Category: Contract Clauses

Force Majeure Clauses in 2026: What Changed After COVID and What to Include

Before March 2020, force majeure was the clause nobody read. Buried between the notice provision and the severability section, it was copy-pasted from one contract template to the next without a second thought. Then a pandemic shut down the global economy, and lawyers discovered that a clause written to handle hypothetical earthquakes was useless against a real public health emergency.

The litigation wave that followed was massive. Courts across the country addressed force majeure claims in hundreds of COVID-related cases, and the results were overwhelmingly consistent: force majeure clauses are interpreted narrowly. If “pandemic” was not listed as a triggering event, many courts held that COVID did not qualify. If the clause required performance to be “prevented” rather than merely “hindered,” many businesses that could still perform — just at greater cost or difficulty — had no defense.

Six years later, force majeure drafting has permanently changed. If your force majeure clause still looks like it did in 2019, it is dangerously outdated. This guide covers what changed, the 10 elements every modern clause needs, and sample language you can adapt for your next agreement. Upload any contract to Clause Labs to check whether your force majeure clause meets 2026 standards — free, no signup required.

What Force Majeure Actually Means

Force majeure — French for “superior force” — is a contractual provision that excuses one or both parties from performing their obligations when extraordinary events occur beyond their control. It is not a common law doctrine in the United States. It is purely contractual: if the contract does not include a force majeure clause, neither party can invoke it.

This is a critical distinction that many business clients misunderstand. Unlike frustration of purpose (which exists at common law in most U.S. jurisdictions) or impracticability under the Uniform Commercial Code Section 2-615, force majeure only exists if the parties put it in the contract. No clause, no defense.

Three additional principles shape how courts analyze force majeure:

Force majeure clauses are interpreted narrowly. The Fifth Circuit confirmed this in Mieco LLC v. Pioneer Natural Resources USA Inc. (2024), holding that force majeure provisions in a natural gas contract required strict adherence to the contract’s specific language. Courts do not stretch force majeure clauses to cover events the parties did not explicitly contemplate.

The invoking party bears the burden of proof. You must prove that the event qualifies under the clause, that it actually caused your inability to perform, and that you took reasonable steps to mitigate the impact.

General catch-all language is unreliable. “Events beyond the reasonable control of the affected party” sounds broad, but courts frequently limit catch-all provisions to events similar in kind to those specifically listed (the ejusdem generis rule). If your clause lists “fire, flood, earthquake” and a pandemic hits, the catch-all may not save you.

What COVID Changed

Before COVID: Standard Force Majeure (Pre-2020)

The typical force majeure clause before 2020 looked like this:

“Neither party shall be liable for any failure or delay in performing its obligations under this Agreement to the extent that such failure or delay results from acts of God, war, terrorism, earthquake, flood, fire, or other natural disasters.”

Short. Generic. Copy-pasted. No one negotiated it because no one expected to invoke it. The clause was in the contract because the template included it, not because anyone thought about what it needed to cover.

After COVID: Modern Force Majeure (2026)

The pandemic exposed every weakness in the old model:

No mention of pandemics, epidemics, or public health emergencies. When COVID hit, parties argued whether a virus qualified as an “act of God.” Courts split — some said yes, many said no.
No mention of government orders. Lockdowns, travel bans, and business closure orders were not natural disasters. Were they “other events beyond reasonable control”? Courts disagreed.
No provision for supply chain disruption. Manufacturers who could not source raw materials had contracts that only excused performance for events at the production facility itself.
No notice or mitigation requirements. Parties invoked force majeure months after the event began, with no documentation of what they did to minimize the impact.
No termination trigger. Contracts suspended performance indefinitely, creating “zombie contracts” — not active, not terminated, just in limbo.

Modern force majeure clauses, drafted in light of six years of post-COVID litigation, address every one of these gaps. As WilmerHale’s analysis recommended early in the pandemic, parties should draft force majeure provisions with both specificity and flexibility.

The 10 Elements of a Well-Drafted Force Majeure Clause (2026)

1. Triggering Events List — Specific Plus Catch-All

List specific events for certainty. Add a catch-all for flexibility. Include both.

Specific events that should be listed explicitly:
– Pandemic, epidemic, public health emergency
– Government orders, regulations, sanctions, embargoes
– War, armed conflict, terrorism, civil unrest
– Natural disasters (earthquake, flood, hurricane, wildfire, volcanic eruption)
– Cyberattack, data breach, critical infrastructure failure
– Supply chain disruption
– Labor shortages, strikes, lockouts
– Utility failures (power, telecommunications, internet)

Catch-all language:

“…or any other event beyond the reasonable control of the affected party that could not have been reasonably foreseen at the time of entering into this Agreement.”

The “reasonably foreseen” qualifier matters. Post-COVID, parties cannot claim a pandemic is unforeseeable — it already happened. The catch-all needs to account for genuinely novel events while excluding known risks that should be managed through other contractual provisions.

Notably, cyberattacks are increasingly included in modern force majeure clauses. The Jaguar Land Rover cyberattack in 2025, estimated at GBP 1.9 billion in losses affecting 5,000+ businesses, demonstrated that cyber events can disrupt supply chains as severely as natural disasters.

2. Causation Standard — “Prevented” vs. “Hindered” vs. “Delayed”

The single most litigated word in force majeure clauses is the verb connecting the event to the performance failure.

Standard	Threshold	Effect on Invoking Party
Prevented	Performance must be impossible	Highest burden — most difficult to invoke
Hindered	Performance is significantly more difficult or burdensome	Middle ground — reasonable balance
Delayed	Any delay in performance qualifies	Lowest burden — easiest to invoke

Recommendation: Use “prevented, hindered, or delayed” to give the invoking party reasonable protection. If you represent the party more likely to receive performance (the buyer, the client), you may prefer “prevented” alone — it limits the other side’s ability to invoke force majeure for mere inconvenience.

The UK Supreme Court’s decision in RTI Ltd v. MUR Shipping BV (2024) clarified that the causation standard interacts with mitigation obligations: the force majeure event, not the party’s own failure to act, must be the cause of the performance failure.

3. Notice Requirements

A force majeure clause without notice requirements is a clause that invites abuse. Specify:

Timeline: Written notice within 5-10 business days of the force majeure event commencing.
Content: Nature of the event, expected duration, specific obligations affected, steps being taken to mitigate.
Ongoing updates: Regular updates (every 14-30 days) during the force majeure period.
Consequences of failure: Late or missing notice waives the right to invoke force majeure.

Sample notice provision:

“The affected party shall provide written notice to the other party within seven (7) business days of becoming aware of the force majeure event, describing the nature of the event, the obligations affected, the expected duration, and the mitigation measures being undertaken. The affected party shall provide updated notices at least every fourteen (14) days during the continuation of the force majeure event.”

4. Mitigation Obligation

Force majeure does not mean “stop working and wait.” The affected party must take reasonable steps to minimize the impact.

What “reasonable mitigation” includes:
– Sourcing alternative suppliers or materials
– Reassigning personnel
– Adjusting timelines or sequencing
– Using alternative methods of performance
– Communicating proactively with affected stakeholders

What it does not include:
– Spending disproportionate sums to overcome the event
– Accepting non-contractual performance from the other party (as clarified in RTI Ltd v. MUR Shipping)
– Taking on unreasonable business risk to maintain performance

Key principle: Failure to mitigate can void the force majeure defense entirely. Document every mitigation step.

5. Duration and Termination Right

How long can a force majeure event suspend performance before one or both parties can terminate? Without a defined trigger, you get zombie contracts — suspended indefinitely, impossible to plan around.

Standard approach: Either party may terminate if the force majeure event continues for 60-90 consecutive days, or 120 cumulative days in any 12-month period.

What to specify:
– Termination notice period (typically 30 days after the duration threshold)
– Whether termination is automatic or requires written notice
– Treatment of prepaid fees, deposits, and work-in-progress upon termination
– Wind-down obligations after termination

6. Allocation of Risk During Force Majeure

What happens to money during the suspension period?

Payment obligations: Are they suspended too, or does payment continue? In most commercial agreements, payment obligations should be suspended proportionally when performance is excused.
Partial performance: If the affected party can perform partially, what are the obligations on both sides?
Mitigation costs: Who pays for the costs of mitigation measures?

This is the most commonly overlooked element in force majeure clauses, and it generates the most post-event disputes.

7. Exclusions

Force majeure is not a general excuse clause. Define what it does not cover:

Economic hardship. A contract becoming more expensive to perform is not force majeure. Prices fluctuate. Markets shift. That is business risk, not force majeure.
Currency fluctuation. Exchange rate changes are foreseeable market risks.
Market downturns. A recession, declining demand, or competitive pressure is not a force majeure event.
Known risks at time of contracting. If a risk was known or foreseeable when the contract was signed, it should not qualify. Post-2020, pandemics are arguably foreseeable — courts are already weighing this question in international trade disputes.
Self-inflicted events. Events caused by the invoking party’s own acts or omissions do not qualify.

8. Insurance Interaction

Force majeure clauses and business interruption insurance overlap — but not perfectly. Address:

Whether the invoking party must first look to insurance before invoking force majeure
Whether insured losses reduce the force majeure protection
Requirements for maintaining specific insurance coverage for force majeure-type risks
Cooperation obligations for insurance claims processing

9. Dispute Resolution for Force Majeure Claims

Force majeure disputes are time-sensitive. By the time a standard arbitration resolves, the underlying event may be over. Consider:

Expedited resolution: 30-day expert determination for disputes about whether an event qualifies
Interim measures: Provisional orders maintaining the status quo during the dispute
Default rule: If no resolution within the expedited period, the force majeure claim stands pending full determination

10. Post-Force Majeure Obligations

What happens when the force majeure event ends?

Resumption timeline: How quickly must the affected party resume performance?
Catch-up provisions: Is the affected party entitled to additional time to make up for the suspension period?
Changed circumstances: If the economic or operational landscape has permanently changed, is there a mechanism for renegotiating terms?
Documentation: Final report on the force majeure event, its impact, and the mitigation measures taken

Force Majeure by Contract Type

Force majeure operates differently depending on the contract type. Here are the unique considerations for each.

Supply and Procurement Contracts. The most heavily negotiated force majeure clauses post-COVID. Key issues: raw material shortages, logistics disruptions, alternative sourcing obligations. Baker McKenzie’s analysis of 2025 tariff-related supply chain uncertainty confirms that force majeure provisions in supply contracts now routinely include trade sanctions, export controls, and tariff escalation as triggering events.

SaaS Agreements. Tension between uptime SLAs and force majeure. A force majeure clause that excuses downtime effectively guts the SLA. Best practice: force majeure excuses the SLA credits, but prolonged outages (beyond 72 hours) trigger termination rights regardless. See our SaaS agreement review guide for the full clause-by-clause analysis.

Commercial Leases. Rent abatement during force majeure events is now standard in many markets. Key negotiation points: whether rent is suspended or deferred (deferred means you still owe it later), and whether tenant improvements and build-out timelines are extended.

Employment Agreements. Force majeure in employment contracts addresses remote work mandates, furloughs, layoff triggers, and return-to-office requirements. Post-COVID, many employers include pandemic-specific provisions authorizing temporary remote work without modifying the employment relationship. For a broader look at what to watch for when reviewing these agreements, see our limitation of liability clause guide, which covers risk allocation provisions that interact directly with force majeure.

Construction Contracts. Delay clauses and force majeure clauses often exist separately. Force majeure typically extends the timeline and excuses liquidated damages, but does not entitle the contractor to additional compensation for idle resources.

Force Majeure Red Flags

When reviewing any contract, flag these issues. For a broader framework on spotting contract problems, see our red flags checklist.

No force majeure clause at all. This leaves both parties relying on common law doctrines (impossibility, impracticability, frustration of purpose) that are narrower and less predictable than a well-drafted contractual provision. Our free AI contract review tool flags missing force majeure provisions as part of its standard analysis.

Pre-2020 boilerplate. If the clause lists “acts of God, war, terrorism, earthquake, flood, fire” and nothing else, it was written before anyone thought about pandemics, cyberattacks, or government-ordered shutdowns. It needs an update.

One-sided force majeure. Only one party can invoke the clause. Unless there is a specific commercial reason for this asymmetry (rare), force majeure should be mutual.

No mitigation requirement. Without a mitigation obligation, the invoking party can stop performing entirely and wait indefinitely. This creates moral hazard.

No duration limit or termination trigger. Zombie contract risk. If force majeure can suspend performance forever, neither party can plan, and the non-affected party is trapped.

“Including but not limited to” without specific events. Sounds broad but may be too vague to enforce. Courts want specificity. A list of specific events followed by a catch-all is more reliable than a catch-all alone.

Force majeure that excuses payment obligations. Unusual and risky for the non-affected party. In most commercial contexts, force majeure should excuse delivery or service obligations, not payment for work already performed.

Sample Modern Force Majeure Clause

Here is a balanced, post-2026 force majeure clause with annotations explaining each provision:

Force Majeure. Neither party shall be liable for any failure or delay in performing its obligations under this Agreement (other than payment obligations for services already rendered) to the extent that such failure or delay is caused by a Force Majeure Event, provided that the affected party: (a) provides written notice to the other party within seven (7) business days of becoming aware of the Force Majeure Event; (b) uses commercially reasonable efforts to mitigate the impact of the Force Majeure Event; and (c) resumes performance promptly upon cessation of the Force Majeure Event.

“Force Majeure Event” means any event beyond the reasonable control of the affected party, including but not limited to: pandemic, epidemic, or public health emergency; government order, regulation, sanction, or embargo; war, armed conflict, terrorism, or civil unrest; natural disaster; cyberattack or critical infrastructure failure; supply chain disruption; labor shortage, strike, or lockout; or utility failure — provided that such event was not reasonably foreseeable at the time this Agreement was executed and is not caused by the affected party’s acts or omissions.

If a Force Majeure Event continues for more than sixty (60) consecutive days or ninety (90) cumulative days in any twelve-month period, either party may terminate this Agreement upon thirty (30) days’ written notice, without liability for such termination.

This clause covers the essential elements: specific triggering events with a catch-all, a foreseeability qualifier, a payment carve-out, notice requirements, mitigation obligations, resumption obligation, and a termination trigger. Adapt it to the specific deal dynamics, contract type, and risk allocation appropriate for your transaction. Need to check whether an existing contract’s force majeure clause meets this standard? Upload it to Clause Labs for a free AI analysis — the tool compares your clause against each of the 10 elements above in under 60 seconds.

How AI Handles Force Majeure Review

AI contract review tools are particularly effective at force majeure analysis because the task is largely structural: is the clause present, what events does it cover, does it include required sub-provisions?

Clause Labs specifically:
– Detects presence or absence of a force majeure clause
– Flags outdated (pre-2020) language that lacks modern triggers
– Identifies missing elements (no notice requirement, no mitigation obligation, no termination trigger)
– Checks for one-sided provisions
– Compares the clause against current market standards

Upload your contract free to check whether your force majeure clause meets current standards. The analysis takes under 60 seconds — 3 free reviews per month, no credit card required.

Frequently Asked Questions

Does every contract need a force majeure clause?

Not necessarily, but most commercial contracts benefit from one. Without a force majeure clause, parties must rely on common law doctrines — impossibility, impracticability, or frustration of purpose — which have higher thresholds and less predictable outcomes. If the contract involves ongoing performance obligations (service delivery, supply, construction), a force majeure clause is strongly recommended. For simple, one-time transactions, the risk may not justify the drafting investment.

Can I invoke force majeure for economic hardship?

Almost certainly not. Courts consistently hold that increased costs, financial difficulties, or market downturns do not constitute force majeure events. Norton Rose Fulbright’s analysis of COVID-related force majeure claims confirms that economic hardship, standing alone, is insufficient. A contract becoming unprofitable is not the same as performance becoming impossible.

What if my contract was signed before COVID — is the force majeure clause still valid?

