Most M&A professionals would never hand a data room password to an undisclosed third party. But a significant number of them are doing the functional equivalent every time they paste a document into a cloud AI tool and hit enter and the reason it hasn’t caused more visible problems yet isn’t because the risk isn’t there. It’s because M&A is a small world and these things tend to stay quiet.
Here’s what’s actually happening when a deal team uses a cloud AI service during diligence: the documents leave. They get processed on infrastructure you don’t own, by a vendor you didn’t disclose to counterparties, potentially retained in logs you haven’t read the policy on, running through subprocessors in jurisdictions that were never part of the deal’s data mapping. The NDA names the parties. It names the advisors. It does not name the AI vendor’s inference cluster in Oregon.
That gap isn’t a technicality. It’s the kind of thing that surfaces in post-close disputes, regulatory inquiries, and the uncomfortable conversation where opposing counsel asks you to walk them through your data handling practices during diligence.
Why “Enterprise Plan” Is a Lie
The standard response when someone raises this is: we use the enterprise version, it has a zero-retention policy. That answer sounds better than it is.
Zero retention means the vendor claims not to store your data after the session ends. It doesn’t mean your data wasn’t processed on shared infrastructure. It doesn’t mean it wasn’t temporarily logged at the network or security layer. It doesn’t mean the subprocessors your vendor uses have the same policy. And most importantly, it doesn’t mean any of this was disclosed to the other side of your deal, because it almost certainly wasn’t, because nobody put the AI vendor in the data room access terms.
Enterprise agreements and SOC 2 reports solve compliance questions. They don’t solve the confidentiality question, which is a contract law question, not a security question. The NDA doesn’t care about your vendor’s security posture. It cares about whether you disclosed a third party was handling the information. You didn’t, because the NDA wasn’t written with that in mind.
The Documents Most Likely to Cause Problems
Not all data room documents carry the same exposure. The ones that create real problems when they end up somewhere undisclosed tend to be:
- IP and source code: Trade secret protection can be permanently weakened by disclosure to a third party, even an inadvertent one. If the target company’s source code is the primary asset in the deal, processing it through a cloud model creates a disclosure event that could affect the asset’s legal status, independent of whether anyone at the vendor ever read it.
- Pending litigation: Attorney-client privilege and work product protection are both waivable through third-party disclosure. Uploading litigation analysis or legal memos to a cloud AI service is the kind of thing that gets raised in discovery.
- Employee data from EU jurisdictions: This one isn’t speculative. Processing EU employee data through a US cloud service without appropriate transfer mechanisms in place is a GDPR violation on its own terms, separate from anything in the NDA. Regulators have levied significant fines for exactly this scenario in non-M&A contexts.
- Pre-signing transaction terms: Unpublished valuation figures, structure details, and pricing terms for public company targets carry market abuse implications if they reach the wrong place. An undisclosed AI vendor isn’t “the wrong place” in the insider trading sense but it’s the kind of disclosure that makes compliance officers uncomfortable in ways that tend to have consequences.
What Self-Hosted Actually Solves
A self-hosted document intelligence model eliminates the third-party exposure entirely, not by adding contractual controls around it but by removing the third party from the architecture. The model runs inside your own infrastructure. Nothing leaves the deal environment during processing. The vendor relationship becomes a software license, not a data processing relationship.
The capability question is real and worth addressing honestly. General-purpose frontier models are impressive. But the tasks that matter most in M&A diligence: clause extraction, obligation mapping, defined term consistency checking, change of control identification, rep and warranty cross-referencing, are narrow, structured tasks that purpose-built legal models handle as well or better than general models. The gap that exists on open-ended reasoning tasks doesn’t exist on document intelligence tasks. This has been demonstrated repeatedly in head-to-head evaluations, and it’s what you’d expect from how fine-tuning works.
The deployment complexity concern is also real but increasingly overstated. The infrastructure lift is a one-time fixed cost. For firms doing more than a handful of material transactions per year, it amortizes quickly and that’s before you account for the cost of the exposure it removes.
What a Properly Scoped Deployment Looks Like
Before the next deal kicks off, it’s worth putting three questions directly to your AI vendor:
- Where is document content processed, and who has access to it during and after inference?
- What is your data retention policy for uploaded content, including prompt history?
- Are you (and your subprocessors ) disclosed in our data room terms?
If the answers aren’t clean and immediate, the vendor relationship needs attention before the data room opens. Retrofitting this mid-deal is painful. Explaining it post-closing is worse.
The teams that get ahead of this aren’t doing it because they’re risk-averse to the point of slowing down. They’re doing it because the conversation with opposing counsel, regulators, or a portfolio company’s board goes a lot better when you can say: the documents never left the deal environment. Full stop.
Want a practical starting point? We’ve put together an M&A AI due diligence checklist covering data handling requirements, vendor assessment criteria, and self-hosted deployment considerations
Running a transaction and want to talk through the architecture? Get in touch.
