“In retrospect, a practical framework I wish I had three years ago.”
I’ve been doing M&A for technology services for a while now. And for most of that time, my Due Diligence (DD) framework looked the same way it does for most corporate development professionals: five pillars include financials, legal, tax, people, and customers. You bring in your specialists, you run your workstreams in parallel, you put together a findings memo, and you make a call to pursue it or walk away.
It worked. It still works. But something has been bothering me about it.
Every time I look at a target these days, I find myself asking a question that doesn’t fit neatly into any of those five buckets. Not a financial question. Not a legal one. Something more fundamental: Is the way this company earns money going to survive the next three years?
That question, I’ve come to believe, is the AI question. And if we’re not asking it explicitly with the same rigor we’d apply to a revenue recognition policy or a key-man clause, then we’re underwriting businesses we don’t fully understand.
In this 2-part blog series, we’ll be delving into part 1 where we’ll discuss why the AI question matters now, the cost, the brownfield reality, key factors and questions to consider in part 1; part 2 will be a continuation of this and drive home of the significance of AI DD as a best practice. (You can click here to go to part 2.)
Key Takeaways
- Why this matters right now
- The uncomfortable math
- The brownfield reality
- Key factors to consider
- Key questions to ask
Why This Matters Right Now
Let me explain what I mean, starting from what we already do well.
When I’m doing customer Due Diligence (DD) on a target, I’m building a picture: what kind of contracts are in place T&M, fixed price, staff augmentation, outcome-based how sticky the client relationships are, whether the target can be replaced by another vendor in the customer’s ecosystem (this is especially important for large enterprise customers who typically run multi-vendor environments), and what services are actually being delivered: Application development, Cloud, Data, Testing, and Security.
That picture is incomplete now. Because there’s a new dimension: could an AI tool or the customer themselves, armed with AI tools do what this vendor does?
This isn’t academic. GitHub, Copilot, Claude, and others have driven real, measurable productivity improvements typically 30–40% in software development. On the date of publishing this blog, GenAI is already into automating code generation, test writing, documentation, and debugging.
Traditional outsourcing used to give clients 5–10% efficiency gains a year. With AI in the delivery loop, that number jumps to 15–30%. The unit economics of IT services delivery are changing. Not eventually, now.
Here’s the uncomfortable math
Most IT services revenue scales with headcount
AI reduces the headcount needed to deliver the same output
If the target hasn’t repriced or restructured its delivery model, revenue per person compresses or the customer simply asks for fewer people
A buyer who doesn’t factor this in is taking on unpriced risk
None of this means the business is broken. It means it needs to evolve. And part of your job as an acquirer is to decide: can it, and at what cost?
The Brownfield Reality: Why I’m Not Bearish on Services
Here’s the thing that often gets lost in conversations about AI disrupting IT services: most enterprise customers are running on legacy. The good old traditional ERP systems, custom middleware built over a decade, on-premise databases that nobody wants to touch, SaaS platforms tacked onto mainframes; these systems didn’t arrive in a clean greenfield state. They accumulated over time. And making a diverse tech stack ecosystem in sync,the integration aspects, the duct tape that holds enterprise IT together is not something any AI tool is going to solve cleanly, no matter how powerful the tools/platforms are.
What AI changes isn’t whether enterprises need a technology partner. It changes how they engage with one.
With AI-led acceleration a board-level imperative at Movate, we’ve been watching this shift in our own client conversations.i They want a partner who shows up measured outcomes against business results, not timesheets. That’s a good trend, actually for technology/AI-led CX services companies that can make that pivot.
The problem, from an M&A standpoint, is that most small targets haven’t made it yet. They grew revenue by adding people. That lever is weakening. And if I’m buying a business today, I need to understand which parts of it are protected by brownfield complexity and institutional knowledge and which parts are sitting exposed on an AI-disrupted shoreline. Here are some of the key factors to consider.
Factor #1: The AI Risk Matrix
The heatmap below is something I now use as a starting point for customer DD conversations. It plots service lines against industry verticals and gives each combination an AI disruption risk score 1 being low, 5 being the highest risk of pricing pressure, delivery model disruption, or customer insourcing.