Yes, the clause is valid as written. The question is whether it covers the event you want to invoke. A pre-COVID clause that lists “pandemic” is fine. A pre-COVID clause that lists only “acts of God, war, earthquake” may not cover a pandemic — depending on the jurisdiction and whether the court applies ejusdem generis to the catch-all language. The clause does not need to be re-drafted to be valid, but it may need to be re-drafted to be useful.

Does force majeure apply to payment obligations?

In most contracts, no. The standard position is that force majeure excuses performance obligations (delivery, service, construction) but not payment for work already performed. A force majeure clause that excuses payment obligations is unusual and should be a red flag in any contract review. Some contracts split the difference: payment obligations may be deferred (not forgiven) during the force majeure period.

Can both parties invoke force majeure simultaneously?

Yes, and it happens more often than you might expect. A supply chain disruption can simultaneously prevent the manufacturer from delivering and the buyer from receiving goods. When both parties invoke force majeure, the clause should specify how mutual invocation is handled — typically, both parties are relieved of their respective obligations for the duration of the event, with either party able to terminate if the event exceeds the duration threshold.

This article is for informational purposes only and does not constitute legal advice. Consult a qualified attorney for advice specific to your situation.

February 23, 2026

Limitation of Liability Clauses: How to Spot, Negotiate, and Draft Them Right

A single missing carve-out in a limitation of liability clause cost one SaaS vendor’s customer $4.2 million in unrecoverable losses after a data breach. The vendor’s liability was capped at 12 months of fees — $36,000 total. The customer had no recourse for the remaining $4.16 million because their lawyer never negotiated a data breach carve-out.

Limitation of liability (LOL) clauses determine the maximum financial exposure under any contract. According to World Commerce & Contracting, poor contracting practices erode an average of 9% of annual revenue, with losses exceeding 15% in complex industries. LOL clauses sit at the center of that loss — they define what you can and cannot recover when things go wrong.

This guide breaks down every component of limitation of liability clauses, covers negotiation strategy by contract type, and gives you sample language you can use in your next deal. If you need an AI second opinion on the LOL clause in a contract sitting on your desk right now, try Clause Labs free — it flags cap mismatches, missing carve-outs, and one-sided exclusions in under 60 seconds.

What Is a Limitation of Liability Clause?

A limitation of liability clause is a contractual provision that caps how much one party can recover from the other for breach. Without one, liability exposure is theoretically unlimited — governed only by whatever a court might award.

Every LOL clause has two distinct components:

The liability cap sets a maximum dollar amount on direct damages. Common formulations include a fixed dollar figure (“liability shall not exceed $500,000”), a formula tied to fees (“liability shall not exceed fees paid in the prior 12 months”), or a per-incident or aggregate structure.

The consequential damages exclusion disclaims liability for indirect losses — lost profits, lost revenue, lost data, business interruption. This component often matters more than the cap itself because consequential damages frequently dwarf direct damages in commercial disputes.

If you review only one clause in any contract, make it this one.

The Two Types of Liability Limitations

Liability Caps on Direct Damages

Liability caps come in several structures, each with different risk profiles:

Cap Structure	Example Language	Risk Level for Claimant
Fixed dollar amount	“shall not exceed $500,000”	Moderate — predictable but may be too low
Formula-based (12-month fees)	“shall not exceed fees paid in prior 12 months”	Variable — depends on deal size
Formula-based (total fees)	“shall not exceed total fees paid under this agreement”	Better — scales with relationship
Per-incident	“shall not exceed $100,000 per claim”	High — limits recovery on each event separately
Aggregate	“shall not exceed $500,000 in the aggregate”	Highest — total pool depletes across all claims
Annual reset	“shall not exceed $200,000 per contract year”	Moderate — replenishes annually

What’s market-standard depends entirely on contract type and deal size. For SaaS agreements, 12 months of fees paid is the most common cap structure. For professional services, the cap typically ranges from 1x to 3x fees paid under the applicable statement of work.

The critical question for your client: does the cap reflect the actual exposure if the other party breaches? A $36,000 cap on a contract governing data for 100,000 customers is a red flag no matter how “market-standard” the formula looks.

Consequential Damages Exclusions

Consequential damages — also called indirect, special, or incidental damages — include lost profits, lost revenue, lost data, lost business opportunities, and business interruption. The distinction between direct and consequential damages is notoriously unclear, and courts across jurisdictions define the boundary differently.

Most commercial contracts exclude consequential damages mutually, meaning neither party can recover indirect losses from the other. This creates a predictable risk allocation — but it also means that if a vendor’s software failure destroys your client’s revenue for a quarter, your client may only recover the subscription fees, not the lost revenue.

When to accept a mutual consequential damages exclusion:
– Both parties face roughly equal risk of indirect losses
– The direct damages cap is adequate to cover realistic exposure
– Specific high-risk scenarios (data breach, IP infringement) are carved out

When to push back:
– The exclusion is one-sided (only protects the other party)
– There are no carve-outs for high-impact scenarios
– Your client’s primary risk is exactly the type of loss being excluded

The 8 LOL Negotiation Points That Actually Matter

1. Cap Amount

The most obvious negotiation point, but lawyers often accept “12 months of fees” without analyzing whether it’s adequate.

What to evaluate: Compare the cap to realistic damages scenarios. If your client’s potential loss from a breach is $2 million and the cap is $50,000, the clause is functionally an exculpation — the breaching party faces no meaningful financial consequence.

What to push for: Higher multiples for higher-risk contracts. For a SaaS agreement governing critical business data, push for 24 months of fees or a fixed dollar minimum (e.g., “the greater of $500,000 or 12 months of fees”).

2. Cap Structure — Per-Incident vs. Aggregate

An aggregate cap depletes over time. If your client suffers three separate breaches and the aggregate cap is $500,000, the third claim may find the cap already exhausted.

What to push for: Per-incident caps for ongoing relationships, or aggregate caps that reset annually.

3. Carve-Outs and Super-Caps

Carve-outs exclude certain obligations from the general liability cap. Standard carve-outs include:

IP indemnification — almost always carved out
Confidentiality breach — increasingly carved out, especially post-GDPR/CCPA
Data breach — the most heavily negotiated carve-out in 2026
Willful misconduct and fraud — typically carved out by law regardless
Indemnification obligations — often subject to a separate, higher “super-cap”

A super-cap sets a higher ceiling for carved-out obligations. For example: general liability capped at 12 months of fees, but IP indemnification and data breach obligations capped at 24 months of fees.

4. Mutual vs. One-Sided

A one-sided LOL clause only protects one party. If you’re reviewing a vendor contract where the vendor’s liability is capped but your client’s isn’t, that’s a fundamental imbalance.

What to push for: Mutuality. If the vendor insists on capping their liability at 12 months of fees, your client’s liability should be capped at the same amount. The rare exception: if one party’s risk profile is genuinely asymmetric (e.g., a data processor handling millions of records for a small fee).

5. Consequential Damages Scope

The words matter here. “Indirect, special, incidental, and consequential damages” is broader than just “consequential damages.” Some clauses add “lost profits” to the exclusion explicitly — which may otherwise be classified as direct damages in certain jurisdictions.

What to watch for: Broad exclusions that use “including but not limited to” followed by a list that captures both indirect AND potentially direct damages.

6. Gross Negligence and Willful Misconduct

Should the cap apply when a party’s breach results from gross negligence or willful misconduct? In most jurisdictions, courts will refuse to enforce caps that protect a party from its own intentional wrongdoing. But contractual language matters.

What to push for: Explicit carve-out: “The limitations in this Section shall not apply to damages arising from a party’s gross negligence, willful misconduct, or fraud.”

7. Data Breach Liability

Data breach carve-outs are the single most negotiated LOL term in 2026. With all 50 states now requiring breach notification and notification timelines ranging from 30 to 60 days, the costs of a data breach extend far beyond the contract value.

What to push for: At minimum, a super-cap for data breach obligations (2x-3x the general cap). Ideally, full carve-out from the cap for breaches involving personal data.

8. Insurance Alignment

The LOL cap should align with the insurance requirements in the contract. If you require the other party to carry $5 million in professional liability insurance, but their liability is capped at $50,000, the insurance requirement is meaningless — they’ll never face a claim that exceeds the cap.

What to push for: LOL cap at or near the required insurance limits, or at minimum, ensure insurance covers the carved-out obligations.

Limitation of Liability Red Flags

These provisions should trigger immediate review and pushback:

No LOL clause at all — unlimited exposure for both parties
Trivially small cap relative to potential damages (e.g., $10,000 cap on a contract governing $5 million in services)
One-sided cap that only protects the vendor
Broad consequential damages exclusion with no carve-outs — especially for data breach, IP infringement, and confidentiality
Cap includes indemnification — this may effectively nullify the indemnification clause entirely
Aggregate cap that doesn’t reset in multi-year contracts — the cap depletes over time
Exclusion of “all indirect damages” — broader than just consequential
No carve-out for willful misconduct or fraud — may be unenforceable anyway, but the ambiguity creates litigation risk

For a structured approach to catching these red flags across entire contracts, see our contract red flags checklist.

LOL by Contract Type: What’s Market-Standard

SaaS and Software Agreements

Standard cap: 12 months of fees paid
Standard carve-outs: IP indemnification, confidentiality breach, data breach
Consequential damages: Typically excluded mutually
Negotiation range: 12-24 months of fees; push for super-cap on data breach at 2x-3x
Key issue: Ensure data breach liability isn’t swallowed by a general cap that’s pegged to a relatively small subscription fee

For a deeper analysis of SaaS-specific risks, see our guide on how to review SaaS agreements.

Professional Services and MSAs

Standard cap: Total fees paid under the SOW, or 12 months of fees
Standard carve-outs: Gross negligence, willful misconduct, IP infringement
Negotiation range: 1x-3x fees for the general cap
Key issue: Order of precedence — does the MSA cap apply to individual SOWs, or is there one aggregate cap across all SOWs?

Employment Agreements

LOL is uncommon in employment agreements
When it appears, it’s typically in arbitration provisions limiting remedies
Key issue: Statutory rights (FLSA, Title VII, state wage laws) cannot be contractually limited. Courts will void LOL provisions that attempt to cap statutory damages.
Reference: ABA Model Rules require attorneys to ensure clients understand what rights they’re waiving

Vendor and Supplier Agreements

Standard cap: Purchase price or 12 months of purchases
Product liability: Usually carved out (and often non-waivable under UCC Section 2-719 for personal injury in consumer goods)
Warranty claims: May be subject to a separate cap
Negotiation range: 1x-2x annual purchase volume

Commercial Leases

Landlord liability limitations are common and often aggressively one-sided
Tenant liability limitations are rare — landlords resist them
Property damage and personal injury: Usually carved out
Key issue: “Exculpatory clauses” in leases face heightened scrutiny in residential contexts and may be void by statute in some jurisdictions

How LOL Interacts With Other Clauses

Limitation of liability doesn’t exist in isolation. It interacts with — and sometimes contradicts — other risk allocation provisions.

LOL + Indemnification: The most contentious interaction. If indemnification obligations fall within the general liability cap, a party’s entire indemnification protection may be worth less than the legal fees to enforce it. Push for indemnification to sit outside or above the general cap. For a complete analysis, read our indemnification clause guide.

LOL + Insurance: The cap should align with insurance requirements. If the contract requires $2 million in errors and omissions coverage but caps liability at $50,000, there’s a fundamental mismatch.

LOL + Warranties: If warranty breach counts against the general cap, a significant warranty claim could exhaust the cap and leave nothing for other claims.

LOL + Data breach provisions: Is data breach inside or outside the cap? Given that 29% of most AI-related breaches stem from third-party SaaS platforms, this question has real financial consequences.

Best practice: Review the LOL clause, indemnification, insurance requirements, and warranties together as a system. A change to one affects all the others.

Sample LOL Clause Language

Standard Mutual Limitation (SaaS)

LIMITATION OF LIABILITY. EXCEPT FOR (I) OBLIGATIONS UNDER SECTION [INDEMNIFICATION],
(II) BREACH OF SECTION [CONFIDENTIALITY], (III) LIABILITY ARISING FROM A PARTY'S
GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, OR (IV) A PARTY'S DATA BREACH OBLIGATIONS
UNDER SECTION [DATA PROTECTION]:

(A) IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INDIRECT, SPECIAL,
INCIDENTAL, OR CONSEQUENTIAL DAMAGES, REGARDLESS OF THE FORM OF ACTION; AND

(B) EACH PARTY'S TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED
THE AMOUNTS PAID OR PAYABLE BY CUSTOMER IN THE TWELVE (12) MONTHS IMMEDIATELY
PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

FOR CLAIMS ARISING UNDER SECTIONS [INDEMNIFICATION], [CONFIDENTIALITY], OR
[DATA PROTECTION], EACH PARTY'S LIABILITY SHALL NOT EXCEED TWO TIMES (2X) THE
AMOUNTS PAID OR PAYABLE IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

This structure provides a general cap with a super-cap for high-risk obligations. Note that it’s mutual, includes standard carve-outs, and creates a two-tier system.

Aggressive Vendor-Favorable Limitation (For Comparison)

IN NO EVENT SHALL VENDOR BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL,
CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING LOST PROFITS, LOST DATA,
OR BUSINESS INTERRUPTION. VENDOR'S TOTAL LIABILITY SHALL NOT EXCEED THE FEES PAID
BY CUSTOMER IN THE THREE (3) MONTHS PRECEDING THE CLAIM.

Red flags: one-sided (only limits vendor liability), extremely low cap (3 months vs. 12), no carve-outs, includes “lost data” in the exclusion (dangerous for data-dependent services).

When LOL Clauses Are Unenforceable

Courts may refuse to enforce LOL clauses in several circumstances:

Unconscionability — gross disparity in bargaining power combined with unreasonably harsh terms. Under UCC Section 2-719(2), limitation of consequential damages for personal injury from consumer goods is prima facie unconscionable.
Personal injury or death — most jurisdictions prohibit contractual limitations on bodily injury liability
Fraud or intentional misconduct — a party generally cannot limit liability for its own fraud
Violation of statutory rights — employment discrimination damages, consumer protection claims, and other statutory remedies typically cannot be capped by contract
Failure of essential purpose — when a limited remedy “fails of its essential purpose” under UCC 2-719(2), the broader limitation may fall with it. As the Masuda Funai analysis explains, courts split on whether a failed exclusive remedy also voids the consequential damages exclusion.

Jurisdiction note: Enforceability standards vary significantly by state. Negotiate as if the clause will be enforced — but understand that a court in your jurisdiction might reach a different conclusion. As the Lexology analysis of U.S. contractual liability limitations notes, commercial contracts between sophisticated parties face a lower unconscionability hurdle than consumer agreements.

This article is for informational purposes only and does not constitute legal advice. Consult a qualified attorney for advice specific to your situation.

How AI Analyzes Limitation of Liability

AI contract review tools can evaluate LOL clauses against market standards in seconds. When you upload a contract to Clause Labs, the AI identifies the cap amount, cap structure, carve-outs, consequential damages exclusions, and checks for interactions with indemnification and insurance requirements. It flags missing LOL clauses, one-sided limitations, caps that appear too low for the deal size, and missing carve-outs for data breach and IP obligations.

The free tier includes 3 contract reviews per month — enough to test the analysis on a real contract before committing to the Solo plan at $49/month for 25 reviews.

Frequently Asked Questions

What’s a reasonable limitation of liability cap?

It depends on the contract type and deal size. For SaaS agreements, 12 months of fees paid is standard, with 24 months becoming more common for enterprise deals. For professional services, 1x-3x total fees is typical. The key question: does the cap bear a reasonable relationship to the potential damages if the other party breaches?

Should limitation of liability be mutual?

Generally, yes. If one party’s liability is capped, the other party’s should be too. A one-sided cap suggests the drafting party is trying to shift disproportionate risk. The exception: genuinely asymmetric risk profiles, such as when a data processor handles massive volumes of personal data for a small processing fee.

