6 Essential Compliance Checks for Mergers and Acquisitions

Mar 7, 2024

In today’s volatile economic climate, an increasing number of companies are resorting to mergers and acquisitions to boost growth and market share. Acquiring a company, whether through a sale or merger, can be a major turning point in a business’s evolution. While new acquisitions can promise  substantial growth and exciting opportunities, navigating the complexities of compliance during such transactions is crucial to avoid major roadblocks and post-merger headaches. Let’s explore key areas of compliance for M&A deals, outlining their importance and the due diligence process for companies operating in Europe:

  • Antitrust and Competition 

Why it’s important: Antitrust laws are designed to prevent the creation of monopolies and endorse fair competition in the market. Mergers and acquisitions that create dominant market positions or significantly restrict competition may face challenges from regulatory authorities. Failing to comply with antitrust regulations can result in significant fines, divestiture orders, and even criminal charges.

In 2017, the European Commission investigated Google for several antitrust violations, including forcing smartphone manufacturers to pre-install certain Google apps and restrict competing apps, and favoring its own shopping comparison service in search results over competition, thus making it difficult for competitors to advertise with similar effectiveness. The company was fined €2.42 billion for these infractions, the first of three significant penalties over the next few years that to date, total €8.25 billion. 

The European Commission assesses mergers based on their potential to significantly impede effective competition, particularly within the European Economic Area (EEA). Due diligence for EU companies must involve a comprehensive assessment of the combined market share of the merging entities, potential overlaps in products or services, and any existing dominance in specific markets. Consulting with legal counsel specializing in EU competition law is essential to navigate the notification process and address any potential concerns raised by the commission. Resources like the European Commission’s Merger Control website provide valuable information on relevant regulations and filing requirements.

  • Securities Disclosure 

Why it’s important: The EU has strict regulations governing the disclosure of material information to shareholders and the public during M&A transactions. Failure to comply can lead to investor lawsuits, regulatory penalties, and reputational damage.

While specifics of Securities Disclosure violations in Europe remain confidential to protect companies’ reputations, ongoing investigations, and privacy rights, and to avoid prejudicing legal proceedings, European authorities still strive for transparency. The European Securities and Markets Authority (ESMA) publishes yearly Enforcement Reports that summarize the supervisory activities and enforcement actions undertaken by national competent authorities (NCAs) across various member states. These reports provide general insights into the types of breaches observed and the actions taken by NCAs without disclosing specific company information.

The Market Abuse Regulation (MAR) and the Transparency Directive (TD) are the primary regulations governing disclosure in the EU. These regulations require companies to disclose any information that could significantly affect their share prices, including details of M&A transactions at an early stage. Due diligence includes developing a comprehensive disclosure strategy in line with relevant regulations, identifying and reviewing all potential disclosure obligations related to the M&A transaction, and seeking appropriate legal and financial advice to ensure accurate and timely disclosures.

  • Data Privacy and Security 

Why it’s important: M&A transactions often involve the transfer of sensitive personal data between companies. The EU has regulations in place to protect the privacy of individuals and ensure responsible data handling practices.

With the implementation of the General Data Protection Regulation (GDPR) in 2016, the EU established a rigorous legal framework governing the collection, storage, and use of personal data. M&A transactions involving companies that process personal data within the EU must ensure compliance with GDPR regulations. As an example, in July 2021 the Dutch Data Protection Authority (DPA) imposed a fine of €750,000 on TikTok for violating the privacy of young children. According to the complaint, the company’s omission of its privacy statement in Dutch failed to provide an adequate explanation of how the app collects, processes, and uses personal data for local users.

Due diligence requires a detailed assessment of the target company’s data privacy practices, including their data protection policies, security measures, and data breach response plans. Additionally, it’s crucial to verify the legal basis for processing personal data and identify any potential data transfer restrictions that may arise following the merger or acquisition. The European Commission’s website provides guidance on GDPR compliance, including helpful resources for businesses.

  • Employment Law 

Why it’s important: Mergers and acquisitions often have a profound impact on the employees of both the target and acquiring companies. Issues such as contracts, employee transfers, potential redundancies, harmonization of benefits and HR policies, and data protection must all be carefully addressed to mitigate risks and ensure compliance with applicable labor regulations, in order to avoid legal challenges and ensure a smooth transition for the combined workforce.

Conducting thorough due diligence on employment matters is crucial for mitigating risk and ensuring a smooth transition. This involves meticulously reviewing the target company’s employment contracts, collective bargaining agreements, and personnel policies. Understanding the applicable laws, such as the Transfer of Undertakings (Protection of Employment) Regulations 2006 (TUPE), is essential. TUPE safeguards employee rights during M&As, dictating the transfer of contracts, liabilities, and requiring consultation with affected employees. Due diligence helps navigate these regulations, preventing potential legal complications.

