← Findings 🕐 6 min read
Findings

The M&A AI Diligence Checklist: What to Ask the Target Before You Close

Brandon Sneider · April 2026

If you are in a live deal process, the AI workstream is now the thing that kills the price or the deal.

Executive Summary

  • AI diligence is now a separate workstream in mid-market M&A. The risks are not hypothetical. Bartz v. Anthropic produced a proposed $1.5 billion settlement ($3,000 per book × 500,000 pirated works) — a template plaintiffs and regulators are now applying to any acquirer that inherits a model trained on unlicensed content.
  • Representations & Warranties insurers are increasingly excluding AI-specific risks. That shifts exposure back to the buyer’s balance sheet through escrow or self-insurance.
  • The target’s biggest AI liability is rarely on its IT diligence list. It is shadow AI: the tools employees and contractors use without contracts, without DPAs, and without output-ownership provisions in client work product.
  • AI-heavy targets are extending regulatory review timelines. Antitrust and national-security review is pulling AI-adjacent mid-market deals into longer HSR clocks than historical comparables.
  • Buyers using AI tools during diligence can breach their own NDA. Sophisticated counterparties are now negotiating AI-specific confidentiality provisions before the data room opens.

The 10 Questions to Ask the Target

1. Training data provenance. For every AI model the target developed, fine-tuned, or materially customized: where did the training data come from, what license or consent supports each dataset, and can the target produce a dataset lineage document? Shadow libraries, scraped web data, and user inputs absorbed into training create the Bartz v. Anthropic exposure pattern.

2. Shadow AI inventory. Produce a list of every AI tool in use by any employee or contractor, whether or not procurement approved it. Cross-reference to corporate card statements and SSO logs. The gap between the target’s stated tool list and actual usage is where most latent liability sits.

3. Data Processing Agreements. For every AI vendor the target uses, is a DPA in place and does it include AI-specific terms (training opt-out, data residency, model improvement rights, sub-processor disclosure)? DPAs written before 2024 typically do not.

4. Output ownership in client contracts. When the target’s employees use AI to produce deliverables for their clients, who owns the output and what has the target represented to the client? Most client contracts are silent. Some prohibit AI use entirely. Breach exposure accrues to the target — and then to you.

5. IP indemnification received and given. Which AI vendors indemnify the target against IP infringement claims arising from model output? Which don’t? And what has the target indemnified its own customers for? The 33% vendor-indemnification rate documented in the corpus means most targets carry uncovered downstream exposure.

6. Model-destruction risk. Has any regulator, plaintiff, or vendor ever demanded destruction of a model or dataset the target owns? Is any such demand pending? Regulators have forced model destruction when training data was processed unlawfully — a write-off the acquirer inherits.

7. Open-source model license compliance. If the target uses Llama, Mistral, or other open-weights models, does its use comply with the community license (user-count thresholds, acceptable-use policies, attribution)? Most mid-market targets have not mapped this.

8. Key-person concentration. How many people at the target could leave and materially degrade the AI capability? If the answer is fewer than three, structure protection through retention escrow, earn-outs tied to deployment milestones, or acquihire treatment.

9. Regulatory classification. Does any AI system the target operates fall under EU AI Act high-risk classification (Aug 2, 2026 enforcement), NAIC model bulletin scope, SR 11-7 parallel requirements, or state AI employment laws (Colorado SB 205, NYC LL 144, Illinois AIVIA)? Compliance cost gaps flow directly into valuation.

10. AI-specific representations and warranties. Based on the prior nine answers, which reps will the seller give? At minimum: rights to all training data, absence of material data-protection or IP violations, accuracy of disclosures about model architecture and performance, absence of undisclosed third-party dependencies, compliance with AI-specific regulations (Skadden 2026 Insights framework).

What Changes in Deal Structure

Issue 2024 Treatment 2026 Treatment
R&W Insurance Standard coverage AI-specific exclusions common; buyer self-insures or escrow
Training data Not separately diligenced Dedicated dataset-lineage workstream
Shadow AI Absorbed in IT diligence Separate inventory + output-ownership review
Key AI engineers Standard retention bonus Retention escrow + earn-out tied to model maintenance
NDA Standard confidentiality Explicit AI-ingestion provisions before data room opens
Regulatory review 30-day HSR Extended review for AI-adjacent targets (antitrust + national security)
Closing covenants Standard ordinary-course No material changes to model architecture, datasets, or key personnel