What’s the difference between limitation of liability and indemnification?

Limitation of liability caps total exposure. Indemnification creates an obligation to compensate for specific losses (typically third-party claims). They interact in critical ways — read our indemnification clause guide for the full analysis. The most important question is whether indemnification obligations fall inside or outside the liability cap.

Should data breach be carved out of the liability cap?

In 2026, the answer is almost always yes. Data breach costs regularly exceed contract values by orders of magnitude. At minimum, negotiate a super-cap (2x-3x the general cap) for data breach obligations. For contracts involving significant personal data, push for a full carve-out.

Can you have no limitation of liability?

Yes — if neither party includes an LOL clause, liability is unlimited (subject to whatever a court would award). This is more common in simple agreements, but it’s risky for both parties. Even if you’re the party with more bargaining power, unlimited liability creates unpredictable exposure.

What happens if the cap is reached — can I still make claims?

Once the cap is exhausted, the capped party has no further financial exposure for claims subject to the cap. However, obligations carved out from the cap (IP indemnification, data breach, willful misconduct) remain enforceable up to their respective limits. This is why carve-outs and annual cap resets matter.

This article is for informational purposes only and does not constitute legal advice. Consult a qualified attorney for advice specific to your situation.

February 23, 2026

Indemnification Clauses Explained: What Every Lawyer Should Negotiate

Indemnification disputes are among the most litigated contract provisions in commercial practice. According to World Commerce & Contracting, poor contract management costs organizations an average of 9.2% of revenue, and indemnification is consistently one of the top three clauses driving post-signature disputes. When a Jones Day analysis of indemnity disputes notes that “even with detailed indemnification clauses, disputes can still get messy because of fights about whether a claim is even the subject of indemnification,” the message is clear: getting this clause right during negotiation is worth orders of magnitude more than litigating it later.

This guide breaks down indemnification clauses into their component parts, identifies the seven negotiation points that actually matter, flags the red flags that should trigger immediate pushback, and provides sample language you can adapt. Whether you are reviewing an NDA, an MSA, or a SaaS agreement, the frameworks here apply.

What Is an Indemnification Clause?

In plain terms, an indemnification clause is a contractual promise by one party to compensate the other for losses arising from specified events. It is the primary mechanism for allocating risk between contracting parties.

Example in simple terms: “If you get sued because of something I did under this contract, I’ll cover your legal costs and any damages.”

Indemnification clauses appear in virtually every commercial agreement: MSAs, SaaS subscriptions, employment agreements, vendor contracts, commercial leases, and M&A purchase agreements. They are the most negotiated clause type in transactional practice, and for good reason. A poorly drafted indemnification clause can expose your client to uncapped liability for events they cannot control.

For a broader overview of contract risk analysis, see our contract red flags checklist.

The Anatomy of an Indemnification Clause

Every indemnification clause has four components. Weakness in any one of them creates risk.

Who Indemnifies Whom

One-way indemnification: Party A indemnifies Party B, but not vice versa. Common in vendor agreements where the vendor bears more risk.
Mutual indemnification: Both parties indemnify each other for their respective obligations. Generally considered more balanced.
The trigger question: What event activates the indemnification obligation? A breach of representations? Third-party claims? Negligence? Willful misconduct?

What Is Covered (Scope)

The scope defines which losses trigger the indemnification:

Third-party claims (most common): Party A covers Party B when a third party sues Party B because of something Party A did
First-party losses (less common, more contentious): Direct damages between the parties themselves
Specific triggers: IP infringement, breach of representations, data breach, negligence, willful misconduct, regulatory violations

Each trigger should be evaluated independently. IP indemnification, for instance, is standard in technology agreements because the vendor is in the best position to know whether its software infringes. Data breach indemnification has become essential post-GDPR and CCPA.

Indemnification Procedure

The procedural mechanics determine whether the indemnification clause actually works when you need it:

Notice requirements: How quickly must the indemnitee notify the indemnitor? In what format? What are the consequences of late notice?
Control of defense: Who selects the attorneys? Who makes litigation strategy decisions?
Settlement approval: Can the indemnitor settle without the indemnitee’s consent? (They should not be able to admit liability on your client’s behalf.)
Cooperation obligations: What must the indemnitee do to support the defense?

Financial Limitations

Indemnification does not exist in a vacuum. It interacts with other financial provisions:

Liability caps: Does the indemnification obligation sit inside or outside the overall limitation of liability? This is often the single most contentious negotiation point.
Carve-outs: Is indemnification carved out from the liability cap entirely? (Common for IP indemnification and data breach.)
Insurance backing: Do the insurance requirements in the contract align with the indemnification exposure?

The 7 Indemnification Negotiation Points That Matter

These are the provisions worth fighting over. Everything else is detail.

1. Scope of Covered Claims: Narrow vs. Broad Triggers

The issue: The breadth of the trigger language determines how much risk the indemnifying party assumes.

Narrow (indemnitor-friendly): “Indemnify for third-party claims to the extent directly resulting from Indemnitor’s material breach of this Agreement.”

Broad (indemnitee-friendly): “Indemnify for any losses arising out of or in connection with the services provided under this Agreement.”

The phrase “arising out of or in connection with” is the broadest possible trigger. It captures claims with even a tangential relationship to the contract. Push for “directly resulting from” or “to the extent caused by” instead.

2. Defend vs. Indemnify vs. Hold Harmless

These three terms are not synonymous, despite being used interchangeably in many contracts. According to a Morgan Lewis analysis, the legal distinctions are significant:

Defend: Obligation to hire attorneys and manage litigation from the moment a claim is filed. This is the most immediate and expensive obligation.
Indemnify: Obligation to pay damages or losses after a judgment or settlement. Does not arise until the end of a case.
Hold harmless: The promise to absorb the consequences of a covered claim. Most courts treat this as duplicative of “indemnify,” but California courts have interpreted “hold harmless” as a distinct defensive right.

Practical implication: If your client is the indemnitee, you want all three. If your client is the indemnitor, “indemnify” alone is less costly than “defend, indemnify, and hold harmless.”

The ABA Litigation Section’s analysis of indemnity obligations emphasizes that drafters should be explicit about whether the duty to defend is included, rather than relying on courts to interpret ambiguous language.

3. Knowledge Qualifiers

The subtlety that changes everything:

“to the extent arising from” = broadest
“to the extent resulting from” = moderate
“to the extent directly caused by” = narrowest

Also watch for:
– “to [Party]’s knowledge” qualifiers (limits scope to known issues)
– “material breach” vs. “any breach” triggers
– “sole negligence” vs. “negligence” vs. “any act or omission”

4. Notice Requirements

Notice provisions seem procedural until someone misses a deadline. Key elements:

Timing: “Promptly” is vague and litigable. “Within 15 business days of becoming aware” is specific and enforceable.
Format: Written notice to a specific address or email? Or any reasonable communication?
Consequence of failure: Does late notice eliminate the indemnification obligation entirely, or just reduce it by any prejudice caused by the delay?

Best practice: Negotiate for notice that reduces the obligation only to the extent the indemnitor was actually prejudiced by the delay. An absolute forfeiture for late notice is a trap.

5. Control of Defense

When your client is being indemnified:
– Who picks the lawyers? The indemnitor usually controls the defense, but the indemnitee should have approval rights over counsel selection.
– Who approves settlements? The indemnitee should never be forced to accept a settlement that admits liability on their behalf or includes non-monetary terms (like injunctions) they have not approved.
– What if interests conflict? If the indemnitor and indemnitee have conflicting interests in the litigation, the indemnitee should have the right to retain separate counsel at the indemnitor’s expense.

6. Liability Cap Interaction

This is where indemnification negotiations get genuinely contentious, and where the most money is at stake.

Inside the cap: The indemnification obligation counts against the overall limitation of liability. If the cap is $1M and an indemnification claim costs $800K, only $200K of cap remains for other claims.

Outside the cap (carved out): The indemnification obligation is uncapped or subject to a separate, higher cap. This is standard for IP infringement, data breach, and confidentiality breach indemnification.

The negotiation: Indemnitors want everything inside the cap. Indemnitees want carve-outs for the highest-risk items. The market compromise varies by contract type (see Section 5 below).

For a deep dive on how liability caps work and interact with indemnification, see our limitation of liability guide.

7. Survival Period

How long does the indemnification obligation last after the contract expires or terminates?

Indefinite survival: Maximum protection for the indemnitee, maximum exposure for the indemnitor
Fixed period (common: 12-24 months post-termination): Balanced approach for general indemnification
Statute of limitations: Survival tied to the applicable statute of limitations for the underlying claims
No survival clause: Dangerous. Arguably, the indemnification dies with the contract.

Best practice: Negotiate survival periods that match the realistic timeline for claims to surface. IP infringement and data breach claims can emerge years after contract termination and should survive longer than general breach claims.

Indemnification Red Flags

These provisions should trigger immediate pushback in any contract review. If you are using Clause Labs’s AI contract review, these are the types of issues the risk analysis will flag automatically.

Red Flag	Why It Is Dangerous
Unlimited indemnification with no cap	Theoretically infinite financial exposure
One-sided indemnification for mutual risks	Unfair risk allocation that may not survive judicial scrutiny
“Arising out of or in connection with” trigger	Broadest possible scope; captures tangential claims
No notice requirements	Allows ambush claims months or years later
Indemnitor has no control of defense but must pay	All the cost, none of the ability to manage it
Indemnification survives indefinitely	Open-ended exposure with no endpoint
No duty to mitigate damages	Indemnitee has no incentive to minimize losses
Consequential damages included in indemnification scope	Can dwarf direct damages by orders of magnitude

Indemnification by Contract Type

What constitutes “standard” indemnification depends entirely on the contract type and the relative bargaining positions of the parties.

SaaS and Software Agreements

Standard: Vendor indemnifies customer for IP infringement claims. Customer indemnifies vendor for misuse of the platform.
Market position on IP indemnification: Universal. If a SaaS vendor will not provide IP indemnification, that is a major red flag.
Data breach: Increasingly carved out from liability caps. The data processor (vendor) typically indemnifies the data controller (customer) for breaches caused by vendor’s failure to maintain required security.
Typical cap interaction: IP and data breach indemnification carved out from the general liability cap, often subject to a separate “super cap” of 2-3x annual fees.

For more on SaaS-specific risks, see our SaaS agreement review guide.

Professional Services and MSAs

Standard: Mutual indemnification for third-party claims arising from each party’s breach, negligence, or willful misconduct.
Key issue: The service provider’s indemnification for professional errors (errors & omissions) and whether it overlaps with or replaces standard warranty remedies.
Insurance alignment: The indemnification scope should mirror the service provider’s E&O insurance coverage.
Subcontractor indemnification: The primary contractor should indemnify the client for subcontractor actions, and the subcontractor agreement should contain a back-to-back indemnification.

Employment Agreements

Standard: Employer indemnifies employee for claims arising from authorized conduct in the scope of employment (similar to D&O indemnification for executives).
Employee to employer: Indemnification for breach of restrictive covenants, breach of confidentiality, or IP assignment violations.
Key issue: State law often limits the enforceability of employee-to-employer indemnification, particularly where the employee has limited bargaining power.

Commercial Leases

Standard: Tenant indemnifies landlord for personal injury and property damage occurring in the leased premises. Landlord indemnifies tenant for common area issues.
Anti-indemnity statutes: Multiple states (including Texas, New York, and California) restrict or void certain indemnification provisions in construction and lease contexts. Always check your jurisdiction.
Insurance coordination: Indemnification obligations should align with the commercial general liability policies required under the lease.

For a broader framework on how to systematically review contracts for these and other issues, see our guide on how to review a contract in 10 minutes.

M&A Purchase Agreements

Standard: Seller indemnifies buyer for breach of representations and warranties. Buyer indemnifies seller for post-closing liabilities.
Key features: Baskets (deductible before indemnification kicks in), caps (often 10-20% of purchase price for general reps, 100% for fundamental reps), escrow accounts, and rep & warranty insurance.
This is the most complex indemnification context. M&A indemnification alone could fill an article. The principles here provide a foundation, but M&A-specific counsel is essential.

Indemnification vs. Other Risk Allocation Mechanisms

Indemnification does not work in isolation. Review it as part of the full risk allocation framework:

Indemnification + Limitation of Liability: Often in tension. Ensure the contract explicitly addresses whether indemnification obligations count against the liability cap. Ambiguity here is the single most common source of indemnification disputes.

Indemnification + Insurance: The indemnification scope should not exceed the indemnitor’s ability to pay. Insurance requirements should back up indemnification obligations. If a party indemnifies for data breach but carries no cyber insurance, the indemnification may be worthless.

Indemnification + Warranty Remedies: Clarify whether breach of warranty claims flow through the indemnification or through a separate warranty remedy. Having both without coordination creates overlap and confusion.

Indemnification + Liquidated Damages: They can coexist, but clarify the relationship. Liquidated damages typically address agreed-upon amounts for specific breaches (e.g., SLA failures). Indemnification addresses third-party claims and uncapped losses.

Sample Indemnification Clause Language

Balanced Mutual Indemnification

Each party ("Indemnifying Party") shall defend, indemnify, and hold harmless the
other party and its officers, directors, employees, and agents ("Indemnified Party")
from and against any third-party claims, damages, losses, and expenses (including
reasonable attorneys' fees) to the extent arising from:
(a) the Indemnifying Party's material breach of this Agreement;
(b) the Indemnifying Party's negligence or willful misconduct; or
(c) the Indemnifying Party's violation of applicable law.

The Indemnified Party shall provide written notice of any claim within fifteen (15)
business days of becoming aware of such claim. Failure to provide timely notice
shall not relieve the Indemnifying Party of its obligations except to the extent
actually prejudiced by such failure.

Annotations: This is a balanced starting point. The “to the extent arising from” trigger is moderate. The notice provision is specific but not punitive. The duty to defend is included explicitly.

IP-Specific Indemnification (Vendor to Customer)

Vendor shall defend, indemnify, and hold harmless Customer from any third-party
claim that the Services, as provided by Vendor and used by Customer in accordance
with this Agreement, infringe any United States patent, copyright, or trade secret.

Vendor's obligations under this section shall not apply to claims arising from:
(i) Customer's modification of the Services;
(ii) Customer's use of the Services in combination with materials not provided
    or approved by Vendor; or
(iii) Customer's use of the Services after Vendor has provided a non-infringing
     alternative.

Annotations: The exceptions are standard and reasonable. They protect the vendor from liability for the customer’s modifications while covering the vendor’s core IP warranty.

How AI Identifies Indemnification Issues

Modern contract review AI evaluates indemnification clauses across multiple dimensions simultaneously:

Scope analysis: Is the indemnification one-sided for risks that should be mutual?
Missing provisions: Are notice requirements, defense obligations, or settlement procedures absent?
Cap interaction: Does the contract address whether indemnification counts against the liability cap?
Market comparison: How does this indemnification compare to standard provisions for this contract type?

When we uploaded a mutual NDA with a one-sided indemnification clause to Clause Labs, it flagged the imbalance in 28 seconds, identified the missing notice procedure, and noted the absence of a survival period. That kind of pattern recognition across multiple interacting provisions is where AI contract review adds the most value.

For a comparison of AI tools that perform this type of analysis, see our AI contract review tools guide.

Want to see how AI handles the indemnification clause in your next contract? Upload it to Clause Labs for free — 3 reviews per month, no credit card required. Solo plan starts at $49/month for 25 reviews when you need more.

Frequently Asked Questions

What is the difference between indemnify, defend, and hold harmless?

Defend requires the indemnifying party to hire attorneys and manage litigation from the moment a claim is filed. Indemnify requires payment of damages after a judgment or settlement. Hold harmless is treated as synonymous with “indemnify” by most courts, though some jurisdictions (notably California) treat “hold harmless” as a distinct defensive right. In practice, include all three terms when drafting for the indemnitee’s protection.

