Tech Contract Negotiation

MAJOR AI LEGAL NEWS. The revised EU Product Liability Directive came into force yesterday, 8 December 2024. It represents a fundamental shift in how liability for AI systems and software is addressed. The Directive could directly impact organisations using and developing AI, and they may wish to consider if they need to reassess their contracts, policies, and operational approaches to liability management. Under the new framework, AI system providers (treated as manufacturers in the legislation) are liable for defects in AI systems and software that cause harm, potentially including defects that emerge after deployment. This potentially includes harm linked to updates, upgrades, or the evolving behaviour of machine-learning systems. Organisations should also consider the liability implications for failing to have sufficient AI literacy among their staff which is a requirement under the AI Act from 2 February. AI training may now be a business imperative for some organisations. The Directive’s approach to defectiveness considers not only when a product is placed on the market but also whether the manufacturer retains control over it post-market, such as through updates or connected services. This means manufacturers may be held liable for defects that arise after deployment if they could reasonably foresee and mitigate risks but fail to act. Organisations, particularly those providing software or AI systems, should look at ongoing compliance and risk management to meet evolving safety expectations. The Directive's coverage of potential liability for post-market defects could have big implications for contracts. Organisations should consider whether their agreements with suppliers, integrators, and distributors include clear terms governing responsibility for defects. The focus is on whether the product provides the safety consumers are entitled to expect. A proactive approach to risk management, extending beyond initial product deployment to encompass ongoing updates and system monitoring may be prudent. Software providers should take note that they potentially could be held liable even if their product operates as a component of a larger system. This liability regime incentivises stronger warranties, indemnities, and cooperation agreements to allocate risk effectively across supply chains. Companies should review existing contracts to confirm they reflect the Directive's requirements and renegotiate where necessary to close gaps in accountability. The Directive also works in tandem with EU regulations like the AI Act. Businesses that fail to meet mandatory product safety requirements under the likes of the AI Act risk facing presumptions of defectiveness under the Product Liability Directive. With the AI Liability Directive in progress, organisations should also prepare for further changes that will make it easier for claimants to bring AI-related liability claims.

I am curious… Last week, our team spent time in a workshop with a potential partner. During the session, someone used ChatGPT to summarise our ideas in real time and make suggestions for improvement. It sparked great discussion, but it also raised an awkward question. For the AI to generate meaningful suggestions, it needed the context we had just shared, including technical details, strategic direction, and confidential roadmap items. Later, in a conversation with a legal advisor, we realised our NDAs did not explicitly cover this. They were written for a time when “sharing” meant emailing a document or handing over a printout, not pasting confidential information into a model you do not control. We ended up updating our docs to include an AI-specific clause: No Confidential Information may be uploaded to, processed by, or disclosed to any publicly available AI/ML system, model, or dataset without prior written consent. Apparently, this is starting to appear in some contracts as legal teams and AI law specialists are recommending clauses that: - Ban feeding confidential data into public models without written consent. - Require proof that approved tools will not train on the data. - Bind contractors and sub processors to the same rules. Some even provide model language allowing AI use only with “commercially reasonable assurances” the model will not train on the information and is isolated from other customers. Has anyone else encountered this or started updating their own NDAs and agreements? #AIGovernance #DataPrivacy #LegalTech #AICompliance #Contracts

As a veteran SaaS lawyer, I've watched Data Processing Agreements (DPAs) evolve from afterthoughts to deal-breakers. Let's dive into why they're now non-negotiable and what you need to know: A) DPA Essentials Often Overlooked: -Subprocessor Management: DPAs should detail how and when clients are notified of new subprocessors. This isn't just courteous - it's often legally required. -Cross-Border Transfers: Post-Schrems II, mechanisms for lawful data transfers are crucial. Standard Contractual Clauses aren't a silver bullet anymore. -Data Minimization: Concrete steps to ensure only necessary data is processed. Vague promises don't cut it. -Audit Rights: Specific procedures for controller-initiated audits. Without these, you're flying blind on compliance. -Breach Notification: Clear timelines and processes for reporting data breaches. Every minute counts in a crisis. B) Why Cookie-Cutter DPAs Fall Short: -Industry-Specific Risks: Healthcare DPAs need HIPAA provisions; fintech needs PCI-DSS compliance clauses. One size does not fit all. -AI/ML Considerations: Special clauses for automated decision-making and profiling are essential as AI becomes ubiquitous. -IoT Challenges: Addressing data collection from connected devices. The 'Internet of Things' is a privacy minefield. -Data Portability: Clear processes for returning data in usable formats post-termination. Don't let your data become a hostage. -Privacy by Design: Embedding privacy considerations into every aspect of data processing. It's not just good practice - it's the law. In 2024, with GDPR fines hitting €1.4 billion, generic DPAs are a liability, not a safeguard. As AI and IoT reshape data landscapes, DPAs must evolve beyond checkbox exercises to become strategic tools. Remember, in the fast-paced tech industry, knowledge of these agreements isn't just useful – it's essential. They're not just legal documents – they're the foundation for innovation and collaboration in our digital age. Pro tip: Review your DPAs quarterly. The data world moves fast - your agreements should keep pace. Pay special attention to changes in data protection laws, new technologies you're adopting, and shifts in your data processing activities. Clear, well-structured DPAs prevent disputes and protect all parties' interests. What's the trickiest DPA clause you've negotiated? Share your war stories below. #legaltech #innovation #law #business #learning

