Data-room & due-diligence first-pass review
Can AI review a data room? Yes for the first pass — summarising, comparing contract terms and flagging risks across thousands of files in minutes instead of days. No for the verdict: the judgment that clears or kills the deal, and the numbers in the model, stay human.
| The pain | A live deal drops a data room of thousands of documents — contracts, accounts, HR files, IP, compliance, vendor agreements — and a small team has days to find what matters. Most of the reading is confirming the expected and skimming the routine; the risk is the one clause in the one contract nobody reached before the deadline. |
|---|---|
| What AI does today | A language model does the first pass over the room — summarising documents, comparing terms across contracts, answering questions across the whole set, and flagging risks and unusual clauses for a human to pull on. The model narrows thousands of files to the handful a human should read closely. The boundary: AI reads and flags; your returns model and IRR logic stay deterministic in Excel — the model feeds inputs, it never becomes the model. |
| Proof it's real | Survey-evidenced adoption; platform claims vendor-made. A Deloitte survey reported 86% of corporate and private-equity leaders using generative AI in M&A workflows, with due diligence a leading application — independent of any vendor, though it measures use, not outcomes. Named private-credit colour exists too: Golub Capital works with Brightwave on data-room processing and memo drafting (the vendor's account). Newest evidence: 2025. |
| What it can't do | It cannot make the call — that is where the human sits: anything that changes the price or kills the deal is read by a person, on the source document, not on the summary. A first pass that misses nothing routine can still miss the thing that only matters because of context outside the room, and a model that summarises a contract confidently can still misread the operative clause. |
| The real alternatives |
|
| What you need in place | Data-security terms before anything else — the room is confidential, so the model must not train on it and the processing location must satisfy the NDA (this kills more pilots than accuracy does); a routing of AI flags to the right reviewer; and ownership with the deal lead, with counsel adjudicating legal findings on-source. In a group, the security bar usually means the centrally-approved tool or gateway is the only permitted route — the desk's choice is how to use it, not which one. |
| Effort & cost |
|
| What to watch | Data security first — a confidential room must not leak into a model that trains on it. Then test recall on planted risks: does it actually surface the buried clause, or only the obvious ones? A tool that summarises well but misses the landmine is worse than slower reading. |
Questions operators ask
Is it safe to put a confidential data room into AI?
Only under the right terms: no training on your data, processing locations that satisfy the NDA, and access controls mirroring the room's. That contractual work is the real gating item — get it in writing before any document moves.
Does AI replace legal due diligence?
No — it re-weights it. The routine sweep (summaries, term comparison, coverage) compresses dramatically; the judgment, the on-source reading of anything material, and the accountability stay with counsel and the deal team. The paid hours concentrate where the flags point.
Related: deal sourcing & pipeline screening, closing-set consistency review and the Fund AI desk.
Changelog
- 2026-07-12 — published.