I. INTRODUCTION
Corporate mergers and acquisitions rank among the most strategic – and at the same time, the riskiest – processes in the business world. The success of these processes depends on a meticulous preliminary review conducted long before the signing ceremony, namely the due diligence process. This process, which forms the foundation of comprehensive transactions, requires a thorough analysis of the target company’s legal, financial, commercial, and operational structure. Due to the large volume of documents, tight deadlines, and high human resource costs, due diligence conducted using traditional methods was subject to significant limitations. These limitations negatively impacted both the efficiency and reliability of the process.
With the integration of technology into the legal field, artificial intelligence has begun to play an increasingly pivotal role in due diligence processes for mergers and acquisitions. According to a study, it has been found that the vast majority of companies and private equity firms now utilize artificial intelligence or automation technologies in due diligence processes, compared to previous years. This rapid transformation is giving rise to new areas of liability and risk categories that must be evaluated from a legal perspective.
II. DUE DILIGENCE: CONCEPTUAL AND LEGAL FRAMEWORK
1. Definition and Scope of Due Diligence
Due diligence refers to the comprehensive research and evaluation process conducted by the acquiring party regarding the target company in a merger or acquisition transaction. This process involves a holistic examination of the target company’s legal status, contractual obligations, intellectual property assets, tax position, employee relations, environmental obligations, and compliance with competition law. In due diligence, the buyer assumes the obligation to obtain and evaluate all material information regarding the target company prior to completing the transaction. The due diligence process should be viewed not merely as a legal review activity but also as a safeguard mechanism serving as an insurance for the investment.
2. The Legal Function and Importance of Due Diligence
The due diligence process functions not merely as an information-gathering activity but also as a critical mechanism for determining the allocation of legal liability. The reports (due diligence report) prepared as a result of the process directly shape the scope of representations and warranties in the share purchase agreement, price adjustment mechanisms, and indemnification provisions. Risks identified or potentially identifiable by the buyer during the due diligence process become arguments that can be used against the seller in contract negotiations; on the other hand, unidentified risks may lead to serious legal and financial liabilities after the transaction. For this reason, the quality of due diligence is recognized as a factor that directly determines the legal security of the transaction.
III. INTEGRATION OF ARTIFICIAL INTELLIGENCE INTO DUE DILIGENCE PROCESSES
1. The Basic Functions of Artificial Intelligence and the Efficiency It Provides
Artificial intelligence can perform multiple critical functions simultaneously during due diligence processes for mergers and acquisitions. Thanks to natural language processing technologies, thousands of pages of contracts, correspondence, regulatory documents, and financial records can be scanned in a short amount of time; critical clauses, obligations, and risky statements can be automatically identified. Document review processes that could take weeks using traditional methods can be completed in days or even hours using AI tools. This speed advantage provides a decisive strategic advantage, particularly in competitive bidding processes and transactions conducted under tight time constraints. The transformative impact of AI in this field is not limited to speed alone. AI software capable of automatically reviewing thousands of documents can also scan for terms and conditions that are essential to the core of merger and acquisition projects. This minimizes potential errors and omissions, thereby enhancing the reliability of the transaction process.
2. Virtual Data Room Management and AI Integration
In merger and acquisition processes, cloud-based virtual data rooms have been widely adopted for due diligence processes, depending on the nature and scale of the transaction. In recent years, AI-powered tools utilizing models specific to virtual data rooms have been developed to more efficiently review and analyze the information and documents uploaded to these rooms, as well as to identify, classify, and extract transaction-related information. These tools can be used to address key provisions such as “change of control,” “indemnification,” and “penalty clauses,” and they also provide effective support in understanding the jurisdictional scope of target contracts and identifying problematic contract clauses.
AI-powered virtual data room platforms facilitate the categorization and search of documents; thereby enabling legal teams to allocate their time to the strategic assessment of identified risks rather than reading through documents.
3. Practical Applications of AI Tools
AI tools provide concrete contributions at various stages of the due diligence process. In the area of contract analysis, provisions regarding changes in control, termination conditions, non-compete clauses, and indemnification obligations in hundreds of contracts involving the target company can be automatically classified. In the compliance audit field, artificial intelligence evaluates the target company’s compliance with relevant legislation, identifying potential violations and regulatory risks in advance. AI-powered platforms also enable legal professionals to conduct comprehensive case law searches, allowing them to accurately assess the target company’s legal risks and past litigation.
