The AI agreement your vendor sends you is a commercial document designed by their legal team to minimise their obligations and maximise their rights. Most enterprise buyers sign it, or a version of it with minor changes, because they lack the commercial framework to identify what they are conceding. This article provides that framework.
Our AI practice has reviewed more than 200 enterprise AI agreements over the past three years. The same problematic provisions appear repeatedly — sometimes because vendors include them deliberately, sometimes because the underlying API terms were never designed for enterprise-scale deployment. What follows are the 20 contract clauses that separate a commercially defensible AI agreement from a vendor-drafted template.
For the strategic context behind these clauses, see our Enterprise AI Procurement Guide. For pricing negotiation tactics, see our OpenAI Enterprise pricing guide and AI usage pricing analysis.
IP Ownership Clauses (1–4)
Output Ownership Assignment
The vendor must explicitly assign all intellectual property rights — including copyright, database rights, and any other applicable rights — in all outputs generated through your use of the AI service to you, the customer. The assignment must be unconditional, without reservation of derivative rights, and must survive contract termination. Weak versions say "you may use outputs"; a proper clause says "vendor assigns all IP in outputs to customer."
Prompt and System Prompt Ownership
All prompts, system prompts, and prompt templates you create are your proprietary intellectual property. The vendor must acknowledge this ownership explicitly and commit that they will not use your prompts to train models, analyse patterns for competitive intelligence, or disclose them to third parties. This clause is particularly important for organisations that invest significantly in prompt engineering.
Fine-Tuned Model Ownership and Portability
Where you have fine-tuned or customised a model using your proprietary data, the resulting fine-tuned model adaptor weights (or equivalent parameters) must be treated as your intellectual property. The vendor must provide these in a portable, industry-standard format on request and at contract termination. Vendors commonly argue that fine-tuned weights cannot be exported because they are integrated into their infrastructure — this is a technical argument that should be addressed in the contract by requiring equivalent model behaviour portability if weight export is genuinely impossible.
No IP Indemnification Carve-Outs for AI Outputs
Many AI vendor agreements include explicit carve-outs to IP indemnification for AI-generated content — meaning if the AI output infringes a third party's IP rights, you are on your own. Enterprise agreements should push for meaningful IP indemnification for AI outputs, or at minimum, a clear commercial risk allocation that does not expose you to unlimited third-party claims without vendor contribution.
Data Rights Clauses (5–9)
Training Data Prohibition
The vendor is prohibited from using your data — including inputs, prompts, outputs, usage logs, and metadata — to train, fine-tune, evaluate, or otherwise improve their foundation models without your explicit, specific, written consent for each intended training use. "Opt-out" mechanisms are insufficient; enterprise agreements require opt-in training consent. This clause is the single most commercially important data rights provision.
Data Residency and Processing Locations
The agreement must specify precisely where your data will be processed and stored, with the ability to restrict processing to specific geographic regions. For EU-based organisations, this must address GDPR Article 46 transfer mechanisms for any processing outside the EEA. For regulated industries, jurisdiction-specific requirements (FCA, BaFin, SEC, HIPAA) must be explicitly addressed.
Data Retention Limits
Vendor data retention periods for your inputs, outputs, and logs must be explicitly defined and minimised. Zero-retention options — where the vendor processes but does not persist your data beyond the immediate transaction — should be available for sensitive deployments. Verify that "zero retention" claims cover all pipeline components, including safety filtering layers that vendors sometimes maintain separately from their stated retention policies.
Data Subject Rights and GDPR Processor Terms
For EU deployments, the vendor must execute appropriate Data Processing Agreements (DPAs) and commit to supporting data subject access requests, erasure requests, and portability requests within statutory timescales. Vendor DPA templates are often inadequate for enterprise needs — they require negotiation, not just signature.
Competitive Intelligence Restriction
The vendor must commit that aggregate insights derived from your usage — industry patterns, workflow types, query categories — will not be used to inform their own product strategy, pricing decisions, or to provide intelligence that would benefit your competitors. This provision is difficult to enforce in practice, but its absence signals vendor intent and creates no contractual constraint on plainly harmful behaviour.
