imposed |
| 6 | BRSR reporting compliance (top 1,000 listed companies by market cap) | SEBI LODR; BRSR framework | Inaccurate ESG disclosures; non-filing of BRSR; material deviations between BRSR and actual practices |
| 7 | Carbon and climate risk assessment | India’s NDC commitments; BRSR Core | High carbon intensity operations without transition plan; climate-related physical risks to assets; stranded asset risk |
| 8 | Extended Producer Responsibility (EPR) compliance | Plastic Waste Management Rules; E-Waste Rules | Non-registration under EPR; unmet collection/recycling targets; penalties from CPCB |
10. Data Protection and Privacy (DPDP Act)
This is the newest and arguably the most underestimated category in M&A due diligence. The DPDP Act, 2023 creates obligations for every entity that processes digital personal data, which in practice means every target company. The penalty exposure — up to INR 250 crore — is significant enough to materially impact deal economics. Acquirers who skip this workstream do so at their peril.
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | Data inventory and data mapping | DPDP Act, Sec 4 | No data inventory exists; target cannot identify what personal data it holds or where it is stored |
| 2 | Privacy notices and transparency compliance | DPDP Act, Sec 5-6 | Outdated or non-compliant privacy notices; notices not available in vernacular languages; purpose not clearly stated |
| 3 | Consent management system | DPDP Act, Sec 6-7 | No mechanism to obtain, record, or withdraw consent; bundled consent; consent not freely given |
| 4 | Data Processing Agreements with processors | DPDP Act, Sec 8 | No written DPAs with third-party processors; inadequate security obligations; no audit rights |
| 5 | Breach history and notification compliance | DPDP Act, Sec 8(6) | Past breaches not notified to the Data Protection Board; repeated breaches indicating systemic security failures |
| 6 | Cross-border data transfers | DPDP Act, Sec 16 | Data transferred to countries on the restricted list (once notified); no contractual safeguards for transfers |
| 7 | Data retention and erasure policies | DPDP Act, Sec 8(7) | No data retention schedule; personal data retained indefinitely; no deletion process in place |
| 8 | Significant Data Fiduciary (SDF) classification | DPDP Act, Sec 10 | Target meets SDF criteria (volume, sensitivity) but has not complied with enhanced obligations |
| 9 | Children’s data processing | DPDP Act, Sec 9 | Processing children’s data without verifiable parental consent; no age verification mechanism |
| 10 | Data Protection Officer appointment (if SDF) | DPDP Act, Sec 10(2) | No DPO appointed despite SDF status; DPO not based in India; no reporting line to the board |
11. Insurance
Insurance due diligence is often treated as an afterthought, but it serves a dual function. First, it reveals whether the target has adequate protection against key risks. Second, it identifies whether change of control provisions in insurance policies could leave the acquirer uninsured during the critical post-closing period. Warranty and indemnity (W&I) insurance, increasingly common in Indian M&A, also requires due diligence to be feasible.
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | Complete policy schedule (D&O, property, liability, cyber, key-man) | Insurance Act, 1938; IRDAI Regulations | Critical risks uninsured; inadequate sum insured relative to exposure; gaps in coverage |
| 2 | Claims history (past 5 years) | Policy terms | Frequent claims suggesting operational issues; denied claims indicating coverage disputes; undisclosed prior claims |
| 3 | Insurance adequacy assessment | Industry benchmarks | Sum insured significantly below replacement value; no cyber insurance despite digital operations; no product liability cover |
| 4 | Change of control provisions in policies | Policy terms | Automatic termination on change of control; requirement to notify insurer and obtain consent; premium repricing clauses |
| 5 | W&I insurance feasibility assessment | Policy terms; underwriting requirements | Exclusions that carve out known issues from DD; coverage cap insufficient relative to deal value; no Indian W&I market for small deals |
| 6 | D&O insurance — run-off cover for outgoing directors | Policy terms; Companies Act, Sec 197 | No tail coverage for outgoing directors; pending claims that may exhaust D&O limits |
| 7 | Environmental liability insurance | EP Act; NGT Act | No environmental impairment liability coverage; contaminated sites without remediation insurance |
| 8 | Business interruption insurance adequacy | Policy terms | Indemnity period too short; inadequate coverage for supply chain disruptions; pandemic exclusions |
12. Material Contracts
Material contracts are the lifeblood of the target’s business. In many M&A transactions, the value is not in the target’s assets but in its contracts — its customer relationships, supply agreements, distribution arrangements, and technology licenses. The single most important issue to flag in this category is change of control clauses, which can give counterparties the right to terminate their contracts when the target’s ownership changes.
