Fastrack Logo

Fastrack Legal Solutions

Your Trusted Legal Partner

Legal due diligence

Legal due diligence in India is a structured legal review of a company before an investment, acquisition, merger, loan, joint venture or strategic transaction. It examines corporate records, shareholding, statutory filings, contracts, litigation, employment compliance, tax exposure, intellectual property, data protection, licences, regulatory approvals, debt, related-party transactions and title to assets. The objective is to identify legal risks before signing or closing a transaction.

Table of Contents

Introduction

Legal due diligence is the legal equivalent of opening the engine before buying the car. A company may look commercially attractive, but its hidden legal risks may destroy transaction value.

In India, due diligence is essential before:

  1. Acquisition of a company or business.
  2. Investment in a startup.
  3. Merger or amalgamation.
  4. Joint venture.
  5. Strategic partnership.
  6. Bank financing or structured lending.
  7. Purchase of assets.
  8. Private equity or venture capital transaction.
  9. Founder exit or secondary sale.
  10. Corporate restructuring.

A clean due diligence exercise does not merely identify defects. It helps the buyer, investor or lender decide whether to proceed, renegotiate valuation, demand indemnities, require conditions precedent, restructure the transaction or walk away.

Legal due diligence is a systematic investigation of the legal affairs of a target company or business.

It answers questions such as:

  1. Does the company legally exist and have valid corporate records?
  2. Who owns the shares?
  3. Are there hidden shareholder disputes?
  4. Are company filings complete?
  5. Are material contracts enforceable?
  6. Are there pending litigations or notices?
  7. Does the company own its intellectual property?
  8. Are employees properly documented?
  9. Are licences and approvals valid?
  10. Is the company exposed to tax, labour, environmental or data protection risk?

For a serious transaction, legal due diligence is not a checklist formality. It is a risk-discovery exercise.

Legal due diligence protects the transaction from avoidable surprises.

Without due diligence, an investor may discover after closing that:

  1. Founder shares were not properly issued.
  2. The company has not filed annual returns.
  3. Key IP belongs to a freelancer, not the company.
  4. Major customer contracts are terminable on change of control.
  5. A tax notice is pending.
  6. Labour claims exist.
  7. A key licence is expired.
  8. There is undisclosed litigation.
  9. Foreign investment reporting is defective.
  10. The company has borrowed money without proper approvals.

Once money is paid or shares are issued, the buyer’s leverage reduces. Due diligence ensures that legal risk is priced before closing.

Types of Due Diligence

1. Corporate Due Diligence

Corporate due diligence examines incorporation, constitutional documents, board approvals, shareholder approvals, statutory registers, share capital, filings, charges and corporate governance.

For companies, the Companies Act, 2013 is the principal statutory framework. The Act contains provisions relating to incorporation, share capital, meetings, annual filings, financial statements, related-party transactions, board powers and governance. The company’s Memorandum and Articles are central documents because they bind the company and its members under the Act.

2. Financial and Tax Due Diligence

This examines tax filings, GST, TDS, income-tax assessments, notices, contingent liabilities, statutory dues, related-party accounting, revenue recognition and historical financial statements.

Legal counsel should work with tax and finance professionals. A legal due diligence report should flag tax notices, statutory defaults and unrecorded liabilities.

3. Contractual Due Diligence

This examines customer contracts, vendor agreements, leases, loans, guarantees, franchise agreements, distributor agreements, SaaS contracts, service agreements, NDAs and termination rights.

Important clauses include:

  1. Assignment restrictions.
  2. Change-of-control clauses.
  3. Termination rights.
  4. Exclusivity.
  5. Non-compete and non-solicit.
  6. Limitation of liability.
  7. Indemnity.
  8. Payment defaults.
  9. Dispute resolution.
  10. Governing law.

A profitable contract may still be legally risky if it cannot be assigned after acquisition.

4. Litigation Due Diligence

Litigation due diligence examines civil cases, criminal complaints, tax proceedings, labour disputes, arbitration, consumer complaints, insolvency proceedings, regulatory notices and threatened claims.