Key Data Points

Data Point Source Date Credibility
Bartz v. Anthropic proposed settlement: $3,000/book × 500,000 books = $1.5B Shumaker LLP, “AI Related M&A Risks” 2025 HIGH — primary law firm analysis of public filings
73% of PE firms run digital due diligence on most deals Accenture, “Agentic AI Is Redefining Private Equity in 2026” 2026 HIGH (vendor — apply caveat)
R&W insurers “increasingly exclude AI-specific risks” Skadden, “M&A in the AI Era” (2026 Insights) Jan 2026 HIGH
Only 33% of AI vendors provide IP indemnification Existing corpus (AI MSA Standard Terms Comparison) 2026 HIGH
88% of vendor liability caps sit at or below one month of fees Existing corpus (AI MSA Standard Terms Comparison) 2026 HIGH
EU AI Act high-risk enforcement EU Commission Aug 2, 2026 HIGH — statutory
Getty Images v. Stability AI — active training-data infringement case Hunton, “IP Due Diligence Tips for AI Assets” 2026 HIGH
NAIC model bulletin on AI in insurance NAIC 2020, updated 2023 HIGH — regulatory

What This Means for Your Organization

If you are in a live deal process, the AI workstream is now the thing that kills the price or the deal. A 2022 diligence checklist will miss the three risks that matter most in 2026: unlicensed training data inherited through the target’s models, shadow AI sitting under every employee contract, and a vendor stack whose liability caps and indemnification gaps leave the acquirer exposed on day one.

For sellers, the same analysis runs in reverse. The targets getting full valuation in 2026 are the ones that can hand the buyer a dataset-lineage document, a shadow-AI inventory, a DPA audit with all AI vendors, and a clean set of AI-specific reps the seller can give without a knowledge qualifier. Sellers that cannot produce those documents are the ones seeing bids withdrawn or pricing cut in the final week.

The questions in the checklist above are not exotic. They are what sophisticated buyers and their counsel are already asking. The exposure shows up in deals where nobody asked them. If you are about to sign an LOI on the buy-side or the sell-side and the AI workstream is not already scoped, that is worth a conversation — brandon@brandonsneider.com.

Sources

  1. Skadden, Arps, Slate, Meagher & Flom LLP — “M&A in the AI Era: What Buyers Can Do to Confirm and Protect Value,” 2026 Insights (January 2026). Primary framework for AI-specific reps, warranties, closing covenants, and R&W insurance treatment. https://www.skadden.com/insights/publications/2026/2026-insights/sector-spotlights/ma-in-the-ai-era. Credibility: HIGH.

  2. Hunton Andrews Kurth LLP — “IP Due Diligence Tips For AI Assets In M&A Transactions.” Training data licensing, open-source model license compliance, trade secret protection, IP indemnification. https://www.hunton.com/insights/publications/ip-due-diligence-tips-for-ai-assets-in-m-a-transactions. Credibility: HIGH.

  3. Shumaker, Loop & Kendrick, LLP — “AI Related M&A Risks: Acquiring Hidden Liabilities from AI Models.” Primary source for Bartz v. Anthropic settlement math, model-destruction risk, governance gaps. https://www.shumaker.com/insight/ai-related-ma-risks-acquiring-hidden-liabilities-from-ai-models/. Credibility: HIGH.

  4. Mayer Brown — “7 Practical Ways to Use AI in M&A Transactions,” September 2025. Contract review workflow for buy-side diligence and sell-side disclosure schedule preparation. https://www.mayerbrown.com/en/insights/publications/2025/09/7-practical-ways-to-use-ai-in-manda-transactions. Credibility: HIGH.

  5. Kohrman Jackson Krantz (KJK) — “AI and M&A NDAs: Managing Artificial Intelligence Risks in Confidentiality Agreements,” March 12, 2026. AI-specific NDA provisions. https://kjk.com/2026/03/12/ai-and-ma-ndas-managing-artificial-intelligence-risks-in-confidentiality-agreements/. Credibility: HIGH.

  6. Accenture — “Agentic AI Is Redefining Private Equity in 2026.” PE diligence penetration statistics. https://www.accenture.com/us-en/blogs/strategy/ai-redefining-private-equity. Credibility: HIGH (vendor — apply selection-bias caveat).

  7. MinterEllison — “Expert Guide: Legal Issues in Acquiring AI Companies.” Valuation-gap framing. https://www.minterellison.com/articles/expert-guide-legal-issues-in-acquiring-ai-companies. Credibility: HIGH.

  8. Bartz v. Anthropic — proposed class settlement documents (2025). Primary liability benchmark cited across all law firm guidance above.

  9. EU AI Act — Regulation (EU) 2024/1689, high-risk system enforcement effective August 2, 2026.

Brandon Sneider | brandon@brandonsneider.com April 2026