IV. LEGAL CONSEQUENCES OF AI-ENABLED DUE DILIGENCE
1. The Fiduciary and Duty of Care Obligations of Company Management
One of the most critical legal dimensions of integrating artificial intelligence into due diligence processes is its impact on the fiduciary duties of corporate management. When executives rely on AI outputs for operational decisions such as pricing, market analysis, or risk assessment, they cannot be relieved of their responsibilities under the duty of care. The use of artificial intelligence as a decision-support tool does not absolve executives from the legal and commercial consequences of these decisions. On the contrary, adopting AI outputs without subjecting them to independent legal review may be deemed a breach of the duty of care.
In this context, it must be emphasized that artificial intelligence cannot yet replace human judgment. Artificial intelligence should be viewed as a tool that supports and accelerates decision-making processes; the final legal assessment and responsibility must remain with human experts under all circumstances. Without disregarding the ethical and judicial challenges it may pose, the integrated use of artificial intelligence under human oversight is a fundamental condition for corporate management to fulfill its responsibilities.
2. The System of Representations and Warranties and Contractual Liability
The impact of artificial intelligence on merger and acquisition agreements directly affects the scope and content of representations and warranties. Standard representations and warranties found in traditional merger and acquisition agreements are insufficient to address the unique risks of artificial intelligence technology. For this reason, in transactions where the target company uses artificial intelligence, the buyer(s) are requesting that provisions specific to artificial intelligence be added to the agreement.
In contracts, the seller’s liability is generally limited to facts that “a prudent merchant could reasonably identify and assess.” The ability of artificial intelligence to scan information in a data room in a much more comprehensive manner expands the scope of information the buyer is “in a position to identify,” and this situation can be advanced as an argument for a limitation of liability in favor of the seller. Traditional representation and warranty insurance is also increasingly becoming a mechanism relied upon as a customizable risk management tool in artificial intelligence transactions.
3. The Risk of Artificial Intelligence Producing Erroneous Outputs and Contractual Liability
The risk of artificial intelligence producing erroneous outputs, referred to as “illusion,” threatens the reliability of due diligence reports and raises the question of which party should be held liable for damages arising from such errors within the context of contractual liability. The phenomenon of “hallucination” occurs when AI systems produce outputs not based on real-world data or lacking a factual basis; this can lead to erroneous predictions, misleading assessments, or entirely fabricated data. Among the underlying causes of hallucinations are algorithmic errors in training data, misinformation in data sources, and the structural limitations of AI models.
The scale of this risk has been concretely demonstrated by recent studies. In a medical study, it was found that when large language models were asked to generate sources for systematic reviews, a widely used AI application produced misrepresentations in approximately 28% (twenty-eight percent) of cases. In the legal field, Stanford researchers reported that general-purpose AI chatbots exhibited error rates ranging from 58% (fifty-eight percent) to 88% (eighty-eight percent) when answering legal questions. These data underscore the necessity of rigorous oversight and robust verification mechanisms. When such errors appear in due diligence reports, the question of who should be held liable for the resulting damages remains a critical area of uncertainty in merger and acquisition law that has yet to be resolved.
4. Intellectual Property Risks
In AI-assisted due diligence processes, intellectual property law constitutes one of the most complex risk areas. This risk manifests itself in two primary dimensions. The first concerns the legal status of the training data used in AI models developed or utilized by the target company; the unauthorized use of third-party content could lay the groundwork for claims of copyright infringement. Second, there is the question of whether outputs generated by artificial intelligence are eligible for intellectual property protection. Indeed, the U.S. Copyright Office holds the view that content generated by artificial intelligence is not eligible for copyright protection if it does not sufficiently reflect human control.
This situation creates significant uncertainty regarding the legal validity and reliability of due diligence reports based on AI outputs. Buyers must comprehensively assess the intellectual property status of the target company’s AI assets, the licensing terms of training data, and potential conflicts with third-party rights during the due diligence process.
