Effective Communication With Vendors

The most dangerous clauses in vendor contracts aren’t the ones you fight over. They’re the ones you skim past—(em dash mine 😑) the “standard” terms that seem harmless until they explode. Just ask Morgan Stanley. Overlooked contractual gaps turned a vendor’s mishandling of client-data-bearing equipment into hundreds of millions in fines, settlements, and penalties for Morgan Stanley. I have identified some top of mind examples: #1: The Subcontracting Black Hole Most vendor contracts include innocent-looking language like: "Vendor may engage subcontractors as necessary to perform services." The problem: You have zero visibility into who's actually handling your sensitive data or critical operations. What Morgan Stanley missed: Their vendor subcontracted the actual data destruction to an unqualified third party. The fix: • Require prior written approval for all subcontractors • Mandate the same security/compliance standards flow down • Include right to audit subcontractors directly • Cap subcontracting to specific, pre-approved functions #2: The Liability Cap Loophole Standard cap: "Vendor's liability limited to fees paid in preceding 12 months." The hidden trap: This covers the vendor's mistakes but not the regulatory fines, customer lawsuits, and reputational damage you'll face. What to negotiate: • Separate caps for different types of damages • Higher caps for data breaches and regulatory violations • Unlimited liability for gross negligence and willful misconduct • Minimum insurance requirements that match your actual risk exposure #3: The Termination Cost Surprise Innocent clause: "Upon termination, vendor will assist with transition for 30 days." The trap: No mention of data extraction, migration costs, or knowledge transfer requirements. Real example: A SaaS company switching CRM vendors discovered "transition assistance" meant read-only access to export screens. Manual data extraction cost $47K in consulting fees. Protection strategies: • Define data export formats and timelines • Cap termination assistance fees • Require knowledge transfer documentation • Include escrow provisions for critical operational data #4: The Change Order Cash Grab Standard language: "Any modifications require mutual written agreement." The hidden cost: No controls on pricing for change orders or scope creep. Pattern I see: Vendors lowball initial proposals then recover margins through change orders priced at 200-400% markup. The armor: • Cap change order pricing as percentage of original contract value • Require detailed justification for scope changes above set thresholds • Include right to third-party validation for major change orders • Build in quarterly spend reviews with automatic triggers The point is, most "standard" vendor contracts are written to protect vendors, not you. Don't let your "standard" vendor agreement become someone else's cautionary tale. Dig deep. #VendorManagement #ContractReview #RiskManagement

AI contracts may look like SaaS agreements on the surface—but under the hood, the terms around data use can diverge significantly. According to TermScout data featured in my recent Law.com article, 92% of AI vendor contracts grant providers broad rights to customer data, compared to 63% across broader SaaS agreements. That’s a meaningful gap—one that’s worth examining more closely. Often, vendors include language like “performance improvement” or “aggregated analytics” to support model development and service enhancements. These clauses aren't inherently problematic—but without clear boundaries, they can lead to unintended outcomes, such as reuse of customer data for broader commercial purposes. If you’re reviewing or negotiating an AI contract, here are a few ways to strike a more thoughtful balance: • Align data rights with purpose. Define use narrowly to what's essential for service delivery, and clarify what “improvement” really means. • Address training and reuse upfront. Consider whether your organization is comfortable with its data being used to train models that power other customer experiences. • Plan for offboarding. Set clear expectations for data deletion, retention, and anonymization when the relationship ends. • Clarify aggregation. “Aggregated and anonymized” data often lives in a gray area—define how it can and can’t be used. These are not just hypothetical concerns. In highly regulated industries like healthcare and finance, vague terms around data rights can carry real risk—both legal and operational. That’s why we’re taking this conversation further in: AI Contracts Explained – Episode 5 — link in the comments 🗓 Friday, April 4, 2025 🕛 12 PM ET | 9 AM PT on LinkedIn Live With: • Laura Frederick, CEO of How to Contract • Linsey Krolik, Professor at Santa Clara Law • Will Dugoni, Head of Commercial Legal at Webflow We’ll walk through actual contract language and share strategies for building balanced, future-ready agreements. This post draws on data and insights from a Law.com article—link in the comments. As data becomes the engine of innovation, protecting its use in contracts isn’t about control—it’s about clarity. Will you be tuning in? -------- 🚀 Olga V. Mack 🔹 Building trust in commerce, contracts & products 🔹 Sales acceleration advocate 🔹 Keynote Speaker | AI & Business Strategist 📩 Let’s connect & collaborate 📰 Subscribe to Notes to My (Legal) Self

