AI-Specific Warranties in M&A Transactions – EU AI Act Deal Readiness and W&I Insurance

Artificial intelligence is becoming a key driver of value in many M&A transactions. Unlike traditional software businesses, AI-focused companies depend heavily on data, training processes, system design and theability of their models to continuously learn. This creates a distinct set of legal, regulatory and commercial risks that need to be addressed carefully during due diligence and in transaction documents.

An important starting point is to distinguish between companies that develop or sell AI-based products and those that merely use AI tools internally, for example for HR or finance purposes. While internal use of AI often creates limited additional risk, AI-producing companies raise more complex issues around data ownership, intellectual property, regulatory compliance and potential liability. The EU Artificial Intelligence Act (“AI Act”) significantly increases the importance of these topics. As a result, deal readiness today goes beyond classic IP and data protection checks and increasingly depends on whether AI-related risks are understood, managed and insurable.

The AI Act follows a risk-based approach. Depending on how an AI system is used, it may be classified as prohibited, high-risk or subject to lighter transparency and governance requirements. For buyers, this classification is critical. High-risk AI systems trigger extensive obligations, including risk management, data governance, documentation, human oversight and ongoing monitoring. If a target company is not prepared for these requirements,this can lead to higher post-closing costs, regulatory exposure and limitationsin W&I insurance coverage.

AI Due Diligence and W&I Insurability

In this environment, AI-related due diligence serves two closely connected purposes. First, it identifies regulatory and operational risks underthe AI Act. Second, it determines whether AI-related warranties can be insured under a warranty and indemnity (“W&I”) policy. Buyers and insurers will look closely at whether the target has already implemented AI governance structures or at least has a realistic and documented plan to achieve compliance.

Due diligence should therefore go beyond listing AI systems and datasets. Key questions include: Which AI systems are used and for what purposes? How were training and input data obtained, and are the usage rights clearly documented? Are governance, monitoring and documentation processes in place that align with the AI Act? Weaknesses in these areas are often treated as known risks and may result in exclusions or reduced coverage under a W&I policy.

From an insurance perspective, particular attention is paid to the origin of training data, web scraping practices and the use of third-party AI components. If lawful data usage or proper governance cannot be demonstrated, insurers will typically require knowledge qualifiers or carve-outs in AI-related warranties.

AI Warranties, Risk Allocation and Insurance

These findings increasingly shape the drafting of transaction documents. AI-specific warranties typically address compliance with AI-related laws, lawful data usage, the absence of prohibited AI practices and the existence of appropriate governance and security measures. However, the wordingof these warranties must reflect what has been confirmed in due diligence.

From a W&I perspective, absolute statements such as guarantees of error-free operation or future compliance are usually difficult to insure unless they are limited by knowledge or materiality qualifiers. Where a target company demonstrates strong AI Act readiness, insurers may be more willing to provide broader coverage or to remove certain seller knowledge qualifiers through synthetic enhancements. In this way, AI Act readiness can directly improve the risk transfer achieved in a transaction.

Conclusion

The EU AI Act is becoming a key factor in M&A transactions involving AI-driven businesses. Successful deals require an integrated approach that combines focused AI due diligence, clear and realistic warranties and early dialogue with W&I insurers. Companies that are well prepared for the AI Act are better positioned to achieve effective risk transfer, smoother deal execution and greater certainty after closing.

Checklist: EU AI Act Deal Readiness (Simplified)

1. AI Systems
- Identify all AI systems relevant to the transaction
- Classify them under the AI Act (prohibited, high-risk or other)
- Identify use in regulated or safety-critical areas

2. Data and Training
- Document where training and input data comes from
- Confirm lawful rights to use proprietary, licensed and scraped data
- Ensure data sources can be audited and explained

3. Governance and Oversight
- Clear responsibilities and internal rules for AI use
- Risk management and human oversight for critical systems
- Monitoring and processes to address issues

4. Technology and Security
- Explainability and traceability where required
- Protection against manipulation of data or models

5. Contracts and Insurance
- Alignment between due diligence results and AI warranties
- Avoid overly broad or forward-looking guarantees
- Clear treatment of known risks and W&I exclusions

6. Deal and Integration
- Clear plan to address gaps before or after closing
- Early discussion with W&I insurers on AI-related risks