Is indemnification the same as insurance?

No. Insurance is a product purchased from a third-party carrier. Indemnification is a contractual obligation between the parties. They should work together: indemnification obligations should be backed by adequate insurance coverage, and insurance requirements should align with the scope of indemnification. An indemnification clause without insurance backing is only as good as the indemnitor’s balance sheet.

Can you cap indemnification obligations?

Yes, and many contracts do. Common approaches include setting a separate “super cap” for indemnification (e.g., 2-3x annual contract fees), tying the cap to available insurance coverage, or placing indemnification inside the general limitation of liability. The appropriate cap depends on the contract type, deal size, and relative bargaining power.

What happens if the indemnifying party cannot pay?

The indemnification obligation exists on paper, but collecting is a separate matter. This is why insurance requirements matter: even if the indemnifying party becomes insolvent, their insurance carrier may still cover the claim. In M&A contexts, escrow accounts and rep & warranty insurance address this risk directly.

Should indemnification survive contract termination?

Almost always yes. Claims covered by indemnification (IP infringement, data breach, negligence) frequently surface after the contract has expired. A minimum survival period of 12-24 months is standard for general indemnification. IP and data breach indemnification should survive for the applicable statute of limitations period.

Is mutual indemnification always fair?

Not necessarily. “Mutual” indemnification is fair only when both parties have roughly equal exposure. In a SaaS agreement, the vendor has IP risk and data handling risk. The customer has misuse risk. The scope of each party’s indemnification should reflect their actual risk profile, not a false equivalence.

This article is for informational purposes only and does not constitute legal advice. Consult a qualified attorney for advice specific to your situation.

February 23, 2026

How to Negotiate Contract Terms When You Are the Smaller Party
How to Negotiate Contract Terms When You Are the Smaller Party

A National Federation of Independent Business survey found that small companies who highlighted their unique value achieved better contract outcomes in over 60% of negotiations — even when facing much larger counterparties. The power imbalance is real. The helplessness is not.

Every contract sitting on your desk right now was drafted by someone else’s lawyer to protect someone else’s interests. The question is not whether those terms are negotiable — most standard terms are. The question is whether you know which ones to push on, what language to propose, and when to walk away. According to World Commerce & Contracting, poor contract management costs organizations 9% of annual revenue. For small businesses, much of that loss comes from accepting terms they could have negotiated.

This guide gives you a repeatable negotiation framework, clause-by-clause talk tracks, and the confidence to push back — even when the other side has 50 lawyers and you have one. Try Clause Labs free to identify exactly which clauses need negotiation before your next call.

The 7 Principles of Small-Party Negotiation

Principle 1: Know Your Value Before You Negotiate

Before you open a single redline, answer this: what does the bigger party need from this deal that only you provide?

Maybe it is your specialized expertise. Maybe you are the only vendor who can deliver in their timeline. Maybe their procurement team has already told internal stakeholders the deal is done. Whatever it is, you have leverage. The bigger party approached you — or agreed to do business with you — for a reason.

Exercise before every negotiation: List three things the other side wants that only you provide. Use those as your anchor. You are not asking for favors. You are negotiating fair terms in exchange for something they value.

Principle 2: Read Their Contract As a Negotiation Opening, Not a Final Offer

Standard terms are starting positions. They were drafted by a lawyer whose job was to maximize the other side’s protection and minimize their liability. That lawyer did a good job. Now it is your turn.

Most procurement teams expect pushback on 5-10 clauses. If you accept everything without comment, you leave protection on the table and signal that you either did not read the contract or do not understand it. Neither is a good look.

As FindLaw’s contract negotiation guidance puts it, every provision in a contract is potentially negotiable. Ironclad’s contract negotiation research confirms the same point: the most successful negotiators treat every draft as a starting position, not a final offer. Their “standard terms” were negotiated by someone else’s lawyer for someone else’s benefit. Time to negotiate for yours.

Principle 3: Pick Your Battles — The 3-5-3 Rule

You cannot redline everything. Returning a contract with 40 comments on a 20-page agreement signals that you are not serious about the deal — you are treating the negotiation as an academic exercise.

The 3-5-3 Rule:
- 3 must-haves: Non-negotiable for you. These are your hard lines. Hold firm.
- 5 should-haves: Important but flexible on specifics. Push for your preferred position but accept reasonable alternatives.
- 3 nice-to-haves: Items you raise but plan to concede. These are your bargaining chips — conceding them shows reasonableness.
Never redline more than 30% of a contract. If you need to change more than that, you need a different deal, not a different redline. For a structured approach to identifying which clauses deserve attention, our contract red flags checklist covers the 25 issues that matter most.

Principle 4: Always Offer Alternative Language

Never say “we can’t accept this clause” without saying what you can accept. Naked rejections make you a deal-blocker. Proposed alternatives make you a problem-solver.

Bad: “We reject Section 7.2 on indemnification.”

Good: “We can’t accept unlimited one-sided indemnification, but here’s what we can agree to: mutual indemnification, each party for their own acts, capped at the greater of $500,000 or 12 months of fees.”

The second approach gives the other side something to work with. Their lawyer can take it to internal stakeholders and say, “They countered with this,” instead of, “They just said no.” Juro’s research on negotiation strategies confirms that proposals move deals forward; rejections stall them.

AI tools can help here. Clause Labs generates suggested alternative language for every flagged risk — giving you ready-made counter-proposals that reflect market standards.

Principle 5: Use Industry Standards As Leverage

You may not have 50 lawyers, but you have data. And data is leverage.

When you can say, “This clause is significantly below market standard for [your industry],” you are not making a subjective argument. You are stating a fact the other side’s lawyer will have difficulty disputing. Market-standard positions carry authority independent of your bargaining power.

Useful framing:
- “In our experience reviewing SaaS agreements, the standard liability cap is 12 months of fees, not one month.”
- “Mutual indemnification is market-standard in vendor agreements. One-sided indemnification raises our risk beyond what we can accept.”
- “A 30-day termination notice is standard. Ninety days creates operational risk for our business.”
For specific market-standard positions across common clause types, see our limitation of liability guide and our SaaS agreement review guide.

Principle 6: Negotiate Risk, Not Just Language

Sometimes the bigger party will not change the contract language. Their legal team has a pre-approved template and internal governance that prevents modifications. That does not mean you cannot change the risk allocation.

Alternative approaches when language is locked:
- Insurance requirements: “If you won’t cap liability at 12 months’ fees, will you carry $2 million in professional liability insurance covering claims under this agreement?”
- Escrow: “If you won’t change the data portability clause, will you escrow our data with a neutral third party?”
- Performance bonds: “If you won’t modify the termination provision, will you provide a 30-day performance bond?”
- Side letters: “If the MSA is non-negotiable, can we execute a side letter that modifies these three provisions for our deal?”
Creative solutions break deadlocks. As Nolo’s contract negotiation guide emphasizes, the most effective negotiators look for alternative risk allocation mechanisms when language changes are off the table. The bigger party often has more flexibility on commercial arrangements than on legal language.

Principle 7: Document Everything and Follow Up

Verbal agreements in negotiations are meaningless until they appear in the contract. Full stop.

After every negotiation call, send a summary email within 24 hours confirming what was discussed and agreed. Use plain language: “Per our call today, we agreed to the following changes to the draft agreement…” This creates a paper trail and forces the other side to correct any misunderstandings immediately.

When the next draft arrives, compare it against your summary. Changes “fall off” in revision — sometimes accidentally, sometimes intentionally. Before execution, do a final comparison of the execution version against every agreed change. Our guide to redlining contracts covers the specific mechanics of tracking changes across drafts.

Clause-by-Clause Negotiation Tactics

Five clauses generate more negotiation friction than any others. Here are specific positions, counter-language, and talk tracks for each.

Limitation of Liability

Their position: Liability capped at fees paid in the prior month. All consequential damages excluded.

Your counter: Cap at 12 months of fees paid, with carve-outs for data breach, IP infringement, confidentiality breach, and willful misconduct.

Your fallback: Accept a lower cap (6 months) but insist on carve-outs. A low cap with carve-outs is better than a high cap with no exceptions.

Talk track: “We understand the need to cap liability — we’re not asking for unlimited exposure. But the cap needs to be meaningful relative to the potential exposure. If a data breach costs us $500,000 in notification and remediation, a $2,000 cap doesn’t allocate risk — it eliminates it entirely. Let’s find a number that reflects the actual risk profile.”

Indemnification

Their position: You indemnify them for everything arising out of the agreement.

Your counter: Mutual indemnification, each party for their own acts and omissions.

Your fallback: One-sided indemnification but capped at the contract’s liability cap and limited to third-party claims arising from your breach.

Talk track: “We’re happy to stand behind our work — we’ll indemnify for issues within our control. But we need reciprocal protection. If your product infringes a third party’s IP or your data handling violates privacy law, we can’t absorb that risk.”

Termination

Their position: They can terminate at will with 30 days’ notice. You can only terminate for material breach with a 60-day cure period.

Your counter: Mutual termination for convenience with equal notice periods (30 or 60 days).

Your fallback: You get termination for cause (material breach, insolvency, change of control) with a 30-day cure period.

Talk track: “We want this relationship to work for both of us — mutual exit rights protect both parties and actually incentivize better performance. Asymmetric termination creates a power imbalance that doesn’t reflect a partnership.”

IP Ownership

Their position: They own everything created under the agreement, including anything built on your pre-existing IP.

Your counter: You retain ownership of all pre-existing IP and background IP. They receive a non-exclusive license to deliverables created under the agreement.

Your fallback: Work-for-hire on deliverables specifically created for them, but with express carve-outs for pre-existing IP, tools, and methodologies.

Talk track: “Our pre-existing IP is the foundation of what we bring to this relationship — it’s what makes us valuable to you. We need to protect it so we can continue to serve all our clients, including you.”

Data Rights

Their position: Broad license to your data for product improvement, analytics, marketing, and AI training.

Your counter: No license to customer data beyond what is strictly necessary to provide the service under this agreement.

Your fallback: Limited license for anonymized, aggregated use only — with contractual prohibition on re-identification.

Talk track: “Our data includes our clients’ data — we have confidentiality obligations that prevent broad licensing. We understand the value of aggregated insights. Let’s define a narrow permission that works within our compliance requirements.” For lawyers in particular, client confidentiality obligations under ABA Model Rule 1.6 add a layer of non-negotiable constraint to any data licensing discussion.

When to Walk Away

Not every deal is worth the risk. Here are the signs:
- They refuse to negotiate ANY terms. A vendor that will not discuss modifications to a standard agreement is telling you how they will behave during a dispute.
- The contract has unlimited liability exposure. No cap, no consequential damages exclusion, no insurance requirements. Your maximum exposure is theoretically infinite.
- Key protections you need are “non-negotiable.” If they will not discuss data security, breach notification, or liability carve-outs, the risk profile exceeds most reasonable deal economics.
- The commercial terms do not justify the legal risk. A $5,000/year SaaS contract with uncapped liability and no data portability? The math does not work.
A bad deal is worse than no deal. Walk away with your reputation and your leverage intact. There is always another vendor.

How AI Helps You Negotiate Better

The best negotiator is not the one with the most power — it is the one with the most information. Here is how AI contract review tools change the preparation equation:

Identify issues instantly. Instead of spending 2 hours reading a contract to find the problems, upload it to Clause Labs and get a risk report in under 60 seconds. You walk into the negotiation knowing exactly what needs to change.

Quantify severity. Risk scores help you prioritize your 3-5-3 framework. A clause flagged as “Critical” by the AI is probably one of your three must-haves. A “Medium” flag might be a should-have or a nice-to-have depending on deal context.

Get counter-language. AI-suggested redlines give you ready-made alternative language. You are not drafting counter-proposals from scratch — you are refining suggestions that already reflect market standards.

Benchmark against market standards. AI tools that have analyzed thousands of contracts can tell you when a clause deviates significantly from what is typical. That data becomes leverage: “This clause is unusual — here is what is standard.”

The free tier covers 3 reviews per month with no credit card — enough to prep for your next negotiation today. For teams handling higher volumes, the Solo plan at $49/month covers 25 reviews — less than 12 minutes of billable time at $250/hour.

Frequently Asked Questions

How many clauses should I try to negotiate?

Follow the 3-5-3 Rule: 3 must-haves, 5 should-haves, 3 concession items. That gives you 11 items to raise, which is a reasonable negotiation scope for most commercial agreements. For complex deals (M&A, large vendor agreements, multi-year commitments), you may expand to 5-8-5. The goal is structured pushback, not scorched-earth redlining.

What if they say “take it or leave it”?

First, verify whether it is truly non-negotiable or whether the person you are dealing with lacks authority to approve changes. Ask: “Is there someone on your team who can discuss modifications to these terms?” If the answer is genuinely no, shift from negotiation to risk assessment. Document the risks, quantify the exposure, and make an informed business decision about whether the deal economics justify the terms.

Should I negotiate via email or phone?

Both, strategically. Use phone calls for relationship-building, creative problem-solving, and reaching conceptual agreement. Use email for documenting agreed positions, proposing specific language, and creating a paper trail. The most effective pattern: discuss on the phone, confirm by email within 24 hours.

How do I negotiate when my client just wants to sign?

This is one of the most common frustrations for transactional lawyers. Frame the conversation around risk, not delay: “I understand you want to move quickly. Here are three specific risks in this agreement. Risk #1 could cost $X if triggered. It takes 10 minutes to fix with a single sentence change. Can we take that 10 minutes?” Dollar figures get client attention. Abstract legal concerns do not.

Is it worth negotiating contracts under $50K?

Depends on the risk profile, not the dollar value. A $20,000 SaaS contract with unlimited access to your client database carries more risk than a $100,000 construction contract with standard insurance requirements. Ask: what is the worst-case exposure if this vendor breaches, regardless of the contract value? If the answer is “more than we can absorb,” negotiate.

This article is for informational purposes only and does not constitute legal advice. Consult a qualified attorney for advice specific to your situation.
February 23, 2026
How to Review a SaaS Agreement: 12 Clauses That Kill Startup Deals
How to Review a SaaS Agreement: 12 Clauses That Kill Startup Deals

The average mid-size company now runs over 130 SaaS applications, each governed by a contract that was almost certainly drafted by the vendor’s legal team. Not yours. That means the risk allocation, the exit terms, the data rights — all of it was written to protect one party. And it was not the party signing the check.

According to World Commerce & Contracting, poor contract management erodes 9% of annual revenue on average. For a company spending $500,000 a year on SaaS tools, even a fraction of that loss — a surprise auto-renewal here, a data lock-in there — adds up to real money fast. And the damage is rarely obvious until you try to leave.

This guide walks through the 12 clauses that sink the most SaaS deals, with specific language to watch for, what to counter with, and how to prioritize when you can not negotiate everything. Try Clause Labs free to run any SaaS agreement through AI analysis in under 60 seconds — it flags all 12 of these clauses automatically.

The 12 Clauses That Kill SaaS Deals

1. Data Ownership and Portability

What the vendor wants: A broad license to use your data, with no obligation to help you export it when you leave.

What you should push for: Explicit customer ownership of all customer data, with export rights in a standard, machine-readable format (CSV, JSON, or API access) within 30 days of termination.

Red flag language:

“Customer grants Vendor a perpetual, irrevocable, worldwide license to use, reproduce, modify, and create derivative works from Customer Data for any purpose.”

Why this kills deals: Vendor lock-in is one of the most significant commercial risks in SaaS agreements. If you can not get your data out in a usable format, switching providers becomes so expensive that you effectively can not leave — even when the vendor raises prices 40% year over year.

Negotiation tip: Push for a data portability clause that specifies format, timeline, and cost (ideally free). If the vendor resists, that tells you everything you need to know about their retention strategy.

