Avoiding the Top 5 Contract Red Flags in IT Vendor Agreements

Why IT Contracts Are Particularly Risky

IT vendors write their own contracts. That sentence should give every buyer pause. Vendor paper is designed to protect the vendor: to maximise revenue, limit liability, create switching costs, and preserve pricing flexibility. Your job in negotiation is to rebalance this in favour of your business.

After reviewing hundreds of IT vendor agreements, we see the same problematic patterns emerge repeatedly. Here are the five you must address before signing.

Red Flag 1: Automatic Renewal with Short Notice Windows

A contract that auto-renews for 12 months with a 60-day cancellation notice window means you have exactly one 30-day window per year to exit — and if you miss it, you're locked in for another year. Many companies miss these windows simply because they don't know they exist.

Fix: Push for a 90-day notice period, or ideally, negotiate away the auto-renewal entirely in favour of explicit renewal confirmation. At minimum, set calendar alerts 120 days before every renewal date.

Red Flag 2: Uncapped Price Escalation Clauses

Some vendor contracts include annual price escalation clauses tied to CPI, the vendor's own published rate card, or — most dangerously — "at vendor's discretion." We've seen clients hit with 25–30% price increases at renewal because of uncapped escalation terms they didn't notice when signing.

Fix: Cap any price escalation at a fixed percentage (typically 3–5% annually). Remove any "at vendor's discretion" language entirely.

Red Flag 3: Data Portability and Exit Restrictions

What happens to your data when you leave? Some contracts make it difficult or expensive to extract your own data, format it for migration, or transfer it to a new system. This isn't accidental — it's a designed switching cost.

Fix: Insist on explicit data portability provisions: your data in a standard format, at no additional cost, within a defined timeframe upon contract termination.

Red Flag 4: Broad Liability Limitations

Standard vendor contracts typically cap their liability at the total fees paid in the preceding 12 months — often a fraction of the actual damage a system failure or data breach could cause your business. This is particularly problematic for critical infrastructure or systems handling sensitive data.

Fix: Negotiate appropriate liability caps based on the actual risk to your business. For critical systems, push for liability caps of 2–3x annual contract value, and ensure carve-outs for data breaches and gross negligence.

Red Flag 5: Unilateral Right to Modify Terms

Some SaaS agreements include clauses allowing the vendor to modify terms of service, pricing, or functionality with as little as 30 days notice, with continued use constituting acceptance. This is a blank cheque.

Fix: Insist that material changes to pricing or core functionality require your written consent. If the vendor won't remove the unilateral modification right, negotiate a termination right triggered by any material adverse change.