M&A Due Diligence Checklist For Buyers And Sellers

If you’re buying a business (or selling one), it’s easy to get swept up in the headline figures: price, timing, and what the “deal” will look like after completion.

But the real risk (and the real value) often sits in the details you only uncover through M&A due diligence.

In plain English, M&A due diligence is the process of checking what you’re actually buying (or selling) before you sign. For small businesses, it’s often the difference between a smooth acquisition and a painful post-completion surprise.

Note: This article is general information for UK businesses and isn’t legal advice. Every deal is different, so get tailored advice before acting.

Below is a practical, UK-focused checklist you can use whether you’re the buyer running checks, or the seller getting your paperwork in shape so the deal doesn’t stall.

What Is Due Diligence For M&A (And Why Does It Matter)?

Due diligence for M&A is a structured review of a target business to confirm:

• What assets and liabilities exist (including hidden or “off-book” risks),
• Whether the business is legally compliant,
• Whether key contracts and relationships are stable, and
• Whether the value you expect is real (and will continue after the deal).

In the UK, due diligence typically runs alongside negotiation of the main transaction documents. Depending on the structure, those might include a Business Sale Agreement (for an asset purchase) or a Share Sale Agreement (for a share purchase).

Even if you’re doing a “friendly” deal (for example, buying a competitor down the road, or a supplier you’ve worked with for years), the checks still matter. Good due diligence isn’t about mistrust - it’s about getting clarity, pricing risk properly, and avoiding disputes later.

How To Set Up The Process So Due Diligence Doesn’t Drag On

Due diligence can feel overwhelming because it touches every part of a business. The trick is to set it up like a project with clear boundaries.

1) Agree The Deal Structure Early (Share Sale vs Asset Sale)

This changes what you need to review.

• Share sale: you buy the company “as is”, including its contracts, employees, historic liabilities, and any unknown risks. This usually means deeper due diligence and stronger warranties/indemnities.
• Asset sale: you buy selected assets (and sometimes take on specific liabilities), which can reduce legacy risk - but you’ll need to ensure key contracts and licences can be transferred.

If contracts need transferring, you may need the other party’s consent. Sometimes rights can be assigned (if the contract allows), but transferring both rights and obligations is often done by novation. A Deed of Novation is commonly used for this.

2) Use A Clear Information Request List (And A Secure Data Room)

Buyers usually send a due diligence questionnaire or request list. Sellers provide documents through a data room (even a well-organised shared drive can work for smaller deals, as long as access is controlled and versioning is clear).

For sellers, a simple rule helps: if a buyer has to chase for documents or keep getting inconsistent versions, they start to worry there are bigger issues underneath.

3) Put Confidentiality In Place Before Sharing Anything Sensitive

Before financials, customer lists, supplier terms, pricing, or staff details are shared, you’ll usually want an NDA in place.

This is especially important if talks fall through - you don’t want a would-be buyer walking away with your commercial playbook. A tailored Non-Disclosure Agreement helps set clear boundaries around permitted use, who can access information (including advisers), and what must be returned or destroyed.

4) Decide What “Good” Looks Like (And What’s A Dealbreaker)

Not every issue uncovered is fatal. The point is to:

• identify which issues can be fixed pre-completion,
• agree price adjustments for risk, and/or
• use contractual protections (like warranties, indemnities, and retention/escrow).

If you don’t decide your red lines early, due diligence can spiral into endless document review with no clear outcome.

A Practical Due Diligence Checklist For Buyers (UK Focus)

Every transaction is different, but most M&A due diligence in the UK covers the areas below. Think of this as your “minimum viable” checklist - and then expand it depending on the industry (regulated sectors, health services, financial services, food businesses, etc.).

1) Corporate And Ownership Checks

• Company details: confirm the registered name, number, address, and filing history at Companies House.
• Share capital and shareholders: confirm who owns what, and whether there are any options, convertible instruments, or informal arrangements.
• Articles and governance: review the constitution and decision-making rules (especially if consents are required for a sale or for director actions). It can be helpful to have the Articles of Association checked so you know whether the deal can be properly approved.
• Shareholder arrangements: check whether there’s a Shareholders Agreement and whether it contains transfer restrictions, pre-emption rights, leaver provisions, or veto rights that could block (or complicate) the transaction.
• Authority to sell: confirm board/shareholder approvals are in place (or can be obtained) and that the signatories have authority.

