Key takeaways:
- Due diligence is a structured preliminary audit designed to identify hidden risks (tax liabilities, litigation, customer concentration, contested intellectual property) before committing to an acquisition, fundraising, or strategic partnership.
- There are several complementary types of due diligence: financial, legal, tax, commercial, technological, ESG, anti-corruption, integrity, and reputational. The scope to be covered depends on the nature and complexity of the transaction.
- Artificial intelligence is transforming the practice by reducing the time spent on document analysis by up to 70%, but it does not replace human judgment on sensitive issues.
- A poorly scoped or omitted due diligence always costs more than rigorous upfront planning: a liability discovered too late in an M&A transaction carries far greater weight than the cost of the preliminary audit.
Are you considering an acquisition, a fundraising round, a strategic partnership, or AI Act compliance? All of these projects have one thing in common: they require rigorous due diligence. 80% of M&A failures are associated with insufficient preliminary analysis. This guide helps you understand what due diligence is, its main types, its concrete process, and how artificial intelligence is now transforming this practice.
What does due diligence mean? Definition and origin of the term
A clear and accessible definition of due diligence
Due diligence is the set of verifications and analyses conducted prior to a strategic transaction (acquisition, fundraising, partnership) to identify risks, validate the information provided, and secure the decision. It is a structured, documented, and decision-oriented process.
Origin and translation of the term
The expression comes from American legal Englishpopularized after the Securities Act of 1933. In French, it is referred to as diligence raisonnable, audit préalable, audit d’acquisition, or vérifications nécessaires. In business practice, the term has become widely accepted since the 1990s because it better describes a method rather than a simple, one-off verification.
Origin and translation of the term
Due diligence is a voluntary process initiated by a company or an investor. On the other hand, the duty of care (devoir de vigilance) is a legal obligation arising from the French law of March 27, 2017, imposed on large companies with more than 5,000 employees in France. While the two concepts overlap, they should not be confused. Main associated legal obligations:
- Sapin II Law: anti-corruption prevention and third-party vetting.
- GDPR: data protection and data processing governance.
- Duty of Care (Devoir de vigilance): identification of violations of fundamental rights.
- CSRD: sustainability reporting and reliability of ESG information.
- AI Act: risk classification and compliance of AI systems.
Why conduct due diligence in your business?
Identify hidden risks before committing
Official documents provide a useful, yet incomplete picture.. A thorough due diligence process reveals tax liabilities, labor disputes, off-balance sheet liabilities, reliance on a single customer, contested intellectual property, or an out-of-compliance AI system. The most costly risks only emerge from cross-referencing documents and conducting interviews, and rarely from spontaneous disclosures.
Secure the valuation and negotiate with full knowledge of the facts
Financial due diligence allows for price adjustments if risks are identified. It also serves to structure asset and liability guarantee clauses, which protect the buyer in the event of a later discovery of an issue predating the transaction. It transforms an intuition into a solid basis for negotiation.
Anticipate legal and regulatory obligations
With the AI Act, CSRD, and the duty of care, due diligence is becoming a reflex of good governance, not just an M&A tool. To structure this approach and avoid blind spots, relying on a compliance consulting firm helps bridge the gap between regulatory requirements and implementation.
The different types of due diligence: a comprehensive overview
| Type | Ce que l'on vérifie | Pourquoi c'est clé |
|---|---|---|
| Financière | Comptes, trésorerie, BFR, EBITDA, dettes hors bilan | Valider la solidité économique |
| Juridique | Contrats, statuts, litiges, propriété intellectuelle | Sécuriser droits et obligations |
| Fiscale et sociale | Déclarations, URSSAF, paie, contentieux | Éviter les redressements |
| Commerciale | Marché, clients, concurrence, business model | Tester la soutenabilité du revenu |
| Technologique | IT, code source, sécurité, données | Mesurer la robustesse technique |
| ESG | Environnement, social, gouvernance | Répondre aux exigences de durabilité |
| Anti-corruption | Tiers, contrôles, alertes, formation | Réduire le risque Sapin II |
| Intégrité | Dirigeants, actionnaires, bénéficiaires effectifs, antécédents | Identifier les risques éthiques et de conformité |
| Réputationnelle | Couverture médiatique, sanctions, controverses, contentieux | Protéger l'image et la crédibilité de l'organisation |
Financial due diligence: the most historic and widely practiced. It analyzes accounts, balance sheets, forecasts, cash flows, working capital, and EBITDA to verify whether the stated profitability is sustainable.
Legal due diligence: : it covers contracts, articles of association, ongoing litigation, licenses, and regulatory compliance. It relies in particular on Article 1112-1 of the French Civil Code relating to the pre-contractual obligation to provide information, which is decisive in highly contractualized transactions.
Tax and labor due diligence: : verification of tax returns, URSSAF audits, employment tribunal litigation, and payroll compliance. A company can display good results while carrying a significant latent labor risk.
Commercial and strategic due diligence: : it examines the market, customer portfolio, competition, and business model. Central question: is the projected growth credible? Indispensable when the valuation relies on commercial promise rather than tangible assets.
Technological and cybersecurity due diligence : it focuses on IT infrastructure, source code, data security, and technological dependency risks. In tech companies, it is becoming as strategic as the financial audit.