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | Top 10 customers and suppliers by revenue contribution | Ind AS 24; business records | Revenue concentration (single customer exceeding 20%); customer contracts expiring within 12 months; supplier single-source dependency |
| 2 | CHANGE OF CONTROL CLAUSES | Contract Act; specific contract terms | Termination rights triggered by change of control; consent requirements from counterparties; renegotiation rights |
| 3 | Assignment and novation provisions | Contract Act, Sec 37; Transfer of Property Act | Non-assignable contracts; requirement for counterparty consent to assign; restrictions on subcontracting |
| 4 | Termination clauses and notice periods | Contract Act | Termination for convenience with short notice; material adverse change clauses; cross-default with other agreements |
| 5 | Non-compete and exclusivity arrangements | Indian Contract Act, Sec 27 | Exclusivity restrictions limiting acquirer’s business; non-compete clauses binding the target post-acquisition |
| 6 | Government contracts (defense, PSU, government tenders) | GFR 2017; relevant procurement rules | Single-source government contracts; integrity pact obligations; debarment or blacklisting risk |
| 7 | Joint venture and collaboration agreements | Contract Act; Companies Act | JV partner has pre-emptive rights; deadlock provisions that could stall operations; non-compete restricting acquirer |
| 8 | Long-term service and maintenance agreements | Contract Act | Below-market pricing locked in for extended periods; performance guarantees that may be difficult to meet; penalty clauses |
13. Related Party Transactions
Related party transactions are among the most common sources of value leakage in Indian companies, particularly in promoter-driven businesses. The due diligence must go beyond checking whether approvals were obtained; it must assess whether the transactions were genuinely at arm’s length and whether there are ongoing RPTs that will continue post-acquisition and affect the target’s financial performance.
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | Complete related party list per Section 2(76) | Companies Act, Sec 2(76); Ind AS 24 | Related parties not disclosed; entities controlled by promoter family not identified; beneficial ownership hidden through layered structures |
| 2 | All RPTs for the past 3 years | Companies Act, Sec 188; SEBI RPT framework | High volume of RPTs relative to total transactions; transactions without business justification; RPTs increasing just before sale |
| 3 | Board and shareholder approvals for RPTs (Sec 188) | Companies Act, Sec 188; Rules 15 of Companies (Meetings) Rules | Missing board resolutions; interested directors not abstaining from voting; shareholder approval not obtained where required |
| 4 | AOC-2 filings with ROC | Companies Act, Sec 188; Rule 8(2) of Companies (Accounts) Rules | Non-filing of AOC-2; material RPTs not disclosed in AOC-2; discrepancies between AOC-2 and actual transactions |
| 5 | Arm’s length pricing documentation | Companies Act, Sec 188; Transfer Pricing Rules | No arm’s length documentation; pricing significantly above or below market rates; no independent valuation |
| 6 | RPT policy compliance (for listed companies) | SEBI LODR, Reg 23 | No RPT policy adopted; policy not compliant with SEBI requirements; material modifications to RPT policy not disclosed |
| 7 | SEBI RPT framework compliance (listed targets) | SEBI LODR, Reg 23(2)-(9) | Material RPTs not approved by shareholders; audit committee not pre-approving all RPTs; related party definition not expanded per SEBI norms |
| 8 | Compliance with Sections 185 and 186 | Companies Act, Sec 185-186 | Loans to directors without approval; inter-corporate loans exceeding limits; guarantees for related entities without compliance |
14. Anti-Corruption
Anti-corruption due diligence has become non-negotiable in cross-border M&A transactions, particularly where the acquirer is subject to the U.S. Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act. But even in purely domestic transactions, the Prevention of Corruption Act, 1988 and corporate governance requirements make this a critical workstream. Successor liability for past corrupt practices is a real risk that can result in criminal prosecution of the acquiring entity’s management.
