# Legal Due Diligence Request List

OpenAgreements Legal Due Diligence Request List (v1.0). Free to use under CC BY 4.0.

## Cover Sheet

| Term | Value |
| --- | --- |
| **Requesting Firm** | \[Requesting Firm Name\] |
| **Target Company** | \[Target Company Name\] |
| **Project Code Name** | \[Project Code Name\] |
| **Request Date** | \[Request Date\] |
| **Response Due Date** | \[Response Due Date\] |
| **Lead Buyer Counsel** | \[Lead Buyer Counsel Name\] (\[Lead Buyer Counsel Email\]) |
| **Primary Target Contact** | \[Primary Target Contact Name\] |
| **Currency** | \[Currency\] |
| **Data Room** | \[Data Room Url\] |
| **Deal Type** | \[Deal Type\] |
| **Transaction Stage** | \[Transaction Stage\] |
| **Materiality Threshold (Dollar)** | \[Materiality Threshold Usd\] |
| **Materiality Threshold (% of Revenue)** | \[Materiality Threshold Revenue Pct\] |
| **Default Lookback** | \[Lookback Years\] years |

## Engagement Scope and Instructions

This request list opens the legal due diligence phase of the contemplated transaction. The target should populate a virtual data room with responsive documents and complete the response columns as set out below.

**Response columns.** For each numbered request, indicate one of:

*   **Provided** — with file path or VDR link.
*   **Does Not Exist** — with brief basis.
*   **Not Applicable** — with brief basis.
*   **Privileged / Withheld** — flag if attorney-client-privileged material is responsive but withheld or produced in redacted form.

**Materiality.** Where a request is qualified by "material," "material" means the lower of (a) \[Materiality Threshold Usd\] per item or annual aggregate, or (b) \[Materiality Threshold Revenue Pct\] of the target's gross revenue for the most recent completed fiscal year. The materiality qualifier is dollar-based unless the request specifies otherwise. Qualitative materiality (anti-assignment, change-of-control, exclusivity, MFN, IP encumbrance) governs regardless of the dollar threshold.

**Lookback.** Unless a section specifies otherwise, the lookback period is \[Lookback Years\] years. Section-specific lookbacks may be longer (litigation, tax, regulatory correspondence). Regulatory investigations, settlements, and consent decrees should be produced regardless of date.

**Foldering.** The data room should be foldered to match the section structure of this request list, with sub-folders per request. Each file should be named to identify the responsive request.

**Iteration.** This is the first round of an iterative production project. Follow-up rounds typically run 5–7 business days after each prior production. Substantive completion typically requires 2–3 rounds.

## Section A — Corporate Organization, Authority, and Governance

A.1 Certificate of Incorporation, all amendments, and the current certified or filed version.

A.2 Bylaws or operating agreement, all amendments, and the current operative version.

A.3 Complete minute books for the past \[Lookback Years\] years, including board minutes, written consents, and committee minutes.

A.4 Stockholder or member meeting minutes and written consents for the past \[Lookback Years\] years.

A.5 Certificates of good standing from the state of formation and from each state where the target is qualified to do business.

A.6 Officer and director list, including titles, dates of service, and any departures within the past \[Lookback Years\] years.

A.7 Beneficial Ownership Information (BOI) reports filed pursuant to the Corporate Transparency Act, including any updates.

## Section B — Capitalization and Securities

B.1 Capitalization table as of the most recent month-end, showing authorized, issued, outstanding, and treasury securities by class.

B.2 Stock ledger, option ledger, warrant ledger, SAFE ledger, and convertible-note ledger.

B.3 Equity incentive plan documents, all amendments, and forms of grant agreement (option, RSU, restricted stock).

B.4 All 83(b) election filings and proof of timely IRS submission within the 30-day statutory window.

B.5 409A valuation reports for the past \[Lookback Years\] years.

B.6 All stockholder agreements, voting agreements, registration rights agreements, side letters, and similar arrangements.

B.7 SAFE and convertible-note conversion mechanics, valuation caps, discount rates, and MFN provisions for outstanding instruments.

## Section C — Subsidiaries and Affiliates

C.1 Organizational chart showing the target and all subsidiaries and affiliates, with ownership percentages.

C.2 Formation documents, certificates of good standing, and material governing documents for each subsidiary.

