GroveAI
BusinessFree Template

AI Vendor Contract Checklist Template

A checklist of key clauses and considerations for AI vendor contracts. Covers data rights, service levels, IP ownership, liability, exit provisions, and AI-specific terms that are often missing from standard software agreements. Designed for procurement teams and legal counsel reviewing AI vendor agreements.

Overview

What's included

AI-specific contract clause checklist
Data rights and processing terms
SLA definitions for AI services
IP and model ownership provisions
Liability and indemnification guidance
Exit and data portability requirements
Negotiation tips for each clause area
1

Data Rights & Processing

15 itemsto complete

Data Rights & Processing Clauses

Critical Clauses — Ensure These Are Addressed

  • Data ownership: Customer retains full ownership of all data provided to the vendor
  • No training on customer data: Vendor will not use customer data to train, fine-tune, or improve their AI models without explicit written consent
  • Data processing agreement (DPA): GDPR-compliant DPA executed as part of the contract
  • Data residency: Data will be processed and stored in  
  • Data retention: Vendor will retain customer data for no longer than   days after processing
  • Data deletion: Vendor will delete all customer data within   days of contract termination
  • Sub-processors: Vendor must disclose all sub-processors and notify of changes   days in advance
  • Data breach notification: Vendor must notify customer of data breaches within   hours

Input/Output Data

  • Customer owns all inputs submitted to the AI service
  • Customer owns all outputs generated by the AI service from customer data
  • Vendor has no rights to use inputs or outputs for any purpose beyond delivering the service
  • Prompts and system configurations are treated as customer confidential information

Audit Rights

  • Customer has the right to audit vendor's data handling practices
  • Vendor will provide SOC 2 Type II report annually
  • Vendor will cooperate with customer's DPIA requirements
2

SLAs & Performance

11 itemsto complete

SLAs & Performance

Service Level Definitions

MetricTargetMeasurementRemedy for Breach
Uptime % (e.g. 99.9%)MonthlyService credits:  % per  % below target
Response latency (p95)<  msContinuous 
Error rate<  %Monthly 
Support response time (Critical)<   hoursPer incident 
Support response time (High)<   hoursPer incident 
Support response time (Normal)<   business hoursPer incident 

Performance Clauses

  • SLA targets are clearly defined with measurement methodology
  • Service credits are meaningful (not capped at trivially low amounts)
  • Customer has the right to terminate if SLAs are breached   times in   months
  • Vendor provides a status page and incident communication process
  • Planned maintenance windows are defined and limited to  
  • Vendor provides advance notice of   days for planned maintenance

AI-Specific Performance

  • Model accuracy or quality metrics are defined where applicable
  • Vendor commits to maintaining model quality — not degrading performance through updates
  • Customer is notified   days before any model version changes
  • Customer can pin to a specific model version for   months
  • Vendor provides release notes for model and API changes
3

IP, Liability & Exit

17 itemsto complete

IP, Liability & Exit Provisions

Intellectual Property

  • Customer-provided data, prompts, and configurations remain customer IP
  • Outputs generated from customer data are owned by the customer
  • Any custom models fine-tuned on customer data are owned by or licensed to the customer
  • Vendor indemnifies customer against third-party IP infringement claims arising from the AI service
  • Clear definition of what constitutes vendor IP vs customer IP

Liability

  • Vendor liability is not unreasonably capped (ensure cap covers realistic risk scenarios)
  • Vendor indemnifies against data breaches caused by vendor negligence
  • Vendor indemnifies against IP infringement claims related to AI-generated outputs
  • Liability exclusions are reasonable and clearly defined
  • Insurance requirements specified: vendor must maintain £  professional indemnity insurance

Exit & Portability

  • Customer can terminate with   days/months written notice
  • Customer can terminate immediately for material breach (including repeated SLA breaches)
  • Vendor will export all customer data in   format within   days of termination
  • Vendor will delete all customer data within   days of termination and provide written confirmation
  • No lock-in: customer can migrate to alternative providers without vendor restrictions
  • Transition assistance: vendor will provide reasonable support during migration for up to   days
  • Pricing protection: vendor cannot increase prices by more than  % per year

Negotiation Tips

  1. Data training opt-out is non-negotiable — insist on explicit contractual prohibition
  2. Service credits should be meaningful — push for 10-25% of monthly fees, not 1-2%
  3. IP indemnification for AI outputs is increasingly important — do not accept unlimited customer risk
  4. Exit provisions matter most when you need them — negotiate them when you have the most leverage (before signing)
  5. Model version pinning prevents unexpected quality changes — essential for production use cases

Instructions

How to use this template

1

Use as a review checklist

When reviewing a vendor's contract, work through each clause to identify gaps. Mark items as present, absent, or needs improvement.

2

Share with your legal team

This template highlights AI-specific issues that may not be in standard software agreement reviews. Use it to brief legal counsel on what to look for.

3

Negotiate before signing

Use the checklist to create a list of required contract amendments. Present these during negotiation, prioritising data rights and exit provisions.

4

Review contracts annually

Re-review existing AI vendor contracts against this checklist, especially when regulations change or you renew.

Watch Out

Common mistakes to avoid

Accepting vendor standard terms without negotiation — AI-specific clauses are often missing from boilerplate agreements.
Not checking the data training clause — many AI vendors use customer data for model improvement by default.
Ignoring exit provisions — vendor lock-in is a real risk with AI platforms; negotiate portability upfront.
Accepting meaningless SLA credits — a 1% service credit for a major outage is not meaningful remediation.

FAQ

Frequently asked questions

Yes. This should be a non-negotiable requirement. Most reputable AI vendors offer opt-out options, but you need explicit contractual prohibition, not just a settings toggle that could change.

This is evolving legally, but your contract should clearly state that you own outputs generated from your data. Vendor indemnification against IP claims on AI outputs is increasingly important.

For production use cases: 99.9% uptime (8.7 hours downtime per year), p95 latency commitments, and meaningful service credits (10-25% of monthly fees). For non-critical use: 99.5% uptime may be acceptable.

Negotiate annual price increase caps (typically 3-5%) and lock in pricing for the initial term (12-24 months). Include the right to reduce usage or terminate if prices increase beyond the agreed cap.

For critical AI vendors where the service is hard to replace, yes. Source code escrow protects you if the vendor goes out of business. For large, established vendors, this may not be necessary but data export guarantees are essential.

Related Content

AI Vendor Scorecard Template

Evaluate vendors before entering contract negotiations.

AI DPIA Template

Assess data protection impact alongside vendor contracts.

Build vs Buy AI: How to Decide

Framework for deciding whether to procure from vendors or build in-house.

Need a custom AI template?

Our team can build tailored templates for your specific business needs. Book a free strategy call.

Book a Strategy CallView Pricing