2. Service Level Agreements (SLAs)

What the vendor wants: Vague commitments like “commercially reasonable efforts” to maintain uptime — which means nothing enforceable.

What you should push for: Specific uptime percentages (99.9% minimum for business-critical tools), measurable criteria, meaningful remedies beyond service credits, and a termination right if SLAs are repeatedly missed.

Red flag language: No SLA section at all, or an SLA buried in a separate document that the vendor can modify unilaterally.

Why this kills deals: No SLA means no accountability. When the platform goes down during your client’s product launch, “commercially reasonable efforts” does not cover the $200,000 in lost revenue. The ABA’s guidance on SaaS contractual provisions notes that well-defined SLAs with specific remedies are essential for any business-critical service.

Negotiation tip: If the vendor refuses specific uptime commitments, ask for their actual uptime data from the past 12 months. Most credible vendors publish status pages — check them before you sign.

3. Auto-Renewal and Termination

What the vendor wants: Automatic renewal with a 90-day advance notice requirement for cancellation — a window most customers miss.

What you should push for: Annual opt-in renewal, or auto-renewal with a 30-day notice period and email reminders before the window closes.

Red flag language:

“This Agreement shall automatically renew for successive one-year terms unless either party provides written notice of non-renewal at least ninety (90) days prior to the expiration of the then-current term.”

Why this kills deals: You forget the 90-day window. You are locked in for another year. The vendor knows this. According to Ramp’s SaaS agreement analysis, unclear pricing or automatic renewals without proper notice are among the most common sources of SaaS contract disputes.

Negotiation tip: Calendar the opt-out date immediately upon signing — not 90 days before, but 120 days before, so you have time to evaluate alternatives.

4. Price Escalation

What the vendor wants: Unilateral right to increase pricing at any time, often with as little as 30 days’ notice.

What you should push for: Price lock for the initial term, with increases capped at CPI or a fixed percentage (3-5% annually) for renewal terms.

Red flag language:

“Vendor may adjust pricing at any time upon thirty (30) days’ written notice. Continued use of the Service after such notice constitutes acceptance of the new pricing.”

Why this kills deals: Year-one pricing was competitive. Year-two pricing is 30% higher. Year-three is 50% higher. You are locked in by your data, your integrations, and your team’s training. The vendor knows your switching costs exceed the price increase.

Negotiation tip: Negotiate a most-favored-nation clause: the vendor can not charge you more than they charge similarly situated customers for the same service tier.

5. Data Security and Breach Notification

What the vendor wants: Vague security commitments with no specific breach notification timeline.

What you should push for: Specific security standards (SOC 2 Type II, encryption at rest and in transit), 72-hour breach notification, and cooperation with your incident response process.

Red flag language: No security representations at all, or a one-sentence warranty that the vendor will use “commercially reasonable security measures.”

Why this kills deals: A data breach at your SaaS vendor is your problem, not just theirs. If your clients’ data is exposed and you receive no notification for 60 days, the regulatory liability lands on your desk. Under most state breach notification laws, delay in notification compounds penalties. For lawyers specifically, ABA Model Rule 1.6(c) requires “reasonable efforts to prevent the inadvertent or unauthorized disclosure” of client information — which includes vetting your vendors’ security practices.

Negotiation tip: Ask for the vendor’s SOC 2 Type II report before signing. If they do not have one, ask when they plan to get one. No timeline? Walk.

6. Limitation of Liability

What the vendor wants: Liability capped at fees paid in the prior month (not year), with all consequential damages excluded — no exceptions.

What you should push for: Cap at 12 months of fees paid, with carve-outs for data breach, IP infringement, confidentiality breaches, and willful misconduct.

Red flag language:

“In no event shall Vendor’s aggregate liability exceed the fees paid by Customer in the one (1) month period immediately preceding the event giving rise to the claim.”

Why this kills deals: Your $500/month SaaS tool suffers a data breach that exposes your entire customer database. Remediation costs you $250,000. The vendor’s maximum liability: $500. For a detailed analysis of how liability caps work across contract types, see our guide to limitation of liability clauses.

Negotiation tip: The carve-outs matter more than the cap number. A $50,000 cap with data breach carve-outs is better than a $500,000 cap that excludes consequential damages for everything.

7. IP Indemnification

What the vendor wants: No indemnification for IP infringement, or narrow indemnification with broad exclusions for customizations, integrations, or third-party components.

What you should push for: Vendor indemnifies you for any IP infringement claims arising from your normal use of the service as provided.

Red flag language: No IP indemnification section at all.

Why this kills deals: A patent troll sues you for using the vendor’s software. Without indemnification, you are paying your own legal defense — for a product someone else built.

Negotiation tip: IP indemnification is standard in enterprise SaaS. If a vendor refuses it entirely, they either know about a potential infringement issue or are not ready for business customers.

8. Unilateral Terms Modification

What the vendor wants: The right to change any term at any time by posting updates to their website, with your continued use constituting acceptance.

What you should push for: No material changes without mutual written agreement. Minor administrative changes can be posted with 30-day advance notice and an opt-out right.

Red flag language:

“These Terms may be modified at any time at Vendor’s sole discretion. Continued use of the Service following such modification constitutes acceptance of the modified Terms.”

Why this kills deals: The vendor changes the data licensing terms to allow them to use your data for AI training. The vendor adds a mandatory arbitration clause. The vendor removes the SLA. You never agreed to any of it — but you are bound because you logged in this morning.

Negotiation tip: Insist on a “negotiated terms prevail” clause: your signed agreement supersedes any posted updates.

9. Customer Data License to Vendor

What the vendor wants: A broad license to use your data for product improvement, analytics, benchmarking, and marketing.

What you should push for: No license to customer data beyond what is strictly necessary to provide the service. Any analytics use should require anonymization and aggregation with no re-identification.

Red flag language:

“Customer hereby grants Vendor a worldwide, perpetual, irrevocable, royalty-free license to use, reproduce, modify, and distribute Customer Data for purposes of improving the Service, developing new products, and creating derivative works.”

Why this kills deals: Your proprietary data becomes their product feature. Your competitive intelligence feeds their benchmarking reports. Your client’s confidential information trains their AI. If you are a lawyer reviewing SaaS agreements for clients, this clause should trigger an immediate conversation about client confidentiality obligations.

Negotiation tip: “Improving the Service” sounds harmless. It is not. Ask exactly what “improvement” means, whether it includes AI training, and whether your data can be separated from the aggregated dataset.

10. Sub-Processor and Third-Party Access

What the vendor wants: Unlimited right to use any sub-processor without notice or consent.

What you should push for: A current list of approved sub-processors, 30-day advance notice of changes, and a right to object (with termination right if you can not accept a new sub-processor).

Red flag language: No sub-processor section, or a blanket authorization for “any third party” to process data.

Why this kills deals: Your data is being processed by companies you have never heard of, in jurisdictions you did not agree to, under security standards you cannot verify. If you are subject to GDPR, HIPAA, or state privacy laws, unknown sub-processors create compliance risk that lands squarely on you.

Negotiation tip: If the vendor will not disclose sub-processors, they are either embarrassed by who they use or have not thought about it. Neither is acceptable.

11. Warranty Disclaimers

What the vendor wants: Complete “AS-IS” disclaimer, including all implied warranties of merchantability and fitness for a particular purpose.

What you should push for: A warranty that the service performs materially as described in the documentation, with a cure period for defects.

Red flag language:

“THE SERVICE IS PROVIDED ‘AS IS’ WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.”

Why this kills deals: The service does not do what the sales team promised. The features described in the demo do not work. Without a performance warranty, you have no contractual remedy — only the option to cancel (subject to the auto-renewal clause you forgot to negotiate).

Negotiation tip: At minimum, get a warranty that the service conforms to the published documentation. Then make sure that documentation is referenced by URL and version in the agreement.

12. Dispute Resolution and Governing Law

What the vendor wants: Mandatory binding arbitration under AAA rules in their home jurisdiction, with a class action waiver.

What you should push for: Option for litigation (not just arbitration), in a neutral or customer-friendly jurisdiction, with a reasonable statute of limitations.

Red flag language:

“All disputes shall be resolved by binding arbitration in Santa Clara County, California, under the Commercial Arbitration Rules of the American Arbitration Association. Each party waives any right to participate in a class action.”

Why this kills deals: You are a small business in Georgia. A dispute arises. You now have to pay for arbitration in Santa Clara County, California — travel, local counsel, AAA fees that can run $10,000+ before the merits hearing even starts. For small-dollar disputes, the cost of enforcement exceeds the claim value.

Negotiation tip: Push for the losing party to pay reasonable attorney fees and arbitration costs. This discourages frivolous positions from both sides.

The 3-Tier Negotiation Framework

You can not negotiate all 12 clauses on every deal. Procurement teams expect pushback on 5-8 items, not a full redline of every section. Prioritize using this framework:

Must-Win (Non-Negotiable)
– Data ownership and portability (Clause 1)
– SLA existence with measurable uptime (Clause 2)
– Breach notification timeline (Clause 5)
– Liability carve-outs for data breach (Clause 6)

Should-Win (Important, Push Hard)
– Price escalation caps (Clause 4)
– Auto-renewal notice period (Clause 3)
– IP indemnification (Clause 7)

Nice-to-Win (Concede If Needed)
– Governing law and dispute resolution (Clause 12)
– Sub-processor approval rights (Clause 10)
– Warranty scope (Clause 11)

This framework lets you signal flexibility on lower-priority items while holding firm on what matters. Most experienced procurement teams respect structured pushback — it shows you have reviewed the agreement carefully, not just redlined everything for the sake of it.

Want to know which tier your next SaaS agreement’s clauses fall into? Upload it to Clause Labs for a free risk analysis that scores each clause — then apply the framework above to prioritize your negotiation.

The 2-Minute SaaS Agreement Red Flag Quick-Scan

Before you commit to a full review, spend 2 minutes scanning for the worst offenders:
- Ctrl+F “perpetual” in any data-related clause — a perpetual license to your data is almost never acceptable
- Ctrl+F “sole discretion” — one-sided decision-making power concentrated in the vendor
- Ctrl+F “may modify” or “subject to change” — unilateral terms modification
- Ctrl+F “as-is” — full warranty disclaimer
- Look for what is NOT there: no SLA section, no data export provision, no breach notification timeline, no sub-processor list
If you hit three or more of these in a single agreement, that contract needs a full clause-by-clause review before anyone signs. Our contract red flags checklist provides the full 25-item framework for that deeper analysis.

AI-Assisted SaaS Agreement Review

Reviewing a SaaS agreement manually against all 12 clauses takes 2-3 hours for a thorough job. At $350/hour, that is $700-$1,050 per agreement — reasonable for a large enterprise deal, expensive for a $500/month SaaS subscription.

AI contract review tools compress that timeline to minutes. Clause Labs, for example, identifies all 12 clause types above, flags missing provisions, scores risk on each clause, and suggests negotiation language — in under 60 seconds. The AI does the finding; you do the thinking about what to negotiate and what to accept.

For a direct comparison of how AI handles SaaS agreements versus manual review, see our SaaS agreement review analysis.

Frequently Asked Questions

Can I actually negotiate a SaaS vendor’s standard terms?

Yes — more often than you think. According to Spendflo’s SaaS agreement research, understanding what is negotiable separates leading procurement teams from laggards. Vendors expect pushback on 5-8 clauses, particularly around data ownership, liability, and auto-renewal. The key is to ask. The worst outcome is they say no and you sign the standard terms anyway — which is exactly where you started.

What if the vendor says “take it or leave it”?

Some vendors — particularly large ones — have genuinely non-negotiable standard terms. In that case, your job shifts from negotiation to risk assessment: are the risks in these standard terms acceptable for this deal, at this price point, for this client? Document your analysis and the business justification for accepting the terms. For more on navigating this dynamic, read our guide to negotiating contract terms as the smaller party.

Should I review click-through ToS agreements?

If the tool will handle confidential data, client information, or business-critical processes — yes. Courts generally enforce click-through agreements. The Ninth Circuit and other federal circuits have consistently held that clicking “I agree” creates a binding contract, even if the user did not read the terms. The stakes are lower for a $10/month productivity tool than for a platform holding your client database, but the legal exposure is real regardless.

Is it worth hiring a lawyer to review a $200/month SaaS subscription?

Run the math. If the SaaS tool handles sensitive data and the worst-case exposure exceeds $10,000, a 2-hour legal review at $350/hour ($700) is cheap insurance. If the tool is non-critical and handles no sensitive data, the risk may not justify the cost. AI review tools like Clause Labs offer a middle ground — a comprehensive risk analysis for a fraction of the cost of a full manual review. The free tier covers 3 reviews per month with no credit card required.

How do I review a SaaS agreement for HIPAA compliance?

If the vendor will access or process protected health information, you need a Business Associate Agreement (BAA) — not just a SaaS agreement. Check that the BAA includes: specific permitted uses and disclosures, encryption requirements, breach notification obligations (required within 60 days under HIPAA), audit rights, and return/destruction of PHI upon termination. The SaaS agreement should reference the BAA, not replace it.

This article is for informational purposes only and does not constitute legal advice. Consult a qualified attorney for advice specific to your situation.
February 23, 2026

How to Review an Employment Agreement in 10 Minutes

The average employment agreement is 8–15 pages. A thorough manual review takes 60–90 minutes. Most lawyers charge $350–500/hour for the work. Most employees sign without reading past page two.

Both approaches are wrong. A structured 10-minute review catches the clauses that actually matter — the non-compete that could prevent you from working for two years, the IP assignment that hands your side project to your employer, the severance clause that evaporates if you do not sign a release within 21 days.

This framework gives you the 10-minute protocol, the 15 clauses that demand attention, role-specific red flags, and state-specific rules that can make the difference between an enforceable restriction and a void one.

Upload your employment agreement to Clause Labs free and get a clause-by-clause risk analysis in under 60 seconds — before you start your manual review.

The 10-Minute Framework

This timed approach assumes you have already read the agreement once (or used an AI tool for initial clause identification). The 10 minutes are for focused risk analysis, not first reading.

Minutes 1–2: Identify the Basics
– Parties: Who is the employer entity? (The parent company? A subsidiary? An LLC you have never heard of?)
– Position and title: Does the description match what was discussed?
– Effective date and employment type: At-will or fixed term?
– Compensation start date: Does it align with your expected start?

Minutes 3–4: Compensation Deep Dive
– Base salary: Annual amount, payment frequency, any conditions
– Bonus: Discretionary (“may”) or guaranteed (“shall”)? Pro-rated for partial years?
– Equity: Type (options, RSUs, profit interests), vesting schedule, acceleration triggers
– Benefits: Start date for benefits (day one or after 90 days?)

Minutes 5–6: Restrictive Covenants (the High-Stakes Section)
– Non-compete: Duration, geographic scope, activity scope
– Non-solicitation: Clients, employees, or both?
– Confidentiality: Definition breadth, duration (employment or perpetual?)
– Check enforceability in the relevant state (see state guide below)

Minutes 7–8: Termination Provisions
– For cause: How is “cause” defined? How many cure opportunities?
– Without cause: What notice period? What severance?
– Resignation: What notice do you owe? Any forfeiture of unvested equity?
– Change of control: Acceleration of equity? Enhanced severance?

Minutes 9–10: IP, Dispute Resolution, and Deal-Breakers
– IP assignment: Scope (all inventions or only work-related?)
– Prior inventions exclusion: Is there a carve-out schedule?
– Dispute resolution: Arbitration (mandatory?) or litigation?
– Governing law: Which state? Does it match your location?
– Anything that contradicts verbal promises made during negotiations

The 15 Employment Agreement Clauses to Check

1. At-Will Statement or Employment Term

What to look for: Whether the agreement establishes at-will employment (terminable by either party at any time) or a fixed term (1 year, 2 years). Most employment agreements in the US are at-will.

Green flag: Clear at-will language with mutual termination rights and reasonable notice provisions.