"Remove all throat clearing." Great advice for anyone who writes legal texts in English. But... If English is not your mother tongue, you might not know what that means. Or, if you know what it means, you might not know what tangible steps you can take to remove throat clearing from your writing in English. So let's break it down. 🔍 First, what is throat clearing in legal writing? It's the unnecessary introduction or inclusion of prefatory material that doesn't add value to your argument or analysis. In plain English, it’s using a lot of unnecessary words before getting to the point. Why should you avoid it? 👉 It can make your writing vague. 👉 It often includes generic background information that your reader doesn't need to know (while obscuring important information that your reader might need instead). 👉 It sometimes relies on overly broad generalizations that weaken your argument. 🧠 What do you need to know about legal English to know how to remove throat clearing from your writing? 👉 Legal English typically uses fewer words than its counterparts in other languages, like Romance languages. So very long sentences are hard to follow. 👉 Even though legal English is more formal than ordinary English, you don't need to use long-winded phrases to introduce new ideas or connect previous ideas in your writing. We use pointing words, conjunctions, and other linguistic tools for that instead. 👉 Legal English prioritizes clarity and precision, meaning every word should serve a specific purpose. What can you do to remove throat clearing when English is not your mother tongue? 👉 Start with the Main Point: Begin your paragraphs and sentences with the core idea or argument. ❌ Instead of this: "Since ancient times, the legal system has been a complex web of rules and regulations. This brings us to the issue of liability in contractual agreements." ✅ Do this: "The issue of liability in contractual agreements is crucial in this case." 👉 Use Active Voice and Concise Language: Write in the active voice and be concise. ❌ Instead of this: "It is important to understand that the contract was breached by the defendant." ✅ Do this: "The defendant breached the contract." 👉 Revise with a Focus on Brevity: After writing, review your work to identify and eliminate any redundant phrases, vague statements, or unnecessary background information. ❌ Instead of this: "In light of the fact that the plaintiff did not receive the goods on time, which is a key issue that we must consider in this case, it is clear that a breach of contract has occurred." ✅ Do this: "The plaintiff did not receive the goods on time, resulting in a breach of contract." 📍 Need legal English conversation or writing classes for yourself or your firm? DM me. In the meantime, want to enjoy my free stuff? Follow me, Paula Klammer, and hit the 🔔 for more content like this.

My $50k Mistake: The "Right to Audit" Trap. Early in my career as a CISO, I thought I had our SaaS vendor contracts locked down. I insisted on a Right to Audit clause in every SLA. I felt protected—until I actually tried to use it. I triggered an audit for a critical data processor after a minor compliance scare. That’s when I realized my "gold standard" clause was actually a paper tiger. The Mistake: Being Too Vague I had fallen for the "Standard Legal Template." My clause simply said: "The Customer has the right to audit the Vendor’s security controls annually." Why that failed miserably: The "Pay to Play" Surprise: The vendor pointed to the fine print. While I had the right to audit, I hadn't defined who paid. They slapped us with a "support fee" of $200/hour just to talk to their engineers. The Scope Creep: Since I didn't define what could be audited, they restricted us to a single conference room and "sanitized" PDF exports. No live system access, no direct logs. The Notice Period: I didn't specify a timeline. They exercised their right to "mutual convenience," pushing my "urgent" audit back by four months. The Lesson: Precision > Permission A Right to Audit is worthless if it’s not executable. Now, I never sign an SLA without these three specifics: Cost Transparency: Explicitly state that each party bears its own costs, or cap the vendor's audit support fees upfront. The "Bridge" Clause: Accept SOC2 Type II or ISO 27001 independent reports in lieu of a physical audit to save time, but reserve the right to "drill down" if those reports show gaps. Defined Scope: List exactly what is on the table—data center tours, specific log types, or interviews with key security personnel. The Bottom Line: Don’t just check the box on "Audit Rights." If you don’t define the how, when, and how much, you don’t actually have the right—you have a bill waiting to happen.

