Author: Anirudh Subhaian Padmanabhan, Tamil Nadu National Law University (TNNLU)

When Microsoft made waves by announcing its $68.7 billion acquisition of Activision Blizzard, the headlines focused on video games and cloud gaming dominance. But behind all that noise was a subtler and more significant point: what Microsoft really acquired wasn’t just IP or a user base, rather it was data, AI capability, and digital infrastructure that could plug directly into its long-term vision of integrated intelligence. This is where modern mergers, especially those in the tech space, start to look very different from the textbook models we studied. With AI-driven acquisitions, we are not buying traditional assets. We are absorbing systems which are datasets, models, proprietary algorithms and more crucially, the culture and infrastructure needed to keep those systems running.

It’s not just a valuation game anymore. It is a systems integration challenge, and if lawyers, financial advisors, and even the acquiring C-suite fail to understand this shift, they risk turning billion-dollar deals into long-term liabilities.

One of the weirdest questions we now need to ask in a deal involving an AI company is How much is this model actually worth? And the answer often is nobody knows for sure. AI models, especially deep learning systems, don’t function like classic assets. Their performance is entangled with the data they were trained on, the infrastructure they run on, and sometimes, the specific developers who built them. That makes assigning value more of a legal-artistic exercise than a spreadsheet calculation, and there is another issue like how do we even transfer these models legally? Suppose a model is trained on scraped personal data that might not meet the consent standards of India’s DPDP Act. Now the acquiring company may be holding an asset that can’t be lawfully used or monetised. We have just paid millions for risk.

Valuation now must include ethical data sourcing, explainability, interoperability, and data localization compliance. That is way beyond traditional due diligence and yet, many law firms still don’t account for it.

Lawyers typically examine contracts, litigation history, IP rights, employment agreements, and regulatory filings. But in AI-centric M&A, that surface-level checklist simply doesn’t cut it. Today, due diligence must dive into codebases, APIs, model architecture, and data lineage. It has to ask:

• Where did the training data come from?

• Were licenses for third-party software or open-source tools properly obtained?

• Are there unresolved bugs or bias issues hidden in the model that could become PR disasters later?

This means lawyers can no longer work in silos. They need to sit with the CTO and data scientists. Ask uncomfortable questions. Demand audits of model documentation. Because post-acquisition, those models don’t magically adapt rather they often break or become liabilities.

Integration is always hard in M&A. But it is even worse in tech deals involving AI startups. Why? Because merging two legal entities is one thing. Merging cultures, data practices, and infrastructure is a completely different game. Startups often function with patchwork code, lean ethics, and informal workflows. Large acquiring companies, by contrast, operate in regulated environments, with strict compliance demands and rigid protocols. Try shoving one into the other and it often doesn’t work.

The AI that worked for the startup may fall apart when deployed at scale. Engineers may quit if their autonomy disappears. And what looked like a “synergy” on paper turns into months of stagnation, friction, and even reputational damage.

Lawyers should be asking:

• Will this AI product survive integration into the acquirer’s tech stack?

• Are the key personnel staying post-acquisition?

• Is there regulatory exposure that hasn’t been stress-tested?

These questions are usually shrugged off as “business issues.” But increasingly, there are legal issues too.

Data isn’t just the fuel of AI rather it is its biggest liability. With new legislation like India’s Digital Personal Data Protection Act, 2023, the legal landscape for data-heavy companies has changed completely. If the target company processes Indian users’ data, we need to ensure:

• Proper notice and consent frameworks are in place

• Data is stored and transferred in compliance with localization norms

• Cross-border data flows meet jurisdictional requirements (especially in case of foreign acquirers)

Add to that the EU’s AI Act which classifies AI applications into risk categories with obligations around documentation, human oversight, and enforcement and we have got a multi-jurisdictional compliance puzzle that most M&A contracts never prepared for.

So, what should lawyers actually do in these scenarios?

Here’s a working checklist for legal professionals navigating AI-driven M&A:

1. Technical Due Diligence Collaboration – Work with engineers to understand model risk, technical debt, and explainability.

2. Data Lineage Audit – Trace where the data came from, how it’s been processed, and whether it complies with privacy laws.

3. Cybersecurity Review – Has the company experienced breaches? Are its AI systems vulnerable to attacks (like model poisoning)?

4. Model Ownership Verification – Clarify who owns the models often, they have been trained using third-party APIs or in cloud environments with unclear IP terms.

5. HR & Talent Risk – Identify who the “key minds” are behind the AI and assess whether they are contractually obligated to stay.

This is not the old school “check for litigation” diligence. It is about identifying fragilities that could destroy synergy or trigger regulatory heat after the ink is dry.

AI-driven acquisitions aren’t just expensive, rather they are fragile. Unlike factories or patents, AI systems are context-dependent, compliance-heavy, and technically complex. The “synergy” we thought we were buying could collapse unless we have assessed the risk buried in the code, the data, and the people behind the system. Legal professionals now need to be much more than paperwork experts. They must be translators converting black-box technical complexity into clear legal frameworks. Because in the end, the law isn’t just about risk management anymore rather it is about value creation. And if we don’t learn to read the systems we are signing off on, we are not really lawyers for the digital age, we are just scribes for the analogy of the past.