| # | What to Check | Law / Section | Common Red Flags |
|---|---|---|---|
| 1 | Anti-bribery and anti-corruption (ABAC) policy | PCA, 1988; Companies Act, Sec 177 | No ABAC policy; policy exists but no training or implementation; policy not updated for 2018 PCA amendments |
| 2 | Government interaction register | PCA, 1988 | No record of government interactions; frequent meetings with government officials without documented agenda; gift registers absent |
| 3 | Third-party intermediary payments | PCA, 1988; FCPA; UK Bribery Act | High commission payments to agents in government-facing sectors; intermediaries with no clear business function; cash payments to consultants |
| 4 | Political contributions | Companies Act, Sec 182; Representation of People Act | Undisclosed political contributions; contributions exceeding statutory limits; contributions through electoral bonds not recorded |
| 5 | Whistleblower mechanism (Sec 177) | Companies Act, Sec 177(9)-(10); SEBI LODR | No vigil mechanism established; complaints received but not investigated; whistleblowers facing retaliation |
| 6 | Past investigations under Prevention of Corruption Act | PCA, 1988; CBI/state police investigations | FIRs registered; charge-sheets filed; directors named as accused; ongoing trial |
| 7 | FCPA and UK Bribery Act exposure assessment | FCPA; UK Bribery Act, 2010 | Target has U.S.-listed parent or U.S. operations; UK nexus through subsidiary or listing; past DOJ/SEC inquiries |
| 8 | Facilitation payments and hospitality register | ABAC policy; PCA, 1988 | Pattern of small unexplained payments; excessive hospitality to government officials; no hospitality policy or spending limits |
Want to Master M&A Due Diligence with Hands-On Deal Simulations?
Learn to run due diligence across all 14 categories, draft DD reports, and negotiate deal protections — with guidance from practising M&A lawyers.Join the M&A Practice Community Training Programme
Red Flag vs Long Form: How to Write the DD Report
Due diligence findings are meaningless unless they are communicated effectively. The DD report is the deliverable that the client pays for, and its format depends on the purpose, timeline, and scope of the engagement. There are two primary formats: the red-flag report and the long-form report.
A red-flag report is a concise document — typically 5 to 15 pages — that identifies only the material issues discovered during due diligence. It does not attempt to catalogue every finding. Instead, it focuses on deal-breakers and deal-shapers: issues that could prevent the transaction from closing, require significant price adjustment, or demand specific indemnity protection. Red-flag reports are commonly used in competitive auction processes where the buyer has limited time and needs a quick assessment of whether to proceed to the next round. They are also used in early-stage diligence when the buyer wants to identify fatal flaws before committing to a full-scope review.
A long-form report is a comprehensive document — often 50 to 100 pages or more — that covers every category of due diligence in detail. It describes each document reviewed, summarises the findings, identifies risks, and provides recommendations. Long-form reports are the standard deliverable in bilateral negotiated transactions where the buyer has full data room access and adequate time. They form the basis for negotiating representations, warranties, indemnities, and conditions precedent in the transaction documents.
Regardless of format, findings should be categorised by risk level. High risk findings are those that could prevent closing, require material price adjustment, or create significant post-closing liability (for example, an undisclosed tax demand of INR 50 crore, or a key customer contract with a change of control termination right). Medium risk findings require attention but can typically be addressed through contractual protections such as specific indemnities or conditions precedent (for example, pending labour disputes with quantifiable exposure, or expired licenses that can be renewed). Low risk findings are administrative or procedural gaps that should be remedied post-closing but do not affect deal economics (for example, delayed ROC filings or missing minor registrations).
For junior lawyers writing their first DD report, clarity and precision are essential. Every finding should identify the specific issue, cite the relevant document and applicable law, assess the risk level, quantify the potential liability where possible, and recommend a mitigation measure. Avoid vague language. Instead of writing “there may be some tax exposure,” write “the target has a pending income tax demand of INR 3.2 crore for AY 2022-23 relating to disallowance of depreciation on goodwill, currently under appeal before CIT(A), classified as medium risk.”