"Each of Vendor and Client shall indemnify the other for any third party claims arising out of the Services." For some of you, the #ContractTrap in that statement seem obvious. But sadly, I still see language like this a fair amount. The problem is that it's not clear at all which party is indemnifying the other. If Vendor gets sued for IP infringement based on Client's use of the Services, is Client supposed to indemnify Vendor? If Client gets sued for the same thing, is Vendor supposed to indemnify Client? And what if they both get sued (as often happens)? Are they each indemnifying the other? None of this makes much sense. And when things don't make sense, you don't know how they will play out if there's a dispute. I suspect that the way this language appears is that someone's template has a broad indemnity in their favor - e.g., "Vendor shall indemnify Client for any third party claims arising out of the Services." And then the Vendor demands that clause be made mutual, resulting in the problematic language. So what do you do instead? Think about what each party really should be indemnifying the other for, and specify that. If it makes sense for both parties, the fix could be as simple as "Each party shall indemnify the other for claims relating to the Services to the extent arising out of the actions or wrongful omissions of such party." Sometimes it's more complicated - you may want to specify certain claims (e.g., IP infringement) as the risk of one party and other claims (e.g., data security) as the risk of the other. But whatever you do, don't wind up in a situation where each party is indemnifying the other for the very same claim! #contracts #inhousecounsel

What Is Contra Proferentem? Contra proferentem is a foundational principle in contract law, derived from Latin and meaning “against the offeror” or “against the drafter.” It holds that when a contract clause is ambiguous, open to more than one reasonable interpretation, that ambiguity will be construed against the party who drafted the clause. This rule acts as both a legal safeguard and an incentive: it promotes fairness in contractual relationships and encourages the drafting party to use clear, precise language, particularly when there is an imbalance in bargaining power. In the construction industry, where contracts routinely encompass intricate technical specifications, schedules, payment mechanisms, and risk allocations, ambiguities are not uncommon. Disputes often arise over vague or conflicting wording in provisions such as force majeure events, liquidated damages, or the definition of the scope of work. In such cases, courts and arbitral tribunals frequently apply the contra proferentem doctrine. Since owners or their consultants typically prepare the contract documents, often based on standard forms like FIDIC, AIA, or NEC, they bear the responsibility for ensuring clarity. If a term is found to be unclear or internally inconsistent, the interpretation will generally favor the non-drafting party, usually the contractor or subcontractor. For engineers and construction professionals engaged in contract administration, understanding contra proferentem is not just a legal nicety, it’s a practical necessity. Ambiguities in critical terms like “practical completion,” “approved materials,” or “entitlement to time extensions” can trigger costly disputes, project delays, or unintended liabilities. Therefore, when reviewing or contributing to contract documents, professionals should proactively identify and address unclear language, advocating for explicit, unambiguous wording that protects all stakeholders and supports project success. In essence, contra proferentem is far more than a legal doctrine, it’s a professional imperative. In an industry where contracts govern everything from financial exposure to public safety, the precision of language is not optional; it’s a core element of responsible engineering and project leadership.

Flow-down risk has always been a challenge in supply chain contracts. But has become a more urgent issue with AI contracts. The fast pace of change and the lack of contracting leverage make this a tough risk to manage. Flowing down obligations to a vendor requires that we make sure our AI product vendors are complying with the restrictions and obligations we agreed to with our own customers. That means if we agreed to deletion in 30 days, the vendors we use to provide the service to the customer must do so as well. In our dream world, that would happen for all our contractual relationships. But we live in the real world with good-enough contracting and managing impossible risks. So if we can't create a perfect flow-down world, where should we prioritize our efforts? This will always be a "it depends" answer, but here are my four critical areas: 1. Definitions - We have to make sure that the defined terms used in our customer obligations match the obligations made to us by our vendors. Pay attention to the specific definition language, any carve-outs, and what data types are covered. Make sure your vendor contracts are mirroring those. For one-to-one flow downs (meaning the vendor’s scope is limited to one customer), use the exact same language. 2. Data Deletion Requirements - Vendors interpret "delete your data" differently. Does it mean permanent erasure? Within what timeframe? From all systems including backups? Rather than assume they understand, make it verifiable by requiring an affirmative confirmation of deletion within 30 days of written request. 3. Data Usage - Be explicit in your vendor contracts about data usage limitations. Decide if it is worth adding any special or unique customer requirements in your standard vendor contracting documents. It may be easier to remove it from your standard terms when it doesn't apply than to affirmatively insert it each time it does. 4. Security Standards - Make sure that the security frameworks you require in your vendor contracts align with what customers require. When the customer requires an updated or different standard, make sure that is passed down to your vendors too. What others should be added? Which are your top four? #Contracts #AIContracts

