Contract Review Report

This page is for information only and is designed to help you understand the wording in your contract.

Contract type: Master Services Agreement

Overall Risk Score

7/10

Favourability

Favours Provider

Negotiation Likelihood

High

Summary

The score reflects potentially significant limitations on liability, one-sided termination rights, and intellectual property provisions that may not align with typical commercial expectations. The ability for the Provider to change terms with minimal notice may also warrant attention.

Risk Score Justification

The score reflects potentially significant limitations on liability, one-sided termination rights, and intellectual property provisions that may not align with typical commercial expectations. The ability for the Provider to change terms with minimal notice may also warrant attention.

Key Risks

  • Liability appears to be capped at £1,000 per year, which might not adequately cover potential losses
  • Intellectual property rights in deliverables might not transfer fully even after payment, only granting a limited license
  • Change control procedures might allow modifications to services or fees without explicit written agreement
  • Termination rights might be imbalanced, with the Provider having immediate termination for payment issues while the Client has limited options
  • Data processing authorization might allow international data transfers without specified safeguards

High Importance Clauses

  • Clause 9.2: Liability is limited to a very low amount which may not reflect the value of services
  • Clause 5.2-5.3: IP rights remain with Provider until full payment and only a limited license is granted thereafter
  • Clause 4.4: Services may be suspended quickly for payment delays
  • Clause 3.2: Changes may be deemed accepted if not expressly rejected within a short timeframe
  • Clause 10.1: Either party can terminate with only 7 days' notice, creating potential instability

One-Sided or Imbalanced Clauses

  • Change control procedure appears to favour Provider by allowing changes to be deemed accepted without positive consent
  • Liability cap of £1,000 per year may be significantly lower than typical commercial agreements for similar services
  • IP provisions where full ownership doesn't transfer even after payment completion
  • Termination rights where Provider can terminate immediately for payment issues but Client has limited equivalent rights
  • Fee revision with only 7 days' notice might not provide adequate time for budget adjustments

Missing Important Clauses

  • No detailed service level agreements or performance metrics specified
  • No clear dispute resolution process outlined
  • Limited details on data processing arrangements and international transfer safeguards
  • No provisions for service acceptance criteria or testing procedures
  • Insurance requirements not specified

GDPR and Data Security Risks

  • Authorization for worldwide data processing without specified safeguards or transfer mechanisms might raise considerations under UK GDPR
  • Liability for data breaches limited to cases of gross negligence might not align with typical data protection expectations
  • Lack of detailed data processing particulars might make compliance assessment challenging

Clause-by-Clause Analysis

  • Change Control (3.2): Changes may be deemed accepted without positive confirmation. This approach might lead to unexpected changes being implemented if not actively rejected within a short timeframe
  • Fees and Payment (4.2): Rates may be revised with only 7 days' notice. Short notice period for rate changes might make budgeting and cost forecasting challenging
  • Intellectual Property (5.2-5.3): Full IP ownership doesn't transfer even after payment. The client might only receive a limited license rather than full ownership of deliverables they have paid for
  • Data Protection (6.2): Worldwide data processing authorization without specified safeguards. This might raise considerations regarding international data transfer requirements under UK GDPR
  • Liability (9.2-9.3): Very low liability cap and exclusion of consequential losses. £1,000 annual cap might not adequately protect against potential losses from service failures
  • Termination (10.1-10.2): Imbalanced termination rights. Provider can terminate immediately for payment issues while Client has limited equivalent protection

Example Discussion Points

  • Some agreements include more balanced change control procedures requiring mutual written agreement
  • Liability caps are sometimes negotiated as a percentage of fees or a higher fixed amount
  • IP ownership arrangements sometimes transfer fully to the client upon payment completion
  • Data processing agreements often include specific safeguards for international transfers
  • Termination for convenience clauses sometimes include longer notice periods or mutual provisions

Questions to Ask the Other Party

  • What is the typical value of Statements of Work anticipated under this agreement?
  • Could you explain the rationale behind the £1,000 liability cap in relation to the services provided?
  • What specific safeguards are in place for international data transfers?
  • How are rate increases typically calculated and communicated?
  • What happens to work in progress if the agreement is terminated with 7 days' notice?
  • Could you provide examples of what would constitute 'gross negligence' for data breach liability?
  • What is the process for disputing additional charges for scope changes?