The Request for Proposal process (RFx) is the most critical area for Procurement. But, it's largely misunderstood. Teams waste time delivering a process that doesn't drive the expected outcomes. Strategic Procurement 101: 1. Why do we need the new product or service? "Creativity and innovation are not something you can flowchart out” - Tim Cook, Apple CEO. I’d argue Strategic Procurement is, at its heart, about helping the business deliver change. And for every new service, there are 5 metrics to consider: - Value. Will the new service add value for the customers? - Usability. Will the business be able to use it effectively? - Viability. Can our business support it? - Feasibility. Can it be done (technology)? - Ethics. Should we do it? What will happen if we throw these questions into a straight jacketed RFP? We lose the opportunity for creativity and innovation. This approach results in standardisation and more of the same. So, we would like to understand: - How can we use the RFx processes to come up with better ideas? - How can we validate those ideas before the implementation? And the answer is a fully collaborative approach with suppliers. --- 2. When Does it Happen? Continuous Discovery. - The goal of good Procurement is to discover the best supplier to build a long-term partnership with. Strategic Procurement results in a fully validated outcome. In particular, high-risk assumptions are tested ahead of contracting. --- 3. Who's Responsible? Some say the Procurement Manager has a say in the supplier selection, and end users and Subject Matter Experts (SMEs) just feed into that process. Have you heard that before? It hurts my ears because Procurement should maintain complete objectivity. Ensure end users and SMEs are pivotal in the evaluation process and that their primary roles as evaluators are understood. And take a flexible approach to the evaluation criteria depending on the input from the suppliers. Procurement Managers may be category literate, but they are not always category experts. -- 4. What process should be used? There are three distinct options which are often misappropriated. - The Request for Information (RFI) should be used to gather information about potential suppliers, their capabilities and solutions. It's never a final decision tool though. It should simply be used to understand the options. - The Request for Proposal (RFP) is used to solicit detailed proposals from suppliers and it's here that true supplier collaboration is needed. An open-minded approach where you work with suppliers to explore the opportunity based on their expertise, not yours. - The Request for Quote (RFQ) is reserved for obtaining price quotations when the service is already well defined. -- Do you agree with the above? What's one thing you'd add? Hope that helps! --- 🎁 P.S. 13,000 +Procurement subscribers get weekly insights from me direct to their inbox (it's free) https://procurebites.com/

It’s not always the storms you see coming that sink the ship. Sometimes, it’s the quiet leak no one noticed. 💯 We often imagine business risks as dramatic boardroom betrayals or market collapses. But sometimes, the most lethal blows come from the fine print we thought we understood. 🤦🏼 Let me take you through three real stories. Each one a quiet storm. Each one preventable.✅ 1. BFSI: The Clause That Froze Millions A mid-sized bank had outsourced its customer onboarding to a fintech partner. When a regulatory change hit, the contract lacked a clear compliance responsibility clause. The fallout? A 3-month freeze on new accounts. Millions lost. Lesson: What’s missing in a contract can cost more than what’s written in it. Solution: A digital CLM could flag regulatory clause gaps across all vendor contracts—before the next audit. 2. FMCG: The Promotion That Backfired A leading snack brand ran a 2-week “Buy 1 Get 2 Free” offer with a retail partner. But the auto-renew clause wasn't tracked. The promo ran for 6 months. Inventory wiped. Distributors furious. Retailers delighted. Lesson: The real expiry date isn’t on the product. It’s in the paperwork. Solution: A smart CLM like SignDesk CLM can alert the team before auto-renewal, adding sanity back to sales. 3. IT: The IP That Walked Away An IT services firm delivered a brilliant AI model—only to realize the client owned the IP due to an unchecked boilerplate clause. The model became the client’s core product. The firm? Left with “experience.” Lesson: Innovation means little when the ownership isn't yours. Solution: AI-led contract review tools now flag IP risk before execution. We glorify strategy, branding, and culture. But when did we last talk about contracts as a source of competitive advantage? 🤷🏼 👉🏼 Are you treating your contracts like living, breathing assets—or static PDFs? 👉🏼 What would your business look like if contracts were actively working for you, not against you? Most business disasters aren’t sudden. They are slow leaks. In unnoticed places. And most doors to better outcomes aren’t locked. They’re just not knocked on. Time to knock🚪 https://signdesk.com/clm/ #ContractManagement #DigitalCLM

