See also (wiki): wiki/ai-vendor-contracts.md, wiki/vendor-security-questionnaires.md
Executive Summary
- Only 33% of AI vendors offer IP indemnification as a standard term, versus the SaaS market norm where it is near-universal (TermScout / Stanford CodeX, March 2025).
- 88% of AI vendors cap their own liability, typically at 12 months of fees paid — a number that is not meaningful against a serious IP or data-loss claim.
- The five major enterprise AI contracts (OpenAI, Microsoft Copilot, Anthropic, Google Vertex, Salesforce Einstein) converge on the same structural skeleton but diverge sharply on output indemnity, liability carve-outs, and the cap multiplier.
- Microsoft, Google, OpenAI, and Anthropic now indemnify Outputs subject to customer compliance with safety filters; Salesforce does not, and disclaims all warranties on Einstein output.
- The negotiation leverage points are narrow and well-known: raise the cap, extend the carve-outs, clarify training-data rights, and tighten output-indemnity conditions. Legal review under 30 days is aggressive; 60-90 days is realistic for mid-market with no prior MSA on file.
The Headline Finding: AI Contracts Are Weaker Than Standard SaaS
TermScout analyzed AI vendor contracts against its broader SaaS corpus and published the results through Stanford Law’s CodeX program in March 2025. The gap is real and consistent:
| Term | AI Vendors | SaaS Baseline |
|---|---|---|
| Vendor liability cap imposed | 88% | 81% |
| Customer liability cap | 38% | 44% |
| IP indemnification offered | 33% | Majority |
| Broad data usage rights claimed | 92% | Lower |
| Full regulatory compliance commitment | 17% | Higher |
| Documentation-compliance warranties | 17% | 42% |
The pattern: AI vendors limit their exposure more aggressively than traditional SaaS vendors, push more risk onto the customer, and claim broader data rights. This is a negotiable position, not a fixed one — but the starting terms require heavier redlines than a comparable CRM or ERP contract.
Term-by-Term Comparison: The Five Vendors
The standard enterprise MSA for an AI vendor covers the same core terms as any software contract: liability cap, IP indemnification, data rights, termination, warranties, SLA. The AI-specific wrinkles are (a) whether outputs are indemnified, (b) whether customer data is used to train models, and © whether the cap carves out AI-specific risks.
Liability Cap
| Vendor | Starting Cap |
|---|---|
| OpenAI Enterprise | 12 months of fees paid |
| Microsoft Copilot (EA) | 12 months of fees typical |
| Anthropic Claude Enterprise | Greater of 6 months of fees OR $100 |
| Google Vertex AI | 12 months of fees typical |
| Salesforce Einstein/Agentforce | 12 months of fees; indirect damages excluded |
Anthropic’s 6-month / $100 floor is the most vendor-favorable starting position among the five. It is negotiable upward for enterprise deals. Every cap carves out indemnification obligations, gross negligence, willful misconduct, and payment obligations — standard practice.
IP Indemnification — Services vs. Outputs
Indemnification comes in two flavors for AI contracts. Services indemnity covers claims that the platform itself infringes third-party IP. Output indemnity covers claims that the model’s generated content infringes IP (most commonly copyright on training-data bleed-through).
| Vendor | Services Indemnity | Output Indemnity | Conditions on Output Indemnity |
|---|---|---|---|
| OpenAI | Yes | Yes (Service-Specific Terms Indemnity, uncapped) | Standard use, no modification of Services |
| Microsoft | Yes | Yes (Customer Copyright Commitment) | Must use content filters, must not attempt to generate infringing output |
| Anthropic | Yes | Yes (expanded copyright shield, 2024-2025) | Paid commercial use only |
| Google Cloud | Yes | Yes (two-part indemnity: training data + generated output) | Must follow Responsible AI practices, no disabling safety filters |
| Salesforce | Yes (Services only) | No broad AI output indemnity as of 2025 | — |
Salesforce is the outlier: Einstein output is disclaimed “as-is” with no indemnity and no warranty of accuracy, originality, or fitness. Customers bear the IP risk on Agentforce output.
The conditionality on Microsoft and Google output indemnities is the under-read detail. A customer who disables a content filter — even for a legitimate engineering reason — can void the indemnity. Directions on Microsoft’s 2024 analysis flagged this as the reason the Copyright Commitment “may not mean much for customers yet.” The commitment is real; the compliance bar is real too.
Training on Customer Data
All five vendors now commit not to train their foundation models on paid enterprise customer data by default. This is the one area where the market has moved cleanly in the customer’s favor since 2023:
- OpenAI API/Enterprise: no training on customer data.
- Microsoft Copilot: tenant isolation; no training.
- Anthropic Claude for Enterprise and API: no training.
- Google Vertex AI: customer data is not used to train Google’s foundation models.
- Salesforce Einstein Trust Layer: customer data is not sent to third-party foundation models; global model opt-out available for Salesforce’s own model-improvement use.
The negotiation point is no longer whether training is prohibited but whether the contract defines training broadly enough to cover embedding generation, cache retention, abuse-monitoring human review, and fine-tuning telemetry.
