Home  ›  Blog  ›  Contract Clause Library
Strategy · Contracts · Clauses

Software contract clause library — the 18 that protect the buyer.

Enterprise software contracts are written to vendor templates. The clauses that protect the buyer rarely appear in the first draft; they have to be added. This article walks through the 18 clauses that consistently produce the most buyer value, with proposed language for each and the vendor patterns that resist them.

Updated: May 2026 Reading time: 14 min Audience: Procurement, General Counsel, Vendor Manager, IT Sourcing
Contract negotiation documents
The vendor template problem

Why enterprise software contracts start in the wrong place.

Every enterprise software contract starts on a vendor template. The template is engineered for vendor commercial outcomes — annual price uplift unrestricted, audit rights unbounded, termination rights restricted to material breach, indemnification capped at fees paid. The buyer-favourable clauses are absent by default; the vendor-favourable clauses are buried in cross-referenced exhibits. The starting position is asymmetric.

The 18 clauses below are the ones most consistently worth fighting for. They are not exotic — most vendor account teams have approved versions of all 18 for at least one enterprise customer. The reason they don't appear in your draft is that no one asked. Asking is the buyer's job; the vendor account team is not incented to volunteer language that reduces vendor revenue.

Commercial clauses

  1. Price uplift cap. Annual uplift capped at CPI or a fixed percentage (commonly 3–5%), applied to all SKUs including renewals. Vendor template default: uncapped or capped only on subscription.
  2. Termination for convenience. Either party may terminate with 60–120 day notice, with pro-rata refund of prepaid fees. Vendor template default: absent.
  3. Most-favoured-customer. Vendor commits to extending any better terms granted to comparably-sized customers in same industry. Vendor template default: absent.
  4. Reduction flexibility. Buyer may reduce subscription quantities by up to X% at each annual anniversary. Vendor template default: no downward adjustment.
  5. Renewal notice. Vendor must provide renewal proposal at least 120 days before term end. Vendor template default: 90 days or unspecified.

Audit and compliance clauses

  1. Audit scope and notice. Audits limited to specific licence metric, scope, and time window; 30–60 day notice; business hours only. Vendor template default: broad, short notice, any time.
  2. Audit frequency. Maximum one audit per 24 months unless material breach evidence. Vendor template default: at vendor discretion.
  3. Audit cost. Vendor-funded unless material non-compliance found, with a defined materiality threshold (commonly 5% over-deployment). Vendor template default: buyer-funded.
  4. Third-party auditor. Mutually agreed auditor; vendor cannot unilaterally select. Vendor template default: vendor selects.
  5. Cure period. Buyer has 60–90 days to cure non-compliance before financial settlement is triggered. Vendor template default: immediate.

Need the proposed clause language as a starting point?

We've negotiated thousands of these clauses. The proposed-language pack is in our white paper library.

Contact Us →

Operational clauses

  1. Service levels. Availability SLA with credit remedy (commonly 99.9% with 5–10% credit on miss). Vendor template default: best-effort or weak SLA.
  2. Performance SLA. Specific to use case — response time, transaction throughput, batch completion windows. Vendor template default: absent.
  3. Data export and portability. Buyer has right to extract data in industry-standard format on demand, at no charge, with documented schema. Vendor template default: at vendor discretion or fee-based.
  4. Sub-processor approval. Vendor must obtain customer approval before adding sub-processors that access customer data. Vendor template default: vendor discretion.

Risk and liability clauses

  1. Indemnification scope. Vendor indemnifies for IP infringement, data breach, and regulatory violation, with reasonable cap (commonly 2–3× annual contract value, higher for data breach). Vendor template default: narrow scope, low cap.
  2. Data breach notification. Vendor must notify customer of confirmed breach within 24–72 hours, with defined obligations. Vendor template default: longer window or absent.
  3. Cyber insurance. Vendor maintains cyber insurance at defined coverage level, names customer as additional insured for data breach claims. Vendor template default: vendor discretion.
  4. Survival of obligations. Confidentiality, data protection, indemnification, payment for delivered services, and dispute resolution survive termination. Vendor template default: limited survival.