Know Your your labour Laws; Understanding Gratuity Entitlements & Compliance Under Zambia’s Employment Code Act, 2019🇿🇲 The Employment Code Act No. 3 of 2019 introduced key reforms to Zambia’s labor laws, with mandatory gratuity payments for employees on fixed-term contracts being one of the most impactful provisions. Yet, many businesses and employees remain unaware of their obligations and rights under this law. Are you in compliance? 🔹 What does the law say? Section 73 of the Act states that employees engaged on fixed-term contracts exceeding 12 months are entitled to a gratuity payment of at least 25% of their total basic pay earned during the contract period. This entitlement applies whether or not the contract is renewed and must be paid within one month of contract expiration. 🔹 Compliance Matters: What Employers Must Do Failure to comply with gratuity provisions can result in legal penalties, financial liabilities, and reputational risks. Here’s how employers can ensure compliance: 🔹Review Contracts: Ensure all fixed-term contracts clearly state the gratuity entitlement. 🔹Budget Accordingly: Gratuity obligations should be accounted for in financial planning to avoid last-minute challenges. 🔹Timely Payouts: Payments must be processed within the legally required timeframe to avoid disputes or legal action. 🔹 HR & Payroll Integration: HR teams must align employment contracts and payroll systems with the Act’s requirements. For Employees; 🔹Check Your Contract: Ensure your employment contract reflects gratuity provisions if you’re on a fixed-term agreement. 🔹Stay Informed: Awareness of your rights helps in ensuring fair treatment in the workplace. 🔹Seek Redress If Needed: If gratuity is not paid as required, employees have the right to seek legal recourse. The Bigger Picture: Building a Culture of Compliance Beyond legal requirements, adhering to labor laws promotes trust, employee satisfaction, and a fair work environment. Compliance is about creating ethical, transparent, and sustainable workplaces. Have you encountered challenges or best practices in handling gratuity payments? Share your insights in the comments!

RFI. RFP. RFQ. Most people use them interchangeably. Big mistake. Each serves a different purpose in telecom procurement. Here's when to use which: 📋 1. RFI (Request for Information) When: You're exploring options, don't know what's available Purpose: Market research, vendor discovery Questions: → What solutions exist for network slicing? → Who are the O-RAN RIC vendors? → What's the latest in AI-powered optimization? No commitment. Just learning. Telecom example: "We're considering O-RAN. Send us information on your solutions, deployments, and capabilities." Output: Vendor brochures, case studies, capabilities 💼 2. RFP (Request for Proposal) When: You know what you need, want detailed solutions Purpose: Evaluate vendor approaches and pricing You provide: → Detailed requirements (100+ pages) → Network specifications → SLAs expected → Timeline, budget range Vendors provide: → Technical solution design → Implementation plan → Pricing (detailed) → References Telecom example: "Deploy 5G SA network across 10 cities. 5,000 sites. Submit complete proposal." Output: Full proposals (200-500 pages each) This is where vendors compete. 💰 3. RFQ (Request for Quotation) When: You know EXACTLY what you want, just need pricing Purpose: Price comparison for defined specs You provide: → Exact specifications → Part numbers → Quantities → Delivery terms Vendors provide: → Price quote → Delivery timeline → Payment terms Telecom example: "We need 500 units of Nokia AirScale 64T64R. Quote us." Output: Price sheets No technical proposals needed. 🎯 THE PROCUREMENT FLOW: Phase 1: RFI (What's out there?) → 10-15 vendors respond Phase 2: RFP (Show us your solution) → Shortlist to 3-5 vendors → 3-6 months evaluation Phase 3: RFQ (Final pricing) → Final 2 vendors → Price negotiation Then: Award contract ⚠️ COMMON MISTAKES: ❌ Sending RFP when you need RFI (wastes everyone's time) ❌ Sending RFI when you need RFQ (delays project) ❌ Skipping RFI (miss better alternatives) THE BOTTOM LINE: RFI = Learning RFP = Competing RFQ = Pricing Use the right tool for the right stage. Your procurement team will thank you. Dealt with these? → 📝 Vendor or operator side? → 😅 Seen RFP nightmares? → 💡 Pro tips? Share below 👇 Join my Free 5G/6G Learning Free whatsapp Channel : https://lnkd.in/gerTY-kr ♻️ Repost this to help your network get started ➕ Follow Nitin Gupta for more

