Terms.Law CA Bar #279869

AI Vendor Contract Red Flag Scanner

Tap each clause that appears in your AI vendor agreement (OpenAI, Anthropic, Google, AWS Bedrock, Azure OpenAI, Mistral, Cohere, etc.). Output: red / yellow / green flags across the 10 categories that decide whether the contract is enterprise-safe.

Vendor terms change frequently. This is a triage checklist, not a live database of current vendor terms. Last reviewed: 2026-05-10.

Tap each clause that is in the contract

If a clause is in your contract or in the vendor's standard terms, tap it. The output flags the categories that need negotiation, addendum, or escalation.

1. Training data — vendor reserves the right to train models on your inputs / customer data
RED FLAG. Most enterprise tiers (OpenAI Enterprise, Anthropic Enterprise, Azure OpenAI default) do not train on inputs. If your tier does, you need a written opt-out, an addendum, or a different tier.
2. Confidentiality — vendor does not commit to confidentiality of your inputs and outputs
RED FLAG for B2B. Your customers expect confidentiality flow-through. If the vendor will not commit, your downstream MSA is exposed.
3. Output ownership — vendor claims rights to output, or output ownership is unclear
RED FLAG. Output ownership should explicitly transfer to the customer (you) for AI-generated content used in your product or workflows.
4. Indemnity — vendor does not indemnify against IP infringement claims on output
RED FLAG (now a deal-breaker for many enterprise customers). OpenAI, Anthropic, Google, Microsoft all offer copyright indemnification on enterprise tiers. If yours does not, request it or change tier / vendor.
5. Liability cap — vendor cap is below 1x annual fees
RED FLAG. Enterprise standard is 1x-2x annual fees minimum, with carve-outs for IP, confidentiality, and gross negligence. Anything lower is unusual.
6. Audit / SOC 2 — vendor does not provide SOC 2 reports, ISO 27001, or audit rights
RED FLAG for any enterprise sales. Procurement teams require attestation. If vendor refuses, your downstream sales pipeline is at risk.
7. Customer disclosure — your MSA does not disclose this AI vendor as a sub-processor
RED FLAG. GDPR, CCPA, and most enterprise MSAs require sub-processor disclosure. The AI Use Addendum updates the sub-processor list.
8. Regulated data — vendor restricts PHI, financial, or other regulated data, but you process that data
RED FLAG. OpenAI standard tier does not allow PHI. Anthropic standard tier has similar restrictions. If you process regulated data, you need a healthcare-specific tier (Azure OpenAI Service with BAA, AWS Bedrock with BAA, etc.).
9. Vendor lock-in — vendor terminates for convenience with less than 30 days notice, or migration support is absent
YELLOW FLAG. Short-notice termination creates business-continuity risk. Negotiate longer notice, transition assistance, or fallback vendor relationship.
10. Prohibited use conflicts — vendor's prohibited-use policy bars uses you actually need (e.g., legal advice, medical advice, automated decisions)
RED FLAG if it conflicts with your product. OpenAI, Anthropic, and Google all have specific prohibited-use lists. Your product cannot rely on a vendor whose ToS prohibits it.
Risk score

This is a triage tool. The actual contract review ($1,500 flat fee) reads the agreement, identifies the negotiable terms, drafts redline language, and prepares the negotiation memo.

How to use this scan

The scanner is built around the 10 categories that most often determine whether an AI vendor contract is acceptable for downstream enterprise customers and regulated workloads. Most major AI vendors (OpenAI, Anthropic, Google, AWS Bedrock, Azure OpenAI Service, Mistral, Cohere) have evolved their enterprise tiers to address most of these, but the standard / self-serve tiers often retain default terms that fail enterprise scrutiny.

If multiple red flags fire, the contract should be either (a) negotiated, (b) replaced with a different tier or vendor, or (c) addressed through an AI Use Addendum that flows correct terms downstream to your customers. The $1,500 AI Vendor Contract Review handles option (a). The $2,000 AI Use Addendum + DPA Update handles option (c).

Reference: vendor enterprise tiers worth checking

If your vendor is on a standard / consumer / self-serve tier, the enterprise tier is usually the negotiation target rather than redline of the standard terms.

Vendor reference table last reviewed 2026-05-10. AI vendor terms change frequently, confirm against the current vendor agreement before relying on this summary.

Screening tool only. Not legal advice. Sergei Tokmakov, Esq. · California State Bar #279869.