Enterprise software contracts are engineered to protect the vendor, not you. Before you sign, your legal and procurement team needs to identify the clauses that expose your organisation to uncapped price increases, audit liability, restrictive exit terms, and data loss. Here are 25 red flags — and what to demand instead.
This article is part of our comprehensive IT Contract Negotiation Strategy guide. Understanding contract red flags is the foundation of any sound BATNA strategy — you cannot build effective walk-away leverage without knowing which clauses put you at structural risk. For context on how these clauses interact with commercial pricing, see our IT negotiation firm rankings.
These red flags are drawn from analysis of hundreds of enterprise software contracts reviewed by specialist IT negotiation advisors. They represent patterns that consistently expose buyers to financial and operational risk. They are not legal advice — have qualified counsel review any specific contract.
Pricing clauses in vendor-drafted contracts are written to maximise the vendor's ability to increase revenue from existing customers. The following patterns appear in Oracle, SAP, Microsoft, Salesforce, and Broadcom agreements with particular frequency.
Clauses that permit price increases "at the vendor's discretion" or by CPI + a fixed percentage with no ceiling. Oracle's standard support terms historically included 3–4% annual escalation with no cap — meaning a $1M support contract becomes $1.48M in ten years before any additional product purchases.
Contracts that tie renewal pricing to "then-current list price" rather than the originally agreed price or a defined escalation formula. Since vendors routinely increase list prices by 5–20% annually, this clause eliminates any price protection value from your initial discount.
SaaS contracts that automatically renew bundled products — including modules you do not actively use — unless affirmatively cancelled within a narrow notice window (sometimes 30–60 days before renewal date). Salesforce and Microsoft CSP agreements are frequent offenders.
Cloud and SaaS agreements where "minimum spend" floors increase each year — often by 10–20% — regardless of actual consumption or usage growth. AWS EDP and Google Cloud Commit agreements can include automatic ratchet provisions that compound your financial exposure annually.
Clauses permitting the vendor to reclassify or reprice products following acquisitions, rebranding, or product restructuring. Broadcom's VMware acquisition — where perpetual licences were converted to subscription pricing — demonstrated how this risk can materialise catastrophically for unprepared customers.
Organisations that negotiate explicit price escalation caps at contract signing pay, on average, 22% less over a five-year period than those with uncapped escalation provisions — even when initial pricing was identical.
Software audit clauses are among the most commercially consequential provisions in any enterprise technology agreement. Vendors use broad audit rights to create unplanned liability events that generate substantial additional licence revenue. Understanding how to identify and constrain these provisions is covered in depth in our software audit defence guide.
Contracts with no restriction on how frequently a vendor can conduct licence audits. Without a limit — typically "no more than once per 12-month period" — vendors can initiate multiple audits in a single year, each creating disruption, remediation liability, and negotiating leverage for the vendor.
SAP's historic indirect access provisions — and similar language in Oracle's contracts — permit vendors to charge licence fees for third-party systems that interact with their platform, even via APIs. The potential liability surface is enormous and very few IT leaders understand it at the time of signing.
Audit clauses that permit the vendor to appoint a named third-party auditor paid on a percentage of findings rather than a flat fee. BSA (Business Software Alliance) and some "Big 4" audit firms engaged by Oracle and SAP operate under contingency arrangements that create systematic incentive to find and expand compliance gaps.
Audit rights that permit the vendor to assess compliance going back 2–3 years prior to the current agreement, including periods covered by previous contracts. Combined with changes in vendor licensing policy, this can create backdated liability for usage that was compliant under the rules at the time.
Clauses requiring you to proactively disclose over-deployment or compliance gaps without providing a corresponding grace period or penalty limitation. Voluntarily declaring a compliance shortfall can trigger invoices at full list price rather than the discounted remediation pricing available in a negotiated resolution.
Exit provisions — or the absence of them — determine whether you have real commercial leverage at renewal time. A vendor that controls your exit options controls your pricing. These provisions should be evaluated in the context of your broader BATNA development.
Multi-year SaaS and cloud contracts with no termination for convenience clause — meaning you cannot exit the agreement early regardless of changed business circumstances, budget constraints, or product dissatisfaction. This is standard in vendor-drafted agreements and must be actively negotiated. See our dedicated guide on termination for convenience clauses.
Contracts where "termination for convenience" is technically available but requires payment of all remaining licence fees or a percentage thereof — effectively eliminating the value of the right. A clause requiring payment of 80% of remaining contract value is not meaningfully different from no termination right at all.
SaaS agreements that prohibit reducing user count, module scope, or spend below the initial contracted level during the term. In an environment of workforce changes, M&A activity, or product rationalisation, the inability to flex down creates stranded-cost risk — particularly in Salesforce and Workday agreements.
Contracts — particularly in SaaS platforms — where custom configurations, workflows, APIs, and integrations developed by your teams are classified as "derived works" or the intellectual property of the vendor. This creates dependencies that dramatically increase real switching costs beyond the headline platform cost.
Some vendor agreements — most aggressively in Oracle's terms — include provisions restricting your right to engage competitive benchmarking, participate in third-party support programmes, or even disclose pricing to certain parties. These clauses attempt to contractually eliminate your BATNA-building activity.
