AI Coding Tool Contracts: The Clauses Procurement Needs to Negotiate

Engineering evaluates tools on capability. Procurement negotiates on price. Neither of those is where most AI coding tool contracts go wrong. The contracts that get unwound at renewal — or worse, at the point of an audit — go wrong on a short list of clauses most teams never think to red-line.

This post is the red-line list. A contract term checklist for procurement and legal teams handling AI coding tool agreements, with the specific language to push back on, the vendor answers that disqualify a tool, and the clauses your security and compliance team need to see before your signature is safe.

Use this alongside the evaluation checklist (which covers capability and team fit) and the compliance mapping (which covers what your auditors will ask about each clause below).

The Checklist

Every row below specifies: the clause, what to ask the vendor, a red-flag answer that should escalate, and the green-flag answer you’re looking for.

1. Prompt and Code Retention

Ask: “How long do you retain the prompts we send and the code snippets we submit for context? Where are they stored, and who has access?”

Answer type	Example	Action
Red flag	”Indefinitely, for quality and training purposes”	Disqualify unless enterprise tier has zero-retention option
Yellow flag	”30 days for abuse monitoring, encrypted at rest”	Acceptable only if encryption key is customer-held or vendor-held with SOC 2 Type 2 evidence
Green flag	”Zero retention on enterprise tier, contractually guaranteed”	Require this to be in the MSA, not just the marketing page

The clause you want: Vendor shall not retain, log, or persist any prompt, code context, or completion beyond the duration of the inference request, except aggregated telemetry that does not contain customer code or prompt text.

2. Training Rights

Ask: “Can our prompts, code, or completions be used to train your models or any third-party model?”

Answer type	Example	Action
Red flag	”Yes, by default; you can opt out via settings”	Disqualify — settings-based opt-out is a compliance time bomb
Yellow flag	”No for enterprise; yes for free tier”	Acceptable if free-tier is prohibited by your policy and SSO blocks free accounts
Green flag	”No training use under any circumstances; contractually prohibited”	Require written contractual prohibition

The clause you want: Customer Data, including prompts, code submitted for context, and Vendor’s generated outputs, shall not be used to train, fine-tune, or evaluate any Vendor or third-party machine learning model.

3. Data Processing Agreement

Ask: “Do you have a DPA we can execute? Does it address our jurisdiction (EU/UK/US)?”

Answer type	Example	Action
Red flag	”We have a privacy policy on our website”	Disqualify — a privacy policy is not a DPA
Yellow flag	”Generic DPA, no jurisdiction-specific annexes”	Negotiate annex for your jurisdiction before signing
Green flag	”Executed DPA with SCCs (if EU), UK IDTA, or equivalent”	Attach to MSA as required schedule

Procurement should not sign the MSA without the DPA fully executed in parallel. Treating the DPA as “we’ll get to it” is the single most common AI-tool contract failure.

4. Business Associate Agreement (if healthcare)

Ask: “Can you execute a BAA? What is your HIPAA coverage scope?”

Answer type	Example	Action
Red flag	”We don’t sign BAAs; our customers shouldn’t send PHI”	Acceptable only if you can contractually prohibit PHI submission AND enforce it technically (DLP at clipboard)
Yellow flag	”BAA available on highest tier only”	Budget for the highest tier if any PHI-touching team will use the tool
Green flag	”BAA included for all commercial tiers”	Execute alongside MSA

If PHI can reach this tool via any plausible developer workflow and the vendor won’t sign a BAA, the tool is not procurable for healthcare-adjacent teams. No amount of policy language substitutes for contractual BA status under HIPAA §164.314(a).

5. IP Ownership of Generated Code

Ask: “Who owns the output? Does the vendor retain any license to the code we produce using the tool?”

