PE Due Diligence Programme — Lesson 8 of 10
Most intangible asset discussions focus on value — what the target's IP, customer relationships, and technology are worth. But intangible assets have a shadow side. Intangible liabilities — regulatory exposures, IP disputes, data protection gaps, compliance failures — can be just as material as intangible assets, and they are often harder to detect because they do not appear on any balance sheet until they crystallise.
In my experience, the deals where PE firms get burned are not the ones where they overestimated the value of the assets. They are the ones where they underestimated the liabilities. A GDPR fine. An IP infringement claim. A regulatory licence that cannot be transferred on change of control. An environmental compliance gap inherited through acquisition. These are the risks that turn a good investment into a bad one — and they are the risks that standard diligence most frequently misses.
Intangible liabilities are the mirror image of intangible assets — equally important to deal value, equally invisible on the balance sheet, and equally under-assessed in standard PE diligence. A comprehensive intangible diligence process must assess both sides of the ledger: the value of what the target owns and the risk of what it owes. The most dangerous liabilities are the ones the target itself does not know about.
The Intangible Liability Landscape
Categories of Intangible Liabilities
| Category | Examples | Typical Impact |
|---|---|---|
| Data protection | GDPR non-compliance, inadequate consent, data breach exposure | Fines up to 4% of global turnover; remediation costs; reputational damage |
| IP disputes | Patent infringement claims, trademark opposition, copyright challenges | Injunctions, licensing costs, design-around expenses, settlement payments |
| Regulatory exposure | Operating without required licences, non-compliance with sector regulation | Fines, forced operational changes, licence revocation |
| Employment liabilities | Misclassified contractors, unpaid overtime, discrimination claims | Back-pay, penalties, legal costs, retention damage |
| Environmental | Contamination, emissions non-compliance, sustainability reporting gaps | Remediation costs, fines, project delays |
| Contractual | Undisclosed liabilities in customer contracts, SLA penalties, warranty claims | Direct financial exposure; reputational damage |
Data Protection and Privacy Risks
Data protection has become the most significant category of intangible liability for technology-intensive businesses. The combination of aggressive enforcement (particularly in the EU), increasing fines, and growing consumer awareness means that data protection gaps are no longer theoretical risks — they are material financial exposures.
Data Protection Diligence Framework
| Area | Key Questions | Red Flags |
|---|---|---|
| Legal basis for processing | What lawful basis does the company rely on for each data processing activity? | Reliance on consent obtained through pre-ticked boxes or buried terms |
| Privacy notices | Are privacy notices comprehensive, accurate, and up to date? | Generic notices that do not reflect actual processing activities |
| Data processing agreements | Are DPAs in place with all third-party processors? | Processors handling personal data without contractual protections |
| Subject access requests | Can the company fulfil a SAR within the statutory timeframe? | No process for handling SARs; requests taking >30 days |
| Data breach history | Have there been breaches? Were they reported as required? | Breaches that were not reported to the ICO/relevant authority |