ARTICLE
12 June 2026

The IT Questions M&A Teams Need To Ask Earlier (Part 2)

E
ENS

Contributor

ENS logo
ENS is an independent law firm with over 200 years of experience. The firm has over 600 practitioners in 14 offices on the continent, in Ghana, Mauritius, Namibia, Rwanda, South Africa, Tanzania and Uganda.
Explore Firm Details
Mergers and acquisitions teams often overlook critical IT dependencies until late in the transaction process, creating significant post-completion risks.
South Africa Corporate/Commercial Law
Ridwaan Boda,Priyanka Raath, and Ndinae Ramavhoya
Your Author LinkedIn Connections
ENS are most popular:
  • within Accounting and Audit, Insurance, Government and Public Sector topic(s)
  • with Senior Company Executives and HR

In part one of this short series, we discussed the importance of understanding a potential target’s Information Technology (“IT”) landscape at the outset of a transaction. We discussed that a clear understanding of their technology environment, contractual dependencies and operational vulnerabilities will enable sellers to proactively remediate issues, manage disclosure with confidence and reduce execution risk.

Now, in part two, we shift our focus to the buyer’s perspective and discuss how a proactive approach is equally important to ensure that buyers focus early on the key IT dependencies that underpin the target’s business. For buyers, the objective is to assess whether business-critical systems and licences will remain operational, accessible and cost-effective once the transaction has completed.

The buyer’s perspective

The questions a buyer should be asking are not about the sophistication of the target's technology – they are about whether the technology the business depends on will continue to function, remain legally available, to the extent required, integrate with the buyer’s current technology as well as not generate unexpected liabilities after completion.

A buyer that discovers post-completion that a critical software licence has been terminated or that a hosting provider has exercised a change of control right, has lost the opportunity to price those risks, negotiate protections or walk away. In addition, the buyer would also lose out on the opportunity to determine the cost and complexity of integrating its own technology with that of the target, should this be part of the buyer’s intention or motivation for the transaction. Early engagement on IT issues prevents post-completion shock.

Share sales

In a share sale, the buyer acquires the target entity whole – this means that the buyer steps into the target company together with every IT contract, its existing technology environment, including legacy systems, vendor arrangements, cloud architecture, cybersecurity maturity and operational dependencies. 

At the outset, the buyer should request the target's IT asset register, a schedule of all IT contracts (including software bill of materials), and the target's information security policies and most recent penetration testing and other security and service level reports. These documents provide the foundational picture: what technology does the business run on, who provides it, and how well is it protected?

The buyer should pay particular attention to the following:

  • Change of control provisions: Many IT contracts, particularly software licences, cloud hosting agreements, and managed services arrangements, contain clauses permitting the provider to terminate or renegotiate upon a change in the customer's shareholding. If material contracts contain such provisions, the buyer needs to know before signing, not after.
  • Contract tenure and renewal risk: If critical IT contracts are approaching expiry with no renewal rights, the buyer faces business continuity risk.
  • SaaS and cloud dependency: Where the target relies on SaaS platforms or a single cloud provider for core operations, the buyer should review the relevant agreements for lock-in provisions, data portability and exit terms, committed spend obligations, and liability caps. A SaaS agreement that offers no data export capability or charges punitive exit fees can create significant post-completion cost and operational risk.
  • Source code escrow: Where the target depends on software provided by a third-party vendor, the buyer should confirm whether a source code escrow agreement is in place. If the vendor becomes insolvent or ceases to support the software, and there is no escrow, the buyer may be left with a critical system it cannot maintain.
  • User rights: Often IT contracts may contain obscure provisions for example user rights or definitions of users may impede the ability to continue to utilise third party IT products and systems post-acquisition and a lawyer without deep tech law expertise will not be able to ordinarily identify such risk.

This is why many buyers are increasingly involving specialist technology lawyers, Chief Information Officers, IT leadership, architecture and cybersecurity teams earlier in transactions to assess the target’s technology environment, integration complexity, scalability, platform duplication and future transformation readiness. Issues such as heavily customised legacy systems, restrictive licensing models or fragmented data environments can significantly increase post-deal costs, and a comprehensive technology due diligence exercise can provide the insight needed to make informed decisions and negotiate appropriate terms.

Asset and business sales

In an asset or business sale, the buyer’s IT due diligence should be tightly scoped to the assets being acquired. Here, the objective is not to replicate the parent company’s environment, but to establish a fit for purpose digital foundation that supports short term continuity and long-term value creation. Here, the focus tends to shift from integration of existing systems to separation of such systems from the target’s technology stack and further to integrate the separated technology with the buyer’s own technology stack.

The central question is whether the buyer will have the legal right to use the IT systems that the acquired business depends on and further questions arise as to the complexity and cost of integrating such systems with the buyer’s own system. The challenge is many businesses operate on shared group systems, shared infrastructure and enterprise-wide licensing arrangements that are not easily carved out. As a result, early engagement between deal teams and technology teams becomes important to understand issues which may arise such as:

  • what systems and data will actually transfer;
  • which licences are assignable and whether vendor consent is required;
  • what transitional services may be required;
  • how user rights as defined may impact on future continuity;
  • whether support and maintenance obligations will continue to be in place;
  • whether new licences need to be procured and if so, the cost thereof;
  • the segregation effort and the cost involved therein;
  • whether replacement infrastructure needs to be established; and
  • the extent to which the business remains operationally dependent on the seller post-closing.

Carve-out transactions

In carve-out transactions particularly, technology support for the relevant business unit is often deeply intertwined with the parent company. This can make it difficult to determine what needs to be separated especially where systems, licences and data architecture are shared. The buyer should request a detailed schedule identifying which systems are dedicated to the business being acquired and which are shared with the seller's retained operations. For shared systems, the buyer should understand the proposed separation plan, the timeline and cost of migration, and the terms of any transitional services arrangement. If not mapped properly and early enough, separation issues can have a direct impact on timelines, operational continuity and cost allocation. Questions around data migration, data segregation, third-party consents, shared environments and post-closing access rights often become central to whether the separation can occur as smoothly as initially anticipated.

Ultimately, for buyers, early engagement with IT due diligence is not only about identifying technical issues within the target’s environment, but also about preserving value, maintaining operational continuity and ensuring that the business they acquire can function as intended without delay. Whether in share sales, asset deals or complex carve-outs, the ability to understand and address IT dependencies ahead of signing can materially influence pricing, risk allocation and deal certainty. As transactions become increasingly technology-driven, buyers who treat IT as a core diligence workstream, rather than a late-stage checklist, will be better equipped to navigate complexity, avoid post-completion surprises and realise the full value of their investment.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Ridwaan Boda
Ridwaan Boda
Photo of Priyanka Raath
Priyanka Raath
Photo of Ndinae Ramavhoya
Ndinae Ramavhoya
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More