Comparison
Red Flag vs. Long Form DD Report
Choose the Right Due Diligence Scope for Your Transaction
⚠️
Red Flag Report
Quick & Focused
📄
Length
5–15 Pages
🔎
Scope
Material Issues Only
⏲
Timeline
1–2 Weeks
🎯
Best For
Competitive Bidding
📚
Long Form Report
Comprehensive & Detailed
📄
Length
50–100+ Pages
🔎
Scope
Comprehensive Review
⏲
Timeline
3–6 Weeks
🎯
Best For
Full Acquisition / PE
Pro Tip: Many firms start with a Red Flag report during bid stage, then commission a Long Form report after exclusivity is granted.
M&A Due Diligence Report Comparison, 2026lawsikho.com
Five Mistakes That Kill M&A Deals During Due Diligence
Missing change of control clauses in material contracts. This is the most commonly overlooked issue in M&A due diligence, and it is often the most damaging. A target company may have ten customer contracts that together constitute 80 percent of its revenue. If three of those contracts contain change of control clauses that allow the customer to terminate upon a change in the target’s ownership, the buyer could lose 30-40 percent of the target’s revenue base on day one of closing. The due diligence team must review every material contract specifically for change of control, assignment, and termination provisions. This cannot be left to a keyword search in the data room — it requires careful reading of each agreement.
Ignoring DPDP Act compliance. Many acquirers in 2026 still treat data protection as a peripheral issue. This is a strategic error. The DPDP Act imposes penalties of up to INR 250 crore for data security breaches, and these penalties attach to the entity, not the management. In a share purchase, the acquirer inherits the target’s data protection non-compliance, including the risk of penalties for breaches that occurred before the acquisition. A target company that has never conducted a data inventory, has no consent management system, and has experienced data breaches without notifying the Data Protection Board presents a material financial risk that must be priced into the deal or addressed through specific indemnities.
Not checking CCI Deal Value Threshold applicability. Since September 2024, the CCI’s Deal Value Threshold has been in effect. Transactions exceeding INR 2,000 crore in value where the target has substantial business operations in India must be notified to the CCI, even if the target’s assets and turnover fall below traditional thresholds. Gun-jumping — completing the transaction without CCI approval — carries penalties of up to one percent of total turnover or assets of the combination. The due diligence team must assess DVT applicability as part of the regulatory workstream and factor the CCI approval timeline into the transaction timetable.
Relying solely on desk review without management interaction or site visits. A data room review is necessary but not sufficient. Documents can be incomplete, outdated, or misleading. Management interviews reveal operational realities that documents cannot capture: pending disputes that have not been formalised, verbal agreements with key customers, regulatory inquiries at a preliminary stage, or employee relations issues simmering below the surface. Site visits are particularly important for manufacturing companies, real estate-intensive businesses, and entities in regulated sectors where physical inspection reveals compliance gaps that paperwork conceals.
Overlooking state-level variations. India is a federal system, and many laws relevant to M&A due diligence — stamp duty, property registration, labour regulations, shops and establishments, and pollution control — are state subjects or concurrent list items with significant state-level variation. A stamp duty rate in Maharashtra differs from one in Karnataka. Labour regulations in Gujarat operate differently from those in West Bengal. Real property due diligence in states with digitised land records (Karnataka, Andhra Pradesh) is fundamentally different from states where records remain manual. The due diligence must account for the specific states where the target operates, not assume uniform national application of legal requirements.
Build Real M&A Skills — Not Just Theoretical Knowledge
The M&A Practice Community Training Programme includes live deal simulations, DD checklist templates, report-writing workshops, and mentorship from senior practitioners.Explore the M&A Practice Community Training Programme
Practical Tips for Junior Lawyers Running DD for the First Time
Start with the MCA portal. The Ministry of Corporate Affairs portal is the single most useful free resource for corporate due diligence. A CIN search gives you the target’s incorporation details, registered office, authorised and paid-up capital, directors (with DIN status), charges registered, and annual filings. Before requesting a single document from the target, spend an hour on the MCA portal building a preliminary picture of the corporate structure.
