Due diligence is the investigation a buyer or investor conducts before committing to a transaction. It is the process through which the other side verifies that what you are selling matches what you say you are selling — and identifies the risks that come with it.
For founders and business owners, due diligence can feel intrusive. Someone you may have only recently met will ask to see your contracts, your financial records, your employee arrangements, your IP portfolio, your data processing practices, and more. But understanding the process — and preparing for it — is one of the most effective ways to protect your position and keep a deal on track.
This article walks you through what to expect, how to prepare, and where the common pitfalls lie.
Due diligence serves different purposes depending on where you sit at the table.
For the buyer or investor, it is about risk identification. They want to confirm the value of what they are acquiring, understand the liabilities they are taking on, and identify anything that could affect the price or the structure of the deal. The findings feed directly into the purchase agreement — they shape the representations and warranties the seller will be asked to give, the indemnities that will be negotiated, and in some cases whether the deal proceeds at all.
For the seller, due diligence is about credibility. A well-prepared data room signals professionalism and reduces the buyer’s perception of risk. Gaps, missing documents, or surprises discovered late in the process erode trust, create leverage for price reductions, and can delay or kill a transaction. The sellers who fare best are those who anticipate what will be asked and have their house in order before the process begins.
Due diligence is not a single exercise — it is a series of parallel investigations, each focused on a different dimension of the business. The scope varies depending on the size and nature of the transaction, but most deals involve the following workstreams.
This is the foundation. The buyer’s legal team will examine your corporate structure, articles of association, shareholder agreements, board resolutions, and any existing shareholder arrangements. They want to confirm who owns what, whether there are any restrictions on transfer, and whether the corporate governance is clean.
Common issues that surface here include outdated articles of association that do not reflect the current reality of the business, informal shareholder arrangements that were never documented, historical board decisions that were not properly recorded, and outstanding disputes or litigation that may not have been disclosed upfront.
For Belgian companies, the buyer will also verify compliance with the Belgian Code of Companies and Associations (WVV) — including whether the company has met its obligations around financial planning, alarm bell procedures, and annual filings.
Financial due diligence goes beyond reading the annual accounts. The buyer’s financial advisors will analyse revenue quality and sustainability, customer concentration, working capital patterns, debt and financing arrangements, off-balance-sheet liabilities, tax positions, and the reliability of management reporting.
They are looking for normalised earnings — what the business actually generates on a recurring basis, stripped of one-off items, owner-related expenses, and accounting choices that may flatter or distort the picture. This normalised figure is what drives the valuation.
For sellers, the most common source of friction is the gap between how you understand your financials and how a buyer’s advisor reads them. Items you consider normal — a one-off project, a related-party transaction, an aggressive depreciation policy — may be flagged as risks or adjustments. The earlier you identify these gaps, the better you can explain them.
For technology companies, creative businesses, and innovation-driven enterprises, IP due diligence is often where the most value — and the most risk — sits.
The buyer will want to see a complete picture of your IP portfolio: trademarks, patents, designs, domain names, trade secrets, and copyright-protected works. For each asset, they will ask who owns it, whether it is properly registered, whether registrations are current, and whether there are any encumbrances or licences that limit how the IP can be used.
Ownership is frequently the most sensitive issue. If your company developed software using freelancers or contractors, does the company actually own the code? If a founder created the brand before incorporating, was the trademark properly assigned to the company? If employees contributed to inventions, do your employment agreements include proper IP assignment clauses? These questions sound straightforward, but the answers are often less clean than expected.
Beyond ownership, the buyer will assess infringement risk — both whether your IP is being infringed by others and whether your business might be infringing someone else’s rights. Open source software usage is a particular focus area: if your product incorporates open source components with copyleft licences, the buyer needs to understand the implications for the codebase.
IT due diligence has become increasingly important as more businesses depend on technology infrastructure, SaaS platforms, and data-driven operations. The buyer will examine your technology stack, hosting arrangements, key vendor contracts, software licences, cybersecurity posture, and business continuity planning.
For SaaS businesses, the focus will include customer data architecture, uptime and SLA commitments, scalability, and technical debt. For all businesses, the buyer will want to understand key-person risk in the technology team — whether critical systems depend on one or two individuals whose departure could create operational problems.
IT contracts are another common area of scrutiny. Are your key vendor agreements assignable in a change-of-control scenario? Do your software licences permit the intended post-acquisition use? Are there auto-renewal traps or termination rights that could be triggered by the transaction itself?
GDPR compliance is no longer a niche concern — it is a standard due diligence workstream. The buyer will ask for your Records of Processing Activities (RoPA), your data processing agreements with suppliers, your privacy notices, your data breach history, and evidence of any Data Protection Impact Assessments you have conducted.
What they are really looking for is whether your data processing practices create liability. Common red flags include processing personal data without a valid legal basis, transferring data outside the EEA without adequate safeguards, relying on consent that was not properly obtained, having no documented retention policy, and using tracking technologies on your website without proper consent mechanisms.
For data-intensive businesses, the buyer may also commission a technology audit of your website and digital properties to identify tracking pixels, analytics tools, and third-party scripts that may not be disclosed in your privacy documentation. The gap between what your privacy policy says and what your website actually does is one of the most frequently discovered issues in modern due diligence.