Model Stability Clauses (10–13)
Model Change Notification (90-Day Minimum)
The vendor must provide minimum 90 days' advance written notice before deprecating a model version, making material changes to model behaviour, or retiring any model capability that your production workflows depend on. Enterprise agreements should extend this to 180 days for major model transitions. "Material change" should be defined broadly enough to capture capability regressions, not just version deprecations.
Legacy Model Access
Following any model change notification, you must have access to the previous model version for at minimum the duration of the notification period — allowing production workloads to continue operating while you assess the new model and update dependent systems. Vendors who cannot offer legacy model access should provide equivalent transition assistance funding.
Benchmark Regression Commitments
For production AI deployments where model quality materially affects business outcomes — customer-facing applications, automated decision support, code generation pipelines — the agreement should include performance benchmarks on agreed test sets, with contractual commitments that future model versions will not regress below defined thresholds without notification and remediation options.
Safety and Content Policy Change Notification
Vendors regularly update safety and content policies, which can affect the behaviour of AI models in production workflows — sometimes causing applications to stop functioning as designed. Changes to safety and content policies that materially affect your use case must be notified in advance with equivalent notice periods to model changes.
SLA and Service Commitments (14–16)
Uptime SLA (99.95% Minimum)
Standard AI API SLAs of 99.5% allow for more than 43 hours of downtime per year — commercially unacceptable for production enterprise deployments. Enterprise agreements should target 99.95% availability (4.4 hours annual downtime) for API availability, with credits calculated as a meaningful percentage of affected monthly charges rather than nominal service credits.
Latency SLA Commitments
For real-time or near-real-time AI applications — customer service AI, code completion, real-time analytics — P99 latency commitments must be included in the SLA. Vendors often resist latency SLAs, citing variable model complexity as a reason for unpredictable response times. Enterprise agreements should at minimum define "degraded service" thresholds and remediation processes for sustained latency exceedances.
Rate Limit Commitments
AI APIs enforce rate limits that can disrupt production workloads during peak demand or following vendor-side infrastructure changes. Enterprise agreements must define committed throughput levels — requests per minute, tokens per minute — with guaranteed capacity that cannot be unilaterally reduced by the vendor without notice and compensation.
Commercial and Exit Clauses (17–20)
Audit Rights Over Billing and Usage Data
Token-based and consumption-based AI billing is complex and difficult to verify independently. Your agreement must grant you or your nominated auditor access to detailed usage logs in machine-readable format, enabling independent verification of all charges. Audit rights should cover a rolling 24-month lookback period and the vendor must cooperate within 30 days of an audit request.
Price Protection and Commitment Discount Preservation
If you have committed to a specific spending volume in exchange for a discount, any vendor price changes for underlying services must not reduce the economic value of your committed discount. If the vendor raises list prices, your committed rate must maintain at minimum the same percentage discount from the new list price, or you must have a right to exit the commitment without penalty.
Termination for Convenience with Proportional Refund
Enterprise AI technology evolves faster than most contract cycles. Your agreement should include termination for convenience rights after an initial period (typically 12 months of a multi-year commitment) with proportional refund of any upfront committed amounts, minus a reasonable break fee. AI contracts without termination for convenience lock enterprises into technology commitments that may be commercially or technically obsolete before the contract expires.
Data Export and Transition Assistance at Termination
At contract expiry or termination, the vendor must provide complete export of all your data — inputs, outputs, fine-tuned parameters, usage logs, system configurations — in standard, documented formats within 30 days. Transition assistance of 90–180 days must be included at no additional charge, covering access to the service at maintenance-level pricing while you migrate to a replacement solution.
Negotiation Reality Check: You will not obtain all 20 of these clauses from all AI vendors. The relative negotiating position varies significantly by vendor, contract size, and commercial relationship. The purpose of this framework is to enter negotiations knowing what to request, what to prioritise when vendors push back, and what absence of a clause costs you commercially. Advisory firms like Redress Compliance have established precedents with all major AI vendors and can advise on realistic negotiation outcomes for your specific situation.
Related AI Procurement Intelligence
This article is part of our comprehensive AI procurement series. Related guides include our complete AI procurement guide, OpenAI Enterprise pricing analysis, AI IP ownership guide, enterprise AI data rights guide, and our EU AI Act contract requirements. For broader enterprise context, see our AI procurement advisory service.