AI Compliance and Governance Critical in M&A Valuations and Risk Management

Artificial intelligence (AI) is increasingly integral to mergers and acquisitions (M&A), joint ventures, and sale transactions, directly influencing company valuations and risk assessments. Buyers must evaluate not only the extent of AI usage by target companies but also assess compliance with emerging regulatory mandates and the robustness of AI governance frameworks to mitigate legal and reputational risks. Regulatory landscapes in the U.S. and abroad, including the EU's AI Act and various U.S. state-level rules, impose requirements focused on transparency, data protection, and accountability, with potential penalties for noncompliance. Sellers can improve transaction outcomes by conducting AI readiness assessments, documenting compliance efforts, and preparing responsible AI disclosures to facilitate smooth due diligence and enhance buyer confidence. From an underwriting perspective, insurers offering representation and warranty coverage will scrutinize AI use as part of their risk evaluation processes. Key evaluation domains during transactions include AI governance and oversight, regulatory compliance with privacy considerations, proprietary data and intellectual property protection, and product liability exposure related to AI. Strong governance frameworks characterized by formal oversight committees and designated AI officers enhance visibility into AI applications and help manage compliance and ethical risks effectively. Privacy and data security diligence must be rigorous, particularly with sensitive data involving health, finance, identity, and location, while public companies must avoid misleading disclosures about AI usage to comply with Securities and Exchange Commission (SEC) reporting requirements. Protecting proprietary data and AI models requires understanding licensing agreements and safeguarding against unauthorized data leaks or intellectual property loss, including risks arising from generative AI and invention documentation. AI-driven product liability concerns are significant where AI impacts safety-critical functions or consumer products, requiring thorough risk assessments especially in sectors such as public services, employment, education, healthcare, and critical infrastructure. Overall, AI's regulatory and operational complexities necessitate thorough due diligence and strategic governance to optimize transaction value and manage liabilities effectively in today's evolving technological and regulatory environment.