Build your own DD tracker spreadsheet from day one. Create a master tracker with tabs for each DD category. For each item, record the document requested, date requested, date received, status (received / pending / not available / not applicable), key findings, risk level, and follow-up actions. This tracker becomes your project management tool and the foundation for the DD report. Maintaining it daily, rather than trying to reconstruct it at the end, saves enormous time and prevents gaps.
Always distinguish between share purchase DD and asset purchase DD. In a share purchase, you inherit everything — all assets, all liabilities, all contracts, all litigation, all regulatory obligations. The due diligence must be comprehensive. In an asset purchase, you acquire only the specified assets, and the due diligence focuses on title, encumbrances, and transferability of those specific assets. However, even in an asset purchase, investigate liabilities that may follow the assets (such as environmental contamination of a property, or transfer of employees under applicable labour laws).
Cross-reference across categories. A single document can have implications across multiple DD categories. A technology license agreement, for example, may have IP implications (license scope and restrictions), tax implications (withholding tax on royalty payments), FEMA implications (cross-border payment compliance), and data protection implications (data sharing with the licensor). The best DD lawyers do not work in silos; they read every document with multiple lenses.
Ask senior associates for the firm’s DD template before creating your own. Most established law firms have standard DD checklists, report templates, and request lists that have been refined over years of transactions. Using the firm’s template ensures consistency, captures institutional knowledge, and saves you from reinventing the wheel. It also ensures you do not miss categories or items that the firm considers standard.
Manage your time ruthlessly. A typical DD window in Indian M&A transactions is 2 to 4 weeks. This is not a lot of time to cover 14 categories across what may be hundreds of documents. Prioritise based on materiality and risk. Start with the categories most likely to contain deal-breakers (litigation, tax, material contracts, change of control clauses) and move to lower-risk categories once the critical areas are covered. Flag gaps in the data room immediately rather than waiting until the deadline.
How AI Is Changing M&A Due Diligence in India
Artificial intelligence is no longer a futuristic concept in Indian legal practice — it is an operational reality in M&A due diligence. Major Indian law firms have deployed AI platforms across their practices, and the impact on efficiency and accuracy is measurable.
One of India’s largest law firms has integrated AI across its practice involving over 1,000 lawyers, deploying a full-stack legal lifecycle platform that handles document creation, compliance checking, versioning, retrieval, and knowledge sharing. Infrastructure lawyers use AI to manage large diligence datasets, while other practice groups use it for document translation and review. The platform is built on enterprise AI infrastructure with strict data security protocols ensuring that confidential client data never leaves the firm’s cloud environment.
Several AI-powered tools have gained traction in the Indian M&A due diligence space. Contract review platforms can parse thousands of agreements in hours, flagging change of control clauses, assignment restrictions, termination provisions, and other critical terms. Legal research tools accelerate regulatory analysis by surfacing relevant precedents, circulars, and amendments. Document comparison tools identify inconsistencies between different versions of agreements or between agreements and corporate filings. Firms adopting these tools have reported efficiency gains of up to 70 percent in document review time, allowing lawyers to focus on analysis and judgment rather than manual document processing.
However, AI has clear limitations in due diligence. It cannot replace professional judgment in assessing risk materiality, negotiation strategy, or the commercial implications of legal findings. It struggles with ambiguous or poorly drafted provisions, context-dependent interpretations, and the nuances of Indian regulatory practice where informal guidance and market practice often matter as much as black-letter law. AI is a powerful tool for the mechanical aspects of due diligence — document review, data extraction, clause identification, compliance checking — but the analytical, advisory, and strategic aspects remain firmly in the domain of experienced M&A lawyers.
For junior lawyers, the practical implication is clear: develop proficiency with AI-assisted legal tools alongside traditional legal skills. The lawyers who will thrive in M&A practice over the next decade are those who can leverage AI for speed and accuracy while adding the judgment, creativity, and client advisory skills that AI cannot replicate.
