Company Due Diligence: A Practical Guide For UK SMEs And Startups

Whether you’re buying a business, taking investment, entering a joint venture, or signing a major supplier deal, company due diligence is the step that turns “this sounds promising” into “this is a deal we can safely stand behind”.

And if you’re a UK SME or startup, due diligence can feel like a big-company process designed to slow everything down.

But it doesn’t have to be.

In practice, due diligence is just a structured way to confirm what’s true, what’s missing, and what could cause problems later. Done properly, it helps you:

• avoid buying hidden liabilities (debts, disputes, tax issues, employee claims)
• understand what you’re actually acquiring (assets, contracts, IP, customer relationships)
• negotiate a better price or safer terms (warranties, indemnities, conditions)
• protect your business from day one, instead of fixing issues after completion

Below, we’ll walk through the process in plain English, with a practical checklist you can adapt for your deal.

What Is Company Due Diligence (And Why Does It Matter)?

Company due diligence is the investigation you run before you commit to a transaction involving a business.

You’ll usually see due diligence in situations like:

• Buying a business (share purchase or asset purchase)
• Taking on investors (investors conduct due diligence on you, and you should do some on them too)
• Partnering with another company (joint ventures, strategic partnerships)
• Signing a high-value contract where the other side’s ability to deliver really matters

The goal isn’t to “catch someone out”. It’s to confirm the facts so you can allocate risk fairly and document the deal properly.

For example:

• If a company says it owns its software, due diligence checks whether that IP is actually assigned to the company (and not sitting with a freelancer).
• If a business claims it has recurring revenue, due diligence checks whether those customer contracts are enforceable, transferable, and not about to expire.
• If a founder says there are “no disputes”, due diligence checks for threatened claims, unpaid invoices, and ongoing tribunal risks.

In short: due diligence helps you understand what you’re stepping into before you’re legally and commercially locked in.

When Do SMEs And Startups Need Due Diligence Most?

In an ideal world, every deal gets a thorough due diligence process. In the real world, SMEs and startups are time-poor, cash-conscious, and moving fast.

So when should you prioritise it?

1) Buying A Business (Or Buying Shares In A Company)

If you’re buying shares, you’re effectively buying the company “as is” - including its known and unknown liabilities. That’s why due diligence is critical in share acquisitions.

If you’re buying assets, due diligence is still essential, but the focus shifts to: “What exactly is being transferred, and what stays behind?”

2) Raising Investment (And Getting “Investor DD” Ready)

Investors will typically run due diligence on your company before they invest. If your cap table is messy, your contracts are undocumented, or your IP ownership is unclear, you can lose leverage or delay the round.

This is where having your internal governance and documents organised early can really pay off, including a clear Shareholders Agreement if you’ve already got multiple founders or early shareholders.

3) Entering A Joint Venture Or Strategic Partnership

If you’re partnering with another business, you’re not just assessing their product - you’re assessing their ability to perform, comply, and stay solvent.

Even “friendly” partnerships can become stressful if expectations aren’t documented and risk isn’t allocated properly.

4) Signing Long-Term Or High-Risk Commercial Contracts

If you’re about to rely on one supplier, one distributor, or one platform partner, it’s worth doing some basic diligence on them. It’s often quicker and cheaper than dealing with a collapse mid-project.

A Practical Company Due Diligence Checklist (What To Check And Why)

There isn’t one universal due diligence list, because it depends on the transaction and the type of business.

But for most UK SMEs and startups, a sensible checklist covers these categories.

1) Corporate Structure And Ownership

This is where you confirm what the company is, who owns it, and who has authority to sign.

• Companies House filings: confirmation statement, director appointments/resignations, registered office, filing history.
• Share capital and cap table: number and classes of shares, options, convertibles, any side arrangements.
• PSC (Persons With Significant Control): confirm who ultimately controls the company.
• Company constitution: check the Articles of Association and whether any bespoke provisions affect share transfers, drag/tag rights, or decision-making.
• Board/shareholder decisions: are key decisions properly approved and documented?

Why this matters: If the seller doesn’t have clear title to the shares (or the company isn’t properly governed), you can end up with disputes over ownership, voting, or whether the deal was authorised.