Your current contracts may contain provisions exposing your organisation to significant risk
Data provisions have become increasingly contentious in enterprise software contracts, particularly as AI training, data portability, and cloud sovereignty have risen up the CIO agenda. These provisions interact directly with your data portability negotiation strategy.
An increasingly common provision in SaaS agreements permitting the vendor to use your business data, usage patterns, and interactions to train AI models — sometimes with minimal opt-out provisions. Salesforce Einstein, Microsoft 365 Copilot, and ServiceNow AI contracts have all attracted scrutiny on this point.
SaaS agreements that guarantee data export rights but only in the vendor's proprietary format — making the data practically unusable with alternative systems. True data portability requires export in open, documented formats (CSV, JSON, XML) with complete schema documentation.
Contracts specifying that the vendor will retain your data for only 30–60 days after contract termination before permanent deletion. For complex SaaS migrations — which typically take 6–18 months to complete — this window is entirely insufficient and creates risk of catastrophic data loss.
Clauses granting the vendor the right to aggregate, anonymise, and commercially exploit data derived from your usage — including benchmarking data that reveals your business performance, competitive positioning, or spending patterns. Particularly sensitive in financial services and healthcare.
Liability provisions in standard vendor agreements are consistently drafted to minimise the vendor's financial exposure while maximising yours. The following patterns are particularly common and commercially consequential. See our dedicated guide to SLA negotiation in software contracts for detailed metrics benchmarks.
Standard vendor agreements typically limit total liability to the fees paid in the prior 12 months — meaning your maximum recovery from a catastrophic failure is capped at a single year's licence fee, regardless of your actual business losses which may be multiples higher.
Universal exclusion of consequential, indirect, or special damages — eliminating any recovery for lost revenue, lost profits, or business disruption resulting from vendor failure. In a system-of-record SaaS deployment, the exclusion of consequential damages can reduce real-world liability exposure by 95%+ relative to actual impact.
SLA provisions that explicitly state service credits are the "sole and exclusive remedy" for any and all service failures — including catastrophic data loss or multi-day outages. This provision, combined with an exclusion of consequential damages, means your maximum recovery from a major outage could be a nominal service credit.
SLA provisions where uptime is measured and reported exclusively by the vendor's own monitoring infrastructure, with no independent verification mechanism. Vendor-controlled measurement systematically under-reports downtime experienced by customers due to network path issues, CDN failures, and partial degradation events.
Force majeure clauses drafted so broadly that they excuse vendor non-performance for "system failures," "cyber events," or "technical disruptions" — in other words, exactly the operational risks you are paying a premium SaaS provider to manage. Force majeure should be limited to genuinely unforeseeable external events.
SaaS agreements — and some cloud platform agreements — that grant the vendor the right to modify terms, pricing, or service definitions with 30 days' notice and deem your continued use as acceptance. This clause can unilaterally eliminate any protection you negotiated at contract execution.
Identifying red flags is only half the exercise. For each category of risk, experienced IT negotiation advisors have established positions that balance commercial realism with genuine buyer protection.
| Red Flag Category | Vendor Standard | Acceptable Position |
|---|---|---|
| Price Escalation | Unlimited / list price reference | Capped at lower of CPI or 3% annually |
| Audit Frequency | Unlimited, any time | Maximum once per 12-month period, 45-day notice |
| Termination | No exit right | Termination for convenience with 90-day notice after Year 1 |
| Liability Cap | 12 months' fees | 24–36 months' fees; carve-outs for data breach |
| SLA Sole Remedy | Credits only | Credits + termination right after repeated failure |
| Data Portability | Proprietary format, 30-day window | Open format, 12-month post-termination access |
| AI Training Rights | Broad consent to train models | Opt-out for all data use beyond service delivery |
Most organisations approach contract review reactively — legal reviews the agreement close to the signature date with minimal time to push back on problematic terms. A proactive review process, embedded into the procurement timeline, dramatically improves outcomes.
12 weeks before signature: Request the standard MSA and order form. Begin commercial review in parallel with technical due diligence. Identify clause categories of concern and cross-reference against the vendor's negotiation track record with comparable buyers.
8 weeks before signature: Prepare a comprehensive redline addressing your priority issues. Present as a package rather than individual issues — vendors are more likely to accept a balanced redline than to negotiate clause-by-clause. This is where specialist IT contract negotiation expertise adds the most value.
4 weeks before signature: Resolve the most commercially significant items. Accept vendor positions on lower-priority items to create reciprocity. Document all negotiated positions in the executed agreement — side letters or email confirmations are insufficient.
At signature: Ensure all agreed modifications are reflected in the final executed document. Discrepancies between negotiated positions and executed terms are a common problem and can only be resolved by careful comparison against your redline record.
The most dangerous red flag of all is the one that does not appear in the contract — the commercial commitment made verbally by a sales representative that has no contractual basis. Ensure every commercial commitment made during negotiations is reflected in executed contract language.
Specialist IT negotiation advisors have reviewed hundreds of enterprise software agreements and know exactly which provisions to push back on — and how far vendors will move.