The due diligence report should classify litigation by:

  1. Forum.
  2. Case number.
  3. Parties.
  4. Nature of claim.
  5. Amount involved.
  6. Stage.
  7. Interim orders.
  8. Probability of adverse outcome.
  9. Financial exposure.
  10. Transaction impact.

5. Employment and Labour Due Diligence

This examines offer letters, employment agreements, consultant arrangements, PF, ESI, gratuity, bonus, shops and establishments compliance, POSH compliance, termination disputes, wage records and contractor compliance.

For labour-heavy businesses, employee due diligence is often as important as corporate due diligence.

6. Intellectual Property Due Diligence

IP due diligence examines trademarks, copyrights, patents, domain names, software code, assignment deeds, open-source usage, employee IP clauses, freelancer agreements and infringement risk.

For startups, this is critical. If the company does not own its code, brand or product design, the core asset may be legally defective.

7. Data Protection and Technology Due Diligence

Digital businesses must be reviewed for data protection compliance, privacy policies, consent flows, cybersecurity incidents, vendor data processing contracts and user data practices.

The Digital Personal Data Protection Act, 2023 is the principal Indian legislation governing digital personal data protection. It recognises both the right of individuals to protect their personal data and the need to process personal data for lawful purposes.

8. Regulatory Due Diligence

Regulatory due diligence examines licences, sectoral approvals, registrations, permits and statutory conditions.

This is especially important for:

  1. Fintech.
  2. NBFCs.
  3. Health-tech.
  4. Ed-tech.
  5. Food businesses.
  6. Logistics.
  7. Manufacturing.
  8. Mining.
  9. Defence.
  10. Telecom.
  11. Gaming.
  12. Data-heavy platforms.

9. FEMA and Foreign Investment Due Diligence

Where foreign investors, non-resident shareholders or offshore structures are involved, FEMA review is essential.

RBI’s foreign investment framework covers reporting of FDI for fresh issuance of shares, transfer of shares, ESOP-related reporting and other foreign investment matters. It also refers to Form FC-GPR for issue of shares and Form FC-TRS for transfer of shares between residents and non-residents, with reporting timelines specified in the RBI material.

In an M&A transaction, legal due diligence helps determine whether the buyer should acquire:

  1. Shares of the company.
  2. Assets of the business.
  3. A division or undertaking.
  4. Intellectual property.
  5. Business contracts.
  6. Customer relationships.
  7. Plant and machinery.
  8. A going concern.

The transaction structure changes the due diligence focus.

In a share acquisition, the buyer acquires the company along with historical liabilities.

In an asset acquisition, the buyer may selectively acquire assets, contracts and employees, but transfer of licences, leases, contracts and employees requires legal review.

In a business transfer, the buyer must examine whether the undertaking can be transferred as a going concern and whether third-party consents are required.

Startup due diligence usually focuses on:

  1. Incorporation documents.
  2. Cap table.
  3. Founder equity.
  4. Founder vesting.
  5. ESOP pool.
  6. IP ownership.
  7. Employment and consultant contracts.
  8. Customer contracts.
  9. Regulatory licences.
  10. Data protection.
  11. Tax filings.
  12. Related-party transactions.
  13. Founder disputes.
  14. Existing investment instruments.
  15. Outstanding loans and convertible notes.

The biggest startup due diligence issues are usually cap table defects, missing IP assignments, undocumented founder arrangements, unpaid statutory dues and incomplete ROC filings.

1. Corporate Records

Review:

  1. Certificate of incorporation.
  2. Memorandum of Association.
  3. Articles of Association.
  4. Certificate of commencement, where applicable.
  5. CIN and master data.
  6. Registered office documents.
  7. Board minutes.
  8. Shareholder minutes.
  9. Statutory registers.
  10. Annual returns.
  11. Financial statement filings.
  12. Auditor appointment.
  13. Director appointments and resignations.
  14. DIR-12, MGT-7, AOC-4 and other ROC filings.
  15. Secretarial records.

Red flags:

  1. Missing board approvals.
  2. Unfiled annual returns.
  3. Incorrect shareholding records.
  4. Unrecorded allotments.
  5. Unsigned minutes.
  6. Articles not aligned with shareholder agreements.

