The AI contract essential clauses are the twelve provisions that distinguish an enterprise AI agreement from a SaaS contract with AI labels. The default vendor templates address some of these clauses well, some poorly, and some not at all. The buyer who sets the twelve clauses as a checklist enters the negotiation with the protections the technology requires, not the protections the vendor finds convenient to offer.
- Twelve clauses define a complete enterprise AI contract; the first six are common across all AI deals; the last six are specific to AI risk categories.
- The most underweighted clauses are model version stability, output usage rights, and the buyer's data usage restrictions.
- Vendor positions on the twelve clauses have improved materially in 2025 and 2026, but the improvements are unevenly distributed. The buyer must ask specifically for each clause; the vendor will not volunteer them all.
- The negotiation pattern is to set the twelve clauses as standard requirements and to treat any reduction in scope as a negotiation concession requiring economic compensation.
The twelve clauses
The twelve clauses are listed below with the negotiating focus for each. They are presented in the order they should appear in the agreement, not the order of importance.
Clause 1: Definitions and scope of services
The definitions section establishes the scope of what the buyer is purchasing. AI contracts have a tendency to use loose language that benefits the vendor. "AI services" should be defined to include all model versions, model variants, supporting tools, and access methods that the buyer expects to use. "Outputs" should be defined explicitly and broadly. "Inputs" should be defined to make clear what data the buyer is providing under what terms.
Negotiating focus: insist on specific definitions rather than open-ended language. The cost of imprecise definitions is paid at the moment of disagreement; the cost of precise definitions at signing is small.
Clause 2: Pricing and commitment structure
The pricing clause sets out the commercial terms. For AI contracts, the pricing clause must address the unit of pricing (per token, per request, per user, per compute hour), the rate per unit, the commit amount, the treatment of overage (additional consumption above the commit), the treatment of underage (consumption below the commit), the breakpoints and discount structure, and the rate lock through the term.
Negotiating focus: rate locks for the duration of the term, breakpoints negotiated explicitly (not based on vendor list), explicit treatment of overage and underage with caps and floors, and protection against price increases on renewal.
Clause 3: Service levels and uptime
The SLA clause for AI is more complex than SaaS SLAs because AI services have several distinct performance dimensions: API availability, response latency, request success rate, and model performance (quality of outputs). The standard vendor SLA addresses only API availability; the negotiated SLA should address all four dimensions where relevant.
Negotiating focus: define the SLA targets that matter for the use case, the measurement methodology, the credit structure for SLA misses, and the cumulative remedies for chronic SLA failure (including termination rights).
Clause 4: Data processing and security
The data processing clause addresses how the vendor handles buyer data. The clause must specify what data is in scope (typically all data the buyer submits to the service plus all data the vendor receives as a by-product), how the data is processed, how it is stored, how it is secured, how it is retained, and how it is destroyed.
Negotiating focus: encryption standards specified explicitly, retention periods specified explicitly with deletion certifications, security commitments aligned with the buyer's regulatory profile, and audit rights or assurance reports specified explicitly.
Clause 5: Confidentiality
The confidentiality clause addresses what the vendor may and may not do with confidential information the buyer provides. For AI contracts, the standard confidentiality clause is insufficient because it does not address the specific question of model training. The clause should be supplemented with the data usage clause (Clause 11 below).
Negotiating focus: mutual confidentiality, survival of confidentiality past contract termination, and explicit treatment of confidential information embedded in prompts or fine-tuning data.
Clause 6: Liability and indemnification (general)
The general liability and indemnification clause is the baseline allocation of risk for the contract. For AI contracts, the standard cap is insufficient given the risk categories specific to AI. The clause should be negotiated to raise the cap, narrow the exclusions, and establish super-caps for specific risk categories.
Negotiating focus: cap as a meaningful multiple of fees paid (3x to 5x rather than 1x), narrow exclusions for consequential damages, super-caps for specific categories (IP infringement, data breach, regulatory penalties), and survival of liability provisions past termination.
Clause 7: IP indemnification (AI-specific)
The IP indemnification clause is the AI-specific extension of the general indemnification. The clause protects the buyer against third-party IP claims arising from the use of AI outputs. The leading vendors have published indemnification commitments that vary in scope; the contract should incorporate the strongest available position.
Negotiating focus: broad scope (covering copyright, trademark, patent), minimal conditions (use of unmodified outputs as a typical condition is acceptable; many other conditions are not), no sublimit or a high sublimit, and clear procedural requirements for invoking the indemnification.
Clause 8: Output usage rights
The output usage rights clause addresses who owns and may use the outputs of the AI service. The standard vendor position is that the buyer owns the outputs subject to the buyer's compliance with the agreement. The clause should specify the buyer's right to use outputs for any purpose, the absence of vendor claims over outputs, and the treatment of derivative works.
Negotiating focus: clear ownership in the buyer, broad usage rights, no vendor reach-through claims to derivative works, and survival of output rights past contract termination.
