Executive Director's Field Guide to AI Vendor Contracts

While every AI vendor contract is unique, certain provisions appear in virtually all agreements and deserve your careful attention. Understanding what these clauses mean and how they affect your organization is essential for protecting your interests. Let's examine the most critical provisions you'll encounter and what to look for in each.

The data provisions in your AI contract are arguably the most consequential for nonprofit organizations. These clauses determine what the vendor can and cannot do with your organization's data, including information about your beneficiaries, donors, programs, and operations. The default terms in many vendor contracts grant surprisingly broad rights to use your data in ways you might not expect or approve of.

At minimum, your contract should clearly distinguish between different types of data usage. First, there's the operational use of data—the vendor needs to process your data to provide the service you're purchasing. This is expected and appropriate. Second, there's the potential use of your data to improve the vendor's AI models, either specifically for your instance or for their broader product. This is where you need to pay close attention and potentially push back.

Many AI vendors include language stating they can use your data to "improve the service" or "train and refine our models." While this might sound reasonable, it could mean your organization's sensitive information is being used to enhance the vendor's product for all their clients, including potentially your competitors for funding or your peers serving similar populations. Worse, if the training process isn't properly isolated, insights about your operations or beneficiaries could theoretically leak into outputs provided to other organizations.

Pay particular attention to provisions about "anonymized" or "aggregated" data. Vendors often reserve the right to use such data without restriction, arguing it doesn't identify your organization or individuals. However, modern data science has shown that supposedly anonymized data can often be re-identified when combined with other data sources. For nonprofits working with vulnerable populations—survivors of domestic violence, individuals with mental health conditions, undocumented immigrants, or at-risk youth—even aggregated data could pose risks if it reveals patterns about your service delivery or client demographics.

Your contract should also address what happens to your data when the relationship ends. Can you easily export it in a usable format? How long does the vendor retain it after termination? Is it truly deleted from all systems, including backups and training datasets? Without clear data deletion provisions, you might find your organization's information persisting in the vendor's systems indefinitely, continuing to train their models and potentially exposing your stakeholders long after you've moved to a different solution.

Intellectual property provisions in AI contracts can be surprisingly complex, particularly around the question of who owns what the AI system creates. Unlike traditional software where you clearly own the documents you create using the tool, AI-generated content exists in a legal gray area that your contract needs to address explicitly.

Consider a nonprofit using an AI writing assistant to draft grant proposals, create program descriptions, or generate donor communications. Who owns the resulting text—you, the vendor, or no one? What if the AI draws on copyrighted material in its training data and produces output that inadvertently infringes someone else's copyright? Who bears the liability? Many vendor contracts are silent on these questions or include language that's ambiguous at best and unfavorable to you at worst.

Your contract should clearly state that you own all outputs generated by the AI system when using your data and prompts. The vendor might resist giving you exclusive ownership, particularly if they want to showcase impressive outputs as marketing examples. In such cases, negotiate for joint ownership or at minimum a broad license to use the outputs for your mission purposes without restriction, while the vendor can use them only for limited marketing purposes with your explicit approval.

Another important IP consideration is what happens to customizations you build on top of the vendor's platform. If you invest staff time and resources creating custom workflows, training the AI system on your specific terminology and processes, or developing integrations with your other systems, that intellectual property should belong to you. At minimum, you should have the right to extract and reuse these customizations if you switch to a different vendor, rather than starting from scratch.

Be particularly cautious about provisions that give the vendor ownership of "improvements" or "enhancements" to their system that arise from your use. While vendors legitimately own their core technology, they shouldn't automatically own innovations that your team develops. For instance, if your staff identifies a novel way to use the AI tool for program evaluation or creates a unique prompt library that makes the system more effective for nonprofit use cases, your organization should retain rights to that intellectual property.

Service Level Agreements (SLAs) are standard in software contracts, but AI systems require specialized performance metrics beyond simple uptime guarantees. Traditional SLAs typically promise that the system will be available 99.9% of the time, with financial credits if the vendor fails to meet this threshold. While uptime is important, it doesn't address the unique performance concerns with AI systems.

For AI tools, you also need to consider accuracy, consistency, bias metrics, and response quality. An AI system might be technically "available" but producing unreliable outputs, exhibiting bias in its recommendations, or degrading in performance as underlying models are updated. Your SLA should include metrics relevant to your specific use case, with clear measurement methodologies and consequences for failures.