2) Financial Due Diligence (And Reality-Checking The Numbers)

Financial due diligence can be very detailed, but even a lean diligence process should check:

• Accounts and management numbers: confirm revenue, margins, and cash position (not just top-line sales).
• Debts and liabilities: loans, director loans, leases, hire purchase, unpaid supplier invoices.
• Security and charges: look for registered charges (meaning someone may have security over assets).
• Tax position: VAT compliance, PAYE/NI, corporation tax filings, any HMRC correspondence (typically reviewed with an accountant or tax adviser where relevant).

Why this matters: You’re not only buying future potential - you may be inheriting financial baggage. If the purchase price assumes a certain cash position or working capital, you’ll want clarity before you commit.

3) Commercial Contracts (Customers, Suppliers, And “Can We Rely On This?”)

For many SMEs, the real value of the business is its contracts. Due diligence should focus on the agreements that generate revenue or create ongoing obligations.

• Customer contracts: key terms, renewal dates, termination rights, service levels, and any “change of control” clauses.
• Supplier contracts: exclusivity, minimum orders, price increase mechanisms, delivery obligations.
• Terms and conditions: are they up to date, and are they actually being used?
• Guarantees and indemnities: has the company promised outcomes or accepted unusual risk?

If you’re acquiring a business, you’ll also want to confirm whether contracts are assignable (asset sale) or whether they stay in place automatically (share sale).

Tip: A legal Contract Review of the most important customer/supplier agreements can be one of the highest ROI parts of the due diligence process, because it quickly shows where the risk really sits.

4) People, Employment, And Contractor Risks

Employment issues are a common area where “small” problems become expensive later.

As part of due diligence, look at:

• Employment status: who is an employee vs worker vs contractor, and is that classification defensible?
• Employment terms: do employees have written agreements, and do they cover key protections (confidentiality, IP, notice, post-termination restrictions where appropriate)?
• Contractors/freelancers: are there signed contractor agreements and clear IP assignment clauses?
• Disputes: grievances, disciplinaries, settlement agreements, tribunal threats.
• Policies: basic workplace policies, especially around data handling, acceptable use, and misconduct.

If you’re buying a business with employees, you should also understand whether TUPE is likely to apply (this depends on deal structure and the nature of what’s transferring).

And if you’re getting your own house in order ahead of investment, it’s usually worth checking your Employment Contract templates are consistent and fit for how your team actually works.

5) IP And Brand Ownership (A Big One For Startups)

For startups, intellectual property is often the core asset - even if it’s not fully “registered”.

Your due diligence process should check:

• Who created the IP: founders, employees, contractors, agencies?
• Whether IP is properly owned by the company: IP can accidentally stay with individuals unless it’s assigned correctly.
• Key IP assets: source code, product designs, brand names, logos, domain names, content, databases.
• Third-party dependencies: open-source software usage, licences, restrictions, compliance obligations.
• Trade marks: whether names/logos are protected (or whether there’s a risk someone else owns a similar mark).

If IP hasn’t been clearly transferred into the company, an IP Assignment is often the straightforward fix - but it’s much easier to address this before the deal than after someone raises it as a condition.

6) Data Protection, Privacy, And Cyber Hygiene

If the business collects customer or user data (which most do), data protection due diligence is now a core part of many deals.

You’ll want to understand:

• What personal data is collected (customers, employees, users, leads)
• How it’s processed and stored (cloud tools, access controls, retention)
• Whether the business complies with UK GDPR and the Data Protection Act 2018
• Whether privacy disclosures match reality (cookies, marketing, tracking)
• Any past data breaches or ICO correspondence

At a minimum, most customer-facing businesses should have a clear Privacy Policy that reflects what they actually do with data (not what a generic template claims).

7) Disputes, Regulatory Issues, And “What Could Blow Up Later?”

Finally, check for matters that can derail a transaction or become costly post-completion:

• Litigation and disputes: threatened claims, legal letters, unpaid debts, ongoing settlement negotiations.
• Regulatory compliance: sector-specific licences, advertising compliance, consumer law compliance (particularly if B2C).
• Insurance: what cover exists (professional indemnity, public liability, cyber, D&O) and any claims history.
• Property: leases, break clauses, rent reviews, dilapidations risks (if premises are involved).

Why this matters: A dispute doesn’t need to be in court to be real. Unresolved issues can become negotiation points, conditions, or future liabilities.

