What to address legally before selling your business or bringing in an investor? And why does it affect the price you get?

Selling a business or bringing in an investor is not just about the numbers in your accounts. Above all it is a legal process and reputational due diligence in which the true state of affairs comes to light. Risks that surface can significantly reduce a company's value. In these transactions, what is being paid for is the certainty and predictability that the legal and operational reality matches what is being presented. And in 2026, AI compliance has firmly become part of the picture too.

The more uncertainties remain unresolved, the greater the risk the buyer/investor factors into the terms – and negotiations then more often end with a price reduction, part of the purchase price being held back (escrow/holdback), stricter warranties, or even the other party walking away. Alongside the classic areas (contracts, assets, employees, GDPR, intellectual property and cybersecurity), AI compliance increasingly tips the balance too – that is, whether the company uses AI in line with the law, licences, data protection and internal rules.

The aim is to carry out an internal "vendor due diligence" before approaching the other parties, i.e. to get the documents in order, identify the risks and either eliminate them or at least be able to describe and price them transparently. Below is an overview of the areas we most often address with clients in practice.

• Current extracts from public registers, the articles of association/founding documents and their full wording.
• Documentation relating to shares/interests: transfers, options, pledges, bonds, pre-emption rights, transfer restrictions, side agreements between shareholders, silent partners.
• Decisions of governing bodies (general meeting, directors/board) on key matters, signature specimens, powers of attorney.
• Group relationships and related-party transactions (intercompany agreements, cash pooling, licences).
• Readiness for an investor's entry: cap table, ESOP/VSOP, ranking of rights, liquidation preferences (where relevant).

• A review of key customer and supplier contracts.
• Change of control clauses, third-party consents, assignment bans, termination rights upon a change of owner.
• SLAs, liability caps, contractual penalties, unilateral price changes, automatic renewals.
• Public contracts/grants: transfer conditions, notification obligations, sanctions.
• Records of orders and framework agreements – so that the stability of revenue (recurring revenue) and the actual scope of obligations can be evidenced.

• IP ownership and brand protection - trademarks, domains, patents/utility models (if any) and licences.
• Transfers/grants of rights from employees and external developers (especially for copyrighted works, source code, graphics, databases).
• Licences for the software used (SaaS, on-prem), compliance with licence terms, suppliers' audit rights.
• Open-source policy: a list of the libraries used, risky licences (copyleft), records of compliance with obligations (crediting authors - so-called attribution, offering source code, etc.).
• Cybersecurity and incidents: a basic access regime, incident records, backup policies.
• Data: mapping the types of data (personal/non-personal).

For checking your intellectual property and brand protection you can also use the EU-subsidised IP scan service. This service can save a great deal of money.

• Employment contracts and management contracts (bonuses, severance, non-compete, confidentiality).
• Documentation on remuneration and benefits, pay transparency, internal regulations, collective agreements (if any).
• Self-employed contractors and agency workers: the real nature of the relationship and the risks of disguised employment ("švarcsystém").
• Incentive schemes (ESOP/VSOP), vesting, good/bad leaver rules.
• For key people: retention and the transfer of know-how (including access to repositories, passwords, systems).

• Licences/permits and their transferability (especially in regulated sectors).
• AML/sanctions screening where relevant (e.g. finance, crypto, real estate, international trade).
• GDPR basics: personal data - who is the controller/processor, written contracts with processors, records of processing activities, legal bases, DPIAs where needed, data security.
• Consumer law and marketing: consents, cookies, terms and conditions, the complaints process.
• Environment/HSE (if this applies to you): waste, chemicals, occupational health and safety, inspections and sanctions.

If your company uses AI tools (internally or in a product for customers), the buyer/investor will want to know whether that use is legally "in order". This is not only about the law; it is about the risk of the product being shut down, regulatory sanctions, disputes over data/IP and reputational harm.

AI compliance checklist (the minimum for a transaction)

• A map of AI use cases: where you use AI (product, internal processes), which models (your own vs. third-party), what data goes in/comes out.
• Contracts and licences for AI tools: terms of use, who may upload data, restrictions on commercial use, audit rights, limitations on the supplier's liability.
• Data governance and personal data protection: whether confidential information, personal data or trade secrets flow into the AI without an appropriate legal basis and settings (DPA, retention settings, disabling training at the provider where possible), an assessment of roles (controller/processor), DPIAs for risky scenarios, transparency towards data subjects and security measures.
• Intellectual property: how you handle AI-generated outputs (who holds the rights to them, what the licence terms are), and whether the training data was obtained and used lawfully.
• Risk areas: automated decisions, profiling, discrimination, product safety, and, for customer use cases, a clear contractual allocation of liability.
• Records and documentation: a "package" of documents that can be presented to an investor (policies, contracts, risk assessments, a description of the architecture and data flows).
• Internal rules: an AI policy for employees (what they may/may not do, how to work with data).
• AI literacy - ensuring the obligation to train employees and collaborators is met. Don't have your employees trained yet? Come to our academy for training. We provide training in Prague, Brno and at companies.

A well-prepared company sells faster and on better terms – because the buyer/investor doesn't have to "price in the unknown". Pre-transaction legal preparation typically does more than add comfort; it directly protects value: it reduces price reductions and improves the chances of a smooth closing. And because AI is increasingly part of both the product and internal processes, AI compliance is becoming a standard item of due diligence. When it is under control, it is a competitive advantage – when it is not, it is a cost and a risk.

Want to quickly find out where your biggest transaction risks lie? Have us carry out a short pre-transaction legal screening (including AI compliance) – the result is a prioritised list of steps that will protect the price and simplify negotiations the fastest.