• Curved glass facades of two office buildings against a blue sky
Insights

Due Diligence in a Company Acquisition in Germany

Types of review, data room process, typical red flags and buyer protection.

| Reading time 12 min. | Author: Sebastian Harschneck

Due diligence in a company acquisition is the structured review of the target before the purchase agreement is signed. Legal, financial, tax and operational records are analysed in the data room, open points are addressed through Q&A and material risks are prioritised. A buyer acquires not only future opportunity but, in a share deal, the company's history: long-term contracts, tax exposure, compliance failures and unresolved disputes. Due diligence reduces the seller's information advantage and turns that history into matters that can be reflected in the decision and the contract.

The review answers three central questions: does the target fit the transaction, does the agreed price hold up, and which risks need to be allocated expressly in the purchase agreement? A finding may lead to a price adjustment, a condition to closing, a warranty or a specific indemnity. This article addresses those issues from the buyer's perspective. Vendor due diligence commissioned by the seller serves a different purpose.

What is due diligence in a company acquisition?

The term comes from Anglo-American law and denotes the care required in commercial dealings with which a buyer examines what it is buying. Applied to a company acquisition, due diligence is the structured review through which a buyer establishes, before signing, the legal, commercial and tax condition of the target. It does not replace a warranty from the seller; it gives the buyer the information needed to judge which warranties it requires in the first place.

The buyer is forced into this by the structure of the acquisition itself. In a share deal, the buyer acquires shares in the company. Section 453 BGB applies the rules on the sale of goods to this purchase of rights only by analogy, so the statutory warranty as a rule reaches the shares, not the business behind them with its contracts, liabilities and risks. Only where the buyer takes over all or nearly all of the shares does the Federal Court of Justice (BGH) treat the transaction economically as a purchase of the business and, by way of exception, allow liability for defects to reach through to the company.

A buyer who would otherwise rely on the statute is left practically empty-handed when the business turns out to be distressed. It has to find the risks itself and protect against them by contract. That is precisely what due diligence delivers: it is the precondition for the buyer to demand the right warranties and indemnities in the purchase agreement, and it supplies the arguments on which the price is justified.

What types of due diligence are there?

Due diligence breaks down into several workstreams that cover different disciplines and run in parallel. The four load-bearing streams are legal, financial, tax and commercial due diligence. On smaller transactions they are bundled together; on larger ones they are supplemented by further reviews.

Legal due diligence is the lawyer's core. It examines the corporate structure and clean title to the shares, the material contracts with customers, suppliers and banks, the holdings of real estate, permits and intellectual property rights, the employment position, and pending and threatened litigation. Financial due diligence goes to the numbers: the quality of the reported earnings, meaning which profit is sustainable and which is one-off, together with the actual net debt and the working capital requirement.

Tax due diligence takes stock of the tax past, reviewing open assessment periods, the exposure from a running or imminent tax audit (Betriebsprüfung) and possible constructive dividends (verdeckte Gewinnausschüttung). Commercial due diligence looks outward at the market, the competition and the customer base, and answers whether the business model holds up and how dependent the company is on individual customers or suppliers.

Depending on the sector, further reviews are added. A technical due diligence assesses plant and production, an environmental due diligence covers contaminated sites and environmental risks, an IT due diligence looks at the systems and data protection compliance. Which streams are needed depends on the company. A manufacturer on an old industrial site calls for a different scope than a software house whose essential value sits in source code and licences.

How does due diligence proceed?

It begins with confidentiality. Before the seller discloses sensitive documents, the parties sign a confidentiality agreement. On the basis of an initial declaration of intent, often a letter of intent, the buyer draws up a request list that specifies exactly which documents it wants to see. The seller uploads those documents into a data room.

The data room today is almost always a virtual data room, a secured online platform on which the documents are filed in a structured way and to which only authorised reviewers have access. There the advisers work through the contracts, financial statements, tax files and permits. Questions arising from the documents go to the seller through a controlled question-and-answer process. At the end there is a due diligence report. Often a red flag report is chosen, concentrating on the risks that decide the deal rather than documenting every detail. Its findings feed straight back into the negotiation of the purchase agreement.

Due diligence therefore sits in time between the declaration of intent and signing, and runs over several weeks. This phase also reveals whether the transaction needs regulatory clearances that will govern the timetable through to completion, such as a merger control clearance or a foreign investment review. The full sequence from letter of intent to closing is the subject of its own article; here the focus is the review itself and what it brings to light.