Complete Checklist
The 14 DD Categories at a Glance
Every Area You Must Cover in an Indian M&A Due Diligence
1
Corporate
Charter docs, board resolutions, shareholding pattern
2
Financial
Audited statements, working capital, contingent liabilities
3
Tax
Direct & indirect tax assessments, transfer pricing
4
Contracts
Material contracts, change-of-control clauses, key terms
5
Employment
Labour compliance, ESOP pools, key-man risk
6
IP
Trademarks, patents, trade secrets, licensing
7
Litigation
Pending cases, notices, regulatory actions
8
Real Estate
Title verification, encumbrances, RERA compliance
9
Environmental
Pollution consents, EIA clearances, ESG flags
10
Data Protection
New — DPDP Act
Consent audits, data breach history, cross-border transfers
11
Regulatory
Sector-specific licenses, FEMA compliance, approvals
12
Insurance
Policy coverage, D&O insurance, claims history
13
Competition
CCI filing, market dominance, gun-jumping risk
14
Commercial
Business model, customer concentration, market position
M&A Due Diligence — 14-Category Checklist, 2026lawsikho.com
Start Your M&A Career with the Right Foundation
From due diligence checklists to deal structuring, the M&A Practice Community Training Programme equips you with the skills that law firms and corporates are hiring for in 2026.Enrol in the M&A Practice Community Training Programme
Frequently Asked Questions
What is due diligence in M&A?
Due diligence in mergers and acquisitions is the comprehensive investigation that a buyer or investor conducts into a target company before completing a transaction. It covers legal, financial, tax, regulatory, operational, and commercial aspects of the target. The purpose is to identify risks, verify the accuracy of information provided by the seller, quantify potential liabilities, and provide the buyer with the information needed to price the deal, negotiate protective contractual provisions (such as representations, warranties, and indemnities), and make an informed decision on whether to proceed with the transaction. In the Indian context, M&A due diligence must address the specific requirements of multiple regulatory regimes including the Companies Act 2013, SEBI regulations, FEMA, the Competition Act, tax laws, and the DPDP Act 2023.
How long does due diligence take in India?
The typical due diligence window in Indian M&A transactions ranges from 2 to 4 weeks for a standard private company acquisition. However, the timeline can vary significantly depending on the complexity of the target, the deal structure, and the regulatory environment. Listed company acquisitions involving SEBI compliance, CCI filings, and open offer obligations may require 6 to 8 weeks or more. Cross-border transactions involving FEMA compliance and government approvals can extend the timeline further. In competitive auction processes, the initial red-flag due diligence may be compressed to 1 to 2 weeks, with confirmatory due diligence following the exclusivity period. Factors that extend timelines include incomplete data rooms, multi-jurisdictional operations, pending regulatory proceedings, and the need for site visits across multiple locations.
Who conducts due diligence — lawyers or CAs?
M&A due diligence is a multidisciplinary exercise. Legal due diligence is conducted by lawyers and covers corporate structure, contracts, litigation, regulatory compliance, IP, labour, real estate, data protection, and anti-corruption. Financial due diligence is conducted by chartered accountants and covers financial statements, working capital, debt, revenue recognition, and accounting policies. Tax due diligence is typically led by tax specialists (who may be CAs or tax lawyers) and covers direct tax, indirect tax, and transfer pricing. In practice, law firms and CA firms work in parallel, each covering their respective domains. The buyer’s M&A counsel typically coordinates the overall due diligence process and integrates the findings from all workstreams into the transaction documentation.
What is the difference between legal and financial DD?
Legal due diligence examines the legal framework around the target company — its corporate existence and governance, contractual relationships, regulatory compliance, litigation exposure, intellectual property rights, employment arrangements, property titles, and data protection compliance. Financial due diligence examines the target’s financial health — the quality of earnings, sustainability of revenue, working capital requirements, debt obligations, off-balance-sheet liabilities, and accounting policy appropriateness. The two workstreams are complementary and often overlap. For example, a contingent liability identified in the financial due diligence may require legal analysis of the underlying dispute, while a contractual provision identified in legal DD may have financial implications that the financial DD team needs to quantify.
Is due diligence mandatory for mergers under the Companies Act?