2. Share Capital and Cap Table

Review:

  1. Authorised capital.
  2. Paid-up capital.
  3. Share allotments.
  4. Share certificates.
  5. Share transfer forms.
  6. Stamp duty.
  7. Preference shares.
  8. Convertible instruments.
  9. ESOP grants.
  10. Warrants or options.
  11. Shareholder agreements.
  12. Beneficial ownership.

Red flags:

  1. Cap table mismatch.
  2. Shares issued without valuation.
  3. Missing allotment filings.
  4. Disputed founder shares.
  5. Unrecorded transfers.
  6. Unclear beneficial ownership.

3. Constitutional Documents

The Memorandum and Articles must be reviewed carefully.

Check:

  1. Object clause.
  2. Share transfer restrictions.
  3. Board rights.
  4. Share class rights.
  5. Preference share rights.
  6. Quorum provisions.
  7. Reserved matters.
  8. Investor rights.
  9. Deadlock provisions.
  10. Conflict with SHA or SSA.

The Articles should reflect important shareholder rights because company governance cannot safely rely only on a private side agreement where the Articles say something different.

4. Material Contracts

Review:

  1. Customer agreements.
  2. Vendor agreements.
  3. Distribution agreements.
  4. Franchise agreements.
  5. Agency agreements.
  6. Lease deeds.
  7. Loan agreements.
  8. Security documents.
  9. Guarantees.
  10. NDAs.
  11. Technology agreements.
  12. Software licences.
  13. Service-level agreements.
  14. Joint venture agreements.
  15. Government contracts.

Red flags:

  1. Change-of-control termination.
  2. Anti-assignment clauses.
  3. Unlimited liability.
  4. One-sided indemnities.
  5. Heavy penalties.
  6. Exclusivity lock-ins.
  7. Auto-renewal without exit.
  8. Payment default.
  9. Unstamped agreements.
  10. Oral arrangements with major customers.

5. Debt and Security

Review:

  1. Bank loans.
  2. NBFC loans.
  3. Promoter loans.
  4. Inter-corporate deposits.
  5. Convertible notes.
  6. Debentures.
  7. Pledges.
  8. Hypothecation.
  9. Mortgages.
  10. Personal guarantees.
  11. Corporate guarantees.
  12. Registered charges.

Red flags:

  1. Undisclosed borrowings.
  2. Unregistered charges.
  3. Covenant breaches.
  4. Default notices.
  5. Change-of-control consent requirement.
  6. Personal guarantees by founders.
  7. Cross-default clauses.

6. Litigation and Disputes

Review:

  1. Civil suits.
  2. Criminal proceedings.
  3. Arbitration.
  4. Consumer cases.
  5. Tax appeals.
  6. Labour cases.
  7. Insolvency proceedings.
  8. Regulatory notices.
  9. Police complaints.
  10. Legal notices issued and received.
  11. Intellectual property disputes.
  12. Environmental claims.

Red flags:

  1. Suppressed litigation.
  2. High-value claims.
  3. Interim injunctions.
  4. Criminal allegations involving promoters.
  5. Attachment orders.
  6. Repeated notices from regulators.
  7. Threatened but undisclosed claims.

7. Employment and HR

Review:

  1. Employee list.
  2. Offer letters.
  3. Employment agreements.
  4. Consultant agreements.
  5. Payroll records.
  6. PF records.
  7. ESI records.
  8. Gratuity exposure.
  9. Bonus compliance.
  10. Leave records.
  11. Termination records.
  12. POSH policy.
  13. Internal Committee, where applicable.
  14. Contractor and staffing arrangements.
  15. Non-compete, confidentiality and IP clauses.

Red flags:

  1. Employees shown as consultants to avoid compliance.
  2. No IP assignment from employees.
  3. No confidentiality terms.
  4. Pending salary disputes.
  5. Mass termination risk.
  6. Unpaid statutory contributions.
  7. No POSH framework.

