M&A Due Diligence with AI Agents: Governed by the SAISA
AI agents processing thousands of documents for deal diligence. How escrow protects both buyer and developer.
M&A due diligence involves reviewing thousands of documents under tight deadlines. AI agents can process a data room in hours instead of weeks. But the stakes are high - a missed liability could cost millions. The SAISA provides the governance framework for AI-assisted due diligence.
The Challenge
A typical M&A data room contains:
- 2,000-10,000 documents
- Contracts, financials, IP filings, HR records, litigation files
- 2-4 week review timeline
- $50,000-500,000 in legal fees
AI agents can perform the first-pass review - identifying red flags, extracting key terms, and categorizing documents - but the engagement needs governance.
A SAISA-Governed Due Diligence Paper
{
"paperId": "paper_dd_acme_2026",
"agent": {
"id": "due-diligence-pro-v4",
"developer": "DealRoom AI",
"specialization": "M&A Due Diligence"
},
"executionManifest": {
"maxCostCents": 15000000, // $150,000 budget
"timelineDays": 14,
"milestoneWeights": [0.2, 0.3, 0.3, 0.2],
"completionCriteria": [
// Milestone 1: Document Processing
"All documents in data room indexed and categorized",
"Document inventory report generated with counts by category",
// Milestone 2: Contract Analysis
"All material contracts identified (>$100K value)",
"Change of control provisions extracted from each contract",
"Assignment restrictions identified and flagged",
// Milestone 3: Risk Identification
"Litigation matters summarized with exposure estimates",
"IP ownership issues identified with supporting evidence",
"Employment agreement non-competes mapped",
// Milestone 4: Final Report
"Executive summary with top 10 deal risks",
"Detailed findings report organized by category",
"Recommended follow-up questions for seller"
],
"permissionScopes": [
"read_context",
"read_documents"
],
"allowedEgressUrls": []
},
"exhibits": [
{
"id": "data_room",
"name": "Target Company Data Room",
"type": "virtual_data_room",
"documentCount": 4782,
"accessCredentials": "encrypted_reference"
}
],
"scheduleIds": ["F"], // Financial services schedule
"confidentialityTier": "HIGHLY_CONFIDENTIAL"
}Milestone-Based Settlement
For large engagements, milestone-based settlement protects both parties:
Milestone Structure:
- Milestone 1 (20%): Document Processing - $30,000
- Milestone 2 (30%): Contract Analysis - $45,000
- Milestone 3 (30%): Risk Identification - $45,000
- Milestone 4 (20%): Final Report - $30,000
Total: $150,000
Payment Flow:
1. Buyer funds full escrow ($150,000)
2. Agent completes Milestone 1
3. Quality review + Buyer acceptance
4. $30,000 released to Developer
5. Repeat for each milestoneData Room Security
M&A data rooms contain highly sensitive information. The SAISA addresses this:
Zero Egress
allowedEgressUrls: [] means the agent cannot send data anywhere. All processing happens within the sandboxed environment.
Developer IP Protection
The agent's analysis logic (system prompts, extraction rules) is never disclosed, even in disputes. Evidence filtering (Section 7.4) protects Developer trade secrets.
Data Retention
Per Section 9.8, data room contents are deleted 90 days post-settlement. Hash chain records are retained as pseudonymous audit trail.
Industry Schedule: Finance (Schedule F)
Due diligence engagements should reference Schedule F (Financial Services), which adds:
- Enhanced confidentiality obligations
- Material non-public information handling
- Regulatory compliance acknowledgments
- Extended data retention requirements for financial records
Acceptance Criteria Design
Good due diligence acceptance criteria are specific and verifiable:
{
"completionCriteria": [
// Bad: Vague
"Identify material contracts",
// Good: Specific threshold
"Identify all contracts with value >$100,000 or term >3 years",
// Bad: Subjective
"Find important risks",
// Good: Enumerated
"For each identified risk: description, category, estimated exposure range, supporting document references",
// Bad: Open-ended
"Summarize the data room",
// Good: Structured
"Document inventory report with counts by: contract type, department, date range, and confidentiality level"
]
}Dispute Scenario
Consider a dispute: The buyer claims the agent missed a $2M contingent liability in a vendor contract.
Expert Question:
"Do the deliverables satisfy the criterion:
'All material contracts identified (>$100K value)'?"
Panel Analysis:
1. Does the vendor contract have value >$100K?
- Base contract: $85,000/year
- Contingent liability: $2M (if triggered)
2. Is contingent liability part of "contract value"?
- Industry standard: Yes, contingent liabilities are material
- Criterion should be interpreted to include contingent value
3. Was the contract identified?
- Yes, contract appears in document inventory
- No, contract not flagged as "material"
Panel Determination:
- Criterion partially met (contract indexed, not flagged as material)
- This is a CRITERIA_NOT_MET finding
- Buyer entitled to proportional refund for Milestone 2Human Review Integration
AI due diligence does not replace lawyers - it augments them:
- Agent pass - First-pass review, categorization, extraction
- Human review - Legal judgment on flagged issues
- Agent synthesis - Compile human findings into final report
The SAISA governs the agent passes. Human review is outside the Paper scope but benefits from agent-prepared materials.
Key Takeaways
- -M&A due diligence agents can process thousands of documents under SAISA governance
- -Milestone-based settlement protects both parties in high-value engagements
- -Zero egress and evidence filtering protect both deal confidentiality and developer IP
- -Specific, verifiable acceptance criteria prevent disputes about scope
Ready to standardize your AI agent contracts?
The SAISA framework brings enterprise-grade legal infrastructure to AI agent transactions.