The buyer will review your key commercial agreements — customer contracts, supplier agreements, distribution arrangements, partnership deals, and any framework agreements that generate significant revenue.
They are looking for concentration risk (too much revenue from too few customers), unfavourable terms that cannot be renegotiated, change-of-control clauses that could allow counterparties to terminate on a sale, and any unusual commitments or guarantees that could create post-acquisition liability.
Non-compete and exclusivity arrangements deserve particular attention. If you or key employees are bound by restrictions that would limit the business post-acquisition, the buyer needs to know.
Employment due diligence covers your workforce structure, employment contracts, benefit arrangements, bonus schemes, and any ongoing or threatened disputes. In Belgium, the buyer will pay particular attention to the application of social legislation, collective bargaining agreements, and the implications of a transfer of undertaking under Belgian employment law.
Key person retention is a major concern in many deals. If the value of the business depends heavily on specific individuals — as it often does in professional services, technology, and creative businesses — the buyer will want to understand what keeps those people in place and what incentives might be needed post-closing.
All of this information is typically shared through a virtual data room — a secure online platform where the seller uploads documents and the buyer’s advisors review them. A well-organised data room makes the process faster, reduces follow-up questions, and signals to the buyer that the business is well managed.
The structure of the data room usually mirrors the due diligence workstreams: corporate documents, financial information, IP, IT, data protection, commercial contracts, employment, real estate, insurance, regulatory, and litigation. Within each section, documents should be clearly named, logically ordered, and complete.
The single most common mistake sellers make is underestimating how long it takes to assemble a complete data room. Gathering every relevant contract, board resolution, registration certificate, and policy document across a business that has been operating for years is a substantial project. Starting early — ideally months before the process begins — avoids the scramble that creates gaps and delays.
Due diligence findings do not simply result in a pass or fail. They feed into the negotiation of the transaction documents in several ways.
Price adjustments. If the financial due diligence reveals that normalised earnings are lower than initially presented, or that there are undisclosed liabilities, the buyer will typically seek a price reduction or adjust the valuation methodology.
Representations and warranties. The seller will be asked to make specific statements about the business in the purchase agreement — that the IP is properly owned, that there are no undisclosed disputes, that tax filings are current, and so on. The scope and specificity of these representations is directly shaped by what the due diligence uncovered.
Indemnities. Where a specific risk is identified but the parties agree to proceed, the seller may be asked to provide a specific indemnity — a promise to compensate the buyer if that particular risk materialises after closing.
Conditions precedent. Some issues may need to be resolved before the deal can close. A missing IP assignment, an expiring key contract, or a regulatory approval may become a condition that must be satisfied between signing and closing.
Deal structure. In some cases, due diligence findings influence the structure of the transaction itself — for example, shifting from a share deal to an asset deal to ring-fence specific liabilities, or introducing an earn-out to bridge a valuation gap created by uncertainty in the financial projections.
The best due diligence preparation starts long before a transaction is on the table. Businesses that maintain clean corporate records, properly document their IP ownership, keep their contracts organised, and stay on top of compliance obligations will always have an easier time in a transaction process.
If a deal is already in prospect, here are the practical steps that make the biggest difference:
Assemble your data room early. Start gathering documents as soon as a transaction becomes likely. Corporate documents, financial records, key contracts, IP registrations, employment agreements, and compliance documentation all take time to collect and organise.
Run your own pre-due diligence. Before the buyer’s advisors arrive, review your own position critically. Are your trademark registrations current? Are your data processing agreements in place? Are there any contracts with change-of-control clauses? Identifying issues early gives you time to fix them or prepare explanations.
Brief your team. Due diligence involves management time. Your finance team, IT lead, HR manager, and legal counsel will all be drawn into the process. Make sure they understand what is coming and are available to respond to queries promptly.
Control the narrative. Where there are known issues — and there always are — it is better to disclose them proactively with context than to have them discovered by the buyer’s advisors. A problem you explain is a manageable risk. A problem they discover is a trust issue.
At Pitch, we advise on due diligence from both sides of the table — for buyers conducting investigations and for sellers preparing for them. Our practice areas map directly onto the core due diligence workstreams: intellectual property, IT and AI, data protection, and corporate and commercial law.
For sellers, we help assemble and review data rooms, identify and remediate issues before they become deal risks, and ensure that IP portfolios, data protection compliance, and commercial contracts are in the best possible shape before the buyer’s advisors begin their work.
For buyers, we conduct targeted legal due diligence across our practice areas, with particular depth in IP ownership and portfolio analysis, technology contract review, GDPR compliance assessment, and corporate structure verification.
Where financial analysis is needed, our Corporate Finance Studio provides the analytical tools for valuation, scenario modelling, and financial health assessment — giving both sides a clear, data-driven picture of what the business is worth and where the risks lie.
Pitch is the law firm for innovators and creatives. If you are preparing for a transaction and want to understand your due diligence position, get in touch or schedule a meeting with our team.
%402x.svg){kind=small}
%402x.svg){kind=icon}
%402x.svg){kind=icon}
