Contract Traps: A Field Guide — Part 2
By Alexander J. Civetta & Morgan Ungrady-Johnson
“It’s a Trap!”
If you’ve read Part 1 of this field guide, you already know that big company forms can be riddled with dangers for emerging companies — the result of clever, or sometimes unintentional, drafting, omissions, and interaction effects buried deep within pages of dense legalese. In this second installment, we present six more of the traps you may encounter when working through a big company’s “standard” procurement form, again in no particular order.
The “I Am Altering the Deal” Clause
You wouldn’t normally let someone unilaterally change the rules after the deal is signed, but you would be surprised to learn that big company forms will often let your counterparty do just that. Somewhere in the agreement — often in the data processing addendum or in a section governing security requirements or acceptable use — there is a reference to a set of policies maintained by your counterparty at a URL. You are expected to agree to comply with those policies “as updated from time to time,” which the company can do by simply posting changes to the URL.
The danger here should be obvious. You are not just agreeing to comply with the company’s current policies, you are agreeing to comply with whatever the company decides its policies should be at any point in the future, for the entire duration of the agreement. The company could tighten its security requirements in ways that force you to make expensive infrastructure changes, impose new data handling restrictions that are incompatible with how your product works, or layer on acceptable use restrictions that conflict with the way you serve your other customers. Often there is no requirement of reasonable advance notice of these changes, so you could find yourself in breach without ever knowing that the goalposts moved.
The Not-So-Convenient “Termination for Convenience”
Most vendors understand the importance of a carefully considered termination regime, but many fail to appreciate just how lopsided the termination provisions in large company forms can be. It is common to see a customer reserve a broad right to terminate the agreement for convenience, often with little advance notice. While the customer will typically agree to pay for work that has already been completed and accepted prior to the termination date, it will often disclaim any obligation to pay for work that is in progress at the time of termination. For an emerging company that has invested weeks or months in onboarding, custom integrations, security reviews, and other resource-intensive prelaunch work (not to mention the opportunity cost of the time invested by a small and often overworked team), a sudden termination for convenience can leave you holding the bag on significant sunk costs that you will never recover. Even where the termination for convenience right is mutual, it can often be to the vendor’s detriment more so than the customer’s, particularly if the vendor is a startup.
The “Change of Control” Tripwire
This is a trap that many vendors do not think about until it is too late — usually because the consequences do not materialize until the vendor is in the middle of a fundraising round or acquisition. Agreements with large companies frequently grant the customer a set of special rights that are triggered by a change of control of the vendor, such as the right to terminate the agreement immediately, the right to secure an escrow of the vendor’s source code, or the right to guarantee service and lock pricing for multiple years.
These provisions can complicate fundraising or acquisition transactions, and can even have an impact on the vendor’s valuation. When a potential acquirer or investor discovers that a key customer contract can be terminated upon a change of control, that contract becomes less valuable; if it gives the customer the right to access the vendor’s source code, the contract becomes a significant liability; if it gives the customer an automatic multiyear extension, it becomes a weight around the vendor’s (and, by extension, the investor’s or the acquirer’s) neck. All of these may lead to a drop in valuation or a requirement to renegotiate with the customer, which can be expensive, uncertain, and time-consuming.
The “Perfect Compliance” Promise
This trap hides in plain sight: “Vendor will comply with all applicable laws, rules and regulations.” It’s a straightforward covenant, but think carefully about what you are actually agreeing to. You are not just saying that you comply with the handful of laws you know about and track on a regular basis. You are promising that you comply with every federal, state, local, and potentially international law, rule, and regulation that could conceivably touch your business — including ones you may not even know exist.
For an emerging company operating in a rapidly evolving regulatory landscape, this is an enormous and potentially unknowable commitment. New privacy laws, AI regulations, export controls, accessibility standards, and industry-specific compliance requirements emerge on a monthly basis and change regularly based on court decisions and administrative guidance. A blanket compliance warranty means you are on the hook for all of them, whether you were aware of them or not. Whether this will have an impact on your company is dependent on how this commitment interacts with the other parts of the agreement that deal with liability — for example, damages, remedies, and indemnification obligations.
The SLA in Warranty’s Clothing
Service level agreements and warranties serve different purposes and carry different consequences, but we have seen a surprising number of big company forms blur the line between them in ways that can quietly expose the vendor to outsized liability. Here is the pattern: Instead of placing service level commitments — such as uptime guarantees, response time targets, and performance benchmarks — in a standalone SLA with a defined service credit structure as the exclusive remedy for failure to meet those targets, the customer’s form folds those commitments into the representations and warranties section.
This matters because a breach of warranty triggers an entirely different set of remedies than a failure to meet an SLA target. When an uptime commitment lives in an SLA, the typical consequence of missing the target is a service credit — a defined, quantifiable, and usually modest financial remedy that both parties understand and have priced into the deal. But when the same uptime commitment lives in the warranties section, a failure to meet the target becomes a breach of warranty, which can trigger indemnification obligations, termination rights, and claims for damages.
“Everyone Is an Affiliate”
This is one of those “‘future you’ will kick ‘past you’” situations, because the trap we’re talking about is hard to spot and will not actually cause problems when the agreement is signed. Many big company agreements include provisions that extend rights and obligations of the parties to their respective “affiliates.” With a broad (or undefined) “affiliate” term, the obligations can be read to extend to any entity that controls, is controlled by, or is under common control with a party. That’s usually a null set at the time of signing if you’re a startup.
But imagine this not-so-farfetched scenario: (1) you sign an agreement with a customer containing a noncompete provision, e.g., “Vendor and its affiliates will not sell / will only sell to customer in [XYZ] industry,” and then (2) you’re in acquisition talks with a large corporate, or a PE rollup, with a whole family of affiliates spanning multiple industries. Once the deal closes, the noncompete that once applied only to your small company arguably reads on every entity in the acquirer’s corporate tree — which could include entities that were already providing services in the restricted industry long before the acquisition. The acquiring company may be in breach of your agreement on day one. This is a significant issue in M&A diligence and can hold up or kill your acquisition if it’s not fixed.
Conclusion: The Fine Print Still Matters
These six traps, like the six before them, are not exotic. They are common features of the procurement forms that big companies use every day, and they can cause real damage to emerging companies. The best defense is the same one we recommended in Part 1 of this field guide: Read every word, question every omission, and remember that the form on the other side of the table was drafted by lawyers whose job is to protect their client — not you.