By the time legal due diligence starts, the deal has usually moved from interest to intent. An investor leans in, or a buyer is starts to ask serious questions. The company has already sold the opportunity: the product, the traction, the market and the growth story. Then the focus shifts. The conversation moves from what the business could become to how carefully it has been built.
That is when diligence can catch founders off guard.
The questions start reaching back into decisions made months or even years earlier. Who created the first version of the product? Were early contractors properly signed up? Does the cap table match the company records? Are the customer contracts as strong as the revenue story suggests?
Some answers are easy to give. Others may be buried in old inboxes, unfinished paperwork or informal decisions that made sense at the time but were never properly recorded. Suddenly due diligence starts to feel less like a formality and more like a test of the company’s legal foundations.
For founders, this can feel disruptive because diligence often arrives when momentum matters most. If gaps are only discovered once the round or deal is already moving, they can create extra questions, slow the process down and put pressure on the team at exactly the wrong time.
A cleaner legal foundation makes diligence easier. It helps investors and buyers get comfortable faster, and it gives founders fewer issues to deal with under pressure.
Legal due diligence is often spoken about as if it is a simple checklist. In practice, investors are looking for more than a folder of documents. They want confidence that the company has been built with care, and these documents help tell that story. They show whether the company owns its product, whether the ownership structure is clear, whether key contracts support the commercial story, and whether the records have kept pace with the business as it has grown.
Diligence is about risk, but it is also about trust.
A missing document does not always create a serious problem, but repeated gaps can make investors look more closely. For example, if the IP records are unclear, they may start asking more questions about contractors. If the cap table does not tie up neatly, they may wonder how carefully early investment was managed.
For buyers, diligence is closely tied to valuation. A buyer is trying to understand what it is acquiring and whether anything could reduce the value of the business after completion. In a tech company, that value often sits in the product, the customer relationships, the technical know-how and the team that keeps everything moving.
If there are gaps around ownership, customer contracts or data protection, those points may affect the price, the deal structure or the warranties a buyer asks for. The buyer may still want the business, but it will want to understand the risk before it commits.
Clean records do not guarantee a deal, but they make it easier for a buyer to trust what they are buying.
IP ownership is usually one of the first areas investors and buyers review in a tech company. They want comfort that the company owns, or has the right to use, the product it is selling. That often means looking back at how the product was created, especially in the early days when the business may have been moving quickly and relying on informal arrangements.
A founder may have built the first version before the company existed. A contractor may have helped develop the product before a proper agreement was signed. At the time, everyone was focused on getting the product moving. During diligence, that early informality can become a question that needs answering.
Investors and buyers want to see that the value sits inside the company. The company should be able to show how the product was created and how ownership moved into the business. That usually means signed founder IP assignments, employment contracts with clear IP clauses, and contractor agreements that properly assign work to the company. If third-party technology is used, the business should also understand the licence terms and any restrictions attached to them.
For AI companies, the ownership story may need more explanation. Investors or buyers may ask about model providers, training data, customer data use, workflows and the terms that apply to outputs. The company does not need to overwhelm the process with unnecessary detail, but it should be able to explain what the product relies on and what rights the business has.
A cap table tells investors and buyers who owns the company and what has been promised. It should be easy to read and consistent with the company’s records. If the cap table does not match Companies House filings, option records or investment documents, diligence becomes slower and more difficult.
A messy cap table rarely happens in one dramatic moment. It usually builds through early decisions that felt practical at the time. A founder may have promised advisor equity informally, accepted a small investment on unusual terms, or discussed options without completing the paperwork. By the time a new investor or buyer is reviewing the company, those small gaps can make the ownership story harder to explain.
Investors and buyers also want to understand what happens next. They may look at the option pool, outstanding convertible instruments, investor rights and any approvals needed before a transaction can complete. These issues affect valuation, control and how future growth will be shared.
For founders, the goal is to make the ownership story clear. Who owns the company? What has been promised? What changes when the next round or sale happens? If the company can answer those questions easily, the process usually runs more smoothly.
Investors and buyers care about revenue, but they also care about the contracts that support that revenue. A growing SaaS or AI company may have strong customer traction, but diligence will look at the terms behind those relationships. If customers can leave easily, if liability is too broad, or if key contracts contain restrictions on assignment or change of control, the value of that revenue may look less secure.
Many startups have a mix of standard terms, negotiated agreements and customer paper. That is normal. What matters is that founders understand where the risk sits before an investor or buyer finds it first.
Founders should know which customer contracts matter most. For a funding round, that may mean the customers that show traction and repeatability. For an exit, it may mean the contracts that represent the largest part of the company’s value.
