Legal Due Diligence: Understanding The Process (2026 Updated)

Buying a business, investing in a startup, signing a major contract, or entering a new partnership can feel exciting - until you realise you’re also inheriting risks you can’t see yet.

That’s where legal due diligence comes in. It’s the process of checking the legal “health” of a business or transaction before you commit, so you can spot red flags early, ask the right questions, and negotiate from a position of confidence.

This guide is updated for current New Zealand business conditions and common deal issues we’re seeing right now (including privacy, digital assets, and IP ownership), but it’s written to stay useful even as your business grows and changes.

What Is Legal Due Diligence (And When Do You Need It)?

Legal due diligence is the structured review of documents, contracts, and compliance issues to understand what you’re actually buying into (or signing up to).

In plain terms, it answers questions like:

• Does this business legally own what it says it owns?
• Are there contracts that could block growth, increase costs, or end unexpectedly?
• Are there disputes, debts, or regulatory issues that might become your problem?
• Is the business set up properly (company, shareholders, governance, registrations)?
• Are there legal gaps that need fixing before settlement?

You’ll usually want legal due diligence when you’re:

• Buying a business (asset sale or share sale)
• Investing (especially where you’re taking shares or giving a convertible note/SAFE)
• Entering a joint venture or long-term partnership
• Signing a big contract where the legal terms can materially affect your revenue, liability, or ability to operate
• Acquiring assets like software, brands, domains, customer lists, or other IP-heavy business components

Even if your deal feels “simple”, due diligence can be what prevents nasty surprises later - like discovering a key supplier agreement can be terminated on 7 days’ notice, or that the business doesn’t actually own the IP used in its branding.

How The Legal Due Diligence Process Usually Works

Due diligence isn’t one single document or one meeting. It’s a process, and it’s best done in a structured, step-by-step way so you don’t miss critical issues.

1) Clarify The Deal Structure (Because It Changes What You’re Inheriting)

Before reviewing anything, you’ll want to be clear on what you’re buying or entering into:

• Share sale: you buy the company itself (and generally inherit its history - contracts, liabilities, compliance issues).
• Asset sale: you buy selected assets (but you still need to confirm what’s included, transferred properly, and what liabilities might still “follow” the assets).

This matters because the legal risks and the document checklist can look very different depending on the structure. It’s also why a Legal Due Diligence Package is typically scoped to match the deal you’re actually doing (not a generic checklist).

2) Gather Documents (Usually Through A Data Room Or Disclosure Pack)

The seller (or the other party) usually provides key documents in a shared folder or “data room”. If you’re buying a business, these may include:

• company records (incorporation details, share register, director details)
• constitutional documents
• contracts with customers, suppliers, and landlords
• employment and contractor documentation
• intellectual property details
• insurance information
• privacy and data handling information
• evidence of licences, permits, and compliance
• dispute history (if any)

If you’re the buyer, it’s normal to have to request missing items. A “gap” in documents isn’t automatically a deal-breaker, but it’s always something to understand before you proceed.

3) Review, Flag Risks, And Ask Targeted Questions

Your lawyer will review the documents and come back with:

• a list of key findings (what’s normal vs what’s unusual)
• red flags (high risk issues)
• questions for the seller (to clarify unknowns)
• recommended fixes (conditions, warranties, indemnities, or pre-settlement steps)

Think of this stage as turning “paperwork” into practical business insight. It’s not about reading every page for the sake of it - it’s about understanding how the legal terms affect what you can actually do after settlement.

4) Negotiate Protections In The Contract

Due diligence findings usually feed directly into negotiations. Depending on what comes up, you might:

• negotiate a price reduction or retention amount
• request a condition precedent (something that must be fixed before settlement)
• ask for specific warranties and indemnities in the sale agreement
• refuse to take on certain liabilities
• walk away if the risk is too high

For business purchases, this often ties in closely with your Business Sale Agreement terms and the settlement/completion process.

5) Confirm Completion Steps (And Don’t Forget Post-Settlement Admin)

Even when the legal documents look good, you still need to make sure the transaction is implemented properly. For example:

• share transfers are completed and recorded correctly
• key contracts are assigned or novated (if required)
• domain names and IP are transferred
• bank authorities and system access are handed over securely
• employee arrangements transition legally

This is where a completion checklist becomes more than a formality - it’s what stops the “we thought that was included” disputes after settlement.