C.3 Intercompany agreements (services, IP, leases, financing) currently in effect.

## Section D — Financial and Tax

D.1 Audited financial statements for the past three fiscal years; unaudited interim financials for periods since the last audit.

D.2 Federal tax returns for the past 6 years (or \[Tax Lookback Years\] years if specified above).

D.3 State and local tax returns for the past 6 years in each jurisdiction of meaningful operation.

D.4 All tax audit correspondence, examination findings, and ongoing examinations regardless of date.

D.5 Tax-sharing agreements, tax-indemnification agreements, and any tax-related schedules from prior acquisitions.

D.6 Sales-and-use tax economic-nexus analysis under _Wayfair_, including registration status by state.

D.7 Material correspondence with the IRS or state tax authorities regarding rulings, settlements, or contested matters.

## Section E — Indebtedness, Liens, and Security Interests

E.1 All loan agreements, credit agreements, indentures, and instruments governing material indebtedness.

E.2 Schedule of guarantees, letters of credit, and other contingent obligations.

E.3 UCC searches and lien releases for material assets.

E.4 Lender consent requirements triggered by change of control.

## Section F — Material Contracts

F.1 All contracts with annual revenue or expenditure exceeding \[Materiality Threshold Usd\] or \[Materiality Threshold Revenue Pct\] of gross revenue.

F.2 Top 20 customer contracts by revenue, regardless of dollar amount.

F.3 Top 20 supplier and vendor contracts by spend, regardless of dollar amount.

F.4 All contracts containing exclusivity, most-favored-nation pricing, non-compete, or similar restrictive covenants binding on the target.

F.5 All contracts with change-of-control, anti-assignment, or termination-on-acquisition provisions.

F.6 All material distribution, reseller, channel, or sales-representative agreements.

F.7 All material partnership, joint venture, alliance, or collaboration agreements.

F.8 All material settlement and release agreements with ongoing obligations.

F.9 Forms of standard customer contract, supplier contract, NDA, and any other contract regularly used by the target.

## Section G — Real and Personal Property

G.1 Schedule of all owned real property with title reports and material correspondence; if none, a written confirmation that the target owns no real property.

G.2 All real property leases, subleases, licenses, and material correspondence; if none, a written confirmation that the target leases no real property.

G.3 Schedule of material personal property (servers, manufacturing equipment, vehicles); for cloud-native targets, a written confirmation identifying the cloud infrastructure provider in lieu of owned hardware.

G.4 Equipment leases and material personal property leases.

G.5 Service-provider arrangements (coworking, virtual-office, residential-address service) used in lieu of a physical headquarters.

## Section H — Intellectual Property — Core

H.1 Schedules of all U.S. and foreign patents, patent applications, and provisionals, including title, application/patent number, filing/issue date, status, and beneficial owner.

H.2 Schedule of all registered and material unregistered trademarks, including registration number, jurisdiction, and goods/services description.

H.3 Schedule of all material copyrights and copyright registrations.

H.4 Schedule of all domain names owned or registered to the target.

H.5 Form of, and complete executed copies of, all Proprietary Information and Inventions Agreements (or equivalent invention-assignment, work-for-hire, and confidentiality agreements) for all current and former employees, founders, officers, contractors, consultants, and advisors who contributed to the development of any material intellectual property. Identify any individuals who contributed material IP and did not execute such an agreement, and describe any subsequent assignments or remediation.

H.6 All inbound and outbound IP licenses, technology licenses, and material commercial-software agreements, with each agreement marked or annotated to identify any change-of-control, anti-assignment, termination-on-acquisition, or consent-required provisions. Identify any agreements where third-party consent will be required to consummate the transaction.

## Section I — Privacy and Cybersecurity — Core

I.1 Public-facing privacy notices, terms of use, and cookie policies.

I.2 Internal data-protection and information-security policies, including incident response plan and access-control policies.

I.3 Schedule of personal-data processing activities, categories of data subjects and personal data, and any DPAs with material processors.

I.4 Cybersecurity-incident history for the past \[Lookback Years\] years, including breach notifications to regulators, customers, or employees.

I.5 GDPR / CCPA / state-privacy-law compliance documentation, including data-subject-request handling procedures and any DPIA / TIA records.

## Section J — Employment, Compensation, and Benefits

J.1 Organizational chart with reporting lines and material compensation tiers.