Answer type	Example	Action
Red flag	”We retain a perpetual, irrevocable license to outputs”	Disqualify — this would fail any customer contractual IP clause
Yellow flag	”Customer owns; we have a limited license for service operation”	Acceptable if “service operation” is narrowly defined
Green flag	”Customer owns outputs unconditionally; no vendor license back”	Require explicit language

The clause you want: As between the parties, Customer owns all right, title, and interest in Customer Code and in Vendor’s generated outputs provided to Customer. Vendor is granted no rights in Customer Code or generated outputs other than as strictly necessary to perform the Service during an active subscription.

6. IP Indemnification for Training-Data Claims

Ask: “If a third party claims the generated code infringes their copyright because of your training data, do you indemnify us?”

Answer type	Example	Action
Red flag	”Indemnification excludes AI-generated content”	Disqualify — this is the exact risk to indemnify
Yellow flag	”Capped indemnification (e.g., 1× fees paid)“	Negotiate cap upward; add obligation to defend
Green flag	”Full uncapped IP indemnification for AI outputs when used in compliance with documented guidance”	Standard offering from major enterprise vendors

This is the clause that distinguishes a serious enterprise AI vendor from a wrapped-startup risk. Uncapped IP indemnification is table stakes in 2026 enterprise contracts.

7. Sub-Processor Transparency

Ask: “What underlying model providers do you use? Can they change without our notice?”

Answer type	Example	Action
Red flag	”We use whichever model is best; subject to change without notice”	Disqualify — this is how DPA fails silently
Yellow flag	”Current list in our trust center; we notify of changes with 7 days”	Acceptable if the list is contractually binding
Green flag	”List in the DPA annex; 30-day advance notice of additions, opt-out right”	Require in DPA

Every sub-processor is a potential compliance surface. A vendor who swaps underlying model providers silently can transition you from “your data goes to vendor X in the US” to “your data goes to vendor Y in the EU” with zero contractual visibility. Nail the notice period.

8. Exit and Data Portability

Ask: “When we terminate, what happens to our data, our usage history, and our admin configuration? How long until it’s deleted?”

Answer type	Example	Action
Red flag	”Deleted within 90 days of termination” (and no export)	Disqualify — no audit replay possible
Yellow flag	”Export available during active subscription; deletion within 30 days”	Acceptable; ensure export covers usage audit logs
Green flag	”Export on demand, certified deletion within 30 days with written certification”	Standard enterprise expectation

Usage logs are the most commonly-forgotten export. You need them for your own audit retention period (see compliance requirements) — not just for billing review.

9. Security Assurance

Ask: “What is your current SOC 2 / ISO 27001 status? Can we see the report and SIG?”

Answer type	Example	Action
Red flag	”We’re working toward SOC 2”	Disqualify for production use; sandbox only
Yellow flag	”SOC 2 Type 1”	Acceptable with risk acceptance; require Type 2 within 12 months
Green flag	”SOC 2 Type 2 + ISO 27001, current reports on request under NDA”	Standard enterprise posture

Request the Type 2 report (not just the attestation letter), the SIG Lite or CAIQ responses, and the vendor’s latest pen test executive summary. The clause to put in the MSA: Vendor shall maintain SOC 2 Type 2 certification throughout the term and provide a current report to Customer upon request under reasonable confidentiality obligations.

10. Breach Notification

Ask: “If there’s a security incident affecting our data, how quickly are we notified, and what information do we receive?”

Answer type	Example	Action
Red flag	”As soon as commercially reasonable”	Disqualify — this language is legally meaningless
Yellow flag	”72 hours”	Aligns with GDPR Art. 33 but doesn’t include incident details commitment
Green flag	”24–72 hours with root cause, affected data scope, and remediation timeline”	Standard for enterprise DPAs

The clause you want: Vendor shall notify Customer of any Security Incident affecting Customer Data within 24 hours of confirmed discovery, including the nature of the Incident, the categories of data affected, the approximate scope, and mitigation measures taken.

11. Audit Rights

Ask: “Can we audit your security and processing practices, directly or via a third party?”