ESG due diligence : growing under the influence of the CSRD and CS3D, it centers around three pillars: environmental, social, and governance. Essential in fundraising rounds, strategic partnerships, and public procurement contracts.
Anti-corruption due diligence (Sapin II) : for organizations with more than 500 employees and €100M in revenue. It relies on five pillars: third-party evaluation, code of conduct, training, whistleblowing mechanism, and accounting controls.
Integrity due diligence : in-depth verification of a third party’s integrity: executives, shareholders, ultimate beneficial owners, political connections, criminal records, and risks of corruption or fraud. It allows for clear-sighted decisions on whether or not to enter into a business relationship with a customer, supplier, partner, or M&A target. It provides you with the elements needed to justify your decisions to regulators, banks, and investors.
Reputational Due Diligence : analysis of a third party’s reputation through its media coverage, sanctions, ESG controversies, and stakeholder perception. The objective is to detect risks likely to affect the image and credibility of your own organization. It is also a commercial argument: you demonstrate to your customers and partners that you reduce their risk of being associated with a scandal or a problematic actor.
The 6 steps to conduct effective due diligence
Scope the perimeter and objectives
- Step 1
Define the scope based on the targeted transaction :financial, legal, ESG, AI, cybersecurity, or a combination. Ask yourself these questions:
- What is the exact purpose of the due diligence?
- Which risks do we want to prioritize?
- What depth of analysis is required?
Assemble a dedicated team
- Step 2
A solid team brings together a corporate lawyer, a chartered accountant, a governance consultant, an IT expert, and if needed, an ESG expert. For an SME or a mid-cap company, a corporate governance consulting firm can manage the entire process as a coordinator to prevent blind spots between disciplines.
Collect documents and access the data room
- Step 3
The virtual data room centralizes documents in a secure space. Here are the documents typically requested:
- Articles of association, K-bis (company registration certificates), and corporate registers.
- Annual accounts, forecasts, and financial reporting.
- Key contracts, leases, licenses, and insurance policies.
- Processing registers and compliance documents.
- HR records, payroll, and ongoing litigation.
Analyze documents and identify risks
- Step 4
The analysis is carried out using a criticality scale: high, medium, or low. This prioritization prevents all topics from being treated at the same level. Digital tools, including AI, help detect discrepancies, but expert review remains necessary for sensitive points.
Draft the due diligence report
- Step 5
The report must be actionable: executive summary, points of attention, recommendations, and appendices. A good report provides clarity for decision-making.
Integrate findings into the negotiation
- Step 6
The conclusions feed into price adjustments, liability guarantee clauses, conditions precedent, and the post-acquisition plan. Due diligence is not an end in itself: it is a decision-making tool serving the transaction.
AI and due diligence: the revolution underway
How artificial intelligence is transforming due diligence
AI accelerates large-scale document analysis: automated reading of thousands of pages, detection of high-risk clauses, supplier scoring, verification of sanctions lists, and automated KYC. Here are the concrete benefits:
- Time savings of up to 70% on the document analysis phase.
- Reduction of the overall cost on repetitive files.
- Finer detection of anomalies and inconsistencies.
- Better traceability of controls and extractions.
AI due diligence: auditing an artificial intelligence system
The benefits beyond mere obligation
Before acquiring a company that uses or develops AI, its systems must be audited. Points to verify:
- Mapping of the AI systems used or developed.
- Risk level according to the AI Act: unacceptable, high, limited, or minimal.
- Technical documentation and human oversight in place.
- Quality and provenance of training data.
- Risks of algorithmic bias and discrimination.
- Intellectual property of the models used.
- Dependency on third-party AI providers.
Before acquiring a company that uses or develops AI, its systems must be audited. Points to verify:
- Mapping of the AI systems used or developed.
- Niveau de risque au regard de l’IA Act : inacceptable, haut, limité ou minimal.
- Technical documentation and human oversight in place.
- Quality and provenance of training data.
- Risks of algorithmic bias and discrimination.
- Intellectual property of the models used.
- Dependency on third-party AI providers.
Limits and risks of AI in due diligence
AI has no judgment. It can produce errors in atypical cases or misinterpret a poorly structured document. The best practice: combine mass processing by AI with human validation on sensitive points. This approach is consistent with the human oversight requirements of the AI Act.
How much does due diligence cost and how long does it take?
The cost starts around €10,000 for an SME with a limited scope and can reach several hundred thousand euros for a complex and international transaction. The duration is generally between 4 and 12 weeks. Here are the factors that vary the cost:
The cost starts around €10,000 for an SME with a limited scope and can reach several hundred thousand euros for a complex and international transaction. The duration is generally between 4 and 12 weeks. Here are the factors that vary the cost:
- Size and complexity of the target company.
- Number of types of due diligence to be conducted.
- Quality of the data room and available documents.
- Geographical scope, especially in the case of an international transaction.
A poorly scoped audit always costs more than well-conducted due diligence: a liability discovered too late carries far greater weight than rigorous upfront planning.
Why seek assistance for your due diligence?
Due diligence mobilizes multidisciplinary skills that are rarely combined internally: legal, financial, ESG, compliance, and AI. External support brings perspective, a proven methodology, and real time savings. With its triple expertise in governance, compliance, and European financing, Eterra Partners helps SMEs and mid-caps secure their strategic operations. Are you preparing for a transaction that requires due diligence for mergers and acquisitions? Speak with an Eterra Partners expert.