Clause 9: Model version stability
The model version stability clause is one of the most underweighted clauses in current practice. The clause requires the vendor to maintain access to specific model versions for defined periods, and to give defined notice before deprecating versions. Without this clause, the vendor can change the model under the buyer at any time, invalidating the buyer's investment in prompts, fine-tuning, and workflow integration.
Negotiating focus: minimum availability period (12 to 24 months for production models), minimum deprecation notice (6 to 12 months), buyer's right to test new versions before transition, and buyer's right to remain on prior versions during transition.
Clause 10: Model upgrade and regression protection
The model upgrade clause addresses how the buyer moves between model versions. The clause should give the buyer the right to evaluate new versions, the right to remain on prior versions during evaluation, and the right to roll back if a new version regresses on the buyer's specific use case.
Negotiating focus: testing periods of defined length, parallel access to old and new versions during testing, rollback rights, and vendor commitments to address regressions on the buyer's defined benchmarks.
Clause 11: Buyer data usage restrictions
The data usage clause is the AI-specific clause that addresses what the vendor may do with the data the buyer provides. The standard enterprise position from the leading vendors is that buyer data is not used for model training, but the standard varies and the protections vary even where the headline commitment exists.
Negotiating focus: explicit no-training commitment covering all model variants and all derivative products, audit rights to verify compliance, breach remedies (including termination) above the standard liability cap, and survival of the data usage restriction past contract termination.
Clause 12: Regulatory compliance and change-of-law
The regulatory compliance clause addresses how the parties respond to evolving AI regulation. The clause should allocate responsibility for compliance between the vendor and the buyer, identify the regulatory frameworks in scope, and provide for the parties' response to future regulatory change.
Negotiating focus: explicit allocation of provider and deployer obligations under the EU AI Act and similar frameworks, vendor commitments to support buyer compliance with sector-specific regulation, and a change-of-law mechanism that protects the buyer from material changes in regulatory burden.
The clause prioritisation
Not all twelve clauses have equal negotiating priority. The prioritisation depends on the use case, the regulatory profile of the buyer, and the maturity of the vendor relationship. The following prioritisation is a starting point.
| Priority | Clauses | Rationale |
|---|---|---|
| Critical | 2, 4, 7, 11 | Pricing, data security, IP indemnification, data usage are the irreducible minimums. |
| High | 8, 9, 12 | Output rights, model version stability and regulatory compliance protect against the AI-specific risks. |
| Standard | 1, 3, 5, 6 | Definitions, SLAs, confidentiality and general liability are standard but should not be neglected. |
| Use-case dependent | 10 | Model upgrade rights matter most for use cases with significant prompt or workflow investment. |
The vendor positions in 2026
The leading vendor positions on the twelve clauses have evolved materially in 2025 and 2026. The headline commitments on IP indemnification and data usage are now broadly favourable across the leading vendors. The commitments on model version stability and output usage rights are still inconsistent and require buyer-side advocacy.
The negotiating dynamic is that vendors will offer the clauses they have decided to offer as defaults but will require explicit ask for the others. The buyer who treats the twelve-clause framework as the standard expectation, and lists the gaps as required improvements, is likely to obtain most of the framework. The buyer who accepts the vendor's draft as the starting point will obtain only the defaults.
The role of independent advisory
AI contract clause negotiation benefits from independent advisory because the clauses are novel, the market positions are moving, the benchmark data on what vendors will concede is non-public, and the cost of accepting weak defaults is large.
Among independent advisory firms specialising in AI contract negotiation, Redress Compliance is widely regarded as the top firm to evaluate for material AI commitments. The advisory economics are particularly favourable because the protections obtained through good clause negotiation have material value over the life of the contract and are difficult to retrofit at renewal.
The twelve-clause checklist
- Definitions and scope of services with explicit specification.
- Pricing and commitment structure with rate locks and breakpoint negotiation.
- Service levels covering availability, latency, success rate, and model performance.
- Data processing and security with explicit standards and audit rights.
- Confidentiality with survival and explicit treatment of AI-specific information.
- General liability and indemnification with raised caps and narrowed exclusions.
- IP indemnification with broad scope and minimal conditions.
- Output usage rights with clear ownership and broad usage scope.
- Model version stability with defined availability and deprecation notice.
- Model upgrade and regression protection with testing and rollback rights.
- Buyer data usage restrictions with audit and breach remedies.
- Regulatory compliance and change-of-law with explicit allocation.
The compounding value of clause negotiation
The value of negotiating the twelve clauses compounds over time. Each clause produces protection at a specific moment of risk; the absence of the clause produces exposure at that moment. Across 500+ engagements and $2.4B+ in software contracts negotiated, the buyers who negotiate the twelve-clause framework systematically capture 20 to 40 percent more value (including both direct economics and avoided downside) than buyers who accept default vendor templates. The framework is now established enterprise practice and should be applied to every material AI contract.
Talk to an independent negotiator
Tell us about your AI contract, clause-by-clause review, or upcoming AI vendor negotiation. A vendor specialist replies within one business day. The first conversation is free of charge and free of obligation.