J.2 Standard form employment agreement, contractor agreement, and PIIA executed by all employees and material contractors.

J.3 All employee benefit plans, including 401(k), health, welfare, severance, and any defined-benefit plans, with IRS Form 5500 filings for the past \[Lookback Years\] years.

J.4 Equity incentive plan documents and forms of grant agreement (cross-reference Section B).

J.5 Worker-classification analysis distinguishing exempt vs. non-exempt and employee vs. independent contractor; identify any reclassification reviews.

J.6 Labor disputes, collective-bargaining agreements, and union activity, if applicable.

J.7 Severance and retention arrangements with key employees, including any single-trigger or double-trigger acceleration.

## Section K — Litigation, Disputes, Investigations

K.1 Schedule of all pending and threatened claims, lawsuits, administrative proceedings, arbitrations, and investigations within the past \[Litigation Lookback Years\] years (or \[Lookback Years\] years if no override specified). Include the parties, forum, claim summary, status, and amount in controversy.

K.2 All settlement and release agreements with ongoing obligations regardless of date.

K.3 All consent decrees, judgments, injunctions, and similar orders binding on the target regardless of date.

K.4 All correspondence with regulatory bodies, government agencies, or self-regulatory organizations regarding investigations, inquiries, settlements, or consent decrees, regardless of date.

K.5 Audit response letters from the target's outside counsel for the past \[Lookback Years\] years.

## Section L — Compliance with Laws, Permits, Licenses

L.1 Schedule of material licenses, permits, registrations, and authorizations required to operate the target's business.

L.2 Routine regulatory filings and compliance certifications for the past \[Compliance Lookback Years\] years (or \[Lookback Years\] years if no override specified).

L.3 Internal compliance program documentation, including code of conduct, training records, and whistleblower hotline records.

L.4 Any prior compliance investigations, internal audits, or third-party allegations relating to the target's regulated operations.

## Section M — Insurance

M.1 Schedule of all material insurance policies, including commercial general liability, D&O, E&O, cyber, employment-practices liability, and any industry-specific policies.

M.2 Claims history for the past \[Lookback Years\] years for each policy type.

M.3 Tail-coverage status and renewal terms for any claims-made policies.

## Section N — Related-Party Transactions

N.1 Schedule of all transactions, agreements, or relationships between the target and any officer, director, founder, beneficial owner exceeding 5%, or family member of any of the foregoing.

N.2 Indebtedness owed by or to insiders.

N.3 Special-purpose-entity arrangements and any pass-through revenue or expense accounts.

## Section O — Tech / SaaS Rider \[include if tech\_rider\_enabled\]

The following requests apply only if the target operates a software, SaaS, platform, marketplace, or data-heavy business.

O.1 Complete open-source-software (OSS) inventory by component, with the license governing each component, whether each component is statically linked, dynamically linked, or used as a service, and whether the resulting product is distributed externally. Include any output from automated OSS-scan tools (e.g., Black Duck, FOSSA, Snyk).

O.2 OSS-policy documentation including approval workflows, copyleft / viral-license screening procedures, and any prior OSS license violations or remediation actions.

O.3 Source-code escrow arrangements with customers or escrow agents, including triggers, release conditions, and current escrow contents.

O.4 All material hosted-services and IT agreements (cloud hosting, CDN, monitoring, observability, identity, payments), with change-of-control / assignment provisions identified.

O.5 Most recent SOC 2 Type II report and ISO 27001 audit results, plus any internal vulnerability scan or penetration test reports for the past \[Lookback Years\] years.

O.6 Data-flow architecture diagrams showing how customer data moves through the target's systems and sub-processors.

O.7 Customer-facing Service Level Agreements (SLAs), including uptime commitments and credit / refund mechanics for SLA breaches.

O.8 Security-incident history for the past \[Lookback Years\] years (cross-reference Section I.4 for breaches with regulatory reporting obligations).

O.9 GDPR / CCPA / cross-border data-transfer mechanisms (Standard Contractual Clauses, adequacy decisions, BCRs) where applicable.

## Section P — Life Sciences Rider \[include if life\_sciences\_rider\_enabled\]

The following requests apply only if the target has an FDA-regulated R&D pipeline or manufacturing footprint.

P.1 Schedule of all clinical trials (current and past), with phase, indication, enrollment, and current status.

