AI Due Diligence In M&A Transactions: Emerging Legal Risks In Cross-Border Deals

Dhruv Daruka & Sanjana Bhandarkar, Symbiosis Law School, Pune, Symbiosis International University

ABSTRACT

Traditional merger and acquisition due diligence was designed at a time when tangible assets and traditional forms of intellectual property made up most of the value. The increasing role of artificial intelligence as the primary value driver when considering a potential acquisition means that existing due diligence frameworks show structural flaws that expose an acquirer to significant amounts of unidentified liability arising from algorithms and protecting data supply that carries regulatory risk. Thus, the author contends that the unique nature of AI assets require a completely independent and distinct due diligence process, or framework, from standard forms of intellectual property, data, or other forms of technology assessments. Drawing from the EU AI Act, the General Data Protection Regulation, the Digital Personal Data Protection Act of 2023 (India), and NIST's Framework for Risk Management of AI, this article provides a model due diligence assessment matrix composed of seven elements: dataset verification, the governance of models, regulatory compliance mapping, assessments of explainability, assessment of bias, cybersecurity controls, and warranties in contracts. Ultimately, the author asserts that if acquirers do not have a comprehensive AI-specific due diligence process in place, they will find themselves with a category of hidden liabilities that cannot be identified through the normal due diligence process.