8. Intellectual Property

Review:

  1. Trademark registrations.
  2. Trademark applications.
  3. Copyright ownership.
  4. Patents.
  5. Designs.
  6. Domain names.
  7. Software code repositories.
  8. Founder IP assignment.
  9. Employee IP assignment.
  10. Freelancer IP assignment.
  11. Open-source software usage.
  12. Brand licences.
  13. IP infringement notices.

Red flags:

  1. Brand owned by founder personally.
  2. Code written by freelancer without assignment.
  3. Domain controlled by ex-founder.
  4. Trademark opposition.
  5. Infringement notice.
  6. Open-source licence breach.
  7. No chain of title.

9. Data Protection and Privacy

Review:

  1. Privacy policy.
  2. Terms of use.
  3. Consent mechanisms.
  4. User data inventory.
  5. Data retention policy.
  6. Vendor data processing contracts.
  7. Cybersecurity incidents.
  8. Grievance redressal process.
  9. Children’s data processing.
  10. Sensitive business data.
  11. Cross-border data transfers.
  12. Internal access controls.

Red flags:

  1. No privacy policy.
  2. Collection beyond stated purpose.
  3. No consent trail.
  4. Unrestricted employee access to user data.
  5. No breach response process.
  6. Vendor contracts without data clauses.
  7. Children’s data without safeguards.

10. Tax and GST

Review:

  1. Income-tax returns.
  2. GST registration.
  3. GST returns.
  4. TDS returns.
  5. Tax notices.
  6. Assessment orders.
  7. Refund claims.
  8. Input tax credit records.
  9. Related-party payments.
  10. Transfer pricing, where applicable.
  11. Advance tax.
  12. Tax audit reports.
  13. Revenue recognition.

Red flags:

  1. GST mismatch.
  2. Non-filing of returns.
  3. TDS defaults.
  4. Aggressive tax positions.
  5. Unexplained cash transactions.
  6. Undisclosed related-party payments.
  7. Pending tax demands.

11. Licences and Regulatory Approvals

Review:

  1. Shops and establishments registration.
  2. GST registration.
  3. MSME registration.
  4. FSSAI licence, where applicable.
  5. Drug licence, where applicable.
  6. Pollution control consents, where applicable.
  7. Import-export code.
  8. RBI/NBFC-related approvals, where applicable.
  9. Sector-specific permissions.
  10. Local municipal licences.
  11. Factory licence, where applicable.
  12. Labour registrations.

Red flags:

  1. Expired licence.
  2. Wrong category of licence.
  3. Business activity outside permitted scope.
  4. Pending show-cause notice.
  5. Non-transferable licence.
  6. Licence held by promoter instead of company.

12. Real Estate and Assets

Review:

  1. Title documents.
  2. Lease deeds.
  3. Rent agreements.
  4. Sale deeds.
  5. Mutation records.
  6. Encumbrance certificates.
  7. Property tax receipts.
  8. Possession documents.
  9. Plant and machinery invoices.
  10. Vehicle registrations.
  11. Asset registers.
  12. Insurance policies.

Red flags:

  1. Unregistered lease.
  2. Lease not assignable.
  3. Property dispute.
  4. Encumbrance.
  5. Asset not owned by company.
  6. Insurance gap.
  7. Machinery under charge or hypothecation.

Related-party transactions require careful review because they may indicate value leakage, conflict of interest or tax risk.

Review:

  1. Transactions with promoters.
  2. Founder loans.
  3. Director remuneration.
  4. Promoter-owned vendors.
  5. Inter-company transfers.
  6. Management fees.
  7. Rent paid to related parties.
  8. Loans to directors.
  9. Expense reimbursements.
  10. Board approvals.

Section 188 of the Companies Act, 2013 deals with related-party transactions and requires statutory compliance for specified transactions.

Red flags:

  1. No board approval.
  2. No valuation.
  3. Overpriced related-party contracts.
  4. Undisclosed promoter benefit.
  5. Round-tripping or fund diversion.

14. Insurance

Review:

  1. Property insurance.
  2. Fire insurance.
  3. Professional indemnity.
  4. Directors and officers insurance.
  5. Cyber insurance.
  6. Product liability insurance.
  7. Employee insurance.
  8. Keyman insurance.