One important assumption built into this: all scores reflect a brownfield technology environment. The presence of legacy complexity meaningfully reduces disruption risk relative to greenfield scenarios. The plumbing matters.
The red zones (3–4): Testing & QA, Custom App Development, Analytics & BI
Testing and QA is already being automated at scale tools generate test cases, run regression cycles, flag anomalies with minimal human intervention. Custom app development is high risk in financial services, retail, and especially Hi-Tech/ISV, where clients have in-house engineering teams increasingly experimenting with AI-assisted development. Analytics and BI sit in the 3–4 zone because while the underlying data integration work is complex, the analytical layer, the dashboards, the reports, the insights is increasingly AI-generatable.
The middle ground (2–3) involves Data Engineering, Cloud Migration
Data engineering; these benefit from brownfield protection; enterprise data is messy, distributed, historically inconsistent, and deeply context-dependent. Cloud migration and management is increasingly a commodity at the lower end, but the ongoing management of hybrid brownfield environments still requires genuine expertise.
The safer zones (1–2): ERP/Enterprise Applications, Infrastructure & IMS
ERP work implementations, customizations, upgrades require deep organizational knowledge; and change management capability, and industry-specific domain expertise that AI doesn’t replicate easily. Infrastructure managed services benefit enormously from brownfield stickiness. Knowing a client’s environment intimately, their quirks, their legacy configuration decisions, their undocumented processes: these are a strategic moat.
Cybersecurity: holds steady across all verticals
This is one area where AI is actually growing demand rather than eroding it. AI-powered attacks are getting more sophisticated. The human-in-the-loop requirement for threat detection and response remains high. If anything, a cybersecurity-oriented services firm is a more interesting acquisition today than it was five years ago.
Government and energy score low across the board as regulatory barriers, security clearance requirements, procurement cycles, and slower technology adoption rates all create insulation that other verticals don’t have.
Factor #2 Customer DD: The Six Questions I Ask Now
For each service the target delivers, here are key questions to consider from an AI lens:
1. Is this service AI-native, or is AI an afterthought?
I’m not looking for a polished slide about AI strategy here. I’m looking for evidence on actual AI usage on the floor What tools are actually in use in delivery: GitHub, Copilot, Cursor, CodeWhisperer, AI-powered test frameworks? What share of active engagements are using any of this? If the honest answer is “we’re evaluating it.” Or “some team members use ChatGPT when they remember to.” These answers indicate that the target hasn’t structurally embedded AI into how it works. That’s not disqualifying, but it’s a gap I now have to plan for.
Go deeper: Is there an internal AI policy? Have they invested in tool licenses or structured training?
The difference between a company that talks about AI and one that builds with it is usually visible in the answers to these questions discussed here.
2. What’s the contract mix and how exposed is it?
T&M is the most vulnerable contract type in an AI world. If AI doubles the output of a 10-person team, a commercially savvy customer will ask for the same deliverables from 5 people. The target’s revenue on that engagement drops by half without any deterioration in service quality. That’s not a hypothetical risk anymore; it’s a conversation that’s already happening in renewals.
Outcome-based contracts are much more defensible. The economics tie to a result, not a headcount. Fixed-price sits somewhere in between it offers protection, but only if the target has already priced in AI efficiency gains.
During DD, I map every customer contract to its type and flag all T&M and staff augmentation contracts as AI-compression risk. Then I check renewal dates. Anything coming up in the next 12–24 months deserves a specific conversation.
3. Can the customer do this themselves now?
There’s a real difference between a Fortune 500 bank with 8,000 engineers who can experiment with AI-assisted development internally, and a mid-market retailer with a 3-person IT team who couldn’t build a pipeline if they tried. The insourcing risk is not symmetrical across the customer base. Cross-reference the customer list against your estimate of each customer’s internal tech capability. Where does the target sit in the customer’s vendor ecosystem are they running critical integrations, or are they one of several interchangeable vendors?