Download the MSA Key Clauses playbook.

Twenty-five clauses with proposed buyer-side language, vendor counter-positions, and negotiation tactics.

Get the playbook →
Vendor patterns

Which clauses each major vendor most strongly resists.

Resistance patterns are predictable. Oracle and IBM resist the audit clauses harder than any other vendor — particularly third-party auditor selection and audit-cost allocation. Microsoft resists price uplift caps and reduction flexibility on cloud commitments (Azure MACC, Microsoft 365 EA). SAP resists indirect access definition clarity in S/4HANA contracts. Salesforce resists edition-downgrade rights and add-on attach controls. ServiceNow resists subscription-unit conversion ratio lock-in. The pattern reveals where each vendor's commercial pressure originates.

Knowing the resistance pattern lets the buyer sequence the negotiation. The high-resistance clauses should be tabled early, before the vendor has invested in the deal close, while alternative deal value is still on the table. The lower-resistance clauses can be agreed late as the deal closes. Inverting the sequence — agreeing the easy clauses first, leaving the hard ones for last — produces weaker contracts because the vendor knows by the end that the deal is closing.

The 80/20 rule for clause negotiation

Eighteen clauses is a lot to negotiate in a single deal. In practice, the top 6 — price uplift cap, termination for convenience, audit scope, indemnification cap, data breach notification, and renewal notice — carry roughly 80% of the value across typical deals. Focus there first; expand to the remaining 12 in proportion to deal value and risk profile.

Major renewal coming up?

We red-line the vendor template, prepare the negotiation, and brief the executive sponsor. Engagements run 4–8 weeks.

Contact Us →

Internal next steps

Three actions start the clause discipline. First, build an internal clause library — your version of this article, tuned to your industry and risk profile. Second, set a contract review trigger 180 days before any renewal over $500k annual. Third, sequence the negotiation to table high-resistance clauses early.

FAQ

Common questions.

What is the most important clause in a software contract?
Termination for convenience is the single highest-value clause when present and the single highest-risk omission when absent. With it, the buyer preserves switching leverage; without it, the buyer is captive for the full term. Most vendor templates exclude it; almost all vendors will agree to add it for enterprise deals.
Should price uplift caps be in the MSA or the order form?
MSA — for multi-year and renewal protection — and reinforced in each order form. MSA-only caps can be circumvented by introducing new SKUs at uncapped rates; order-form-only caps don't survive renewal. Both is the defensible position.
What audit rights should be in a software contract?
Reasonable notice (30–60 days), business hours only, mutually agreed third-party auditor, scope limited to specific licence metric, frequency limited to once per 24 months, customer-funded only if material non-compliance found. The default vendor language is broad and one-sided; narrowing it is standard buyer-side practice.
How long should a software MSA run?
MSA should outlast individual order forms but be subject to mutual termination on convenience with 60–120 day notice. Indefinite MSAs are common and rarely problematic; the order-form terms within them carry the actual commercial weight.
What is the 'most favoured customer' clause and is it worth pursuing?
MFC clauses commit the vendor to extend any better terms granted to comparable customers. They are notoriously hard to enforce because the vendor controls the comparator definition. Worth pursuing only with specific comparator language and audit rights; otherwise symbolic.
Where does Reveal Compliance fit in contract review?
We red-line vendor templates and run the negotiation, with proposed language tied to the 18 clauses in this library. Independent of all vendors. Engagements typically run 4–8 weeks for major renewals.

Reviewing an enterprise software contract?
We red-line vendor templates and run the negotiation.

Our team has reviewed thousands of enterprise software contracts. We work for buyers — never the vendors.

The Compliance Brief

Weekly compliance intelligence for IT leaders.