Common Red Flags When Doing Due Diligence On A Company

Most deals have a few imperfections. The question is whether they’re manageable, and whether you’ve priced and documented the risk properly.

Here are some common red flags that should make you pause and dig deeper during company due diligence:

Unclear Ownership Or Informal Side Deals

• “Handshake” arrangements with co-founders or early contributors
• Promises of equity that were never documented properly
• Missing board/shareholder approvals for major decisions

Contracts That Don’t Match The Sales Story

• Revenue described as “recurring”, but contracts are terminable on short notice
• Key customer can exit on change of control
• Supplier can increase prices unilaterally with minimal notice

IP That Isn’t Owned By The Company

• Core product built by contractors without proper assignment language
• Brand name used for years without trade mark checks
• No clarity on open-source software obligations

Employment Status And People Risks

• People treated as contractors but working like employees
• No written agreements, or outdated terms that don’t reflect reality
• Disputes with departing staff or founders

Data Protection Gaps

• No privacy documentation despite collecting personal data
• Unclear consent for marketing lists
• Weak access controls or no breach response process

A red flag doesn’t always mean “walk away”. But it usually means: slow down, get advice, and document the fix or protect yourself contractually.

How To Run The Due Diligence Process Without Derailing The Deal

For SMEs and startups, the biggest challenge is often running the process efficiently while keeping momentum.

Here are practical ways to keep diligence lean but effective.

1) Start With A Clear Scope (Not A 200-Item Checklist)

Decide what really matters for your deal. For example:

• If you’re acquiring a software business, focus heavily on IP, data protection, and customer contracts.
• If you’re buying a retail business, focus on leases, supplier terms, consumer compliance, and staff.
• If you’re investing in an early-stage startup, focus on ownership, cap table, IP, and founder arrangements.

Due diligence is most useful when it reflects the risk profile of the transaction, not when it’s just “everything we can ask for”.

2) Build A Simple Data Room Early

If you’re the seller (or a startup getting investor-ready), it helps to keep a tidy set of documents you can share quickly, such as:

• corporate documents (cap table, filings, constitutional documents)
• key commercial contracts
• employment and contractor templates
• IP records and assignments
• privacy documentation

This reduces back-and-forth and signals that the business is well-run.

3) Don’t Just Collect Documents - Ask “So What?”

A common mistake is treating due diligence like box-ticking. The real value comes from interpreting what the documents mean in practice, for example:

• Does this contract create obligations you can actually meet?
• Can the other party terminate easily, and would that destroy value?
• Are there clauses that should change the price or require a warranty/indemnity?

This is also where legal advice can be particularly useful, because the risk is often hidden in one or two clauses - not in the headline terms.

4) Use Findings To Negotiate Protections (Not Just A Discount)

If you uncover issues during due diligence, you generally have a few levers:

• Price adjustment (reduce the price to reflect risk)
• Conditions precedent (require fixes before completion)
• Warranties (seller promises certain facts are true)
• Indemnities (seller compensates you if a known risk crystallises)
• Retention/escrow (hold back part of the price for a period)

The “right” approach depends on leverage, deal structure, and what the risk actually is - so it’s worth getting tailored legal advice rather than relying on generic deal terms.

5) Keep A Deal Tracker

Even a simple spreadsheet can help you manage diligence efficiently. Track:

• document requests (requested / received / reviewed)
• open questions
• red flags
• proposed fixes (contract amendment, price change, condition)
• who owns the next step

This stops issues being forgotten and keeps the deal moving.

Key Takeaways

• Company due diligence is a practical risk-check before you invest, acquire, partner, or sign major agreements - it helps you confirm what’s true and what needs fixing.
• A good process of due diligence is scoped to the deal: focus on the areas that carry the most value and the most downside risk.
• Core due diligence areas for UK SMEs and startups usually include corporate ownership, financials, key contracts, employment/contractors, IP ownership, and data protection compliance.
• Common red flags include unclear ownership arrangements, weak or terminable customer contracts, missing IP assignments, misclassified contractors, and privacy gaps.
• Due diligence findings can be managed through deal protections like warranties, indemnities, conditions precedent, and retention - not just by renegotiating price.
• If you’re unsure how much diligence is “enough” for your transaction, getting legal input early can save you time, cost, and stress later.

If you’d like help with company due diligence, reviewing key contracts, or getting your deal documents in place, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.