5. Data Protection and Regulatory Compliance
The use of artificial intelligence tools in due diligence processes also has significant legal implications under data protection legislation. The documents reviewed as part of due diligence often contain sensitive personal data, such as employee records, customer information, and trade secrets. The transfer and processing of this data by AI systems constitutes an independent data processing activity under national data protection laws, particularly the European Union General Data Protection Regulation (EU GDPR), and requires that the legal basis for this activity be clearly established. On the other hand, when AI tools operate on third-party cloud infrastructures, restrictions regarding cross-border data transfers may also come into play. Recipient companies must carefully evaluate the data processing conditions and security standards of the AI tools they use.
6. International Regulatory Framework: European Union AI Regulation
The international regulatory framework regarding the use of artificial intelligence in merger and acquisition processes is rapidly taking shape. The European Union’s Artificial Intelligence Regulation, proposed by the European Commission on April 21, 2021, and published in the Official Journal of the European Union on July 12, 2024, to enter into force on August 1, 2024, provides a balanced framework that both supports technological development and ensures legal safeguards through a risk-based classification approach. The Regulation’s objective is to ensure the safe, human rights-respecting, and transparent use of AI systems while protecting fundamental rights, democracy, and the rule of law from high-risk AI.
Determining the risk classification of AI tools used in merger and acquisition processes under this regulation and fulfilling compliance obligations have become a strategic necessity for acquirers. Close monitoring of national and international legislation requires a comprehensive regulatory risk assessment to be conducted prior to the transaction.
V. CONCLUSION
Artificial intelligence is fundamentally transforming due diligence practices in merger and acquisition processes in terms of speed, scope, and cost-effectiveness. However, this transformation creates new uncertainties that have not yet been fully resolved within legal liability regimes. The role and liability of artificial intelligence in areas such as directors’ duties of care, contractual representations and warranties, intellectual property rights, and data protection remain contentious within existing legal frameworks. Therefore, the integration of AI tools into due diligence processes constitutes a strategic legal decision rather than merely a technical choice.
From the perspective of legal practitioners and corporate executives, artificial intelligence should be evaluated as a decision-support tool in the due diligence process; however, the final legal assessment and responsibility must always remain with human experts. Subjecting AI outputs to independent legal review, maintaining transparent documentation regarding the tools used, and incorporating AI-specific risk allocation mechanisms into contracts emerge as fundamental safeguards for managing legal risks in this field. The future of merger and acquisition law is rapidly moving toward a landscape shaped not by those who reject artificial intelligence, but by actors who utilize it with legal foresight and a sense of responsibility.
B. KEY TAKEAWAYS
(1)The due diligence process should also be evaluated as a safeguard mechanism serving as an insurance policy for the investment involved in the merger and acquisition transaction.
(2)The integration of artificial intelligence technologies into M&A processes is fundamentally transforming due diligence practices in terms of speed, scope, and cost-effectiveness.
(3)The transformation driven by artificial intelligence in due diligence practices is giving rise to new areas of liability that current legal frameworks have not yet fully addressed.
(4)The use of artificial intelligence in due diligence processes does not eliminate management’s duty of care; on the contrary, adopting AI outputs without subjecting them to independent legal review may be deemed a breach of the duty of care.
(5)Standard representations and warranties in traditional merger and acquisition agreements are insufficient to address the unique risks of artificial intelligence technology.
(6)The development of AI-specific contract provisions – covering the legality of training data, compliance with licensing terms, and the intellectual property status of AI outputs – has become inevitable.
(7)The use of artificial intelligence tools on personal data processed as part of a due diligence assessment constitutes an independent data processing activity under the European Union’s General Data Protection Regulation and national data protection legislation.
(8)The risk that artificial intelligence may produce erroneous outputs – referred to as “hallucinations” – threatens the reliability of due diligence reports, and the question of which party should be held liable for damages arising from such errors under contractual liability remains a critical area of uncertainty in merger and acquisition law that has yet to be resolved.
(9)International regulatory models, such as the European Union’s Artificial Intelligence Regulation, offer a balanced framework that both supports technological development and provides legal safeguards through a risk-based classification approach.
(10)National and international legislation regarding the use of artificial intelligence in merger and acquisition processes must be closely monitored.