Red flags:

  1. No D&O insurance despite director risk.
  2. No cyber insurance for data-heavy business.
  3. Inadequate cover.
  4. Expired policies.
  5. Exclusions affecting business model.

Due Diligence Report: What It Should Contain

A good legal due diligence report should include:

  1. Executive summary.
  2. Transaction background.
  3. Scope and assumptions.
  4. Documents reviewed.
  5. Key findings.
  6. Red flags.
  7. Risk rating.
  8. Financial exposure.
  9. Conditions precedent.
  10. Conditions subsequent.
  11. Required indemnities.
  12. Required warranties.
  13. Documents to be cured before closing.
  14. Documents to be obtained after closing.
  15. Deal impact.

A due diligence report should not be a document dump. It must convert legal findings into commercial risk.

Risk Classification

Findings should be classified by severity.

Risk LevelMeaningTransaction Impact
CriticalCould affect ownership, legality, valuation or closingMay require deal restructuring or walk-away
HighSignificant liability or compliance gapRequires condition precedent or indemnity
MediumManageable but important riskRequires cure or disclosure
LowTechnical or minor defectCondition subsequent may be sufficient

This risk classification helps investors and buyers negotiate from strength.

Conditions Precedent and Conditions Subsequent

Due diligence findings usually translate into contractual protections.

Conditions precedent are actions that must be completed before closing, such as:

  1. ROC filing correction.
  2. Share transfer regularisation.
  3. IP assignment execution.
  4. Loan consent.
  5. Licence renewal.
  6. Litigation settlement.
  7. Tax clearance.
  8. Board and shareholder approvals.

Conditions subsequent are actions to be completed after closing, such as:

  1. Updating policies.
  2. Filing pending forms.
  3. Implementing DPDP compliance.
  4. Completing employee documentation.
  5. Standardising vendor contracts.
  6. Obtaining minor registrations.

Critical risks should not be left as conditions subsequent.

Representations, Warranties and Indemnities

Due diligence findings shape transaction documents.

Representations and warranties may cover:

  1. Corporate existence.
  2. Capitalisation.
  3. Authority.
  4. Compliance with law.
  5. Tax.
  6. Contracts.
  7. Litigation.
  8. IP ownership.
  9. Employees.
  10. Data protection.
  11. Licences.
  12. No undisclosed liabilities.

Indemnity clauses should cover:

  1. Pre-closing liabilities.
  2. Tax claims.
  3. Litigation.
  4. IP infringement.
  5. Employment claims.
  6. Regulatory penalties.
  7. Breach of warranties.
  8. Fraud or wilful misconduct.

A buyer should not rely only on disclosures. Serious risks require indemnity, price adjustment, escrow, holdback or closing condition.

The most common red flags include:

  1. Missing ROC filings.
  2. Cap table mismatch.
  3. Share transfers without proper documents.
  4. Founder disputes.
  5. SHA not aligned with Articles.
  6. Missing IP assignments.
  7. Unregistered trademarks.
  8. Employee classification issues.
  9. Consultant arrangements hiding employment.
  10. Undisclosed loans.
  11. Unregistered charges.
  12. Pending tax demands.
  13. GST non-compliance.
  14. Weak customer contracts.
  15. Change-of-control restrictions.
  16. Litigation not disclosed.
  17. Related-party value leakage.
  18. Data protection gaps.
  19. Expired licences.
  20. Foreign investment reporting defaults.

Each red flag must be assessed for legal effect, monetary exposure and transaction impact.

Also Read Founder Agreement in India | Key Clauses, Vesting, Exit & IP Rights

A buyer or investor should not ask only: “Is there any legal risk?”

The better questions are:

  1. Does this risk affect title to shares or assets?
  2. Does it affect valuation?
  3. Can it be cured before closing?
  4. Can it be indemnified?
  5. Does it require escrow or holdback?
  6. Does it require regulatory approval?
  7. Does it affect future fundraising or exit?
  8. Is it a deal-breaker or a negotiation point?

