AI and M&A NDAs: Managing Artificial Intelligence Risks in Confidentiality Agreements
Artificial intelligence is rapidly reshaping how M&A transactions are evaluated, modeled, and executed. In mergers and acquisitions, buyers and their advisors increasingly use AI tools in the due diligence process to review data rooms, summarize contracts, and identify risk patterns.
The Tension Between Efficiency and Confidentiality
The use of AI creates tension between a buyer’s desire to efficiently and thoroughly review a seller’s due diligence materials and a seller’s understandable desire to maintain the confidentiality of such materials. In a typical M&A transaction, a seller shares highly sensitive information under a nondisclosure agreement (NDA), including trade secrets, financial statements and projections, customer and supplier contracts, proprietary technology information, and employee information.
The use of AI in the due diligence process raises a fundamental question: does uploading confidential information into an AI tool violate the NDA? In the current deal environment, the issue is no longer whether AI will be used in diligence, but whether the NDA adequately addresses it. Sophisticated parties are now negotiating explicit AI provisions in confidentiality agreements to avoid unintended breaches, protect trade secrets, and preserve deal value.
Understanding AI Use in M&A Due Diligence
Buyers and their advisors historically reviewed due diligence materials manually. Today, many firms seek to use AI tools to:
- Summarize large volumes of contracts
- Identify change-of-control provisions
- Extract financial data
- Flag regulatory or compliance issues
- Analyze risk patterns across documents
While these efficiencies are attractive, not all AI platforms are compatible with traditional NDA obligations. Many publicly available AI tools operate under terms of service that conflict with standard M&A confidentiality provisions.
Potential Conflicts with Traditional NDAs
For example, some AI tools retain user inputs to improve their models or for internal analytics. If confidential information is uploaded into such systems, that retention may conflict with an NDA’s requirements to:
- Use information solely for evaluating the transaction
- Prevent disclosure to unauthorized third parties
- Return or destroy confidential information upon request
In another example, certain AI providers’ terms grant the provider a license to use submitted content. Even if that use is limited or anonymized, the grant of rights itself may:
- Constitute a prohibited disclosure
- Exceed the “permitted use” under the NDA
- Undermine trade secret protections
Lastly, most NDAs restrict disclosure to defined “Representatives,” such as employees, officers, directors, financing sources, and professional advisors. An AI platform provider may not qualify as a permitted representative under the NDA.
These examples illustrate how the use of an AI platform in due diligence may lead to an unintended breach, exposing buyers to liability.
How M&A NDAs Are Evolving to Address AI
Traditional NDAs were not drafted with AI in mind. As technology becomes embedded in diligence processes, confidentiality agreements are increasingly being revised to address AI-related risks directly.
Transaction counsel are responding in several ways. Some sellers now include provisions that:
- Prohibit uploading confidential information into public or open-source AI platforms
- Restrict use of AI tools that retain data or use inputs for model training
- Require prior written consent before using AI in diligence
Nevertheless, in recognition of the prevalence of AI, sellers and buyers are not simply banning AI outright. Instead, parties are putting in place guardrails around the use of AI to protect a seller’s information and avoid a breach by the buyer. This may include provisions allowing for secure, enterprise-grade AI tools or private closed environment AI systems. These types of platforms generally have contractual assurances regarding data isolation, no training on user data, and deletion capabilities.
Adding these guardrails ensures that the use of AI tools complies with an NDA’s confidentiality standards and prevents disclosure beyond permitted representatives. This balanced approach recognizes the efficiency benefits of AI while preserving the integrity of confidential information.
Trade Secret Protection and AI in M&A Transactions
For companies whose enterprise value is driven by proprietary technology, data models, algorithms, or customer lists, AI misuse poses heightened risk.
Under trade secret law, protection depends on maintaining reasonable safeguards. Uploading confidential data into unsecured AI systems may be argued to:
- Destroy secrecy
- Demonstrate failure to implement reasonable protective measures
- Waive protections that underpin valuation
In competitive auctions or strategic acquisitions, even a theoretical weakening of trade secret status can materially affect negotiating leverage, making a properly drafted NDA critical.
Practical Guidance for Buyers and Sellers
For Buyers
Before using AI in due diligence:
- Review the NDA carefully for technology restrictions
- Confirm whether AI providers retain or train on input data
- Coordinate with legal counsel before uploading sensitive materials
- Consider enterprise or private AI environments
Efficiency should not come at the expense of contractual compliance or deal credibility.
For Sellers
When drafting or negotiating an M&A NDA:
- Evaluate whether AI restrictions are appropriate given the nature of the confidential information
- Address AI explicitly rather than relying on general confidentiality language
- Confirm that return and destruction provisions are technologically feasible
- Align NDA protections with trade secret preservation strategy
Clear drafting reduces disputes and signals sophistication in the transaction process.
