SaaS
SaaS lock-in clauses: a field guide for AI contracts
The MSA arrived as a 47-page PDF at 17:42 on a Thursday. The procurement lead had until Monday morning to sign. We were brought in for a four-hour redline.

The MSA arrived as a 47-page PDF at 17:42 on a Thursday. The procurement lead at a Rotterdam logistics company had until Monday morning to sign. The contract was for an AI agent that would triage their support inbox. Headline price: €4,200 per month. They had already done the demo, met the AE twice, and built the business case. They wanted to sign. The lock-in risk sat on page 31, and on pages 14, 22, and 39.
We were brought in for a four-hour redline. We flagged eleven clauses. They signed seven days late, with eight of those clauses renegotiated. Total exposure removed: somewhere north of €600,000 over three years.
This is the list, ranked by the order procurement almost always misses on a first read. We have walked the same path with eighteen sub-€20M Dutch buyers over the past two years.
What vendor lock-in actually looks like in 2026
Lock-in is rarely a single clause. It is the compound interest of seven small concessions, plus one or two big ones that nobody flagged because they were on page 31.
For AI-agent contracts specifically, the problem has gotten worse. The vendor is selling you a wrapper around a model they do not own, hosted on infra they do not own, trained on data you do not control. Their contract has to allocate that risk somewhere. Usually that somewhere is you.
The eleven clauses below show up across the major AI platforms (OpenAI, Anthropic, Google Vertex) and the wave of smaller agent-platform vendors. The order is empirical: it reflects which clauses our clients missed on first read, not which ones are most expensive in absolute terms.
1. Auto-renewal with a 90-day notice window
The most-missed clause, every time. Buried under Term near the back. The contract auto-renews for the original term (usually 12 or 24 months) unless you give notice no fewer than 90 days before the end of the then-current term.
Procurement reads 12 months in the cover sheet and diaries a reminder for month 11. By month 11, you are already locked in for another full term.
Dutch consumer law (Wet Van Dam) shortened notice periods for consumers. B2B contracts are explicitly excluded. You get the contract you negotiate. We push for 30-day notice on month-to-month after the initial term, or a hard cap of 30 days on annual renewals.
2. Training rights on customer prompts and outputs
Hidden in the DPA, not the MSA. Often a single sentence: Provider may use Customer Data in aggregated and anonymized form to improve the Services.
Anonymized is doing a lot of work in that sentence. If your support agent processes customer emails containing names, order numbers, and complaint text, those embeddings have to live somewhere. The vendor's idea of anonymized rarely matches what the AVG actually requires.
Ask for an explicit opt-out. Most major vendors offer one but do not surface it. OpenAI's enterprise privacy page documents the opt-out for the Platform API, but the standard order form will often default the other way unless you raise it.
3. Model deprecation with 30-day notice
A newer clause, almost nobody flags it. The vendor reserves the right to retire model versions on 30 days' written notice. If you have fine-tuned on gpt-5.2-turbo-2026-03 and the vendor retires it, you have 30 days to migrate.
This breaks production. We have watched it happen twice in 2025. The migration is never just point to the new model. Prompts behave differently. Output schemas drift. The agent that handled 92% of your invoice queries last quarter handles 71% next quarter, and you find out from a customer.
Push for a 180-day deprecation window, or a contractual commitment to host the prior version at agreed pricing for the remainder of the term.
4. Unilateral price increases tied to input costs
The phrase to search for is may adjust pricing. Sometimes to reflect changes in underlying infrastructure or model provider costs.
Translation: when the vendor's API costs go up, yours go up. When their costs go down (they do, regularly), yours stay flat. We have not seen a single AI-agent contract that flows compute deflation through to the buyer automatically.
Counter: cap annual increases at CPI, or at a fixed percentage. Five percent is the number most vendors will accept. Make it bilateral by tying it to vendor cost movements in either direction.
5. Sub-processor change with a 14-day objection window
Standard SaaS clause, now actively dangerous for AI vendors.
The vendor reserves the right to add new sub-processors (read: a new model provider, a new vector DB, a new hosting region) on 14 days' notice. If you object, your only remedy is to terminate.
For an AI agent, the sub-processor list is the system architecture. A vendor switching from one model provider to another mid-term is a material change to what you bought. EDPB guidance on sub-processor changes sets a floor, but vendors routinely write tighter terms. Push for 60-day notice and a real termination right with pro-rata refund.
6. Liability cap at 12 months of fees
Almost universal. Almost always under-negotiated.
Twelve months of fees on a €50k per year contract is €50k. If the AI agent leaks customer data, your AVG exposure starts at €20,000 in legal fees before you have finished reading the breach notification.
Push for liability caps decoupled from contract value for data-protection breaches and IP infringement. €1M is the floor we negotiate on contracts above €30k per year.
