In the current landscape of mergers and acquisitions (M&A), the integration of artificial intelligence (AI) and operational data has become a focal point. The utilization of vast operational and consumer data facilitated by AI innovations provides tremendous opportunities for growth by enhancing operational efficiency and catalyzing the development of novel products and services. Nonetheless, these opportunities come with a set of challenges that require careful navigation by dealmakers.
A survey conducted by KPMG in 2024 found that a substantial percentage of corporate (91%) and private equity (60%) executives consider AI crucial or supportive in selecting target companies for M&A. As businesses strategize to adapt to the evolving AI landscape, many are focusing on integrating AI into existing products and services, investing in AI infrastructure, and hiring talent specializing in AI innovations.
Despite the benefits, acquiring AI and data assets presents legal complexities and expenses. Those engaged in M&A must comply with the emerging patchwork of privacy laws across U.S. states and be wary of data privacy, cybersecurity, and AI enforcement actions. The Federal Trade Commission (FTC) and the Department of Justice’s Antitrust Division are particularly vigilant, especially regarding Big Tech. However, enforcement is contingent on proving a violation of antitrust laws, as emphasized by FTC Chair Andrew Ferguson, who advocates for M&A as a driver of economic growth.
To address these legal challenges, effective strategies are essential. For one, M&A stakeholders should thoroughly scrutinize the data and AI governance programs of target companies to ensure robust governance practices are in place. Businesses must also keep an eye on enforcement trends. Recent actions by the California attorney general, for instance, have targeted the processing of location data, and the FTC has pursued actions against companies making deceptive claims on AI capabilities.
Crucial for M&A dealmakers is confirming that target companies possess the necessary rights to process personal data as per their claimed use cases. Unauthorized data processing could infringe privacy laws and result in regulatory action demanding deletion of improperly obtained data and associated AI models.
Lastly, the post-closing phase is equally critical as compliance plans must be formulated and enacted to address potential data privacy, cybersecurity, and AI risks. These plans should include privacy compliance checks, especially in merged IT systems, and may involve “clean-up services” for portfolio companies with inadequate cybersecurity or privacy measures.
In sum, while the integration of AI and data into M&A ventures offers substantial growth potential, businesses must diligently develop and implement strategies to mitigate associated risks in a legally complex environment. For more, refer to the comprehensive coverage provided by Bloomberg Law.