What are the most common red flags?

A red flag is any finding that lowers the value of the company, puts the purchase in question or calls for special contractual protection. The same patterns keep surfacing in the legal review. Change-of-control clauses in important contracts give the counterparty a right to terminate as soon as the shareholder changes, and can strip the value out of a key customer or supplier contract the moment the deal closes.

Unclear ownership of trademarks, patents or source code hits the buyer exactly where the real value of the business lies. Missing or expiring public-law permits can put operations at risk. Pending or threatened litigation and identifiable compliance breaches, for instance in antitrust, data protection or supply chain law, create a continuing liability that catches up with the buyer years after the purchase.

The tax and financial review turns up warning signs of its own. An open tax audit (Betriebsprüfung), constructive dividends or questionable transfer prices can trigger substantial back-tax claims. In the numbers, flattered earnings, concentration risk on a handful of large customers or an understated net debt are the typical findings that put the price under pressure.

Regulatory red flags form a category of their own, because they delay or block completion. Where the companies involved reach the turnover thresholds of German merger control, the concentration has to be notified to the Federal Cartel Office (Bundeskartellamt). Those thresholds are a combined worldwide turnover of more than €500 million together with domestic turnover of more than €50 million for one and more than €17.5 million for the other undertaking involved (Section 35(1) GWB). Until clearance a prohibition on completion applies; a transaction completed prematurely is generally void (Section 41(1) GWB).

Where the acquirer comes from outside the EU and EFTA, a foreign investment review under foreign trade law may apply on top. In the cross-sector review under Sections 55, 55a AWV, an acquisition is reviewable from 25% of the voting rights, and for security-relevant activities from as little as 10% or 20%. Only in these case groups does a notification duty fall on the acquirer (Section 55a(4) AWV); the plain 25% acquisition is reviewable but can be taken up only by the authority of its own motion. Anyone who discovers such clearance requirements only shortly before signing loses weeks.

How does the review differ between a share deal and an asset deal?

The structure of the transaction determines where the risks lie and where the review places its weight. In a share deal, the buyer acquires the shares and with them the legal entity as a whole. It inherits everything inside that entity, including liabilities and legacy burdens that never appear in the books. Legal and tax due diligence therefore has to cast an especially wide net here, because every hidden obligation travels with the shares. Since the statutory warranty under Section 453 BGB as a rule captures only the shares, the buyer's protection hangs entirely on the contractual catalogue of warranties, which only the review fills with content.

In an asset deal, the buyer acquires individual assets and can in principle choose what it takes on and what it leaves behind. This apparent freedom has limits that the law draws firmly and that the review has to make visible. If the buyer continues the commercial business under the existing trading name, it is liable under Section 25 HGB for the earlier business debts; this can be excluded only by an agreement entered in the commercial register and published, or by notice to the creditors.

For business taxes the acquirer of the business is liable under Section 75 AO, limited to the assets taken over and to taxes that arose from the beginning of the last calendar year before the transfer. And employment relationships pass to the buyer by operation of law under Section 613a BGB as soon as a business or part of a business is transferred; they cannot be carved out of the deal. An asset deal therefore does not automatically free the buyer from the past, and the review decides whether these traps are spotted and caught in the contract.

Why does due diligence decide the scope of warranty liability?

Due diligence is part of what decides what the seller remains liable for at all. Under Section 442(1) BGB, the buyer's rights in respect of a defect are excluded where it knows of the defect at the time the contract is concluded. Where its lack of knowledge is grossly negligent, it retains rights only if the seller fraudulently concealed the defect or gave a warranty. For a company acquisition this means: what the buyer knows, it can no longer raise as a defect afterwards.

This principle shapes the negotiation of the purchase agreement. Sellers typically load large volumes of documents into the data room and agree that everything disclosed counts as known to the buyer. Such data room disclosure qualifies the warranties: whatever sat in the data room is disclosed, and for disclosed matters the seller is no longer liable. An extensive data room is therefore not a pure service to the buyer but at the same time an instrument for shedding liability. A careful review is the only way to find the critical points in that mass before they take effect silently at the buyer's expense.

The findings of the due diligence therefore translate directly into the contractual protection. Because the statutory warranty gives little in a company acquisition, the purchase agreement works with independent, no-fault warranty promises founded on the freedom of contract in Section 311(1) BGB. For general matters a catalogue of such warranties suffices.

