Due Diligence Checklist: What Buyers Look For in a Tech Acquisition

Due diligence is where tech acquisitions live or die. An LOI might signal strong mutual interest, but it's the diligence phase — typically 4 to 12 weeks of deep investigation — where buyers either confirm that interest or walk away. A messy cap table, an undisclosed lawsuit, or a codebase full of unlicensed dependencies can sink a deal even after price has already been agreed.

Here's what buyers actually dig into, organized by category, and why each one matters.


Financial Due Diligence

  • Revenue quality — Is revenue recurring and predictable, or lumpy and one-off? Buyers scrutinize the mix of subscription vs. one-time revenue closely.
  • Customer concentration — If a small number of customers make up a large share of revenue, that's a red flag for post-acquisition stability.
  • Churn and retention metrics — Net revenue retention, logo churn, and expansion revenue tell buyers whether the business is genuinely healthy or has been propped up by one-time deals.
  • Accounts receivable and payable — Are customers actually paying on time? Are there unpaid vendor obligations that will become the buyer's problem?
  • Historical financial statements — Usually 2–3 years of audited or reviewed financials, checked for consistency and accuracy.

Legal Due Diligence

  • Cap table accuracy — Every outstanding share, option, warrant, and SAFE needs to be accounted for. Cap table messes are one of the most common deal-delaying issues.
  • IP ownership — Does the company actually own its core technology outright, or are there unresolved claims from former employees, contractors, or co-founders?
  • Litigation history — Any pending or past lawsuits, employment disputes, or regulatory actions get flagged and factored into risk.
  • Material contracts — Customer agreements, vendor contracts, and partnership deals are reviewed for change-of-control clauses that could be triggered by the acquisition.
  • Employment agreements — Non-competes, IP assignment agreements, and any unusual compensation arrangements.

Technical Due Diligence

  • Codebase quality — Buyers (or their engineering teams) assess technical debt, code organization, and whether the system can scale or will need significant rework.
  • Open-source and license compliance — Unlicensed or improperly licensed open-source dependencies can create real legal exposure for the buyer post-acquisition.
  • Architecture and scalability — Can the current system handle the buyer's scale, or will it need to be rebuilt?
  • Security posture — Past breaches, vulnerability history, and current security practices, especially important if the target handles sensitive user data.
  • Infrastructure dependencies — Reliance on specific vendors, cloud providers, or hard-to-replace contractors.

Data Privacy and Compliance

  • Data handling practices — How customer data is collected, stored, and used, and whether it complies with relevant regulations (GDPR, CCPA, HIPAA, depending on sector).
  • Data breach history — Any past incidents, how they were handled, and what commitments were made to affected users.
  • Regulatory standing — Any open investigations or compliance gaps that could become the buyer's liability.

Team and Organizational Due Diligence

  • Key person dependency — How much of the company's value is tied to specific individuals staying on, and are they actually willing to stay post-acquisition?
  • Organizational structure — Reporting lines, team composition, and any redundant roles that overlap with the buyer's existing teams.
  • Culture fit — Increasingly assessed formally, especially for deals where the acquired team will be integrated rather than run standalone.
  • Compensation and equity — Understanding what retention packages or accelerated vesting will be needed to keep key people through and after the transition.

Customer and Market Due Diligence

  • Customer references — Buyers often speak directly with key customers to validate satisfaction and retention likelihood post-acquisition.
  • Competitive positioning — Is the target's market position defensible, or is it losing ground to competitors?
  • Total addressable market — Validating that the growth story the target is telling has room to actually play out.

Why Deals Fall Apart During Diligence

The most common deal-killers aren't dramatic scandals — they're mundane issues that erode buyer confidence:

  • Inconsistencies between what founders said in early conversations and what the numbers actually show
  • Cap table surprises (undisclosed option pools, unclear SAFE terms)
  • Customer concentration that wasn't fully disclosed upfront
  • Technical debt significantly worse than represented
  • Key employees who make clear they don't intend to stay

How Founders Can Prepare

If you're heading into an acquisition, the best move is to run your own diligence on yourself before the buyer does:

  1. Clean up your cap table before you're in active deal conversations, not during them.
  2. Get your financials in order — clear, consistent records win trust fast.
  3. Resolve IP ambiguity early — make sure every contractor and former employee has signed proper IP assignment agreements.
  4. Be upfront about known issues — buyers are far more forgiving of disclosed problems than ones they discover themselves.
  5. Know your key-person risk — be ready to discuss retention honestly, since buyers will ask directly.

The Bottom Line

Due diligence isn't a formality — it's the phase where a buyer's confidence in the deal is actually tested against reality. Founders who go in with clean financials, a tidy cap table, documented IP, and honest disclosure dramatically improve their odds of a deal actually closing on the terms both sides shook hands on.


For the full acquisition timeline, see How Tech Acquisitions Work. For deal and legal terminology, check The CODEW's Glossary of M&A Terms.



Due Diligence Checklist: What Buyers Look For in a Tech Acquisition Due Diligence Checklist: What Buyers Look For in a Tech Acquisition Reviewed by Erwin Castro on Friday, July 10, 2026 Rating: 5

No comments:

The CODEW is published and edited by Erwin Castro, an independent tech journalist focused on the intersection of business strategy and enterprise software. Learn more