M&A Due Diligence in the UK: A Practical Guide

byAlex Solo30 January 202610 min read

Intellectual Property Contracts Employment Law Startups Regulatory Compliance Data & Privacy

Contents

What Is Due Diligence In Mergers And Acquisitions (And Why Does It Matter)?
What Should A Small Business Or Startup Prepare Before Due Diligence Starts?
What Does Mergers And Acquisitions Due Diligence Cover In The UK?
How Do You Run A Due Diligence Process Step-By-Step?
Common Red Flags That Can Derail Small Business M&A Deals
Key Takeaways

If you’re buying a business, selling your company, or taking on investment that looks a lot like an acquisition, due diligence is the part that can make (or break) the deal.

In plain terms, due diligence in mergers and acquisitions is where the buyer (and often the seller too) checks the business properly before signing. It’s not just about confirming the numbers - it’s about making sure there aren’t hidden legal, financial, operational or compliance issues that could become your problem on day one.

For small businesses and startups, the process can feel intense. But with the right preparation, it’s manageable - and it can even help you negotiate a better price, stronger protections, or a smoother completion.

Below, we’ll walk you through what mergers and acquisitions due diligence usually covers in the UK, what you should prepare, and the red flags to watch for. This article is general information only and isn’t legal, tax, accounting or financial advice - you’ll want tailored advice for your specific deal.

What Is Due Diligence In Mergers And Acquisitions (And Why Does It Matter)?

Due diligence in mergers and acquisitions is the investigation and verification process a buyer runs before completing an M&A transaction. The seller provides information (usually in a secure data room), and the buyer’s advisers review it, ask questions, and assess risk.

In a small business context, due diligence is typically about confirming:

What exactly is being sold (shares, assets, IP, goodwill, contracts, stock, customer lists)
Whether the business really owns what it says it owns (including IP and key assets)
Whether there are “deal breakers” (e.g. litigation, missing licences, major contract issues)
What liabilities are sitting in the company (tax, employment claims, debt, refunds, disputes)
What needs to change post-completion (contract transfers, consents, employee communications)

It matters because due diligence findings directly affect:

Price (a risk usually leads to a price reduction or retention/escrow)
Deal structure (share sale vs asset sale, earn-outs, staged completion)
Contract terms (warranties, indemnities, limitation of liability, disclosure)
Timing (missing paperwork can delay completion significantly)

And importantly, due diligence is often where “surprises” come out. If you’re the seller, being prepared can keep momentum high and avoid last-minute renegotiations. If you’re the buyer, being thorough is how you avoid paying for problems you didn’t agree to take on.

What Should A Small Business Or Startup Prepare Before Due Diligence Starts?

If you’re selling, the best approach is to assume the buyer will ask for evidence of everything important - and to organise it before you go to market. If you’re buying, knowing what “good” documentation looks like helps you assess how mature and low-risk the target business really is.

In most UK M&A transactions, you’ll want to prepare (or request) documents in these buckets:

Corporate records (Companies House filings, statutory registers, share history)
Ownership and funding (cap table, options, shareholder loans, investor rights)
Key contracts (customers, suppliers, partners, leases, loans)
People documents (employees, contractors, incentive plans)
IP and tech (ownership chain, assignments, licences, product terms)
Compliance (data protection, regulated permissions, policies)
Disputes and liabilities (claims, complaints, warranties, refunds, insurance)

As a seller, one practical tip is to run a “vendor due diligence” exercise before you share anything. That means you identify gaps (missing signatures, inconsistent terms, unclear IP ownership) and fix what you can while you still control the timetable.

If you need to formalise the transaction documents themselves, it’s common to use a tailored Business Sale Agreement so the commercial deal matches what the due diligence uncovered.

What Does Mergers And Acquisitions Due Diligence Cover In The UK?

Due diligence checklists can be long, but they usually map back to a handful of core legal and commercial risk areas. Here’s what we commonly see matter most for small businesses and startups.

The buyer will want to confirm the company is properly incorporated, who owns it, and whether anyone else has rights that could block or complicate the sale.

Common requests include:

Companies House filings and constitutional documents
Cap table, share classes, option schemes, convertible notes
Board minutes and shareholder resolutions for major decisions
Any side letters or special rights (e.g. vetoes, liquidation preferences)

If your business has multiple founders or investors, having a clear Shareholders Agreement can reduce uncertainty around transfers, leavers, and decision-making.