2) Material Commercial Contracts

For many small businesses, the value is in relationships: customers, suppliers, distribution channels, and recurring revenue.

• Customer contracts: check key terms: pricing, renewal, termination rights, service levels, limitations of liability, and whether a change of control triggers termination.
• Supplier contracts: confirm exclusivity, minimum order commitments, price increase provisions, and termination rights.
• Leases and property licences: see whether there are restrictions on assignment, novation, or change of control, and whether consents are required.
• Standard terms: review the business’s standard terms and conditions for risk allocation and enforceability.
• Disputes and defaults: ask whether any key contracts are currently in breach, disputed, or being renegotiated.

Tip for buyers: don’t just read what the contract says - ask how it works in practice. A contract might say “30 days’ notice”, but if the relationship is fragile, the practical risk is higher.

3) Employment, Contractors, And Workplace Policies

Employees can be one of the biggest risk areas in a transaction, especially if the business relies on a small number of key people.

• Employment status: confirm who is an employee vs worker vs contractor, and whether any contractors could claim employment rights.
• Contracts: check whether written Employment Contract documentation is in place, and whether it includes confidentiality, IP, notice, and post-termination restrictions where appropriate.
• Pay and benefits: confirm compliance with National Minimum Wage, holiday pay, pension auto-enrolment, and any commission/bonus arrangements.
• Claims and disputes: check for grievances, tribunal claims, settlement agreements, and any historic issues that could re-emerge.
• Key person risk: identify founders or senior staff whose exit would materially harm the business, and consider retention arrangements.

If it’s an asset sale, you’ll also want to think about TUPE (the Transfer of Undertakings (Protection of Employment) Regulations 2006), which can apply where there’s a transfer of an undertaking (or a service provision change) and may automatically transfer employees and related liabilities to the buyer.

4) Intellectual Property (IP), Brand, And Ownership Of Work Product

Small businesses often underestimate how much value sits in intangible assets: the brand, code, content, systems, and know-how.

• Trade marks, logos, trading names: confirm ownership and registration status (and whether any third-party claims exist).
• Copyright and software: confirm the business owns what it thinks it owns, particularly if freelancers/contractors were used without clear IP assignment terms.
• Licences: check any inbound licences (software subscriptions, data sources, content licences) and whether they’re transferable.
• Website and domain: confirm who controls the domain registrar account and hosting access.

If the business’s core value is in IP (for example, a SaaS product), due diligence here can be deal-defining.

5) Data Protection And Privacy (UK GDPR)

If the business processes personal data (customer details, mailing lists, employee records, CCTV footage, health data, etc.), you’ll want to check compliance with the UK GDPR and the Data Protection Act 2018.

• Privacy documentation: confirm the business has an appropriate Privacy Policy and that it reflects what the business actually does.
• Data security: review security practices, access control, and breach response processes.
• Processor relationships: check whether contracts with suppliers who process personal data (e.g. cloud providers, payroll providers, marketing platforms) include appropriate data protection terms.
• Data breaches and complaints: ask whether there have been reportable breaches or ICO complaints, and how they were handled.

For buyers, privacy issues matter because fines and enforcement risk can follow the business - and reputational damage can be even more expensive than a fine.

6) Property, Assets, And Operational Reality

• Title/ownership: confirm the business owns key assets it claims to own (equipment, vehicles, stock, machinery).
• Leases: review rent, term, break clauses, repair obligations, and service charges.
• Licences and permits: confirm any sector-specific permissions are in place (and transferable if needed).
• Insurance: check what insurance exists (public liability, professional indemnity, employers’ liability) and whether there are known circumstances that may lead to claims.