What Lawyers Look For In Legal Due Diligence (The Key Areas)

Legal due diligence can be tailored to the deal, but most reviews focus on a set of core legal risk areas.

Company Structure, Ownership, And Authority

First, we check whether the business is properly set up and who actually owns it. That includes reviewing items like:

• the shareholding position (and whether it matches what you’ve been told)
• director and shareholder approvals needed for the transaction
• any restrictions on issuing or transferring shares
• company governance documents, including the Company Constitution

If there are multiple owners, it’s also important to check whether a Shareholders Agreement exists and whether it contains rights that affect the sale (like pre-emptive rights, drag/tag clauses, or approval thresholds).

Material Contracts (Customers, Suppliers, Partnerships, And Platforms)

Contracts are often where the real value (and risk) lives. A business may look profitable, but one clause can change the picture - like a termination right, an exclusivity restriction, or a pricing mechanism that’s no longer viable.

Common contracts reviewed include:

• customer agreements and recurring revenue contracts
• supplier agreements and key procurement arrangements
• distribution or reseller terms
• platform terms (if the business is reliant on marketplaces or tech providers)
• NDAs and confidentiality arrangements
• loan or finance documents

We’ll typically look for issues like:

• change of control clauses (that allow termination if ownership changes)
• assignment restrictions (you may need written consent to transfer the contract)
• non-compete or exclusivity provisions (that could limit expansion)
• liability caps and indemnities (who pays if something goes wrong)
• automatic renewal provisions and notice periods

If you’re stepping into a key relationship, it’s worth having the contract reviewed properly, rather than relying on assumptions or “what we usually do”.

People Issues: Employees, Contractors, And Workplace Risk

Staff are often central to business value - particularly if the business relies on specialist know-how, sales relationships, or operational experience.

Due diligence will usually involve reviewing:

• standard Employment Contract templates (and whether they’re compliant and consistently used)
• key employee terms (pay, commissions, bonuses, restraints, IP clauses)
• contractor arrangements (and whether contractors may actually be employees in practice)
• any current or historical disputes, warnings, or disciplinary matters
• health and safety systems and incident history (where relevant)

In New Zealand, employment obligations are not something you want to “inherit by surprise”. For example, if agreements are poorly drafted or inconsistent, it can make terminations, restructures, or role changes far harder than expected.

Intellectual Property (IP), Branding, And Ownership Of Key Assets

If the business value is tied to a brand, software, content, designs, or a unique process, IP due diligence is critical.

This usually involves checking:

• what IP exists (trade marks, logos, software code, website content, designs, manuals)
• who legally owns it (the company, the founder personally, a contractor, or a third party)
• whether there are licences in place (and whether they can be transferred)
• whether brand elements are protected (or infringe someone else’s rights)

A surprisingly common issue is where a founder commissioned a logo, website, or software build but never received a proper assignment of IP rights from the designer or developer. That can create major headaches later - especially if the contractor relationship sours or the business scales.

Privacy, Data, And Digital Compliance

Most businesses collect or hold some form of personal information - even if it’s just customer emails, delivery addresses, employee records, or CCTV footage.

Under the Privacy Act 2020, you generally need to handle personal information responsibly, keep it secure, and be transparent about what you collect and why. Due diligence often checks:

• whether the business has a fit-for-purpose Privacy Policy
• how customer data is collected, stored, accessed, and shared
• whether there have been privacy complaints or data incidents
• what software systems are used (and whether third parties have access to data)

This is especially important where the business relies heavily on online marketing, email lists, customer accounts, or subscription billing - because data handling practices can become a reputational risk as well as a legal one.

Property And Leases (If The Business Operates From A Physical Site)

If the business operates from a leased premises, the lease can make or break the deal. You’ll want to understand:

• lease term, renewals, and rent review provisions
• outgoings and maintenance obligations
• make good requirements at the end of the lease
• whether the lease can be assigned (and what landlord conditions apply)

It’s common to include lease review as part of legal due diligence, or as a parallel workstream - particularly where the premises is essential to the business model.