7. IP indemnity with a generative-output carve-out
Read the indemnity section. Then read it again, specifically for the carve-outs.
The standard pattern: Provider will indemnify Customer against third-party claims that the Services infringe, except where such claim arises from Output generated by the Services in response to Customer prompts.
The carve-out makes the indemnity worthless for the actual risk. If your AI agent generates marketing copy that infringes a third-party copyright, you are on your own. Most major vendors now offer a real IP indemnity for output (often called copyright shield or similar) but it is usually opt-in and conditional on safety filters being on. Get the indemnity in writing. Verify the conditions are operationally feasible.
8. Usage-based billing without a spend cap
The vendor bills per agent action, per token, per task completed. There is no monthly maximum.
An agent stuck in a loop because of a bad prompt template can burn through €15,000 in a weekend. We have seen €11k. We have heard of higher. Push for a hard monthly cap with automatic throttling. Most vendors will agree to a soft cap with notification. Insist on a hard cap with the ability to set lower spend ceilings via the admin console.
9. Termination assistance scoped to reasonable cooperation
You terminate. Now what? The contract says the vendor will provide reasonable cooperation to migrate your data.
Reasonable cooperation is whatever the vendor decides it is. We have seen it interpreted as we will email you a CSV of your prompt history. We have seen it interpreted as we will provide one engineer for up to four hours.
Push for a defined transition services obligation: data export in a documented format, retention of access for 90 days post-termination, and a fixed-rate option for engineering assistance during migration.
10. Audit rights you cannot actually exercise
The MSA gives you the right to audit. The DPA says audits are conducted by an independent third-party auditor mutually agreed in writing, no more than once per year, at Customer's expense, on 60 days' written notice.
The audit right exists on paper. In practice, you would spend €40k to exercise it on a €50k contract. The vendor knows this. So do you, on a second read. Push for the right to accept the vendor's SOC 2 Type II report in lieu of an independent audit, with a documented gap-remediation process. That is what you actually want anyway.
11. Force majeure including third-party service provider failures
Hidden at the back. The vendor disclaims liability for outages caused by their sub-processors (read: the model provider).
When the model provider has a 14-hour outage, your AI agent stops working. Your customers cannot reach support. The vendor invokes force majeure and you have no SLA credits. Push for SLA credits to apply regardless of root cause. The vendor's argument is that they cannot control their upstream. The counter is that they chose their upstream, and that choice is part of what you bought.
A five-minute audit you can run on Monday
Open the MSA and DPA in two tabs. Search for these terms in order:
notice
renew
price
sub-processor
deprecat
liability
indemnif
force majeure
transition
audit
aggregated
If you find a clause for each, you have the full picture. If you cannot find one, it is either missing (a problem) or hidden under a non-standard label (also a problem). The terms above are the most common phrasings across the eight major AI-platform contracts we have reviewed in the past eighteen months.
The first three clauses on this list (auto-renewal notice, training rights, model deprecation) account for roughly 60% of the lock-in cost we have negotiated out of AI-agent contracts. Read those three first, every time.
The current market still favors vendors. The EU AI Act is shifting some of that, especially around documentation and risk classification, but contract terms remain a place where the buyer has to do their own work. The vendors' lawyers have already done theirs.
When we built the contract-review agent we use internally, the hardest part was teaching it to flag indemnity carve-outs that were drafted to look like coverage. We solved it by training on twenty-three of our own past redlines and verifying every flag against a human reviewer for the first sixty contracts, which is the same human-in-the-loop pattern we ship in our AI agents practice.
Before you sign anything next week, run the eleven-term search above on the contract on your desk right now. If you find more than three of these patterns unmodified, get a second pair of eyes on it before Monday morning.
Key takeaway
The first three clauses (auto-renewal notice, training rights, model deprecation) account for about 60% of the lock-in cost in AI-agent contracts. Read those first.
FAQ
What is the single most-missed clause in AI-agent SaaS contracts?
Auto-renewal notice windows. Ninety days is standard, and procurement typically diaries the renewal for month 11 of a 12-month term, missing the window by several weeks and triggering another full term.
Do AI-specific contracts need different review than regular SaaS?
Yes. Model deprecation, training rights on prompts, and sub-processor changes (which often mean a new model provider) are AI-specific risks that standard SaaS templates do not cover.
How long does a useful contract redline take for a sub-€20M buyer?
Four hours of legal review plus two hours of engineering input is usually enough to cover the eleven clauses in this post and produce a redline the vendor will engage with.
Can Dutch consumer protection law (Wet Van Dam) help with auto-renewal traps?
No. Wet Van Dam shortens notice periods for consumer contracts only. Business-to-business contracts are explicitly excluded, so notice terms are whatever you negotiate in the MSA.