On smaller deals, this is also where a quick site visit and a practical “walk-through” can uncover issues that documents don’t show (like poorly maintained assets, missing safety processes, or reliance on one supplier).

7) Disputes, Debt, And “Hidden” Liabilities

• Litigation: identify threatened or ongoing claims (customer disputes, supplier disputes, IP claims, employment disputes).
• Debt and security: check whether there are charges registered against the company, and what repayment terms apply.
• Warranties and refunds: in consumer-facing businesses, assess exposure under the Consumer Rights Act 2015 (for example, recurring complaints or high refund rates can be a warning sign).
• Compliance history: check whether the business has had regulatory enforcement action, warnings, or licence issues.

If you want a more structured approach, a dedicated Legal Due Diligence Package can help keep the process consistent and ensure you’re not missing the “quiet” risks that only show up later.

Seller’s Checklist: How To Get Due Diligence-Ready (And Keep Your Valuation Strong)

If you’re the seller, due diligence can feel like an interrogation. But here’s the good news: sellers who prepare properly tend to:

• move faster to completion,
• avoid last-minute renegotiations, and
• reduce the risk of price chips and heavy-handed indemnities.

Clean Up Your Corporate Housekeeping

• Make sure statutory registers are up to date.
• Confirm Companies House filings are current and accurate.
• Locate signed copies of key governance documents and approvals.
• Make sure any shareholder arrangements match reality (and fix inconsistencies early).

Get Your Key Contracts In Order

• Gather the latest signed versions of key customer/supplier contracts.
• Identify which contracts require consent to transfer or have change-of-control termination rights.
• Prepare a short summary of “top 10” relationships (value, renewal date, termination notice).

Fix Gaps In Employment Documentation

• Ensure staff have contracts, job titles align with what they do, and pay arrangements are documented properly.
• Check that contractors have clear terms around confidentiality and IP.
• Confirm holiday records and working arrangements are consistent (especially where flexible work has evolved informally).

Be Ready To Explain Any Weirdness

Not every issue needs to be “perfect” - but surprises are what hurt deals.

If there was a dispute last year, or a key customer is on a rolling month-to-month arrangement, you can still sell. You just want to be able to explain it clearly and show how the risk is managed.

Common Red Flags That Slow Down (Or Kill) Small Business M&A Deals

Most M&A deals don’t collapse because of one dramatic problem. They usually fall apart because of a pattern: inconsistent records, unclear ownership, and risk that can’t be priced confidently.

Here are common red flags we see in small business transactions:

• Unclear ownership of shares or IP (especially where founders have “handshake” arrangements).
• Key contracts not in writing, or contracts missing basic protections like limitation of liability and clear termination rights.
• Change-of-control termination rights in major customer or supplier contracts that could wipe out value after completion.
• Employees or contractors without proper documents, creating uncertainty around confidentiality, IP ownership, and termination.
• Data protection gaps, particularly where marketing lists have been built without clear consent or compliant notices.
• Ongoing disputes that are “probably fine” but not documented, making it hard for the buyer to quantify risk.
• Cashflow issues hidden by timing (for example, heavy reliance on one-off projects rather than repeat revenue).

If you spot these early, you usually have options: fix them, ring-fence them, adjust the price, or build contractual protections. If you spot them late, you’re negotiating under pressure - and that’s when deals become expensive.

Key Takeaways

• Due diligence for M&A is your practical check on what you’re buying (or selling), and it’s one of the best ways to avoid expensive surprises after completion.
• Start with the deal structure (share sale vs asset sale) because it determines what risks you inherit and what needs to be transferred.
• A solid due diligence review usually covers corporate ownership, contracts, employment, IP, privacy/data protection, property/assets, and disputes/liabilities.
• Sellers who prepare early (clean records, signed contracts, organised data room) typically see faster deals and fewer price reductions.
• Look out for common red flags like unclear IP ownership, change-of-control termination rights, missing employment documentation, and UK GDPR gaps.
• Because every business is different, it’s worth getting tailored legal advice so your transaction documents match the risks uncovered in due diligence.

If you’d like help with due diligence for an acquisition or preparing your business for sale, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.