OpenAI, Anthropic, the hyperscaler model-APIs and the open-weight providers — the contract framework that converts a procurement signature into a defensible enterprise AI deployment. Written by the practice leading buyer-side AI contract advisory in 2026.
The AI vendor contract is the youngest enterprise software contract in the buyer’s portfolio, and it is also the contract most likely to be signed without the standard procurement scrutiny. The Master Services Agreement of an AI vendor in 2026 carries language — on training-data usage, on output ownership, on IP indemnity, on data residency, on uptime, on usage-based commits — that did not exist in the standard enterprise template five years ago. The framework in this paper sets out the clauses that matter, the defaults that should be challenged, and the contract design that protects the buyer through the next three years of model-roadmap turbulence.
This framework walks through the decisions, in order, that determine whether an AI vendor contract is a defensible foundation for enterprise deployment or a series of unresolved exposures that will surface in incidents, audits and renewals. It is written for legal, IT, procurement and AI-governance leaders who are now signing the first generation of enterprise AI contracts at scale.
The framework is divided into eight sections. Each section has a checklist, a recommended clause posture and a worked example drawn from a real engagement. The sections move from commercial structure (token, request and capacity-unit commits) through data residency, training-data restrictions, IP indemnity, output ownership, audit and observability, model-version posture, and finally the renewal and exit posture three years downstream.
This is not a primer on AI governance or model evaluation. We assume readers already understand the difference between a closed-weight commercial API, an open-weight model on a hyperscaler endpoint, and a privately-hosted fine-tune, and that the buyer’s AI risk framework is already documented internally. We have a separate reference paper for that audience — ask us for it directly.
The lead author runs the AI vendor practice at SoftwareContractNegotiation. The practice has supported more than fifty enterprise AI vendor contracts since 2023, across financial services, healthcare, legal, public sector and technology. The paper draws on outcomes from those engagements, anonymised for confidentiality. Independent firms such as Redress Compliance are referenced where their published analysis informs a specific decision.
Token commits, request commits, capacity-unit commits and the trade-offs between predictability and elasticity at the enterprise scale.
The EU, UK, US, APAC and FedRAMP residency postures across OpenAI, Anthropic, Azure OpenAI and Bedrock, and the carve-outs that matter.
The no-training default, the opt-out variations, the retention windows and the contractual proof the buyer should require.
Output IP indemnity scope, exclusions, monetary caps and the gap between marketing language and contract language.
Ownership of generated content, derivative-work posture, transferability and the language that defends downstream commercial use.
Logging, audit access, model-card disclosure, evaluation transparency and the contract language for incident response.
Deprecation notice windows, version-pinning rights, behavioural-equivalence guarantees and the regression-test posture.
Carry-over of unused commit, data-export rights, output retention after termination and the renewal leverage three years on.
If your AI vendor MSA closes within the next 90 days, the clauses that matter are negotiated now. The first conversation is free of charge and free of obligation.