Click here to read part 2 of the blog
References
- SmartDev. (n.d.). Gen AI implementation cost for SMEs. https://smartdev.com/gen-ai-implementation-cost-sme/
- PwC. (n.d.). M&A outlook. https://www.pwc.com/gx/en/issues/c-suite-insights/the-leadership-agenda/m-and-a-outlook.html
- Equirus. (n.d.). How AI is revolutionizing M&A due diligence: The $236 billion tech transformation. https://www.equirus.com/blog/how-ai-is-revolutionizing-m-and-a-due-diligence-the-236-billion-tech-transformation
About the Author
Sunil Gujjar, CPA, is the Vice President and Head of M&A at Movate, where he focuses on identifying and executing acquisitions that support the company’s growth and innovation journey. His work goes beyond just closing deals—he’s deeply involved in evaluating opportunities, running due diligence, building financial models, and ensuring smooth integration so that each acquisition actually delivers value over time.
With a CPA and an MBA in Finance, he brings a practical, well-rounded approach to M&A that’s grounded in numbers, but equally focused on long-term business impact. The magic mix of finance + strategy + technology makes his profile compelling.
Prior to Movate, he reshaped the M&A function from the ground up for Happiest Minds Technologies. Sunil worked closely with leadership to build pipelines, define evaluation frameworks, and identify strategic opportunities for inorganic growth; He drove investor relations for Mindtree, acting as a bridge between the company and the investment community. These factors now complement his deal-making perspective in today’s AI era. LinkedIn.
FAQs
AI due diligence is essentially a deeper layer of analysis that looks at how artificial intelligence could impact a target company’s future revenue and delivery model. Traditional diligence focuses on financials, legal, and customers—but that’s no longer enough.
Today, AI tools are already improving productivity by 30–40% in software development and pushing efficiency gains to 15–30%, which directly affects pricing, margins, and headcount needs.
So the real question isn’t just “Is this company profitable today?”—it’s “Will this business model still hold up in an AI-driven delivery environment over the next 2–3 years?”
AI changes valuation by introducing hidden compression risks in revenue and margins. Most IT services firms scale revenue with headcount—but AI reduces the number of people needed to deliver the same output.
If a company hasn’t adjusted pricing or shifted to outcome-based models, buyers may face:
. Lower revenue per employee
. Pricing pressure during contract renewals
. Reduced deal multiples due to future uncertainty
In simple terms, AI forces acquirers to rethink whether current earnings are sustainable—or temporarily inflated.
Not all service lines are affected equally. Some are already feeling strong pressure (from AI adoption):
. ‘High risk (3–4/5)’: Testing & QA, custom app development, analytics & BI;
. ‘Moderate risk (2–3/5)’: Data engineering, cloud migration;
. ‘Lower risk (1–2/5)’: ERP, infrastructure managed services; and,
. ‘Stable or growing’: Cybersecurity (AI is actually increasing demand).
The key factor in this? AI does the heavy-lifting by automating repeatable, structured tasks faster; it replaces the complex, context-heavy work of the legacy systems.
Time-and-materials (T&M) contracts are directly tied to effort—meaning more people equals more revenue. But AI breaks that equation.
If AI enables a 10-person team to do the work of 5, clients will naturally push for:
. Fewer billed resources
. Lower costs for the same output
That makes T&M contracts highly vulnerable to AI-driven revenue compression.
Outcome-based contracts, on the other hand, are tied to results—not effort—making them far more resilient in an AI-first delivery model
In some cases, yes—but it depends heavily on the customer’s internal capabilities.
Large enterprises with thousands of engineers can increasingly:|
. Experiment with AI-assisted development; and
. Build or automate parts of the delivery internally.
However, most organizations still operate in complex, legacy (“brownfield”) environments, where integration, customization, and institutional knowledge matter a lot.
That’s why AI isn’t eliminating IT services:
. Less focus on billable hours;
. More demand for measurable outcomes; and
. Greater scrutiny on vendor value.
AI is indeed transforming how clients engage with Movate.