2) Commercial Contracts (Customers, Suppliers, Partners)

Contracts are often where value sits - and where hidden risk sits too. In mergers and acquisitions due diligence, the buyer will usually focus on:

Revenue concentration (are you reliant on 1–2 customers?)
Termination rights (can key contracts be ended on short notice?)
Change of control clauses (do contracts terminate or require consent if the company is sold?)
Pricing commitments and service levels (are you locked into unprofitable terms?)
Liability caps (are you exposed to uncapped claims?)

If you’re negotiating the sale documentation, the due diligence findings often feed into warranties and Limitation Of Liability Clauses to allocate risk in a way that reflects the reality of the business.

3) People And Employment Risk (Including TUPE Where Relevant)

Buyers will look closely at your team because people risk can become costly quickly. They’ll want to know who is employed, who is a contractor, what obligations exist, and whether there are any disputes.

Typically, employment due diligence will cover:

Employee and contractor lists (roles, start dates, salaries/fees)
Employment contracts, policies, benefits, bonus/commission structures
Any ongoing disciplinaries, grievances, or settlement discussions
Right to work checks and immigration compliance (where relevant)

From a documentation point of view, it helps if your key staff are on a robust Employment Contract that clearly covers confidentiality, IP, notice, and restrictive covenants (where appropriate).

Also, depending on the deal structure and the nature of the transfer, the Transfer of Undertakings (Protection of Employment) Regulations 2006 (TUPE) may apply (often in some asset sales). TUPE can bring employee information and consultation requirements, so it’s something you’ll want advice on early.

4) Intellectual Property (IP) And Technology

For startups especially, IP isn’t “nice to have” - it is the product. Buyers will try to confirm:

The company (not an individual founder) owns the IP
Contractors have assigned IP properly (a common gap)
Software licences are compliant and transferable
Brand assets (names, logos, domains) are owned/registered where needed

If the business has grown quickly using freelancers, agencies, or outsourced developers, IP ownership can get messy. Cleaning up IP assignments before you go through due diligence in mergers and acquisitions can protect valuation and reduce negotiation friction.

If you collect personal data (customers, users, employees, newsletter lists), data protection will come up. In the UK, the key framework is UK GDPR and the Data Protection Act 2018.

Due diligence questions often include:

What data you collect and why (your lawful bases)
Your privacy notices and cookie information
Security measures and breach history
Supplier management (data processors, hosting providers, SaaS tools)
International transfers (if data is stored outside the UK)

Even for small businesses, having a sensible set of policies and governance can make the process much smoother - for example a tailored GDPR Package where it fits your operations.

6) Financial, Tax And Regulatory Issues

Your accountant will typically lead financial due diligence, but legal due diligence still overlaps with tax and regulation in a few important ways (and this article isn’t tax or accounting advice):

Outstanding tax liabilities (VAT, PAYE/NICs, corporation tax)
Regulatory licences, permissions, and reporting (industry-specific)
Anti-bribery and ethical compliance (Bribery Act 2010, Modern Slavery Act 2015 where relevant)
Insurance coverage and claims history

If the business operates in a regulated sector (financial services, healthcare, education, food, etc.), the due diligence scope usually expands. A buyer may also require evidence of compliance systems rather than just “we’ve never had a problem”.

How Do You Run A Due Diligence Process Step-By-Step?

There’s no single “perfect” process, but most small business M&A deals in the UK follow a similar rhythm. Here’s a practical way to think about it.

1) Agree The Heads Of Terms (And Set The Rules Early)

Most deals start with heads of terms (or a term sheet) that covers price, structure, exclusivity, timing and key conditions. This is also the point where confidentiality arrangements and the due diligence scope are usually agreed.

As the seller, be clear on:

What you will share (and when)
How sensitive information will be handled
Who the buyer can speak to (e.g. employees, customers) and at what stage

2) Build A Data Room (And Keep It Tidy)

A data room is a structured folder system where you upload documents. The smoother the data room, the smoother the deal tends to be.

Practical tips that save time:

Name documents consistently (e.g. “Customer Contract – X – Signed – 2024-06-01”)
Upload signed versions (not drafts) wherever possible
Create a simple index so people can find things quickly
Keep a change log if you’re updating documents during diligence

3) Respond To Due Diligence Questions (With Context, Not Just Documents)

Expect a Q&A phase where the buyer asks follow-up questions. This can feel repetitive, but it’s where deals are clarified.