P.2 Investigator's Brochures and clinical-trial protocols for active trials.

P.3 Serious Adverse Event (SAE) reports filed with the FDA or foreign regulators in the past \[Lookback Years\] years.

P.4 Investigational New Drug (IND), New Drug Application (NDA), Biologics License Application (BLA), and 510(k) / PMA filings, including current status.

P.5 All correspondence with the FDA, EMA, or other applicable regulatory authorities, including Form 483 observations and Warning Letters, regardless of date.

P.6 Manufacturing-site inspection history, including 21 CFR Part 211 / Part 820 compliance records.

P.7 Controlled-substance registrations with the DEA and any state controlled-substance authorities.

P.8 CRO (Contract Research Organization) and CMO (Contract Manufacturing Organization) agreements.

P.9 R&D collaboration, licensing, and partnering agreements (university, government, or industry).

P.10 Any Corporate Integrity Agreement (CIA) with HHS-OIG, DOJ, or other federal authorities.

## Section Q — Healthcare Provider Rider \[include if healthcare\_provider\_rider\_enabled\]

The following requests apply only if the target's business model includes provider-side reimbursement risk (clinics, hospitals, physician groups, telehealth providers, lab services).

Q.1 Provider licensure for each state of operation, including any prior licensure actions, suspensions, or restrictions.

Q.2 Billing and coding compliance audit results for the past \[Lookback Years\] years, including any external audits and any internal RAC / ZPIC review preparation.

Q.3 Malpractice claims history for the past \[Lookback Years\] years, including tail-coverage status for departing providers.

Q.4 HIPAA breach logs, OCR correspondence, and any corrective-action plans stemming from privacy or security incidents.

Q.5 Payer-audit history (Medicare, Medicaid, commercial), recoupment exposure, and current open audits.

Q.6 Anti-Kickback Statute, Stark Law, and Physician Payment Sunshine Act compliance documentation, including transfer-of-value reporting.

Q.7 Telehealth state-licensure compliance, including any reliance on cross-state compacts (e.g., IMLC).

Q.8 Provider compensation arrangements that could implicate fair-market-value or commercial-reasonableness analysis.

## Section R — Cross-Border / Trade Compliance Rider \[include if cross\_border\_rider\_enabled\]

The following requests apply only if the target has foreign operations, foreign customers, foreign manufacturing, government customers, or material exposure to controlled jurisdictions.

R.1 Foreign-subsidiary and branch documentation, including formation documents, governance, and intercompany agreements.

R.2 Sanctions / OFAC screening procedures, screening tool documentation, and any historical hits or escalations.

R.3 Export-control classifications (ECCN, USML) for material technologies and products, plus any export licenses or commodity classification rulings.

R.4 AML / KYC programs (where applicable to the target's industry), including any SARs filed.

R.5 FCPA compliance program documentation, including risk assessments, training records, third-party-intermediary diligence, and any prior internal investigations or third-party allegations.

R.6 Government-customer relationships (federal, state, local, or foreign), including contract terms with flow-down compliance obligations and any audit history. Include any GSA Schedule contracts, FAR-flowdown analysis, and SBA representations.

R.7 Operations or sales in higher-risk corruption-index jurisdictions, including Venezuela, Russia, Belarus, Iran, North Korea, Syria, and Cuba, plus any sub-Saharan African, Central Asian, or other high-risk regions identified by the buyer.

R.8 Foreign-investment-screening filings (CFIUS, foreign FDI regimes), including any prior CFIUS reviews of the target or its subsidiaries.

## Closing — Response Protocol

This request list is the first round of an iterative diligence production project. The target should:

1.  Populate the data room with responsive documents foldered to match this list's section structure.
2.  Complete the response columns ("Provided / Does Not Exist / Not Applicable / Privileged") for each numbered request.
3.  Identify any responses that require additional time and provide an expected completion date.
4.  Identify any documents or information that the target intends to withhold on privilege or confidentiality grounds, with the basis for withholding.
5.  Provide a single point of contact for clarification questions and follow-up rounds.

Follow-up rounds typically run 5–7 business days after each prior production. Substantive completion typically requires 2–3 rounds. The buyer's diligence team will provide written follow-up requests after each round.

Confidentiality and privilege are governed by the parties' executed confidentiality agreement.