Red flag: At-will language combined with aggressive restrictive covenants — you can be fired at any time, but you cannot compete for 2 years.

2. Position and Duties

What to look for: A “duties as assigned” clause that gives the employer unlimited discretion to change your role. This is scope creep written into the contract.

Green flag: Specific position title with a defined reporting structure and a description of core responsibilities.

Red flag: “Such duties as may be assigned from time to time by the Company” — this language lets the employer change your role without renegotiating compensation.

3. Base Salary and Payment Schedule

What to look for: Confirm the annual amount matches the offer letter. Check whether the employer can reduce salary unilaterally.

Red flag: “The Company reserves the right to modify compensation at its sole discretion.” If they can cut your pay without your consent, the salary number in the agreement is a ceiling, not a floor.

4. Bonus Structure

What to look for: The difference between “eligible for” and “entitled to.” Discretionary bonuses are entirely within the employer’s control. Target bonuses with defined metrics are enforceable.

Red flag: A “target bonus of 20% of base salary” with language stating the bonus is “entirely discretionary and does not vest until paid.” That target is aspirational, not contractual.

5. Equity and Option Grants

What to look for: Grant size, type (ISOs vs. NSOs, RSUs vs. options), vesting schedule, cliff period, and exercise window after termination.

Red flag: A 4-year vesting schedule with a 1-year cliff and a 90-day exercise window post-termination. The 90-day window can force employees to exercise options they cannot afford — especially with ISOs where the tax implications of exercise can be significant. Some recent employment agreements extend post-termination exercise windows to 12 months or longer.

Critical for executives: Check for acceleration upon change of control (single-trigger vs. double-trigger). Double-trigger acceleration (requires both a change of control AND termination) is standard; single-trigger is more favorable to the employee.

6. Benefits and Perquisites

What to look for: Start date for benefits, whether specific benefits (health insurance, 401k match) are contractually guaranteed or subject to change.

Red flag: “Employee shall be eligible to participate in benefits generally available to employees, as the Company may modify from time to time.” This lets the employer eliminate benefits without breaching the agreement.

7. Non-Compete Provisions

This is the single highest-risk clause for employees and the most frequently litigated for employers.

What to look for: Duration (6 months, 12 months, 24 months), geographic scope (city, state, nationwide, worldwide), and activity scope (competing business, or any business in the same industry?).

Red flag language: “Employee shall not, for a period of 24 months following termination for any reason, directly or indirectly engage in any business that competes with any business conducted by the Company or any of its affiliates, anywhere in the United States.”

This is unenforceable in most states because it is overbroad in scope, geography, and duration — but the employee still has to litigate to prove that, which is expensive. See the state enforceability guide below.

8. Non-Solicitation

What to look for: Whether the restriction covers client solicitation, employee solicitation (anti-raiding), or both. Client non-solicits are generally more enforceable than non-competes.

Red flag: Non-solicitation of clients you brought to the firm from prior relationships. This is especially problematic for sales professionals and lawyers changing firms.

9. Confidentiality and NDA Provisions

What to look for: How broadly “confidential information” is defined, whether it survives termination (and for how long), and whether it includes information you already knew.

Red flag: A definition that encompasses “all information provided to Employee during employment, whether or not marked as confidential.” This can swallow publicly available information and general industry knowledge. The standard NDA exclusions — independently developed, publicly known, received from third parties — should apply here too.

10. Invention Assignment and IP Clause

What to look for: Whether the assignment covers all inventions (including personal projects) or only those related to the employer’s business. Whether there is an excluded inventions schedule.

Red flag: “Employee hereby assigns to the Company all right, title, and interest in any and all inventions, works of authorship, and intellectual property created during the term of employment.” No “related to company business” qualifier. No excluded inventions schedule. This language could assign your personal blog posts, side projects, and weekend apps to your employer.

State note: Several states limit these broad assignments. California (Lab. Code § 2870), Delaware, Illinois, Minnesota, Washington, and others protect inventions created entirely on the employee’s own time without employer resources, unrelated to the employer’s business.

11. Termination for Cause Definition

What to look for: Specificity. A vague “cause” definition gives the employer maximum discretion. A specific definition protects the employee.

Green flag: “Cause” means: (a) conviction of a felony, (b) willful misconduct causing material harm, (c) material breach of this agreement after 30 days’ written notice and opportunity to cure.

Red flag: “Cause” includes “any conduct the Company determines, in its sole discretion, to be detrimental to the Company’s interests.” Sole discretion language makes every termination a “for cause” termination — meaning no severance.

12. Severance Terms

What to look for: Amount (months of salary), conditions (signing a release), timing (lump sum or salary continuation), and acceleration triggers.

Red flag: Severance conditioned on signing a general release within 21 days, with the release waiving age discrimination claims under the Older Workers Benefit Protection Act (29 U.S.C. § 626). The 21-day period is a legal requirement for valid OWBPA waivers — but the release itself may waive claims you should preserve. Always review the release before signing.

13. Release Requirements

What to look for: Whether severance requires signing a release of all claims. Whether the release carves out certain rights (workers’ compensation, unemployment insurance, vested benefits).

Red flag: A release that waives “any and all claims” without exceptions for non-waivable statutory rights.

14. Dispute Resolution

What to look for: Mandatory arbitration versus right to litigate. Whether the arbitration clause includes a class action waiver. Who selects the arbitrator. Who pays arbitration costs.

Red flag: Mandatory arbitration with costs split equally, administered by an arbitration provider chosen by the employer, in a jurisdiction far from the employee’s residence. This creates practical barriers to pursuing claims.

15. Governing Law and Jurisdiction

What to look for: Whether the governing law matches the state where you work. Whether the jurisdiction clause is favorable or burdensome.

Red flag for employees: Governing law set to a state with strong non-compete enforcement (e.g., Florida) when the employee works in a state with weaker enforcement (e.g., California). Note: courts do not always honor choice-of-law provisions that circumvent local employee protections — but the litigation to challenge it is expensive.

Employment Agreement Red Flags by Role

Executive Agreements

Executives face unique risks that standard employment agreements do not address:

Change of control provisions: Does equity accelerate? Does severance increase? What constitutes “good reason” for resignation?
Clawback clauses: Can the employer claw back bonus compensation? Under what circumstances?
D&O insurance and indemnification: Are you covered for actions taken in your corporate role?
Garden leave: Some agreements require you to remain employed (but not working) during the non-compete period — this is more common in financial services and increasingly in tech.

Sales Roles

Commission structure: Is the commission plan part of the agreement, or an external document the employer can modify unilaterally?
Territory and account ownership: What happens to your accounts and pipeline on departure?
Tail commissions: Are you paid on deals that close after your departure if you initiated them?

Technology Roles

IP assignment breadth: The most critical clause. Does it extend to personal projects, open source contributions, or work done on personal equipment outside business hours?
Moonlighting restrictions: Can you do freelance work, teach, or contribute to open source?
Open source obligations: If your work involves open source components, does the agreement create conflicts with open source licenses?

Healthcare Roles

Non-compete geographic scope: Healthcare non-competes often define geography by radius from practice locations — 10 miles in a dense metro area is very different from 10 miles in a rural setting
Tail coverage: Who pays for malpractice insurance after departure?
Credentialing timelines: The agreement should account for the 60–120 day credentialing gap when changing employers

State-Specific Employment Agreement Issues

Non-compete enforceability varies dramatically by state. This single variable can determine whether a restrictive covenant is a real constraint or unenforceable ink.

State	Non-Compete Status	Key Details
California	Banned	Bus. & Prof. Code § 16600 voids virtually all non-competes
Minnesota	Banned	Prohibited for most workers as of July 2023
Oklahoma	Banned	Statute voids non-competes; non-solicits may be enforceable
North Dakota	Banned	Century Code § 9-08-06
Illinois	Income threshold	Unenforceable below $75,000 salary threshold; 14-day attorney review notice required
Massachusetts	Restricted	Garden leave or “other mutually-agreed consideration” required; max 12 months
Colorado	Income threshold	Unenforceable for workers earning below threshold; additional restrictions for non-solicits
Washington	Income threshold	Threshold adjusted annually (~$116,594 for employees in 2025)
Florida	Enforceable	Fla. Stat. § 542.335 provides detailed enforcement framework; generally favorable to employers
Texas	Enforceable	Requires ancillary to enforceable agreement; courts may reform overbroad covenants

Federal update: The FTC’s proposed nationwide non-compete ban was struck down by courts in 2024, and the FTC voluntarily dismissed its appeals in September 2025. Non-compete regulation remains primarily a state-law issue. However, the FTC has signaled it will pursue case-by-case enforcement actions against non-competes it views as anticompetitive.

Bottom line: Always check the governing law state. A non-compete governed by California law is essentially unenforceable. The same clause governed by Florida law is a real constraint. For more on how governing law interacts with other risky clauses, see our guide to contract clauses that cause costly mistakes.

The Employer vs. Employee Perspective

The same clause creates different concerns depending on which side you represent:

Clause	Employer Concern	Employee Concern	Negotiation Tip
Non-compete	Is it enforceable enough to protect us?	Is it narrow enough to let me work elsewhere?	Narrow the scope; increase the severance
IP assignment	Does it capture all work product?	Does it capture my personal projects?	Add an excluded inventions schedule
Termination for cause	Is “cause” broad enough for protection?	Is “cause” specific enough to prevent pretextual firing?	List specific cause events; require cure periods
Severance	Is the cost justified by the hire?	Is the safety net adequate?	Tie severance to non-compete duration
Bonus	Is discretion preserved?	Is the target meaningful?	Add objective metrics and partial-year proration

How AI Speeds Up Employment Agreement Review

The 10-minute framework above works. But it works faster when you start with AI-assisted clause identification.

Clause Labs’s employment agreement playbook identifies all 15 clauses listed above, flags risk levels on each, detects missing provisions (no severance clause? no IP carve-out? no cure period for cause termination?), and generates redline suggestions — all in under 60 seconds. You then apply the framework above to the flagged issues rather than scanning the entire document.

The combination of AI-first analysis and structured human review compresses a 60–90 minute review into 15–20 minutes while catching issues that even experienced reviewers miss on manual pass-throughs. Try it free on your next employment agreement — the risk report takes under 60 seconds. See our complete red flag checklist for the broader framework applicable to all contract types, and our comparison of AI contract review tools for how different platforms handle employment agreements.

Frequently Asked Questions

What is the single most important clause in an employment agreement?

For employees: the non-compete (because it controls your career after this job). For employers: the IP assignment clause (because it protects the company’s most valuable assets). For both: the termination and severance provisions, which define the economic consequences of the relationship ending.

Can I negotiate an at-will employment agreement?

Yes. At-will is the default, but many terms within an at-will agreement are negotiable: severance triggers, notice periods, bonus vesting on termination, and equity acceleration. You are not negotiating away “at-will” status (which would require a fixed-term contract); you are negotiating the economic terms around termination.

Should I hire a lawyer to review my employment agreement?

If total compensation exceeds $150,000, or if the agreement contains restrictive covenants, or if you are receiving equity — yes. The cost of a review ($500–$2,000) is trivial compared to the risk of a bad non-compete or a missed IP assignment clause. For a faster and more affordable first pass, upload the agreement to Clause Labs for instant risk identification, then consult a lawyer on the flagged issues.

How do I review an employment agreement for a friend or family member?

If you are not their lawyer, be careful. Providing specific legal advice on someone else’s employment agreement could create an inadvertent attorney-client relationship. You can explain general concepts and point them to resources like this guide, but for actionable advice on their specific agreement, they should consult their own attorney or use a structured review tool.

This article is for informational purposes only and does not constitute legal advice. Consult a qualified attorney for advice specific to your situation.

February 23, 2026

How to Review an NDA in 5 Minutes: Step-by-Step Guide for Lawyers
How to Review an NDA in 5 Minutes: Step-by-Step Guide for Lawyers

The average NDA takes 45 minutes to review manually. At $350/hour — the national median for transactional attorneys per Clio’s 2025 Legal Trends Report — that’s $262 per NDA. If you review 10 NDAs a month, you’re spending $2,625 and nearly 8 hours on what most lawyers consider “simple” agreements.

NDAs are not simple. They are the most commonly reviewed contract type in solo and small firm practice, and they hide traps that experienced attorneys miss routinely. A 2024 World Commerce & Contracting report found that poor contract management erodes an average of 8.6% of contract value — and that erosion starts with the “routine” agreements no one scrutinizes carefully.

This guide gives you a structured 5-minute review framework you can use on every NDA that crosses your desk. It works whether you’re reviewing at 9 AM with coffee or at 11 PM with a deadline. Try Clause Labs Free to run this entire checklist with AI in under 30 seconds, or use the manual framework below.

The RAPID NDA Review Framework

Most lawyers read NDAs front-to-back and hope they catch everything. That approach works fine until it doesn’t — and the clause you missed is the one that matters. The RAPID framework gives you a systematic method that forces you to check what matters most, even under time pressure.

R — Rights: Who’s giving up what? Identify which party’s rights are restricted and whether the restrictions are mutual or one-sided.

A — Asymmetry: Is this agreement balanced? Mutual NDAs should impose roughly equal obligations. One-way NDAs should clearly favor only the disclosing party.

P — Protections: What exceptions, carve-outs, and limitations exist? Standard exclusions should always be present. If they’re missing, the NDA is overbroad.

I — Issues: What time bombs are hiding in the agreement? Duration problems, non-compete riders, residuals clauses, and remedies overreach all live here.

D — Definitions: How is “Confidential Information” defined? This single definition controls the entire agreement. If it’s too broad, everything is restricted. If it’s too narrow, nothing is protected.

Five letters. Five categories. Five minutes for a first-pass review that catches 90% of NDA problems. Now let’s break down the specific clauses you need to check within each category.

The 12 NDA Clauses to Check Every Time

For each clause below, you’ll find what it is, what to look for, the red flag language that should trigger pushback, and a negotiation tip.

1. Definition of Confidential Information

This is the most important clause in any NDA. It determines the scope of everything that follows.

What to look for: Is the definition specific enough to be enforceable but broad enough to protect the intended information? Courts have repeatedly held that overly vague definitions render NDAs unenforceable.

Red flag: “All information shared between the parties in any form” — this catch-all language is both overbroad and potentially unenforceable. Courts in multiple jurisdictions have questioned NDAs that fail to identify specific categories of protected information.

Green flag: “Confidential Information means technical specifications, business plans, customer lists, pricing data, and proprietary software, whether disclosed orally, in writing, or electronically, and marked as confidential or that a reasonable person would understand to be confidential.”

Negotiation tip: Push for a definition that specifies categories of protected information rather than using catch-all language. It protects your client better because it’s more likely enforceable.

2. Exclusions from Confidential Information

Every enforceable NDA must include standard exclusions. If they’re missing, the NDA attempts to restrict information that cannot legally be restricted.

What to look for: Five standard exclusions should appear in every NDA:
1. Information already known to the receiving party before disclosure
2. Information that is or becomes publicly available through no fault of the receiving party
3. Information independently developed by the receiving party
4. Information received from a third party without restriction
5. Information required to be disclosed by law, regulation, or court order
Red flag: Missing even one of these exclusions — particularly the legal compulsion carve-out. Without it, a party could face contempt of court for complying with a subpoena because the NDA technically restricts disclosure.

Negotiation tip: If any standard exclusions are missing, add them. This is not a negotiation point — it’s a drafting deficiency. Most experienced counterparties will agree immediately.

3. Obligations of the Receiving Party

This clause defines what the receiving party must actually do (and not do) with the confidential information.

What to look for: Reasonableness of the standard of care. “Best efforts” is more onerous than “reasonable efforts.” The standard should match the sensitivity of the information.

Red flag: “Receiving Party shall use the highest degree of care” or “Receiving Party shall prevent any and all unauthorized disclosure.” Absolute standards are nearly impossible to meet and expose your client to liability for even minor inadvertent disclosures.