The Companies Act, 2013 does not explicitly mandate due diligence for mergers or acquisitions. However, due diligence is effectively required as a matter of practice and fiduciary obligation. Directors have a fiduciary duty under Section 166 of the Companies Act to act in the best interest of the company, and approving a merger or acquisition without adequate investigation could constitute a breach of that duty. For listed companies, SEBI regulations require detailed disclosures about the target and the rationale for the transaction, which can only be prepared based on thorough due diligence. Additionally, lenders and investors typically require due diligence as a condition for financing the transaction. The NCLT, when sanctioning a scheme of arrangement under Sections 230-232, examines whether the scheme is fair and reasonable, which implicitly requires that the parties have conducted adequate investigation.
What documents are required for DD of an Indian company?
The document request list for a comprehensive due diligence of an Indian company typically includes: certificate of incorporation and CIN details, memorandum and articles of association, all RoC filings (AOC-4, MGT-7, charge registrations), board and shareholder resolutions, shareholder agreements and other governance documents, audited financial statements for the past 3-5 years, tax returns and assessment orders, all material contracts (customer, supplier, technology, employment), licenses and regulatory permits, litigation schedule, insurance policies, property documents (title deeds, lease agreements, revenue records), IP registration certificates, FEMA filings and FDI documentation, data processing agreements, and compliance certificates. For listed targets, the list extends to SEBI filings, corporate governance reports, and insider trading compliance documentation.
What are common red flags in M&A due diligence?
The most common red flags encountered during M&A due diligence in India include: material pending litigation that is inadequately provisioned, change of control clauses in key contracts that could trigger termination, undisclosed related party transactions at non-arm’s-length pricing, tax demands under appeal with uncertain outcomes, regulatory non-compliance (expired licenses, missing registrations), FEMA violations in past foreign investment rounds, director disqualification issues, unstamped or unregistered agreements that may be legally unenforceable, employment misclassification (employees treated as contractors), environmental non-compliance at manufacturing sites, and data protection gaps under the DPDP Act. A single red flag rarely kills a deal, but a pattern of non-compliance suggests deeper governance issues that may affect post-acquisition integration.
How does the DPDP Act affect M&A due diligence?
The Digital Personal Data Protection Act, 2023 has added an entirely new category to M&A due diligence. Acquirers must now assess the target’s data protection posture as part of the transaction, including data inventory and mapping, consent management systems, data processing agreements, breach history, cross-border data transfer mechanisms, and Significant Data Fiduciary classification. The penalty exposure is substantial — up to INR 250 crore for data security breaches. In a share purchase transaction, the acquirer inherits the target’s data protection liabilities, including potential penalties for pre-acquisition non-compliance. This means that DPDP Act due diligence directly affects deal pricing, indemnity negotiations, and the buyer’s risk assessment. Acquirers are increasingly requiring specific DPDP Act representations and warranties and dedicated data protection indemnities in transaction documents.
What is a red flag report vs long form report?
A red flag report is a concise due diligence deliverable, typically 5 to 15 pages, that identifies only the material issues — the deal-breakers and deal-shapers — without cataloguing every finding. It is used in competitive auctions, early-stage diligence, and time-constrained situations. A long form report is a comprehensive document, typically 50 to 100 pages or more, that covers every category of due diligence in detail, describes each document reviewed, and provides a complete risk assessment with recommendations. Long form reports are the standard deliverable in bilateral negotiated transactions and form the basis for negotiating transaction documents. The choice between formats depends on the transaction stage, timeline, buyer’s requirements, and the competitive dynamics of the deal process.
What regulatory approvals are needed for mergers in India?
The regulatory approvals required for mergers in India depend on the deal structure and the parties involved. For a scheme of arrangement (merger or demerger), NCLT approval is mandatory under Sections 230-232 of the Companies Act, 2013. The CCI must approve combinations that exceed the prescribed asset, turnover, or deal value thresholds under the Competition Act. If the target is a listed company, SEBI regulations (including SAST for open offer obligations and LODR for disclosure requirements) must be complied with. Cross-border transactions require RBI approval under FEMA. Sector-specific regulators may also need to approve the transaction — for example, IRDAI for insurance companies, RBI for banking and NBFC targets, TRAI for telecom companies, and the DPIIT for transactions in sectors requiring government route FDI approval.
How does the CCI Deal Value Threshold work?