Answer type	Example	Action
Red flag	”Our SOC 2 report is the audit”	Acceptable only for non-regulated use; unacceptable for HIPAA/PCI
Yellow flag	”Third-party audit rights with 60 days’ notice, scope limited”	Negotiate scope language
Green flag	”Third-party audit right, once annually, cost-borne by customer, reasonable scope”	Standard for enterprise

Your ability to audit is your ability to evidence your own compliance. Without it, your auditors will ask what basis you have for trusting the vendor — and “we asked them” is not the answer they want.

12. Pricing and Usage Predictability

Ask: “How is usage measured? What are the overage terms? Can usage spike exposure be capped?”

Answer type	Example	Action
Red flag	”Unlimited usage, no overage cap”	Caution — unlimited sounds generous until the vendor redefines a plan tier mid-term
Yellow flag	”Per-seat with soft overage, invoiced after the fact”	Negotiate hard cap language
Green flag	”Per-seat with contractual overage cap; usage dashboard with alerting”	Enables budget predictability

This is the clause finance cares about and engineering forgets. Without a usage cap, a runaway process or misconfigured agent can produce a bill that turns the quarter’s financials red — and “but we didn’t intend to use that much” is not a contractual defense. Pair the cap with internal token-tracking analytics so the vendor’s cap is the backstop, not the primary control.

13. Termination for Convenience

Ask: “Can we terminate the contract if the tool no longer meets our needs, without penalty?”

Answer type	Example	Action
Red flag	”Multi-year with no early termination”	Disqualify for anything other than a mature, low-change vendor
Yellow flag	”Annual auto-renew, 60 days’ notice of non-renewal”	Acceptable; calendar the renewal review
Green flag	”Termination for convenience with pro-rated refund”	Preferred for emerging tools

The space moves quickly. A tool that’s best-in-class at signing may be middle-of-pack by renewal. Termination flexibility is not a nice-to-have.

14. Service Credit and Uptime

Ask: “What is the SLA? What are the credits?”

Answer type	Example	Action
Red flag	”No SLA; best effort”	Disqualify for production use
Yellow flag	”99.5% uptime, 10% credit on missed month”	Acceptable for non-critical workflows
Green flag	”99.9% uptime on the API surface, escalating credit schedule”	Enterprise standard

Note that service credits are usually symbolic — the contractual value is the reporting obligation, which gives you evidence for your own audit trail.

What Happens If You Skip This

Two failure modes recur:

The “it’s just a tool” contract. Procurement treats the AI coding vendor like a developer-tools vendor (JetBrains, GitHub). They sign the MSA, skip the DPA, and don’t negotiate training rights. Three months later, Legal is asked whether prompts containing customer IP may have been used to train a competitor’s model. The contract is silent. The answer is “we don’t know.” This is the most common post-sale contract review finding we hear about.

The one-size-fits-all DPA. The vendor provides a DPA written for their smallest customer — a marketing SaaS use case. It doesn’t contemplate source-code data, doesn’t address the specific sub-processor model a coding-assistant has, and doesn’t include the breach-notification language a regulated customer needs. Procurement signs it because it’s “the DPA.” A year later, an auditor finds it doesn’t cover the processing activity and flags it. Cue re-negotiation under pressure.

Both failures are preventable with the 14 clauses above. None of them require inventing new contract law; they require asking the right questions before the purchase order is cut.

Handoffs

• From engineering evaluation (evaluation checklist) — hands procurement the list of candidate vendors with capability scores. Procurement then runs the checklist above to narrow to the contractually viable subset.
• From procurement to compliance (compliance requirements) — hands compliance the executed contract with each clause mapped to the audit-time evidence it supplies.
• From compliance to ongoing (governance framework) — the approved tool goes on the Approved Tools List referenced in §4 of the internal policy.

Skip a handoff and one of the two failure modes above is waiting for you.