Those contracts should be signed, complete and easy to find. The company should also understand any terms that could affect the deal, especially around termination, liability, data protection, IP, exclusivity, renewal or assignment. A buyer or investor should not have to piece together the commercial position from scattered emails and unsigned drafts.
Data protection is now a standard part of tech diligence. Investors and buyers will want to understand how personal data moves through the business and whether the company’s documents reflect what the product actually does. The questions may start with privacy notices and DPAs, but they usually lead back to the same practical point: does the company understand its own data position?
This is where inconsistencies can create concern. If the privacy notice says one thing, the customer contract says another, and the product works differently in practice, diligence becomes more difficult.
The company does not need a heavy privacy programme from day one. It does need a clear and honest view of how data is used, who it is shared with and what promises have been made to customers.
If the company processes personal data for customers, the DPA position becomes important. Buyers and investors may ask whether customer DPAs are in place, whether sub-processors are listed properly, whether international transfers have been considered and whether the company has a process for handling data requests or breaches.
For AI companies, the questions can go further. If customer data touches model providers, testing processes or AI outputs, the company should be able to explain that clearly. If the company tells customers that their data is not used for training, the documents and product setup need to support that position.
AI companies should expect more detailed diligence. Investors and buyers may want to understand what the AI system does, what it relies on, and how the company manages the risks around it. They may ask about model providers, customer data, output review, training data and the way the product is described to customers.
They are assessing more than the technology itself. They are looking at whether the company can explain and control how the technology is used. This matters because AI risk can affect customer trust, regulatory exposure, contract terms and valuation.
Good AI governance requires the company to keep records that explain the product. An AI register, approved tool list, model provider terms, data-use records and customer-facing AI terms can all help show that the business has thought about how AI is being used. For higher-risk use cases, the company may also need a more careful assessment of human review, data protection and customer reliance.
The point is to show control. If the company can explain what the system does, what it depends on and how risk is managed, diligence becomes easier.
Open source software is part of how many tech companies build. It can help teams move quickly and avoid rebuilding standard components from scratch. During diligence, the question is whether the company knows what is in the codebase and what licence terms apply. Some licences are easy to manage, while others can create restrictions depending on how the software is used.
For SaaS companies, licences like AGPL deserve particular care because they can create obligations even where the software is accessed over a network. A buyer or investor may ask whether the company has an open source policy, whether it keeps a software bill of materials, and whether any higher-risk licences have been reviewed.
Open source issues can create concern because they may affect how the product can be used, distributed or commercialised. If a buyer discovers a restrictive licence late in the process, it may ask for remediation, extra warranties or a price adjustment. In some cases, the company may need to replace code or show that the licence does not affect the proprietary product in the way the buyer fears.
The stronger position is to know what is in the codebase before diligence starts.
Investors and buyers will also look at the team behind the company. They want to know that employees have proper contracts, that IP created by the team belongs to the company, and that key people are tied into the business in a way that supports continuity.
They may also review option grants, consultant arrangements, contractor status, disputes and any settlement agreements. The more important someone is to the product, sales pipeline or leadership team, the more their documents may matter.
This is especially relevant in tech businesses where a small number of people may hold a lot of product or technical knowledge.
Contractor status can become a diligence issue
Many startups rely on contractors early on. That can work well, but the setup should match how the relationship works in practice.
If someone has been working like an employee for a long time, using company systems and operating as part of the internal team, buyers and investors may ask whether there is employment status or tax risk. Long-term or highly integrated contractors should be reviewed before diligence starts, especially where their work is central to the product or operations.
Tax diligence looks at whether the company’s tax position is clean, understandable and properly supported. Investors and buyers may review corporation tax, VAT, payroll taxes, EMI and any overseas tax exposure. They want to understand whether there are unpaid liabilities, uncertain positions or issues that could create future cost.
For tech companies, R&D claims often receive particular attention. These claims can be valuable, but they need to be properly supported and consistent with the company’s actual development activity. If the company has claimed R&D relief, it should be able to explain the basis of the claim and produce the supporting records.
EMI is both a people issue and a tax issue. If options have been promised or granted, diligence may review whether the scheme was set up properly, whether valuations were obtained, whether grants were documented and whether filings were completed.
A well-managed EMI scheme can support the company’s hiring and retention story, avoiding tax questions and employee expectation issues.
Legal due diligence is much easier when the company has been keeping its legal foundations clean as it grows.
Investors and buyers are trying to understand whether the business supports the value being presented to them. They will look at the product, the ownership structure, the customer relationships, the data position, the team and the records that show how the company has been built. The cleaner those foundations are, the easier it is for the process to move with confidence.
For tech and AI founders, the best approach is to build good legal habits before diligence begins. Keep the paper trail clean, understand where the risks sit, and fix the gaps while there is still time to deal with them properly.