For example, if you're using an AI system to screen grant applications, your SLA might include accuracy metrics (how often does the AI's assessment match expert human review?), bias metrics (are applications from certain demographic groups consistently rated differently?), and consistency metrics (does the same application receive similar ratings when submitted multiple times?). These performance standards are far more relevant to your mission than simple uptime percentages.

Your contract should also address what happens when the AI system fails to meet performance standards. Financial credits are common, but they may not adequately compensate you for operational disruptions or mission impact. Depending on how critical the AI tool is to your operations, you might negotiate for the right to revert to a previous version if an update causes problems, access to dedicated support resources during performance issues, or the ability to terminate without penalty if problems persist beyond a specified timeframe.

Don't overlook support and maintenance provisions. With AI systems, you need more than a helpdesk that can reset passwords and troubleshoot login issues. Your team will likely encounter questions about why the AI produced a particular output, how to interpret results, or how to adjust prompts and configurations for better performance. The contract should specify response times for different types of support requests, the level of expertise available in the support team, and access to documentation, training materials, and ongoing education as the system evolves.

Liability provisions determine who bears responsibility when something goes wrong, and these clauses deserve exceptionally careful review in AI contracts. The unpredictable nature of AI systems, combined with their potential to make consequential decisions affecting vulnerable populations, creates liability scenarios that traditional software contracts never contemplated.

Most vendor contracts will include broad limitations of liability, often capping the vendor's total liability at the amount you've paid them in the past 12 months or some other relatively small sum. They'll also typically disclaim liability for indirect, consequential, or special damages—legal terms that encompass many of the harms an AI system might cause. For a nonprofit, this could mean the vendor bears no responsibility if their AI system makes a discriminatory decision that results in a civil rights lawsuit, generates defamatory content that damages your reputation, or produces flawed analysis that leads to poor program decisions affecting your beneficiaries.

While vendors will resist unlimited liability (understandably, as it creates uninsurable risk), you should negotiate for higher liability caps and exceptions for certain types of harm. Data breaches, gross negligence, willful misconduct, and violations of privacy laws should not be subject to liability caps. If the vendor's negligence or failure to maintain adequate security leads to your stakeholders' data being compromised, they should bear appropriate responsibility beyond a nominal financial cap.

Indemnification clauses—provisions where one party agrees to defend and compensate the other for certain types of claims—are another critical area. Vendors typically want you to indemnify them for claims arising from your use of the system, while you want them to indemnify you for claims arising from the system's defects or their negligence. Both positions have some merit, but the specific language matters enormously.

Pay careful attention to whether indemnification obligations are mutual (both parties indemnify each other for their respective acts) or one-sided (you indemnify vendor but not vice versa). Also examine what triggers the indemnification obligation. Being required to indemnify the vendor for any claim "related to" your use of the system is far broader and more dangerous than indemnifying them only for claims arising from your violation of the contract terms or misuse of the system contrary to their instructions.

For nonprofits serving vulnerable populations or working in sensitive domains, consider negotiating specific provisions around high-stakes decisions. If you're using AI to help determine program eligibility, prioritize service delivery, or make other decisions that significantly affect people's lives, the contract should clearly state that final decisions remain with qualified human staff, establish procedures for individuals to appeal AI-influenced decisions, and allocate responsibility for harm that may result from AI errors or bias.

The business terms of your AI vendor contract—duration, pricing, renewal, and termination provisions—may seem straightforward, but they deserve strategic consideration. These terms will determine your flexibility as your needs evolve, your ability to exit if the relationship isn't working, and your total cost of ownership over time.

Many vendors prefer long-term contracts with auto-renewal clauses, which provide them with revenue predictability but can lock you into relationships that no longer serve your mission. While multi-year commitments sometimes come with significant discounts, they also reduce your negotiating leverage and your ability to switch to better solutions as the market evolves. For your first contract with an AI vendor, consider negotiating a shorter initial term (one year or less) with options to extend, allowing you to prove value before making longer commitments.

Pay close attention to auto-renewal provisions. Many contracts automatically renew for successive terms unless you provide written notice 60, 90, or even 120 days before the current term ends. If you miss this deadline—even by a single day—you could be locked in for another full year. While auto-renewal isn't inherently problematic, make sure the notice period is reasonable (30-60 days is more fair than 90-120 days), mark the deadline prominently in your calendar, and consider negotiating for the right to terminate at any time with 30 days notice rather than only at renewal periods.