Due diligence should directly inform the term sheet, share purchase agreement, share subscription agreement, business transfer agreement and shareholders agreement.

Sellers should conduct internal due diligence before entering the market.

A founder preparing for investment should clean up:

  1. Cap table.
  2. ROC filings.
  3. IP assignments.
  4. Founder agreements.
  5. Employment records.
  6. Tax filings.
  7. Customer contracts.
  8. Data policies.
  9. Litigation disclosures.
  10. Licences.

The best time to fix due diligence defects is before the investor finds them.

Frequently Asked Questions

Legal due diligence is a structured review of a company’s legal records, contracts, compliance, litigation, licences, employment, IP, tax exposure and regulatory risks before an investment, acquisition, merger, loan or business transaction.

It identifies hidden liabilities, ownership defects, contractual restrictions, litigation, tax exposure, employee claims, IP problems and regulatory risks before closing. It helps decide valuation, indemnities, conditions precedent and deal structure.

Key documents include incorporation papers, Articles, board minutes, shareholder records, ROC filings, contracts, litigation papers, employment documents, IP records, tax filings, licences, debt documents, data policies and regulatory notices.

4. What are the biggest red flags in startup due diligence?

Common startup red flags include cap table mismatch, missing founder agreement, no IP assignment, defective share allotments, unpaid tax dues, missing ROC filings, weak customer contracts and data protection gaps.

Legal due diligence examines legal ownership, contracts, compliance, disputes, licences and legal liabilities. Financial due diligence examines revenue, expenses, accounting, debt, profitability, cash flow and financial statements.

Yes. Investors generally conduct legal due diligence before funding to verify cap table, founder rights, IP ownership, statutory filings, contracts, tax compliance and regulatory risks.

7. What is FEMA due diligence?

FEMA due diligence examines foreign investment compliance, sectoral caps, pricing guidelines, reporting such as FC-GPR or FC-TRS, downstream investment, non-resident shareholding and RBI-related obligations.

The parties may require the defect to be cured before closing, reduce valuation, seek indemnity, create escrow or holdback, restructure the transaction, disclose the risk, or abandon the deal in serious cases.

9. What is a due diligence red flag?

A red flag is a legal issue that may affect ownership, valuation, regulatory compliance, enforceability, litigation exposure or transaction closing.

It cannot eliminate every dispute, but it substantially reduces risk by identifying defects before signing and by allowing parties to allocate liability through warranties, indemnities, covenants and closing conditions.

Conclusion

Legal due diligence is not a ceremonial exercise. It is the legal foundation of a sound transaction. It identifies whether the company owns what it claims to own, owes what it has disclosed, complies with applicable law, and can safely be invested in, acquired or financed.

For investors and acquirers, due diligence converts uncertainty into negotiated protection. For founders and sellers, it improves credibility and transaction value. For lenders and strategic partners, it reveals whether the business is legally bankable.

The strongest transactions are not built only on valuation and growth projections. They are built on verified legal title, clean records, enforceable contracts, regulatory compliance and carefully allocated risk.

Disclaimer

This article is intended for general legal awareness and educational purposes only. It does not constitute legal advice, solicitation, advertisement or creation of an advocate-client relationship. Legal due diligence depends on the nature of transaction, company structure, sector, documents, regulatory framework, foreign investment status, tax position, litigation history and transaction documents.

Legal due diligence in India is a structured legal review of a company before an investment, acquisition, merger, loan, joint venture or strategic transaction. It examines incorporation documents, Articles of Association, cap table, shareholding, ROC filings, material contracts, litigation, tax exposure, employment compliance, intellectual property, data protection, licences, regulatory approvals, debt, related-party transactions and asset ownership. The objective is to identify legal risks before signing or closing and convert those risks into valuation changes, conditions precedent, warranties, indemnities, escrow, holdback or transaction restructuring.
Legal due diligence
Shareholders Agreement in India: Key Clauses, Rights, Investor Protection and Legal Strategy
Director Liability in India: Legal Risks, Duties and Protection Strategy for Company Directors

Leave a Comment

Your email address will not be published. Required fields are marked *