Customer Liability Cap
38% of AI vendors cap customer liability, versus 44% in broader SaaS. When the customer cap is missing, the customer’s indemnity obligations back to the vendor (for customer content, configuration, misuse) are effectively unlimited. This is a standard redline: require symmetric caps or at minimum a customer-side cap excluding IP indemnity and confidentiality breaches.
What This Means for Your Organization
The structural fact is that AI vendor contracts favor the vendor more than standard SaaS contracts do. That is not a reason to avoid them — it is a reason to negotiate them. The five terms worth redlining in almost every case are: liability cap multiplier (push from 1x to 2x-3x annual fees), output indemnity scope and conditions, training data definition, customer-side cap symmetry, and regulatory compliance warranties. The deals that close in 30 days tend to be the ones where the customer signed the vendor’s paper with no redlines; the deals that close in 60-90 days are the ones where legal actually did their job.
The output indemnity language is where mid-market general counsels get tripped up. Microsoft and Google’s indemnities are real but conditional on customer compliance with safety systems. Anthropic and OpenAI’s are broader but still exclude customer modifications and misuse. Salesforce does not indemnify output at all. If Agentforce is writing customer-facing content or client deliverables, that risk sits with the customer.
If this raised specific questions about a contract on your desk — whether the indemnity carve-out reads the way you think it does, or whether a 12-month cap is appropriate for the exposure you’re taking on — I’d welcome the conversation: brandon@brandonsneider.com.
Key Data Points
| Statistic | Source | Date | Credibility |
|---|---|---|---|
| 33% of AI vendors offer IP indemnification | TermScout / Stanford CodeX | Mar 2025 | HIGH — independent benchmark |
| 88% of AI vendors impose liability caps on themselves | TermScout / Stanford CodeX | Mar 2025 | HIGH |
| 92% of AI vendors claim broad data usage rights | TermScout / Stanford CodeX | Mar 2025 | HIGH |
| 17% of AI contracts include documentation-compliance warranties | TermScout / Stanford CodeX | Mar 2025 | HIGH |
| Anthropic liability cap: greater of 6 months fees or $100 | Anthropic Commercial Terms | 2024-2025 | HIGH — primary source |
| OpenAI liability cap: 12 months fees; IP indemnity uncapped | OpenAI Services Agreement | 2025 | HIGH — primary source |
| Microsoft Copyright Commitment conditional on content filter use | Directions on Microsoft | 2024 | HIGH — independent analysis |
| Salesforce Einstein: no broad AI output indemnity | Salesforce MSA | 2025 | HIGH — primary source |
Sources
- Stanford Law CodeX, “Navigating AI Vendor Contracts” (TermScout benchmark), March 21, 2025 — https://law.stanford.edu/2025/03/21/navigating-ai-vendor-contracts-and-the-future-of-law-a-guide-for-legal-tech-innovators/ — HIGH credibility (independent academic + contract-analytics firm)
- OpenAI Services Agreement — https://openai.com/policies/services-agreement/ — HIGH (primary source)
- OpenAI Business Terms — https://openai.com/policies/business-terms — HIGH (primary source)
- Microsoft Customer Copyright Commitment announcement — https://techcommunity.microsoft.com/discussions/businessapplicationsforpartners/introducing-the-microsoft-copilot-copyright-commitment/3922303 — HIGH (primary source)
- Directions on Microsoft, “Why Microsoft’s Copilot Copyright Commitment may not mean much for customers (yet)” — https://www.directionsonmicrosoft.com/why-microsofts-copilot-copyright-commitment-may-not-mean-much-for-customers-yet/ — HIGH (independent analyst)
- Anthropic, “Expanded legal protections and API improvements” — https://www.anthropic.com/news/expanded-legal-protections-api-improvements — HIGH (primary source)
- Ropes & Gray, “Anthropic’s Landmark Copyright Settlement: Implications for AI Developers and Enterprise Users,” September 2025 — https://www.ropesgray.com/en/insights/alerts/2025/09/anthropics-landmark-copyright-settlement-implications-for-ai-developers-and-enterprise-users — HIGH (AmLaw 100 legal analysis)
- Google Cloud, “Generative AI Indemnified Services” — https://cloud.google.com/terms/generative-ai-indemnified-services — HIGH (primary source)
- Google Cloud Blog, “Protecting customers with generative AI indemnification” — https://cloud.google.com/blog/products/ai-machine-learning/protecting-customers-with-generative-ai-indemnification — HIGH (primary source)
- Salesforce Master Subscription Agreement — https://www.salesforce.com/en-us/wp-content/uploads/sites/4/documents/legal/Salesforce_MSA.pdf — HIGH (primary source)
- Salesforce Einstein Global Model Opt-Out — https://help.salesforce.com/s/articleView?id=000384050 — HIGH (primary source)
- Wilson Sonsini Goodrich & Rosati, “Will Indemnification Commitments Address Market Demands in AI?” — https://www.wsgr.com/en/insights/will-indemnification-commitments-address-market-demands-in-ai.html — HIGH (AmLaw 100 legal analysis)
- Runtime.news, “AI vendors promised indemnification against copyright lawsuits. The details are messy.” — https://www.runtime.news/ai-vendors-promised-indemnification-against-copyright-lawsuits-the-details-are-messy/ — MEDIUM (trade press synthesis)
Brandon Sneider | brandon@brandonsneider.com April 2026