Green flag: “Receiving Party shall use the same degree of care it uses to protect its own confidential information, but no less than reasonable care.”

Negotiation tip: Push for “reasonable care” or “same degree of care used for own confidential information,” whichever is standard in your client’s industry.

4. Permitted Disclosures

Who can the receiving party share confidential information with? This clause should address employees, advisors, and legal counsel at minimum.

What to look for: The NDA should permit disclosure to employees, contractors, and professional advisors who need the information and are bound by confidentiality obligations at least as protective as the NDA.

Red flag: No permitted disclosure clause at all — this technically means the receiving party can’t even share information with its own lawyers for the purpose of evaluating the deal.

Negotiation tip: Ensure the list of permitted recipients is broad enough to include everyone who will actually need access. For M&A NDAs, this should include accountants, bankers, and board members.

5. Duration of Confidentiality Obligations

How long do the obligations last? This is where many NDAs become unreasonable.

What to look for: Market-standard duration is 1-3 years for most commercial NDAs. Trade secret NDAs may justify longer periods. Perpetual obligations for general business information are a red flag.

Red flag: “Obligations under this Agreement shall survive in perpetuity” — for ordinary business information, this is likely unenforceable in many jurisdictions and signals that the drafter is either inexperienced or overreaching. According to Cooley GO’s NDA guidance, courts in many states view perpetual restrictions on non-trade-secret information skeptically.

Green flag: “Obligations shall continue for a period of two (2) years following disclosure of the applicable Confidential Information” or “for two (2) years following termination of this Agreement.”

Negotiation tip: If your client is the receiving party, push for a fixed term. If your client is the disclosing party, the longer the better — but be realistic about enforceability. Two to three years is defensible; perpetual for general business information often isn’t.

6. Return or Destruction of Information

What happens to confidential information when the NDA expires or terminates?

What to look for: A clear obligation to return or destroy confidential information upon request or at termination, with a certification requirement.

Red flag: No return/destruction provision at all. Without it, the receiving party can retain confidential information indefinitely, even after the NDA expires.

Negotiation tip: Include a carve-out allowing retention of one archival copy for legal compliance purposes and retention of information stored on routine backup systems — requiring purging of backup systems is technically impractical and creates a dispute trigger.

7. Non-Solicitation Riders

Non-solicitation provisions do not belong in a standard NDA. Their presence signals scope creep.

What to look for: Any provision restricting either party from soliciting or hiring the other’s employees, clients, or vendors. These provisions sometimes appear as a “Related Restrictions” section or buried within the “Additional Covenants.”

Red flag: “During the term and for 12 months following termination, neither party shall solicit or hire any employee of the other party.” In a simple NDA for business discussions, this restriction has nothing to do with protecting confidential information.

Negotiation tip: Strike non-solicitation provisions from NDAs unless there’s a specific business reason for their inclusion. If the counterparty insists, negotiate it as a separate agreement with appropriate consideration — don’t let it ride on an NDA. Note: non-solicitation enforceability varies by state. Review the ABA’s overview of restrictive covenants for jurisdiction-specific considerations.

8. Non-Compete Provisions

If you find a non-compete in an NDA, stop reviewing and start negotiating.

What to look for: Any restriction on competitive activities, business relationships, or entering specific markets. Non-competes absolutely do not belong in a standard NDA — they should be separate agreements with separate consideration.

Red flag: “Receiving Party agrees not to engage in any business that competes with Disclosing Party for a period of 12 months.” This transforms an NDA into a non-compete agreement, often without adequate consideration and potentially unenforceable under state law.

Negotiation tip: Refuse to accept non-compete language in an NDA. Period. If your client needs a non-compete, draft one separately with appropriate consideration, reasonable scope, and jurisdiction-specific compliance. Four states — California, Minnesota, Oklahoma, and North Dakota — ban non-competes almost entirely. See our guide to non-compete clause enforceability in 2026 for state-by-state analysis.

9. The Residuals Clause

This is the clause most lawyers miss — and it can quietly gut an NDA’s protections.

What to look for: A residuals clause permits the receiving party to use information retained in the “unaided memory” of its personnel, free of any confidentiality restrictions. According to Venable’s analysis of residuals clauses, if broadly drafted, a residuals clause can be “detrimental to the Disclosing Party” because it allows the receiving party to freely use any information its employees can remember.

Red flag: “Nothing in this Agreement shall restrict the Receiving Party from using Residual Information. ‘Residual Information’ means any ideas, concepts, know-how, or techniques retained in the unaided memory of any Representative of the Receiving Party.” This effectively creates a legal workaround: anything an employee remembers is fair game.

Green flag: A narrowly drafted residuals clause that excludes source code, customer data, pricing information, and strategic plans from the residuals exception, limits the exception to non-strategic personnel, and includes a time limit.

Negotiation tip: If you represent the disclosing party, strike the residuals clause entirely or narrow it significantly. If you represent the receiving party, push for a residuals clause — it provides meaningful protection against inadvertent breach claims. The key is defining what “unaided memory” covers and what it excludes.

10. Remedies and Injunctive Relief

This clause determines what happens when the NDA is breached.

What to look for: Most NDAs include an acknowledgment that breach would cause irreparable harm and that the disclosing party is entitled to injunctive relief (a court order to stop the breach) without proving actual damages.

Red flag: “Disclosing Party shall be entitled to injunctive relief and specific performance without bond or other security, in addition to all other remedies available at law or equity.” The “without bond” language removes a judicial safeguard that protects against frivolous injunction requests.

Negotiation tip: Accepting injunctive relief language is standard. Resist “without bond” provisions — courts in many jurisdictions require bonds for injunctions regardless of what the contract says, so the clause may not even be enforceable, but it signals aggressive drafting intent.

11. Governing Law and Jurisdiction

Which state’s law governs the NDA, and where would disputes be litigated?

What to look for: The governing law should match one of the parties’ locations or the location where the business relationship will primarily operate. A random jurisdiction suggests strategic forum shopping.

Red flag: A Delaware or New York governing law clause when both parties are based in California and the business relationship will operate in California. Forum selection clauses that require your client to litigate across the country add significant cost and inconvenience.

Negotiation tip: Push for your client’s home jurisdiction. If the counterparty insists on their jurisdiction, evaluate whether the governing law actually matters for this NDA (often, it doesn’t — NDA law is fairly uniform across most states). But if the NDA includes non-compete provisions or restrictive covenants, governing law becomes critical because enforceability varies dramatically by state.

12. Mutual vs. One-Way Obligations

Is the NDA protecting one party’s information or both parties’ information?

What to look for: In a mutual NDA, both parties disclose confidential information and both have obligations. In a one-way NDA, only one party discloses. The structure should match the actual information flow.

Red flag: A mutual NDA where only one party will actually disclose information. This creates unnecessary obligations for your client without corresponding benefit. Conversely, a one-way NDA presented when both parties will share sensitive information leaves one party unprotected.

Negotiation tip: If both parties will share information (the norm in most business discussions), insist on mutual obligations. If the NDA is truly one-way, make sure the obligations run in the right direction.

Red Flags That Should Stop You Cold

Some NDA provisions should trigger immediate pushback. If you see any of the following, flag them as critical issues before proceeding:
- Perpetual confidentiality with no exceptions — likely unenforceable for non-trade-secret information and signals aggressive overreach
- “All information shared” as the definition — overbroad, vague, and potentially unenforceable
- Non-compete or non-solicitation provisions buried in the NDA — scope creep that transforms a confidentiality agreement into a restrictive covenant
- Automatic assignment of IP — some NDAs include language assigning any intellectual property developed during discussions to the disclosing party, which has nothing to do with confidentiality
- Waiver of jury trial — an aggressive provision that doesn’t belong in a standard NDA
- One-sided attorney’s fees — if the disclosing party can recover legal fees but the receiving party cannot, the NDA creates asymmetric enforcement economics
- Missing standard exclusions — particularly the legal compulsion carve-out (subpoena compliance)
If you encounter more than two of these issues in a single NDA, consider whether the counterparty is negotiating in good faith or using the NDA as a vehicle for broader restrictions.

Common NDA Mistakes by Scenario

Different contexts create different NDA traps. Here’s what to watch for in the scenarios solo lawyers encounter most.

Startup NDA for Investor Meetings

The most common mistake: founders draft NDAs that are too broad to enforce and too aggressive to sign. Most sophisticated investors refuse to sign NDAs before hearing a pitch — and a founder who insists may signal inexperience.

What to advise: If an NDA is appropriate, keep it narrow. Define confidential information as specific technical or financial data shared during due diligence, not “business ideas” or “concepts.” Duration of 12-18 months is reasonable.

Employee NDA (or CIIA)

The most common mistake: NDAs that include hidden non-compete provisions that may be unenforceable in your employee’s state. California, Minnesota, Oklahoma, and North Dakota effectively ban non-competes; Illinois, Massachusetts, Washington, and Oregon impose significant income thresholds and restrictions.

What to advise: Separate the NDA from any restrictive covenants. Review the IP assignment provisions carefully — employees should always be allowed to exclude prior inventions. Check state-specific requirements for independent consideration.

Vendor NDA for Due Diligence

The most common mistake: missing carve-outs for legal and regulatory disclosure. When your client is reviewing a vendor’s confidential information for a potential acquisition, the NDA must permit sharing with accountants, bankers, and board members — not just lawyers.

What to advise: Negotiate broad permitted disclosures. Include a carve-out for disclosures required by securities regulations, government agencies, and court orders. Add explicit permission to share with professional advisors under their own confidentiality obligations.

M&A NDA

The most common mistake: failing to include standstill provisions, non-solicitation of key employees, and return/destruction obligations tailored to the deal timeline.

What to advise: M&A NDAs are not standard NDAs — they’re deal-specific instruments. Include standstill provisions if the target wants them, employee non-solicitation (which is more defensible than customer non-solicitation in this context), and detailed information handling protocols.

How AI Can Speed Up NDA Review

The RAPID framework and 12-clause checklist above work for manual review. But the reality of solo practice is that you’re often reviewing NDAs late at night, between client calls, or with a deadline an hour away.

AI contract review tools — including Clause Labs, Spellbook, and LegalOn — can run the equivalent of this entire checklist in seconds. Clause Labs specifically flags all 12 clauses discussed above, identifies missing exclusions, and generates plain-English explanations of each issue.

The approach that works best for most practitioners: let AI do the first pass and flag the issues, then apply your professional judgment to the flagged items. This is consistent with ABA Model Rule 1.1 (competence, including technology competence) and ABA Formal Opinion 512 (ethical use of generative AI tools), which requires lawyers to review and verify AI output rather than relying on it blindly.

For a deeper analysis of the ethical considerations, see our guide to whether AI contract review is ethical.

Upload your next NDA to Clause Labs’s free analyzer — it runs the full 12-clause analysis in under 30 seconds. No credit card, no signup for the basic analysis. Use it alongside the manual framework above and see what it catches that a quick read might miss.

Frequently Asked Questions

How long should an NDA review take?

A first-pass review using the RAPID framework should take approximately 5 minutes for a standard 3-5 page NDA. A thorough review with redline markup typically takes 20-30 minutes. If you’re spending more than 45 minutes on a standard NDA, you either don’t have a systematic framework or the NDA has significant issues that require negotiation. According to World Commerce & Contracting, human-led contract review averages 92 minutes — the RAPID framework cuts that significantly for standard NDAs.

What’s the most commonly missed NDA clause?

The residuals clause. According to EveryNDA’s analysis of residual information clauses, most lawyers either don’t notice it or don’t understand its implications. A broadly drafted residuals clause can effectively allow the receiving party to use any information its employees can remember — potentially gutting the NDA’s core protection. Check clause #9 in the framework above every single time.

Should I redline or reject a bad NDA?

Redline first. Most NDA problems stem from lazy drafting (using an old template without updating it) rather than bad faith. Redlining shows professionalism and often resolves issues quickly. Reject only when the NDA contains non-negotiable problems — like a disguised non-compete for a California employee or a perpetual term for general business information — that suggest the counterparty is using the NDA for purposes beyond confidentiality protection.

When should I escalate NDA review to a more senior attorney?

Escalate when the NDA involves trade secrets with potential seven-figure value, when it includes restrictive covenants you’re not sure are enforceable in the governing jurisdiction, when the counterparty is a government entity or heavily regulated industry, or when the NDA is connected to an M&A transaction. For routine commercial NDAs between private companies, a lawyer with the RAPID framework and the 12-clause checklist above should be fully equipped.

Can AI review NDAs accurately?

Purpose-built AI contract review tools identify NDA clause types and flag common risks with high accuracy for standard commercial NDAs. They’re particularly strong at catching missing exclusions, overbroad definitions, and asymmetric obligations — the pattern-based issues that humans miss when reviewing under time pressure. They’re weaker at assessing business context, relationship dynamics, and jurisdiction-specific enforceability nuances. The best approach is using AI for the first-pass identification, then applying your legal judgment to the flagged items. See our comparison of AI tools for contract review for a detailed assessment.

This article is for informational purposes only and does not constitute legal advice. NDA enforceability varies by jurisdiction, contract type, and specific factual circumstances. Consult a qualified attorney for advice specific to your situation.
February 23, 2026

How to Review a Contract for Red Flags: The Complete Lawyer’s Checklist

A single missed clause in a 40-page MSA cost one solo practitioner’s client $340,000 in uncapped indemnification exposure last year. The clause was buried on page 27, between a standard notice provision and a boilerplate severability section. The lawyer reviewed the contract in two hours. The problematic indemnification language took 15 seconds to read — and a lifetime to regret.

According to the World Commerce & Contracting, poor contract management costs organizations 9% of their annual revenue on average. For a business doing $5 million a year, that’s $450,000 walking out the door because someone didn’t catch what was — or wasn’t — in the agreement.

This article gives you a systematic framework for catching every red flag, every time. Whether you’re reviewing your fifth contract this week or your fiftieth, the checklist below will make sure nothing slips through. Try Clause Labs Free to run this entire checklist with AI in under 60 seconds — or use the manual framework below.

The 5-Phase Contract Review Framework

Most lawyers read contracts start to finish. That’s how you miss things. A structured review catches what linear reading doesn’t. Here’s a five-phase approach with specific time allocations for a standard 15-25 page agreement:

Phase 1: Initial Scan (2 minutes) — Parties, dates, term, governing law. Confirm the basics are correct before you invest time in the substance.

Phase 2: Obligation Mapping (5 minutes) — Who owes what to whom, and when. Sketch the obligation flow. Asymmetric obligations jump out immediately when you map them visually.

Phase 3: Risk Identification (10 minutes) — The red flag hunt. This is where the 25 red flags below come in. Go through each category systematically.

Phase 4: Missing Protections (5 minutes) — What should be in the contract but isn’t. Missing clauses are often more dangerous than bad clauses, because you don’t notice what isn’t there.

Phase 5: Commercial Alignment (5 minutes) — Does the contract match the deal your client actually negotiated? Surprisingly often, it doesn’t.

Total: 27 minutes for a first-pass review. That’s the framework. Now here are the specific red flags to hunt for.

The 25 Contract Red Flags Every Lawyer Must Catch

Deal Structure Red Flags (1-5)

1. Ambiguous Definitions That Change Clause Meaning

Definitions sections are where contracts hide their teeth. A broadly defined term like “Confidential Information” that includes “all information shared between the parties, in any form” turns a simple NDA into a knowledge prison. Look for definitions that expand obligations beyond what the deal contemplates.

What to do: Compare each defined term against how it’s used throughout the agreement. If the definition is broader than the commercial intent, narrow it.

2. Inconsistent Defined Terms

When a contract uses “Services,” “Work,” and “Deliverables” interchangeably — or worse, when it defines “Services” in the definitions section but switches to “Work” in the liability provisions — obligations become ambiguous and disputes become likely.