A common mistake is to answer “yes/no” without context. If something is technically true but practically low-risk, it can help to explain it clearly (and consistently) so it doesn’t snowball into a pricing dispute later.

4) Identify “Fixes” Vs “Deal Terms”

Once issues are identified, there are usually three ways to handle them:

Fix it before completion (e.g. get missing assignments signed, update a policy, obtain a consent)
Allocate it in the contract (warranties, indemnities, retention/escrow)
Accept it and price for it (if the risk is real and not easily fixed)

For example, if contracts need to be transferred to a new entity, that might require a novation - documented in a Deed Of Novation - rather than a simple “assignment”. Whether consent is needed (and from whom) depends on the contract terms and the transfer mechanism, so knowing the difference early avoids last-minute completion delays.

5) Finalise Disclosure And Sign The Sale Documents

In UK M&A, sellers usually give warranties about the business. The disclosure process is how the seller “qualifies” those warranties by fairly disclosing known issues (often by referencing documents in the data room).

This is a technical stage, and it’s worth getting it right. If disclosures are unclear or incomplete, disputes can arise later about whether the buyer was properly informed.

Common Red Flags That Can Derail Small Business M&A Deals

Not every issue is a deal breaker - but some issues regularly cause renegotiations, delays, or a buyer walking away. Here are red flags we often see in due diligence for mergers and acquisitions for SMEs.

Missing Or Unclear IP Ownership

This is especially common where founders, freelancers or agencies created key assets without properly documenting IP transfer. If the company can’t prove it owns the IP, a buyer may treat it as a fundamental risk.

Key Contracts Not Signed (Or Not Transferable)

If your biggest customer contract is unsigned, expired, or terminable on change of control, it can materially affect valuation.

Similarly, if the business needs to transfer customer agreements in an asset sale, you may need a formal transfer mechanism - potentially a Deed Of Assignment in the right context - and, depending on the contract, you may need the customer’s consent (and in some cases a novation may be required instead of an assignment).

Employment Misclassification Or Informal Arrangements

If “contractors” look like employees in practice, or if key staff are missing clear written terms, buyers may factor in potential claims (holiday pay, notice, unfair dismissal risk depending on service length, etc.).

Data Protection Gaps

No privacy notice, unclear consent practices, weak security, or historic data breaches without proper handling can all raise concerns - especially for online businesses. These are often fixable, but they can delay the deal if left too late.

Undisclosed Disputes Or Customer Refund/Complaint Patterns

Ongoing disputes, threatened claims, IP complaints, or a pattern of refunds can become a “trust issue” in diligence. Even where you’ve done nothing wrong, you’ll want clear documentation and consistent explanations.

Inconsistent Company Records

If the cap table doesn’t match Companies House filings, or share issuances aren’t properly documented, it can take time (and cost) to fix. This is one of those “small admin” issues that becomes very important when you’re trying to close a deal on a deadline.

Key Takeaways

Due diligence in mergers and acquisitions is a structured investigation that helps buyers confirm value and uncover legal, financial and operational risk before completion.
For small businesses and startups, being organised early (data room, signed contracts, clear IP chain) can reduce delays and improve negotiating power.
Mergers and acquisitions due diligence commonly covers corporate structure, key contracts, employment, IP, GDPR compliance, and regulatory/tax risk.
Not every issue is a deal breaker, but common red flags include missing IP assignments, unsigned or non-transferable contracts, informal employment arrangements, and data protection gaps.
Due diligence findings usually feed directly into deal terms - including price adjustments, pre-completion fixes, warranties, indemnities, and liability caps.
Because every deal is different, it’s worth getting tailored legal advice so your due diligence approach matches your transaction structure and risk profile.

If you’d like help with M&A due diligence or getting your business ready for a sale, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.

Alex Solo

Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.

Need legal help?

Get in touch with our team

Tell us what you need and we'll come back with a fixed-fee quote - no obligation, no surprises.

Proceeding confirms you agree to our Privacy Policy

Need support?

Need help with your business legals?

Speak with Sprintlaw to get practical legal support and fixed-fee options tailored to your business.

Get Started Book A Call