The biggest risk your company faces Is the ambiguity hiding inside your contracts. Why? Because uncertainty does not just cause confusion — it causes conflict. I have seen it firsthand: → Agreements fall apart because a single clause was open to interpretation → Projects stall when deliverables are unclear → Trust fades when expectations are misaligned And when things go wrong: → You lose money → You lose time → You damage relationships you worked years to build It is not the complexity of law that causes these issues. It is the absence of legal precision. Over my 24 years in legal leadership, I have seen this truth play out across industries. Here is what legal precision actually looks like: 1/ Define everything – Never assume the other party understands your intent – Spell out responsibilities, terms, and outcomes in exact language 2/ Use plain language – Legal does not have to mean complicated – Clear communication protects everyone involved 3/ Anticipate edge cases – Think beyond the best-case scenario – Define what happens if things change, delay, or derail 4/ Align legal with business – Legal is not a blocker — it is a builder – Involve legal teams early to build stronger and scalable agreements 5/ Build trust with clarity – Nothing builds confidence like knowing where you stand – Precise contracts reflect mutual respect and foresight Ambiguity invites risk. Precision builds resilience. 📌 Start seeing your legal team as a strategic asset, not a safety net. P.S. What is one legal lesson you have learned the hard way? ♻️ Repost to remind others that clarity is protection ➕ Follow @Priyadarshi Sidhartha for more governance insights #LegalLeadership #CorporateLaw #GovernanceExcellence #ContractManagement #BusinessStrategy #CXOInsights #LegalPrecision #RiskMitigation

The Supreme Court of Pakistan's recently in its landmark decision Universal Insurance Company vs. Karim Gul (2021 CLD 1189) held that where there is a doubt about the meaning of a contract, the words will be construed against the person who put them forward under the rule of contra preferentum. The contra proferentem rule, a fundamental principle in contract law, serves as a protective measure against ambiguous contractual clauses. This rule, translating to "against the offeror" in Latin, is enforced when a contract clause is unclear and could potentially harm one party. Here are some key insights: Understanding Contra Proferentem: This rule states that any ambiguous clause should be interpreted against the interests of the party that created, introduced, or requested its inclusion. It's designed to prevent one party from exploiting vague language to their advantage, thereby ensuring fairness in contractual agreements. Application and Enforcement: Courts follow a multi-step process to determine if the Contra Proferentem Rule applies. They first assess if a clause is ambiguous enough to cause uncertainty. If so, they then attempt to discern the drafter's intent at the time of contract formation. If the intent remains unclear, the rule is applied, and the court rules in favor of the innocent party. Implications in Various Industries: This rule is applicable across all contracts, but it's particularly relevant in industries like insurance, where contracts are typically drafted solely by one party. For instance, an insured party may invoke this rule if they believe an insurance clause is intentionally vague to avoid claim payment. The rule of contra preferentum underscores the importance of clear and precise language in contract drafting. It is critical to note though that while the contra proferentem rule serves as a safeguard, it's not a substitute for clear, fair, and mutually beneficial contract terms. Therefore, when drafting contracts sufficient details with clarity must be incorporated to avoid ambiguities. This is particularly important where one of the parties is in a more dominant position that typically drafts the contract. #ContractLaw #ContraProferentem #LegalInsights #FairContracting #LegalClarity

- How a Missing Comma Resolved a Million-Dollar Dispute: The Power of Precision in Legal Language In OM Sai Nath Developers Pvt Ltd v. Akhil Bhartiya Vyapar Mandal, the Supreme Court of India faced an unusual problem. The case centered on a contract dispute, where a single missing comma led to vastly different interpretations of a key clause. The issue? A clause that read, “All items listed, including labor charges, shall not exceed 15% of the total project cost.” Without a comma after "listed," one party argued that the cap applied only to "labor charges," while the other insisted it capped all costs. The court sided with the latter interpretation, stressing the need for precision in legal drafting. This ruling became a landmark reminder for all legal professionals: language is law’s backbone. The case underlined that even a tiny punctuation mark could have massive financial implications. This decision is a perfect example of why every word—and comma—matters in legal documentation. It’s a lesson for all of us, especially lawyers, to remember the power of precision in our work.