Furthermore, investigating the target company’s compliance with the Collective Redundancies Directive and the General Data Protection Regulation (GDPR) is equally important. The directive outlines strict procedures for large-scale redundancies, ensuring fair treatment of employees and minimizing the risk of hefty fines for non-compliance.  Similarly, GDPR governs the handling of personal data, including employee information. In April 2020, the Dutch data protection authority (AP) fined an unnamed company a record €750,000 for illegally collecting and storing employees’ fingerprints, citing violations of GDPR regulations.

By scrutinizing the target company’s data protection practices, M&A participants can proactively address potential breaches and hefty GDPR fines. In essence, comprehensive due diligence empowers informed decision-making, mitigating legal risks and safeguarding employee rights throughout the M&A process.

  • Environmental Law

Why it’s important: Environmental liabilities can be a significant and often hidden risk in M&As. A thorough understanding of the target company’s historical and current environmental practices is essential to avoid inheriting potentially costly cleanup obligations or environmental lawsuits.

Environmental considerations are significant in M&A transactions. Compliance with the Environmental Liability Directive (ELD) is critical, as it requires meticulous examination of the target company’s historical and ongoing environmental compliance. This scrutiny involves identifying past pollution incidents and potential liabilities that might be inherited by the acquiring company. By adhering to the ELD framework, businesses can proactively identify and mitigate environmental risks, safeguarding future operations and finances.

Furthermore, the Industrial Emissions Directive (IED) adds another layer of complexity for companies operating industrial facilities. This directive mandates specific environmental permits and emission limitations. During due diligence, a thorough review of all relevant IED permits and licenses becomes crucial. Additionally, assessing the target company’s adherence to the stipulated emission standards is essential. By meticulously investigating these aspects, potential acquirers can ensure compliance with environmental regulations, preventing costly fines and potential production disruptions after the M&A is finalized.

In September 2019, the European Commission, acting through the Industrial Emissions Directive (IED), fined German carmaker Daimler €870 million for violating nitrogen oxide (NOx) emissions regulations for diesel cars. The investigation uncovered illegal defeat devices used to manipulate emissions testing, highlighting the IED’s focus on individual vehicle compliance. This case demonstrates the European Union’s commitment to enforcing environmental regulations across all member states.

  • Taxation

Why it’s important: Mergers and acquisitions can have complex tax implications, both domestically and internationally. Failure to thoroughly address tax considerations can lead to unexpected tax liabilities, penalties, and potentially jeopardize the deal’s financial viability.

In 2016, the European Commission ordered Ireland to recover €13 billion in back taxes from Apple. The commission found that Apple had been granted unfairly low tax rates in Ireland for a number of years, giving them a significant advantage over competitors. This practice, known as state aid, is prohibited under EU law, as it creates an uneven playing field for businesses operating within the member states. Both Ireland and Apple appealed the decision, leading to a lengthy legal battle. In 2020, the EU General Court  overturned the commission’s ruling, citing there was not enough evidence to show Apple had received illegal state aid or minimized its tax bill.

Navigating the complexities of taxation is crucial during M&A transactions within the EU. Due diligence requires careful evaluation of two key directives: the Merger Directive and the Anti-Tax Avoidance Directive (ATAD). The Merger Directive offers a framework for tax neutrality in corporate restructurings within the EU. This translates to potential tax benefits for M&A transactions. By meticulously examining the applicability of this directive during due diligence, companies can not only identify potential tax savings but also inform the overall structuring process of the M&A, ensuring maximum efficiency and compliance.

However, tax efficiency needs to be balanced with responsible practices. The Anti-Tax Avoidance Directive (ATAD) aims to curb aggressive tax planning strategies and sets limitations on specific transactions. Through comprehensive due diligence, companies must carefully scrutinize the target company’s cross-border tax arrangements. This includes assessing their alignment with ATAD provisions, mitigating the risk of potential penalties and reputational damage associated with non-compliance. By adopting a responsible approach that considers both the Merger Directive and ATAD, companies can navigate the intricacies of EU tax law during M&A transactions, maximizing benefits while maintaining compliance.


Ensuring thorough compliance across these six key areas is essential for the long-term success of any merger or acquisition. Overlooking potential pitfalls in antitrust, securities, privacy, employment, environment, or taxation compliance can cripple a deal, leading to massive financial liabilities, irreparable damage to the reputation of the merged entity, and even legal ramifications. 

Datafisher’s comprehensive compliance training courses and expert coaching provide the essential guidance to navigate these complexities confidently. Our solutions help businesses proactively address potential compliance risks, streamline the due diligence process, and guide a seamless integration during the M&A journey. By empowering organizations with the knowledge and tools to mitigate compliance risks, Datafisher is a reliable partner in facilitating successful and sustainable mergers and acquisitions.

Is your company exploring a potential merger or acquisition? Click here to book a demo and speak with a Datafisher specialist to find out how we can help with your processes.