At a glance
- Financial, legal and tax diligence each do their job well—and still miss data debt, because none of them checks whether a target's own systems agree with each other.
- Most Indian deal models assume a data foundation that doesn't exist, even before two companies are combined.
- With increasing regulatory pressure, data needs a named owner, a defined scope, and a seat at the table before signing, not after.
Picture a scene three weeks after deal signing. A mid-sized Indian engineering group has just closed its acquisition of a smaller, fast-growing components business. The integration team sits down to merge the customer ledgers and finds the acquired firm's customer relationship management (CRM) system lists 4,200 “active” customers, its finance system counts 2,800 paying ones, and the sales spreadsheet actually used to chase targets has a third number again.
None of the three systems agree on what “active” means, let alone whose number the board should trust. The lawyers signed off, the auditors signed off, and the deal closed on schedule. Reconciling three versions of the same business costs time, credibility and delayed decisions. None of it was priced into the deal.
Increasingly, this is not a problem just for distressed sellers or small targets.
Where data debt begins

Every shortcut, never revisited, stacks up — until data debt is load-bearing.
"In most such cases, the sellers will exit, the earnout will be paid, but the liability will sit entirely with the buyer."
— Salman Waris, Managing Partner, TechLegis Advocates & Solicitors
While Indian M&A continues to grow, the space is seeing more complex deals. And complexity is where data debt thrives. Increasingly, the asset being bought is the data itself, along with whatever quality, or disorder, comes bundled with it.
Data debt is the compounding liability of shortcuts taken, and never revisited, in how a company collects, stores and defines its own information. This can look different in each organisation—a customer record duplicated across three systems after a hasty software rollout, a “temporary” workaround patched in a decade ago, a metric defined one way in finance and another way in sales.
Several issues come back to not having data governance in place. "Data is like crude oil. Unless I have a refinery, I cannot do anything with it. I can give you a barrel of oil, but you can't drive your car and bike with it. You can't cook food with it," says Srinath Sridharan, corporate advisor and author.
While data is frequently cited for valuation purposes, organisations often fail to dedicate sufficient time and resources to data governance, quality, and context, he adds. For instance, failures in data hygiene, such as minor formatting errors or the lack of shared protocols, can invalidate entire databases. At the same time, the proliferation of unstructured data like audio and video further complicates storage and retrieval.
"How do I capture, how did I store for the last 10 years? What will I need to do going forward? How do I cleanse my data? All of that needs to be thought through."
— Srinath Sridharan
Sridharan compared the corporate hoarding of data to physical clutter, noting that organisations rarely assess whether stored data is still useful, authorised, or even accurate.
This becomes a liability. A target whose data cannot be trusted is harder to value accurately and harder to integrate quickly, whatever the spreadsheet says about its assets and turnover.
"In Indian deals specifically, payroll, fleet, and customer data systems are often outsourced to vendors with minimal written data processing agreements and no audit rights," says Waris, who advises on legal and regulatory issues concerning data.
The diligence blind spot

The baton passes. So does the debt.
Financial diligence checks whether the revenue and earnings before interest, taxes, depreciation, and amortisation (EBITDA) in the books are real and recurring. It does not consider whether the systems producing those books agree with each other, or with the systems sitting one floor away in operations.
"If you look at the stranded assets in AI globally, I think a lot of it is fanfare and hype that starts it off. But it all stalls without the conversation about data governance."
— Srinath Sridharan
Legal diligence checks contracts, titles and litigation history; it rarely asks who actually owns a given dataset, where it sits, or whether the company has the rights it assumes it has to use that data after close. Tax diligence checks compliance history and exposure, and has nothing to say about data lineage at all.
Each of these workstreams is thorough within its own remit. Data lineage, ownership and quality fall in the gaps between them. A target can pass financial, legal and tax diligence cleanly and still hand its acquirer a tangle of duplicated master data, conflicting definitions and undocumented system dependencies. These can surface only once integration begins, by which point the purchase price is already fixed.
"Data owners need to be more scrupulous about how they collect data, whether it's referenceable, whether it's auditable," says Shriram Subramanian, founder and managing director, InGovern Research Services, a corporate governance advisory firm.
Why deals make data debt worse

Quite often, the disorder isn't inherited. It's manufactured at the point two data sets combine.
M&A has a wrinkle that a single company auditing its own data never has to deal with: it does not just inherit data debt, it manufactures new debt at the point of integration. Two systems can each be reasonably well run on their own and still clash on a shared definition of an active customer, a fiscal year, or a product hierarchy.
In the context of business acquisitions, Sridharan observed that due diligence rarely addresses data debt or the presence of "stranded assets," with investors instead prioritising customer relationship management (CRM) metrics and total customer counts.
There is also a structural information gap. A seller has little incentive to volunteer the state of its own data, since doing so can only lower the price. A buyer, working through a data room on a 60 to 90-day clock, can examine curated documents but rarely the underlying systems themselves.
The regulatory clock is ticking

