AI M&A: beyond the playbook

AI M&A faces unique risks as fast tech, evolving regulation and value drivers demand new diligence, valuation, and deal structures for AI-native targets.

02 July 2026

Publication

Loading...

Listen to our publication

0:00 / 0:00

AI M&A is not business as usual. The technology is moving fast, the regulatory landscape is shifting and the risk profile looks very different from what many dealmakers are used to. Deals involving AI-native companies, or targets where AI is intrinsic to the value of the business, raise specific diligence, valuation and risk allocation issues. Below are five themes shaping how these transactions are structured and executed.

1. Where does the value lie?

In AI-heavy businesses, value rarely sits in a single asset. It typically flows from a combination of the target's underlying data, models and algorithms, key talent and/or operational infrastructure. The first step for dealmakers should be identifying exactly where this value lies since that will shape the deal structure and strategy as well as, fundamentally, whether the target can continue to be operated in the same way post-close.

In practice, this issue goes to the core of the deal: where proprietary data or algorithms are embedded in a broader platform, carve-outs may be complex; where value resides primarily in key personnel, retention arrangements and restrictive covenants become critical to preserving the asset being acquired.

2. Diligence and impact on deal timing

The usual diligence playbook will not cover everything that needs to be assessed in AI M&A given the nuanced risks that surround any AI target. When it comes to fine-tuning traditional diligence and addressing new areas of focus, dealmakers should consider aspects such as:

A. IP infringement: for example, where AI models have been trained on third-party content without proper licensing.

B. copyright considerations: relevant to ownership and protectability of AI-generated outputs.

C. confidentiality / privacy risks: arising from the use of training data (which frequently contains significant volumes of personal or commercially sensitive data).

D. cybersecurity: AI systems and the large datasets underpinning them are prime targets for adversarial attacks, including model extraction, data poisoning and prompt injection.

E. regulatory regimes: the interplay between the AI Act, GDPR and other digital laws as well as existing sector-specific regulatory regimes (for example in healthcare or financial services).

F. EU AI Act: The EU AI Act adopts a risk-based framework, distinguishing between unacceptable, high, limited and minimal risk systems, with regulatory obligations increasing accordingly. It applies directly to providers and deployers of AI systems established within the EU, and extends to companies based outside of Europe that place AI systems on the EU market, put them into service in the EU, or whose AI systems produce output that is used within the EU.

3. Price structuring

The rapid progress of AI presents challenges for modelling future performance with the risk that a target's competitive edge may be eroded quickly as the technology evolves. That makes determining the right pricing structure critically important, particularly where a target's value is heavily dependent on technology that has yet to be proven at scale. In practice, we frequently see earn-outs or milestone payments linked to AI-specific metrics (e.g. active user numbers or subscriber growth, API call volumes, model accuracy or other performance benchmarks, data quality thresholds), customer retention rates or ARR growth. These also have currency over more "traditional" financial metrics, which may not capture the principal value drivers of an AI business.

4. Regulatory approvals and clearances

Regulatory approvals are an increasingly significant feature of AI M&A and affect both deal timing and structure. Dealmakers should assess the regulatory landscape at the very outset and, in many instances, a simple "desktop" analysis may not suffice due to the unique scrutiny that AI-focused businesses are facing from various regulatory angles.

A. Antitrust: Antitrust authorities in major jurisdictions are paying ever-closer attention to AI transactions with deals being called in for review and/or receiving added scrutiny, even where traditional market share thresholds are not met.

B. FDI: The use of AI is already prevalent in what are, for the purposes of FDI regimes (e.g. CFIUS, NSIA and STCTA), "sensitive" sectors such as defence, national security and critical national infrastructure. Its growing use by providers to governments worldwide also means that FDI screening regimes are increasingly examining AI deals.

C. Deal structure: The significance of the regulatory approval landscape extends beyond clearance risk management to deal structuring more broadly. Where regulatory approvals are anticipated, parties commonly adopt a split sign-and-close structure, with closing expressly conditioned on receipt of all required approvals. The scope of interim covenants requires careful negotiation in this context. Key issues include the allocation of regulatory risk, the standard of efforts each party commits to in pursuing approvals, and whether a failure to obtain clearance (or a clearance granted subject to onerous conditions or remedies) would trigger a walkaway right. Longstop dates also require particular attention given the potentially protracted timelines for AI-related regulatory reviews. MAC provisions remain less standard in UK and Irish private M&A than in the US, though their use has become more common in recent years, particularly in larger transactions with a split exchange and completion structure. Where they are adopted, they tend to include granular detail tied to very specific events.

5. Buyer protections

A. Specific warranties: As with diligence, it's necessary to go beyond the standard approach when it comes to buyer protections to address the specific risks inherent in an AI business. These can include specific AI warranties around IP ownership, model accuracy and performance and regulatory compliance. Buyers should also consider extended limitation periods for IP and regulatory-related claims, which reflect the longer tail nature of these risks.

B. W&I: When it comes to buyers obtaining W&I insurance cover, AI-specific risks identified through diligence are not always straightforwardly insurable under a standard W&I policy. Insurers approach AI transactions with heightened scrutiny, particularly in relation to warranties concerning training data provenance, IP ownership of model outputs and AI regulatory compliance. Early engagement with brokers who specialise in AI or technology transactions is therefore essential, both to understand the true scope of available coverage and to identify gaps in the W&I policy that may require alternative structuring, such as synthetic coverage or specific indemnities negotiated with the seller. Getting this right requires close coordination between the legal, diligence and insurance workstreams from an early stage.

AI M&A requires a different playbook. The considerations explored above, from the nature of the assets being acquired through to regulatory approvals and buyer protections, illustrate the breadth and complexity of what dealmakers face in this space. Those who invest in understanding the technology, engage with the regulatory landscape early and tailor their approach to the specific risk profile of the target will be best positioned to navigate these transactions successfully.

Author: Christine Quigley, Managing Associate, Corporate M&A and AI Champion for Dublin

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.