Common Red Flags That Come Up In Due Diligence (And What You Can Do About Them)

Due diligence isn’t about finding a “perfect” business - most businesses have some messiness. The goal is to identify which issues are manageable and which ones change the risk profile of the deal.

Here are some common red flags we see, and what they often mean in practice.

“Handshake Deals” For Key Customers Or Suppliers

If the business relies on a few major customers or suppliers but has no signed agreement, that’s a risk to revenue continuity.

What you can do: request that key agreements are signed pre-settlement, or negotiate protections in the sale agreement (for example, a retention amount if revenue drops due to loss of a major customer).

Contracts That Can’t Be Assigned (Or Require Consent)

Some contracts can’t be transferred without the other party’s written consent, or they automatically terminate on a change of control.

What you can do: make the deal conditional on obtaining consent, or structure the transaction differently (for example, a share sale instead of an asset sale, where appropriate).

Unclear IP Ownership (Especially For Websites, Software, And Branding)

If the business can’t clearly prove it owns its core IP assets, you may be buying operational dependency on a third party (or exposing yourself to an infringement claim).

What you can do: require IP assignments before settlement, confirm trade mark ownership/registration status, and ensure the sale documents include IP transfer provisions.

Employment Gaps (No Written Agreements, Misclassified Contractors, Or Unpaid Entitlements)

Employment risk can show up as missing contracts, inconsistent policies, underpayment exposure, or unclear commission arrangements.

What you can do: request a cleanup before settlement (updated agreements, corrected processes), negotiate warranties/indemnities, and plan a proper transition process for staff.

Privacy And Data Practices That Don’t Match The Business Model

If the business collects personal information but has no privacy documentation or security practices, that can raise compliance risk under the Privacy Act 2020.

What you can do: implement a compliant privacy framework early, ensure staff understand data handling expectations, and confirm what data is actually being transferred to you.

How To Get The Most Value From Due Diligence (Without Getting Stuck In The Weeds)

Due diligence can feel overwhelming because there’s a lot of information, and it’s not always neatly organised. The trick is to keep it practical: focus on what changes your decision, your price, or your ability to operate.

Be Clear On Your Deal “Non-Negotiables”

Before you start reviewing documents, it helps to decide what you absolutely need for the deal to make sense. For example:

• do you need the lease to transfer?
• do you need certain staff to stay on?
• do you need to own the brand and website?
• do you need certain contracts locked in for a minimum term?

This keeps due diligence focused on your real business drivers, not just “paper review” for its own sake.

Prioritise High-Impact Risks

Not every issue deserves the same energy. A typo in a contract is usually minor. A clause that allows a major customer to terminate immediately on sale is not.

In many transactions, the highest-impact risk areas are:

• ownership and authority (who can actually sell, and what approvals are required)
• material contracts and revenue dependencies
• employment exposure (especially where there’s underpayment or misclassification risk)
• IP ownership (especially for digital-first businesses)
• leases and site access (if premises are essential)

Use Due Diligence Findings To Negotiate, Not Just To “Collect Information”

Due diligence is most valuable when it results in an action:

• change the contract terms
• fix missing documents before settlement
• adjust price to reflect risk
• set up a transition plan
• walk away if the risk doesn’t match the opportunity

This is also why it’s risky to rely on generic templates or DIY legal documents during a transaction - the protections need to match the specific issues uncovered.

Key Takeaways

• Legal due diligence is the process of reviewing a business or transaction to identify legal risks before you commit, so you can negotiate protections and avoid surprises.
• The process usually involves gathering documents, reviewing key risk areas, asking targeted questions, and then reflecting the findings in the final contract and completion steps.
• Due diligence commonly covers company structure and ownership, material contracts, employment arrangements, IP ownership, privacy/data compliance, and leases or property arrangements.
• Common red flags include “handshake” customer/supplier arrangements, non-assignable contracts, unclear IP ownership, employment gaps, and weak privacy practices under the Privacy Act 2020.
• Due diligence is most valuable when it leads to practical outcomes like price adjustments, conditions that must be met before settlement, stronger warranties/indemnities, or a decision not to proceed.
• Because every deal is different, it’s worth getting tailored legal advice rather than relying on assumptions or generic document templates.

If you’d like help with legal due diligence for a business purchase, investment, or major transaction, you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.