All terms
Investment & FinanceStartup Lifecycle
Due Diligence
Investigation of a company before an investment, financing, or acquisition.
Reviewed by Christian Espinosa, Founder, Blue Goat CyberLast reviewed May 5, 2026
Definition
Due diligence is the structured review an investor or acquirer conducts before closing a transaction. MedTech diligence spans regulatory (510(k) history, warning letters, recalls), clinical (trial protocols, data integrity), IP (freedom-to-operate, patent prosecution), quality (QMS, FDA inspections), commercial (pipeline, contracts), and financial. What the regulation says
Regulators do not explicitly define "due diligence" as a specific process they require. However, they expect medical device manufacturers to maintain a robust Quality Management System (QMS) as per 21 CFR Part 820 (FDA) and EU MDR (Regulation (EU) 2017/745) which would implicitly require thorough evaluations of acquisitions or partnerships to ensure continued compliance. For example, the FDA expects manufacturers to evaluate suppliers and contractors, which can be seen as a form of due diligence.What this means in practice
Regulatory and quality DD findings frequently kill or reprice MedTech deals. A clean inspection history and well-organized DHF/DMR speed transactions materially.Examples
- A MedTech acquiring company thoroughly reviews the target company's 510(k) submissions and associated FDA correspondence to identify any outstanding issues or unaddressed deficiencies.
- During a potential merger, a quality assurance team from the acquiring company audits the target's manufacturing facility to verify compliance with ISO 13485:2016 and 21 CFR Part 820.
- Before an acquisition, cybersecurity experts evaluate the target's medical device software architecture and network security protocols against FDA's pre-market and post-market cybersecurity guidance.
Common pitfalls
- •Confusing the legal and financial aspects of due diligence with the technical regulatory and quality assessments.
- •Failing to involve regulatory, quality, and cybersecurity experts early in the due diligence process, leading to overlooked critical issues.
- •Underestimating the impact of unresolved regulatory actions, such as Warning Letters or 483s, on deal valuation and post-acquisition integration.
- •Not verifying the accuracy and completeness of submitted regulatory documentation, like 510(k) clearances or technical files.
- •Ignoring cybersecurity risks and past breaches during due diligence, which can lead to significant post-acquisition liabilities and reputational damage.
Frequently asked questions
The primary goal is to identify and assess all potential regulatory risks, liabilities, and compliance gaps associated with a target company's products and operations, ensuring they meet applicable regulatory requirements like those from the FDA or under the EU MDR.
Related terms
Shared paths + categoryInvestment & Finance
Term Sheet
Non-binding outline of the key economic and control terms of an investment.
Founder & Investor Primer
Commercialization
Strategic Acquisition
Purchase of a company by a strategic buyer, typically a larger MedTech.
Investment & Finance
Capitalization Table(Cap Table)
Ledger of all securities issued by a company and who owns them.
Founder & Investor Primer · adjacent
Investment & Finance
Strategic Investor
Corporate investor with operational, not just financial, motives.
Founder & Investor Primer · adjacent
Investment & Finance
Convertible Note
Short-term debt that converts into equity at a future financing round.
Founder & Investor Primer
Investment & Finance
Exit Multiple
Valuation ratio applied at exit, e.g., enterprise value to revenue.
Founder & Investor Primer
Latest in MedTech
Primary references
3 sourcesLink health: 3 verified· last checked 2026-06-20
AdvaMed·1PitchBook·1NVCA·1
- 1AdvaMed M&A guideVerifiedAdvaMedadvamed.org
- 2PitchBook - MedTech CoverageVerifiedPitchBookpitchbook.com
- 3NVCA Model DocumentsVerifiedNVCAnvca.org
Inline markers like [1] jump to the matching reference above.