Pricing terms require careful scrutiny beyond the headline price. Many AI tools use usage-based pricing—charging per API call, per user, per document processed, or per some other metric. While this can be cost-effective when usage is low, it creates budget uncertainty and can result in unexpected costs as your organization scales. Make sure you understand exactly what drives pricing, what reasonable usage looks like, and whether there are any caps or volume discounts that might apply as you grow.

Watch for hidden fees that might not be apparent in initial pricing discussions. Implementation fees, data migration costs, training expenses, custom integration charges, and premium support fees can significantly increase your total cost of ownership. The contract should clearly specify which services are included in the base price and which carry additional charges, with specific fee schedules that can't be changed unilaterally by the vendor.

Price increase provisions are another critical consideration, particularly for multi-year contracts. Many contracts give vendors the right to increase prices annually, sometimes without limit. Negotiate for caps on price increases tied to objective indices like the Consumer Price Index, or at minimum require that increases exceeding a certain threshold (such as 10%) give you the right to terminate without penalty. Without these protections, you could face budget pressure from escalating vendor costs that you can't control.

Perhaps most importantly, your contract should include robust termination and transition provisions. Even the best vendor relationships sometimes end, whether due to changing needs, budget constraints, better alternatives emerging, or the vendor being acquired or going out of business. You need clear contractual mechanisms for exiting the relationship and transitioning to an alternative solution without losing your data or disrupting operations.

Transition assistance should include technical support for data export in standard formats, documentation of any custom configurations or integrations, reasonable time for parallel operation while you migrate to a new system, and cooperation with your new vendor if needed. Some contracts attempt to charge substantial fees for transition assistance or data export, which can effectively hold you hostage even after the contract ends. These fees should be limited to reasonable cost recovery for vendor staff time, not used as a barrier to exit.

Many nonprofit executive directors feel they have limited negotiating power when dealing with technology vendors. You may be working with a small budget, lack in-house legal expertise, and face pressure to implement solutions quickly to serve your mission. However, you have more leverage than you might think, and effective negotiation strategies can help you secure more favorable terms without walking away from beneficial technology.

First, recognize that most vendor contracts are starting points for negotiation, not take-it-or-leave-it propositions. While some vendors market their products with non-negotiable terms, many are willing to modify provisions, particularly for legitimate concerns around data protection, liability, and flexibility. The key is knowing which terms to prioritize, how to frame your requests, and when to escalate within the vendor's organization.

Start by identifying your non-negotiable requirements—the provisions you absolutely need for legal compliance, risk management, or mission alignment. These might include data ownership protections, privacy compliance commitments, or the ability to terminate if the system doesn't meet performance standards. Distinguish these must-haves from nice-to-haves, so you can prioritize your negotiating energy and make strategic concessions on less critical points.

When presenting your contract requests to vendors, provide clear rationale rooted in your organizational context and regulatory obligations. Rather than simply objecting to unfavorable terms, explain why specific provisions are problematic for your nonprofit. For example: "We serve survivors of domestic violence, and our state privacy laws prohibit us from allowing their data to be used for purposes beyond direct service delivery. We need the contract to explicitly prohibit using our client data for model training or improvement."

Consider engaging pro bono legal assistance for contract review. Many large law firms offer free legal services to nonprofits, bar associations maintain pro bono referral programs, and some nonprofit support organizations provide access to volunteer attorneys. Even a few hours of attorney time can help you identify problematic provisions, draft alternative language, and understand which battles are worth fighting. Attorney involvement also signals to vendors that you're serious about protecting your interests.

Don't overlook the power of collective action. If you're part of a nonprofit network, coalition, or association, coordinate with peer organizations that might be evaluating the same vendors. Vendors are more likely to modify their standard terms when they see consistent feedback from multiple potential clients. Some nonprofit associations have even negotiated pre-approved contract templates with common vendors, which member organizations can adopt more easily than negotiating individually.

Remember that negotiation doesn't end when the contract is signed. As your relationship with the vendor develops, you may identify additional protections you need or find that certain provisions aren't working as intended. Most contracts include amendment procedures, and vendors are often willing to make changes mid-term if there's a legitimate business reason. Maintain open communication with your vendor contact, document any concerns that arise, and don't hesitate to request formal amendments when circumstances warrant.