The CCI Deal Value Threshold (DVT), effective from September 10, 2024, requires prior CCI approval for any transaction where the deal value exceeds INR 2,000 crore and the target has substantial business operations in India. This is a dual test: both conditions must be met. The DVT was introduced to capture asset-light digital businesses and startups that might fall below the traditional asset and turnover thresholds under Section 5 of the Competition Act. Importantly, a transaction exceeding the DVT is notifiable to the CCI even if it falls within the de minimis exemption (target assets below INR 450 crore or turnover below INR 1,250 crore). The definition of “substantial business operations” in India and the computation of “deal value” (which includes all forms of consideration — cash, shares, deferred payments, earnouts) are critical assessment areas during due diligence.
What are the FEMA requirements for cross-border M&A?
Cross-border M&A transactions in India are governed by FEMA and RBI regulations. Key requirements include: verification that the sector permits foreign investment and that the proposed investment level is within the applicable sector cap, determination of whether the investment qualifies for the automatic route or requires government approval, compliance with pricing guidelines (shares must be issued at or above fair market value as determined by a SEBI-registered merchant banker or registered valuer), filing of FC-GPR (for fresh allotment to non-residents) or FC-TRS (for transfer of shares from resident to non-resident), compliance with Press Note 3 of 2020 if the investor (or beneficial owner) is from a country sharing a land border with India, and adherence to reporting timelines prescribed by the RBI. Non-compliance with FEMA can result in penalties of up to three times the amount involved and compounding proceedings before the RBI.
How much does due diligence cost in India?
Due diligence costs in India vary widely depending on the scope of the exercise, the size and complexity of the target, the law firm engaged, and the transaction timeline. For a mid-market transaction (deal value of INR 50-500 crore), legal due diligence fees from a reputable law firm typically range from INR 10 lakh to INR 50 lakh. For large transactions involving listed targets, cross-border elements, and multi-jurisdictional operations, legal DD fees can range from INR 50 lakh to several crore. Financial and tax due diligence by CA firms carry separate fee structures of comparable magnitude. These costs should be viewed in context: the cost of due diligence is a fraction of the deal value, while the cost of discovering a material liability post-closing — without the protection of contractual indemnities negotiated on the basis of DD findings — can be multiples of the DD fee.
What is a virtual data room?
For regulatory references, see the Companies Act 2013 on MCA, SEBI SAST Regulations, and the Competition Act 2002 on CCI.
A virtual data room (VDR) is a secure online repository where the target company uploads documents for review by the buyer’s due diligence team. VDRs have largely replaced physical data rooms in M&A transactions, offering advantages in security, access control, audit trails, and efficiency. The seller populates the VDR with documents organized according to the due diligence checklist categories, and the buyer’s team accesses the documents through secure login credentials. VDRs typically include features such as document-level access controls (allowing different users to see different documents), watermarking, download restrictions, Q&A modules for raising queries with the seller, and activity tracking that shows which documents each user has reviewed. Popular VDR providers used in Indian M&A transactions include global platforms as well as India-specific solutions that comply with data localisation requirements.
Related guides on LawSikho: If you are building a career in transactional law, read our complete guide on how to get hired at a top law firm in India. For criminal law practitioners, our IPC to BNS conversion table covers all section mappings across the three new criminal codes.
Can DD findings kill an M&A deal?
Yes, due diligence findings regularly cause M&A deals to be abandoned, restructured, or repriced. Common deal-breakers include: undisclosed litigation with material financial exposure, tax liabilities that significantly reduce the target’s net worth, regulatory non-compliance that threatens the target’s ability to continue operations (such as missing critical licenses), title defects in key properties for asset-heavy businesses, change of control clauses in material contracts that would result in loss of key customer or supplier relationships, FEMA violations that could result in regulatory action, and environmental contamination requiring costly remediation. Even when findings do not kill a deal outright, they frequently result in price reductions, enhanced indemnity protection, conditions precedent requiring remediation before closing, escrow arrangements for uncertain liabilities, and restructuring of the transaction (for example, switching from a share purchase to an asset purchase to avoid inheriting certain liabilities). Due diligence is, in this sense, the most critical phase of any M&A transaction.
Allow notifications