Three clocks now run against every deal — the DPDP Act sets the hardest.
Three regulatory shifts mean that gap can no longer hide behind low deal values, slow disclosure, or unresolved consent records.
The Ministry of Corporate Affairs notified a deal-value threshold in September 2024, requiring approval from the Competition Commission of India (CCI) for any transaction worth more than ₹2,000 crore where the target has substantial business operations in India, regardless of its asset or turnover size. The change was designed specifically to catch digital and data-rich targets that would otherwise have slipped under the old thresholds entirely.
Listed acquirers and targets face their own clock too: the Securities and Exchange Board of India's (SEBI) listing rules require prompt disclosure of material events, acquisitions included, leaving far less room than before to quietly absorb an unpleasant data surprise before the market notices.
The Digital Personal Data Protection (DPDP) Act adds a harder deadline still. With the DPDP Rules formally notified in November 2025, organisations now have until 13 May 2027 to comply fully, with penalties of up to ₹250 crore for failing to maintain reasonable security safeguards. An acquirer also inherits the target's compliance clock. A target's unresolved consent records, retention practices and breach history are a liability with a government-set deadline attached, and increasingly, a price.
"Personal data will no longer be a routine operational by-product but a regulated legal subject governed by consent, purpose limitation, and fiduciary obligations," Waris adds.
Where the cost shows up
AI cases that never launch
Many of the synergy cases now being built into Indian M&A models lean on artificial intelligence to justify the price paid: cross-sell models, demand forecasting, customer-service automation. Those cases assume a data foundation that is not there even within a single company, let alone a newly combined one with two sets of systems and possibly ungoverned shadow AI tools.
The coming diligence discount
As more acquirers learn to look for data debt, expect it to start showing up in price the way working capital adjustments already do. A target that can demonstrate clean data lineage, a single customer master and consistent definitions across systems has a real claim to a premium.
"It cannot be said that data problems have started significantly impacting Indian deals to the extent of escrow holdbacks or price adjustments. In India, this practice is nascent but beginning to appear in more sophisticated transactions," says Waris.
Decisions made on conflicting numbers
This is the cost from the opening scenario, playing out at scale: leaders making real calls on pricing, hiring or market entry based on whichever number happens to be on the screen in front of them. Months after close, it can still be unclear whether promised synergies have actually materialised, because the combined entity cannot yet agree on what the underlying numbers are. That is less a technology problem than a confidence problem, and it erodes the credibility of a deal long after it is made.

Data debt shows up late
Making data the fourth pillar
The fix is simple, if not easy. Treat data like financial, legal and tax: its own diligence pillar, a named lead, a defined scope, a seat at the table — before signing, not after. In practice, that means mapping data lineage and ownership for the target's critical systems, identifying where its master data will conflict with the acquirer's own, and pricing the cost of remediation into the deal the same way working capital or pension liabilities are priced in.

Give data its own seat at the table — before signing, not after.
None of this needs to slow a transaction to a crawl. A focused data audit, even a two-week sprint against a target's key systems, will surface structural risks that a 90-day data room review, built for financial and legal questions, cannot find.
The board-level fix
The deeper fix outlasts any single transaction. Data health deserves a place in board reporting alongside leverage ratios and working capital. Useful indicators include the number of duplicate customer or vendor records, systems of record per core business function, and the average time taken to reconcile a single metric across departments.
A company that tracks this routinely is never blindsided by it, whether the trigger is an AI initiative, a regulatory deadline, or a deal.
"Directors may not necessarily come from a technology background, but they need to appreciate emerging threats to company data," says Subramanian.
The clock on liability is already running.
"The legal profession, insurers, and deal teams that get ahead of this now will be well positioned when the enforcement wave arrives, likely within 18–24 months," Waris adds. For dealmakers, that is not a line to file away for next year's diligence checklist. It is the timeline on which today's shortcuts become tomorrow's disclosures.
Way ahead
Board members and deal sponsors: Insist on a data diligence summary before signing and name a single integration owner for data with direct lines into finance, legal and technology. Ask the same question of every major system the combined entity will rely on: who owns this data, and do we trust it?
Finance and deal teams: Build remediation cost into the financial model rather than treating it as a contingency. If synergy targets depend on AI or analytics, stress-test the underlying data quality before committing to the number publicly.
Technology and integration leads: Prioritise a single source of truth early on for the handful of entities that matter most (customers, vendors, products) before any broader system consolidation. Audit consent and retention records against DPDP obligations within the first 100 days.
Disclaimer: Content provided by The Niche Foundry India is for informational purposes only. While we aim to provide accurate data and strategic insights, information is subject to rapid market and technological shifts. This content should not replace independent due diligence or professional consultation. The Niche Foundry India bears no responsibility for any actions taken, or financial losses incurred, in reliance on this material.