Your contract ended. Your risk didn’t. Know how? There’s a thing called "Post-Termination" obligations. For bigger projects, risks remain even after the project ends. And this is what many new founders overlook. Normally, contracts end. But does your confidentiality obligation end with them? What about: • Indemnity? • IP rights? Most people assume these protections stick around. They don’t. Not unless you make it clear with a survival clause. The most common situation I can share with you is this: Imagine you’re a software developer. You just wrapped up a big project for a fintech client. The contract ends. Two months later, you discover: • They’re leaking sensitive code you shared. • You demand action. Their lawyer points to a loophole: • “No survival clause.” • “Your confidentiality obligation ended when the contract did.” Now your hands are tied. This isn’t hypothetical. It happens. Why? Because people underestimate what happens after a contract ends. So there's two risks you have to look out for: 1. Loss of Protection Without a survival clause, your confidentiality agreement vanishes with the contract. 2. IP Disputes Failing to extend IP rights can leave you fighting for control over your own work. But how can you get it right? Two main ways I suggest are. a) Identify Key Clauses Confidentiality, IP rights, liability, and indemnity are usually critical. b) Specify a Duration Confidentiality for 5 years? Indemnity forever? Be precise. So remember that contracts end. Risks don’t. A survival clause keeps your most important protections alive. Even when the contract is long gone. —— 📌 If you need Contracts that consider the risks that carry over after a Contract ends, then DM me "CONTRACT".

It’s not the product that slows enterprise deals. It’s the paper. I’ve seen it dozens of times. Sales thinks they’re moving at lightning speed, engineering has delivered, the product is flawless… and then legal hands over a contract, and the momentum stalls. One GC confided to me, “I know our terms are fair, but every redline feels like a test of my integrity.” The fear is subtle but real: “If I show the contract too early, buyers will think we’re rigid. If I bend, I’m opening the door to risk.” Here’s the tactical insight most teams overlook: contracts are leverage, not obstacles. Turn your paper into a revenue tool by making it visible, pre-validated, and trust-building. Independently certified clauses, clear structure, and benchmarked terms don’t just protect—they accelerate decision-making, reduce back-and-forth, and give sales a defensible story to close faster. Three concrete steps: 1. Pre-certify or audit core terms so buyers see fairness before the first negotiation. 2. Highlight market-aligned clauses to turn “legal friction” into proof of professionalism. 3. Make the contract a selling asset—use insights from clause analysis to show buyers how your terms compare to peers. How are you turning the paper in your deals from a bottleneck into a speed lever? -------- Olga V. Mack Building trust and creating new categories at the intersection of contract intelligence, commerce, and AI. Let’s shape the future together.

𝐃𝐏𝐃𝐏 𝐀𝐜𝐭 𝐃𝐞𝐜𝐨𝐝𝐞𝐝 | 𝐂𝐥𝐮𝐬𝐭𝐞𝐫 4: 𝐎𝐛𝐥𝐢𝐠𝐚𝐭𝐢𝐨𝐧𝐬 𝐨𝐟 𝐃𝐚𝐭𝐚 𝐅𝐢𝐝𝐮𝐜𝐢𝐚𝐫𝐢𝐞𝐬 𝐚𝐧𝐝 𝐏𝐫𝐨𝐜𝐞𝐬𝐬𝐨𝐫𝐬 Once processing is lawful, what must a Data Fiduciary actually do — and what happens when things go wrong? • What does non-delegable responsibility mean for your outsourcing architecture? • When does data quality become a legal requirement, not a best practice? • What security safeguards does Rule 6 actually mandate? • How do retention and erasure work when multiple laws pull in different directions? • And what must your breach response, processor contracts, and grievance mechanisms look like to survive Board scrutiny? Cluster 4 of my DPDP Act Decoded series answers these across ten posts, covering: • Why outsourcing does not outsource responsibility under Section 8(1) • When data quality is a legal obligation, not a perfection standard • What "appropriate technical and organisational measures" mean for a mid-sized company • How "reasonable" security safeguards are now defined by Rule 6 • Why a personal data breach is not limited to external attacks • How retention, purpose limitation, and mandated erasure actually work • What a "valid contract" with a Data Processor must cover • Why publishing DPO/contact details is a compliance function, not a checkbox • How to build effective grievance redressal without overbuilding • Why lifecycle mapping — not document mapping — is where compliance becomes real I've compiled these posts, along with custom infographics, into a single practitioner note for reference and internal circulation. If Cluster 3 tells you how to establish a lawful basis, this cluster tells you what obligations attach to it. Read it before designing security controls, processor contracts, or breach response playbooks. If you find this useful for your team, I'd appreciate a share — this series is meant to reach the people building DPDP programmes, not just reading about them. (Links to the individual posts and earlier clusters are in the comments.) #DPDP #DPDPAct #DPDPA #DataProtection #PrivacyLaw #Compliance #DataPrivacy #CyberSecurity #IndiaLaw