For a specifically identified risk, such as a threatened back-tax claim from the open tax audit, a warranty does not suffice, because the matter has already been disclosed and is therefore known. Here the buyer needs a targeted indemnity under which the seller assumes precisely that risk, or a corresponding reduction in the price. Without due diligence the buyer does not know what to demand such an indemnity for.

How are due diligence and W&I insurance connected?

W&I insurance, warranty and indemnity insurance, covers claims arising from a breach of the warranties given in the purchase agreement and of the tax indemnity. It has established itself as an instrument because it gives the seller a clean exit without continuing liability and gives the buyer a solvent counterparty if a warranty later turns out to be untrue. Its relationship with due diligence is close, and it runs in two directions.

First, the review is the basis on which the insurer underwrites at all. The underwriter and its lawyers work through the buyer's due diligence reports and the data room and insure only what has been sufficiently reviewed. A patchy review leads to gaps in cover or to exclusions.

Second, W&I insurance covers only unknown risks. Whatever the due diligence has specifically uncovered, or whatever was disclosed in the data room, is known and regularly falls outside the cover. For such identified risks it remains a matter for a separate indemnity from the seller or an adjustment to the price. W&I insurance therefore does not replace due diligence; it presupposes it. We give a deeper overview of how the cover is built and where its limits lie in a separate article.

What does due diligence cost, and how long does it take?

The cost and duration of due diligence depend on the size and scope of the transaction. What drives them is the number of workstreams, the size of the data room, the complexity of the company and whether a full review or a red flag approach concentrated on the material risks is chosen. On a mid-market transaction the review itself usually runs to a few weeks between the declaration of intent and signing.

The cost is as a rule borne by the buyer, since it is the buyer who commissions the review in its own interest. It is money well spent when measured against what is at stake. A single overlooked risk, a hidden tax burden or a terminable key contract can amount to a multiple of the review costs. To save on due diligence is to save at exactly the point where the price of the company and its later protection are decided.

About the author

Sebastian Harschneck
Sebastian Harschneck
Lawyer · Managing Partner
Get in touch

Sebastian Harschneck advises companies on corporate law and supports acquisitions and disposals, from due diligence to closing, including cross-border transactions.

Cable-stayed bridge with white pylon and red deck seen from below against a clear evening sky

Support for your due diligence

We carry out the legal due diligence of your target and translate the findings into warranties, indemnities and a robust W&I structure.

Get in touch

Frequently Asked Questions on Due Diligence

Due diligence is the buyer's structured review of the target before the purchase agreement is signed. Legal, financial and tax records are examined in a data room to uncover risks and assess the value of the company. It is necessary because the statutory warranty offers little protection in a company acquisition, so the buyer has to find the risks itself and secure them by contract.

Legal due diligence examines the legal position: corporate structure, contracts, permits, intellectual property rights and litigation. Financial due diligence assesses the numbers, separating sustainable from one-off earnings and capturing net debt and working capital. Commercial due diligence looks at the market, the competition and the customer base and judges whether the business model holds up. The three streams answer different questions and run in parallel.

Red flags are findings that lower the value of the company or call for special protection. Typical examples are change-of-control clauses in important contracts, unclear ownership of trademarks or source code, missing permits, pending litigation and compliance breaches, along with open tax audits, constructive dividends and concentration risk on a handful of large customers. Required clearances that delay completion, such as a merger filing or a foreign investment review, also belong here.

A data room is the organised collection of documents that the seller discloses to the buyer for review. Today it is almost always a virtual data room, a secured online platform with structured filing and controlled access. Whatever sits in the data room is regularly treated as disclosed and therefore as known to the buyer, which under Section 442 BGB can exclude later claims based on those matters.

No. W&I insurance covers claims arising from a breach of warranties and the tax indemnity, but only for unknown risks. Whatever the due diligence has specifically uncovered, or whatever was disclosed in the data room, is known and regularly excluded from cover. For such identified risks the buyer needs a separate indemnity or a price adjustment. At the same time, a careful review is the basis on which the insurer grants cover at all.

The cost depends on the size and scope of the transaction, in particular the number of workstreams, the size of the data room and the choice between a full review and a red flag approach concentrated on the material risks. It is as a rule borne by the buyer. Measured against a single overlooked tax burden or a terminable key contract, it is usually money well spent.

Contact

Get in touch

Send us a message. We will get back to you within one working day.

Maxfeld.legal

Rechtsanwaltsgesellschaft mbH
Leipziger Platz 21
90491 Nuremberg

Brochure

Request brochure

Enter your contact details. We will send you the brochure by email right away.