What to do: Use Ctrl+F to search for each defined term. Flag any section that uses an undefined variant.

3. Missing or Incorrect Party Identification

Wrong entity names, missing parent/subsidiary distinctions, and absent guarantor provisions create enforcement nightmares. If your client is contracting with “ABC LLC” but the entity signing is “ABC Holdings Inc.,” you may have no recourse against the right party.

What to do: Verify exact legal entity names against state records. Confirm the signatory has authority. Check for necessary guarantees.

4. Term and Renewal Traps

Auto-renewal clauses with 90-day notice requirements are among the most expensive overlooked provisions in commercial contracts. Your client signs a 12-month agreement, forgets about the notice window, and is locked in for another year — often at an escalated rate.

What to do: Calendar every notice deadline. Flag any auto-renewal with a notice period exceeding 30 days. Check for rate escalation on renewal.

5. Conditions Precedent That Are Impossible to Satisfy

If performance obligations are conditioned on events your client can’t control — regulatory approvals, third-party consents, environmental clearances — the contract may be unperformable from day one.

What to do: List every condition precedent. For each, ask: “Can my client actually satisfy this? What happens if they can’t?”

Financial Red Flags (6-10)

6. Unlimited Liability Exposure

According to the ABA’s 2024 Legal Technology Survey, contract disputes remain the most common source of malpractice claims for transactional lawyers. A contract with no limitation of liability clause exposes your client to theoretically unlimited damages — and exposes you to a malpractice claim if you didn’t flag it.

What to do: If there’s no limitation of liability, add one. If there is one, check the cap amount against the deal size. For guidance on drafting these, see our guide to limitation of liability clauses.

7. One-Sided Indemnification

Mutual risks should carry mutual indemnification. When only your client indemnifies the counterparty — but not the reverse — the risk allocation is fundamentally unfair. This is especially common in vendor agreements where the vendor drafted the contract.

What to do: Make indemnification mutual for mutual risks (breach of reps, negligence, third-party IP claims). Reserve one-sided indemnification for risks only one party controls.

8. Hidden Fee Escalation Mechanisms

“Pricing subject to annual adjustment based on CPI” sounds reasonable until you realize CPI has averaged 3-4% annually in recent years. Over a 5-year contract, that compounds to a 15-20% increase. Worse are clauses that allow unilateral price increases with a “take it or leave it” termination option.

What to do: Calculate total cost over the full contract term, including escalations. Negotiate caps on annual increases.

9. Payment Terms That Create Cash Flow Risk

Net-90 payment terms mean your client funds three months of work before seeing a dime. Combined with milestone-based payment (where the counterparty controls milestone acceptance), cash flow exposure can be devastating for small businesses.

What to do: Push for Net-30 or Net-45. Negotiate progress payments rather than milestone-based payments. Include late payment interest provisions.

10. Liquidated Damages That Function as Penalties

Liquidated damages clauses are enforceable when they represent a reasonable estimate of anticipated loss. When they’re disproportionate to actual likely damages, courts may strike them as unenforceable penalties — but that costs time and money to litigate. Under UCC Section 2-718, liquidated damages must be reasonable in light of anticipated or actual harm.

What to do: Compare the liquidated damages amount against realistic loss estimates. If it’s punitive rather than compensatory, negotiate it down or remove it.

Termination Red Flags (11-15)

11. No Termination for Cause Right

If your client has no right to terminate when the counterparty breaches, they’re trapped in a contract even when the other side isn’t performing. This is shockingly common in vendor-drafted agreements.

What to do: Insist on mutual termination for material breach with a reasonable cure period (typically 30 days for non-payment, 15 days for other material breaches).

12. Unreasonable Cure Periods

A 90-day cure period for material breach means your client must tolerate non-performance for three months before they can exit. For a critical vendor relationship, that’s an eternity.

What to do: Negotiate cure periods that match the severity and type of breach. Payment breaches: 10-15 days. Performance breaches: 30 days. No cure period for breaches of confidentiality or IP provisions.

13. Termination Penalties That Exceed Actual Damages

Early termination fees of “all remaining payments due under the contract term” are penalties disguised as damages. If your client terminates a 36-month contract after 6 months, they shouldn’t owe 30 months of fees for services they’ll never receive.

What to do: Negotiate reasonable wind-down fees (1-3 months of fees) rather than “remaining balance” penalties. Include termination for convenience provisions in long-term agreements.

14. Post-Termination Obligations That Survive Indefinitely

Survival clauses that state “Sections 5, 7, 9, 12, 14, 16, 18, and 21 shall survive termination” without any time limitation can create perpetual obligations. Confidentiality obligations surviving for 10 years may be reasonable; indemnification surviving forever is not.

What to do: Specify survival periods for each surviving section. Match the survival period to the nature of the obligation.

15. No Termination for Convenience

In long-term contracts, business needs change. Without a termination for convenience clause, your client may be locked into a 5-year agreement with a vendor they no longer need — paying full price for services that have become irrelevant.

What to do: Negotiate termination for convenience with 60-90 days’ notice in any agreement exceeding 12 months. Accept a reasonable early termination fee if necessary.

Intellectual Property Red Flags (16-19)

16. Overly Broad IP Assignment

An IP assignment clause that captures “all intellectual property created during the term of this agreement” — without limiting it to work created under the agreement — may sweep in your client’s pre-existing IP, side projects, and independently developed technology.

What to do: Limit IP assignment to work product created specifically under the contract. Require a schedule of pre-existing IP that’s explicitly excluded. For work-for-hire provisions, verify they meet the requirements of 17 U.S.C. Section 101.

17. Work-for-Hire Misclassification

Calling something “work made for hire” doesn’t make it so under copyright law. Work-for-hire status applies only to works created by employees within the scope of employment, or to specific categories of commissioned works where there’s a written agreement. Misclassifying the relationship can leave IP ownership unclear.

What to do: Verify the work falls within one of the statutory categories for work-for-hire. If it doesn’t, use an express assignment instead.

18. No License-Back After IP Assignment

When your client assigns IP to the counterparty (common in development agreements), they may lose the ability to use methods, processes, or technology they need for other clients. A license-back provision ensures your client retains the right to use the IP they created.

What to do: Negotiate a perpetual, non-exclusive, royalty-free license-back for any assigned IP that your client needs for their ongoing business.

19. IP Indemnification Gaps

If the counterparty is providing technology, they should indemnify your client against third-party IP infringement claims. If this indemnification is missing — or is capped at a trivially low amount — your client bears the risk of someone else’s IP problems.

What to do: Require IP indemnification from any party providing technology, software, or creative work. Ensure IP indemnification is carved out from general liability caps.

Liability and Risk Red Flags (20-25)

20. Missing Limitation of Liability

No liability cap means unlimited exposure. Period. According to Gartner’s research on legal technology, contract disputes over uncapped liability are among the most expensive commercial litigation categories.

What to do: Every commercial contract needs a limitation of liability. Our guide to contract clauses that cause costly mistakes breaks down how to draft effective caps.

21. Liability Cap Set Too Low

A $50,000 liability cap on a $2 million services engagement is worse than no cap at all — it gives your client a false sense of protection while effectively eliminating any meaningful remedy.

What to do: The cap should be proportionate to the deal. Common ranges: 1x-3x the contract value for services, 12-24 months of fees for subscription agreements.

22. Insurance Requirements Mismatched to Risk

If the contract requires $1 million in professional liability insurance but the liability cap is $5 million, the insurance doesn’t cover the exposure. These provisions need to work together.

What to do: Align insurance minimums with liability caps. Verify your client can actually obtain the required coverage. Negotiate mutual insurance requirements.

23. Force Majeure That’s Too Narrow or Missing

Post-2020, force majeure clauses deserve careful attention. A clause that only covers “acts of God, war, and government action” may not include pandemics, supply chain disruptions, or cyberattacks — events that have become routine business risks.

What to do: Ensure force majeure covers current realistic risks. Include pandemics, epidemics, cyberattacks, supply chain disruptions, and utility failures. Specify notice requirements and the right to terminate after a prolonged force majeure event.

24. One-Sided Consequential Damages Waiver

A mutual consequential damages waiver is standard. A one-sided waiver — where the counterparty excludes its liability for consequential damages but your client does not — is a red flag. Your client absorbs all indirect loss risk while the counterparty walks away.

What to do: Make consequential damages waivers mutual, or negotiate carve-outs for specific high-risk scenarios (data breach, IP infringement, confidentiality breach).

25. Dispute Resolution That Favors One Party

Mandatory arbitration in the counterparty’s home jurisdiction, with the counterparty selecting the arbitration provider, under rules that limit discovery — this is dispute resolution designed to discourage claims, not resolve them.

What to do: Negotiate neutral venue (or plaintiff’s choice). Ensure the arbitration provider is mutually agreed upon. Preserve the right to seek injunctive relief in court. Consider whether litigation is more favorable than arbitration for your client’s likely claims.

The 10 Most Commonly Missing Clauses

Missing clauses are harder to catch than bad clauses, because there’s nothing on the page to trigger your attention. Here are the provisions most often absent from contracts that should contain them:

Limitation of liability — Absent in roughly 15% of commercial contracts, per World Commerce & Contracting data
Termination for cause — The contract has termination for convenience but not for breach
Data protection / privacy provisions — Critical in any contract involving personal data
Insurance requirements — Common in services agreements to be left unaddressed
Representations and warranties — Vendor contracts that make no reps about service quality
Notice provisions — How to deliver notices, and to whom
Assignment restrictions — Your client’s counterparty sells the business, and suddenly they’re dealing with a stranger
Confidentiality provisions — In agreements that involve sharing proprietary information but lack a standalone NDA
Dispute resolution mechanism — Defaults to litigation in an unpredictable forum
Governing law — Two parties in different states with no choice of law provision is a recipe for conflict

For a detailed framework on catching missing clauses quickly, see our guide on how to review a contract in 10 minutes.

Red Flags by Contract Type: Quick Reference

Different agreements carry different risks. Here are the top five red flags specific to the most common contract types:

NDAs

Overbroad definition of “Confidential Information” (captures everything, including public knowledge)
Non-compete or non-solicitation riders hidden in confidentiality language
Perpetual confidentiality obligations with no exceptions
Missing standard exclusions (publicly available info, independently developed info)
One-sided obligations in what should be a mutual NDA

For a complete NDA review framework, see how to review a contract for NDA-specific issues.

Employment Agreements

Non-compete clauses that exceed state law limitations — California (Bus. & Prof. Code Section 16600) generally voids them, while Florida (Fla. Stat. Section 542.335) enforces them with specific requirements
IP assignment that captures personal inventions unrelated to employment
At-will language contradicted by termination-for-cause provisions elsewhere in the agreement
Clawback provisions for bonuses or commissions that are unreasonably broad
Arbitration clauses that waive the right to pursue statutory discrimination claims

Master Service Agreements (MSAs)

Indemnification that sits outside the liability cap (unlimited indemnification exposure)
Order of precedence clauses that make the MSA control over SOWs — even when the SOW was intended to override
Assignment restrictions that block your client’s ability to undergo an M&A transaction
Auto-renewal with 90-day notice requirements buried in the term section
Audit rights with unreasonable scope (financial records, client lists, internal communications)

SaaS Agreements

Data ownership provisions that give the vendor rights to aggregate or use customer data
SLA credits as the sole remedy for downtime (credits don’t compensate for lost business)
Unilateral right to modify terms, pricing, or features with minimal notice
No data portability or migration assistance on termination
Broad indemnification for “misuse” without clear definition of prohibited use

For AI-assisted SaaS agreement review, see our SaaS agreement review guide.

Vendor Agreements

Limitation of liability capped at “fees paid in the prior month” (trivially low)
Vendor’s right to substitute personnel without client approval
No service level commitments or performance metrics
Broad “change of scope” provisions that allow price increases without clear triggers
Termination provisions that require the client to pay for work-in-progress at full rate even upon vendor’s material breach

How Experienced Lawyers Prioritize Red Flags

Not all red flags carry equal weight. Senior transactional lawyers triage issues using a simple priority framework:

Priority	Criteria	Examples	Action
Critical	Financial exposure > 50% of deal value, or creates regulatory/malpractice risk	Uncapped liability, missing indemnification, IP assignment of pre-existing IP, non-compete violations	Must be resolved before signing. Walk away if counterparty won’t negotiate.
Important	Creates meaningful risk but manageable with negotiation	One-sided termination rights, unfavorable jurisdiction, weak cure periods, narrow force majeure	Negotiate. Accept only with client’s informed consent about the risk.
Minor	Technical issues unlikely to cause real-world problems	Imprecise but clear-enough language, non-standard formatting, minor definition inconsistencies	Note in your review memo. Flag for the client but don’t let it hold up the deal.

The formula: Likelihood of the issue arising x Magnitude of impact if it does = Priority level.

A perpetual survival clause on a minor non-solicitation provision in a low-value contract? Minor. Uncapped indemnification in a $5 million technology implementation? Critical. Adjust your attention accordingly.

How AI Contract Review Catches What You Miss

Even experienced lawyers miss 3-5 issues per contract review on average, according to a Stanford CodeX study on legal document review. Fatigue, time pressure, and the sheer volume of contracts that flow through a solo practice all contribute.

AI contract review tools don’t get tired at 11 PM. They don’t skip the definitions section because the client needs the markup by morning. They check every clause against a risk framework, every time.

Clause Labs runs this entire checklist — all 25 red flags plus missing clause detection — in under 60 seconds. Upload any contract and get a clause-by-clause risk report with severity ratings (Critical, High, Medium, Low) and specific recommendations for each flagged issue.

The AI handles the first pass. You apply the judgment, business context, and client-specific advice that no algorithm can replicate. That’s the workflow: AI does the scanning; you do the lawyering.

As the ABA’s guidance on technology competence (Model Rule 1.1, Comment 8) makes clear, lawyers have a duty to “keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” AI-assisted review isn’t replacing your judgment — it’s helping you meet your competence obligations.

For more on using AI ethically in contract review, see our guide on whether AI contract review is ethical.

Frequently Asked Questions

What’s the most commonly missed contract red flag?

Missing limitation of liability clauses. Lawyers tend to focus on what’s in the contract, not what’s absent. A contract with no liability cap exposes your client to unlimited damages — and according to Clio’s 2025 Legal Trends Report, contract disputes are a leading source of malpractice claims for solo practitioners.

How long should a thorough contract review take?

For a standard 15-25 page commercial agreement, budget 45-90 minutes for a complete review using the five-phase framework above. The 27-minute first pass catches structural and high-priority issues; the remaining time is for detailed clause-level analysis and drafting redline comments. AI tools can reduce the first pass to under 2 minutes, leaving you more time for substantive analysis.

Should I use a checklist for every contract review?

Yes — even if you’ve reviewed hundreds of contracts. Pilots use pre-flight checklists even after 10,000 hours of flight time. The point isn’t that you’ve forgotten how to review a contract; it’s that systematic process catches what memory and habit miss. The 25 red flags and 10 missing clauses in this article work as that checklist.

What if I find a critical red flag — do I redline or reject the entire contract?

It depends on the issue and your client’s leverage. For most critical red flags, a targeted redline with explanation is the professional approach. However, if the contract contains multiple critical red flags and the counterparty is unwilling to negotiate any of them, advising your client to walk away is legitimate counsel. Document your analysis either way.

How do I explain contract red flags to non-lawyer clients?

Translate legal risk into business impact using dollar figures. Don’t say “the indemnification clause is one-sided.” Say “this clause means if their product fails and a customer sues, your company pays the legal bills — which could be $50,000 to $500,000 depending on the claim.” Clients understand money. They don’t understand legal terminology. For tools that generate plain-English risk explanations automatically, try Clause Labs’s free analyzer — the Free tier includes 3 contract reviews per month with no credit card required.

This article is for informational purposes only and does not constitute legal advice. Consult a qualified attorney for advice specific to your situation.

February 23, 2026