--- name: contract-redliner description: Contract review, redlining, and negotiation support with clause analysis, risk identification, and markup templates. Use when reviewing contracts, identifying unfavorable terms, suggesting amendments, or preparing negotiation positions. --- # Contract Redliner Systematic contract review methodology with clause-by-clause analysis, risk scoring, redline markup, and negotiation strategy for commercial agreements. ## Contract Review Methodology ### Systematic Review Process ``` PHASE 1: TRIAGE (5 minutes) - Identify contract type (SaaS, services, licensing, employment, NDA) - Determine your party's position (buyer/seller, licensor/licensee) - Note contract value and term - Flag overall risk level for appropriate review depth PHASE 2: STRUCTURAL SCAN (10 minutes) - Verify all standard sections present - Check for missing critical clauses - Note any unusual structure or ordering - Identify exhibits, schedules, and SOWs PHASE 3: CLAUSE-BY-CLAUSE REVIEW (bulk of time) - Review each clause against standard/market terms - Score risk level per clause - Draft redline markup for non-standard terms - Note clauses requiring business input PHASE 4: RISK SUMMARY AND REDLINE (10 minutes) - Compile risk register - Prioritize redlines (must-have vs nice-to-have) - Draft negotiation talking points - Prepare executive summary ``` ### Review Depth by Contract Value | Contract Value | Review Depth | Reviewer Level | Turnaround | |---------------|-------------|---------------|------------| | < $25K | Light scan, template comparison | Paralegal / Junior | 1-2 days | | $25K - $250K | Standard clause review | Associate | 3-5 days | | $250K - $1M | Deep review with risk memo | Senior Associate | 5-7 days | | $1M - $10M | Full review + negotiation strategy | Senior Attorney | 7-14 days | | > $10M | Multi-lawyer review + specialist input | Partner-led team | 14-30 days | ## Common Clause Types ### Standard vs Non-Standard Terms | Clause | Standard/Market | Watch For | |--------|----------------|-----------| | **Term** | 1-3 years with auto-renewal | Evergreen with difficult termination | | **Termination for Convenience** | 30-90 days notice | No convenience termination right | | **Limitation of Liability** | Cap at 12 months fees paid | Uncapped liability, one-sided | | **Indemnification** | Mutual, limited to IP and breach | Unlimited, one-sided, broad triggers | | **Confidentiality** | 2-5 year survival, mutual | Perpetual, asymmetric obligations | | **IP Ownership** | Each party retains pre-existing IP | Broad assignment of derivative works | | **Warranty** | Industry-standard warranties | Excessive warranties or broad disclaimers | | **Data Protection** | DPA aligned with applicable law | No DPA, weak data obligations | | **Force Majeure** | Mutual, covers standard events | One-sided, too broad or too narrow | | **Governing Law** | Counterparty's or neutral jurisdiction | Inconvenient or unfavorable forum | ## Risk Identification Framework ### Risk Categories ``` LEGAL RISK: - Uncapped liability exposure - Broad indemnification obligations - Unfavorable dispute resolution - Non-compliant data handling terms - IP ownership ambiguity FINANCIAL RISK: - Unfavorable payment terms (net 90+, prepayment) - Auto-renewal with price escalation - Penalties and liquidated damages - Hidden fees or pass-through costs - No cap on expense reimbursement OPERATIONAL RISK: - Unrealistic SLA commitments - Exclusivity or non-compete restrictions - Key person dependencies without backup - Audit rights without reasonable limitations - Change control process gaps REPUTATIONAL RISK: - Press release or reference rights - Non-disparagement clauses (asymmetric) - Association with controversial terms - Public disclosure of agreement terms ``` ### Risk Scoring Matrix ``` RISK SCORE = LIKELIHOOD (1-5) x IMPACT (1-5) Impact Scale: 1 = Negligible (< $10K exposure) 2 = Minor ($10K - $100K exposure) 3 = Moderate ($100K - $1M exposure) 4 = Major ($1M - $10M exposure) 5 = Critical (> $10M or existential risk) Likelihood Scale: 1 = Rare (< 5% probability) 2 = Unlikely (5-20%) 3 = Possible (20-50%) 4 = Likely (50-80%) 5 = Almost Certain (> 80%) RISK RESPONSE: 20-25: CRITICAL - Must negotiate before signing 12-19: HIGH - Strong redline, escalate if rejected 6-11: MEDIUM - Request change, may accept with mitigation 1-5: LOW - Note for record, accept if needed ``` ## Key Clauses: Deep Analysis ### Limitation of Liability ``` STANDARD MARKET TERM: "Each party's aggregate liability shall not exceed the total fees paid or payable in the 12 months preceding the claim." COMMON CARVE-OUTS FROM CAP (typically unlimited): - IP infringement indemnification - Breach of confidentiality - Gross negligence or willful misconduct - Data breach obligations - Payment obligations RED FLAGS: - No liability cap at all - Cap set at contract value (too high for vendor) - No carve-outs for data breach or IP infringement - Consequential damages excluded for only one party - "Super cap" carve-outs that effectively eliminate the cap REDLINE POSITIONS: Conservative: Cap at 12 months fees, mutual carve-outs Moderate: Cap at contract value, reasonable carve-outs Aggressive: Lower cap (6 months), broad exclusions of damages ``` ### Indemnification ``` ANATOMY OF INDEMNIFICATION CLAUSE: TRIGGER: "Party A shall indemnify Party B against claims arising from..." - IP infringement by Party A's deliverables - Breach of representations and warranties - Gross negligence or willful misconduct - Violation of applicable law PROCEDURE: - Prompt written notice requirement - Control of defense (indemnifying party typically controls) - Cooperation obligations - Settlement approval rights - Mitigation obligations RED FLAGS: - Indemnification for "any and all claims" (too broad) - No notice requirement or short notice window - Indemnified party controls defense at indemnitor's expense - No right to approve settlements - Indemnification survives indefinitely REDLINE POSITIONS: Standard: Mutual indemnification for IP, breach, negligence Protective: Add reasonable notice period, defense control, settlement consent Aggressive: Narrow triggers, cap indemnification at liability cap ``` ### Termination ``` TERMINATION PROVISIONS: FOR CAUSE: - Material breach with cure period (30-60 days standard) - Insolvency or bankruptcy filing - Change of control (sometimes) - Failure to meet SLAs (after remediation period) FOR CONVENIENCE: - Written notice period (30-90 days standard) - Pro-rata refund of prepaid fees - Wind-down obligations - Transition assistance POST-TERMINATION: - Return or destruction of confidential information - Data export / transition period - Survival of certain clauses - Final invoicing and payment RED FLAGS: - No termination for convenience right - Immediate termination without cure period - No refund of prepaid fees on termination - Excessive termination penalties - No transition assistance period - Automatic destruction of your data ``` ### Intellectual Property ``` OWNERSHIP FRAMEWORK: BACKGROUND IP: Each party retains ownership of pre-existing IP License granted only as needed to perform under agreement FOREGROUND IP (work product): - "Work made for hire" vs assignment vs license - Who owns custom developments? - Joint ownership provisions - Rights to derivative works RED FLAGS: - Vendor retains ownership of all custom work - Broad license to use customer data/content - "Work for hire" language without proper assignment - No license back for vendor's tools/methodologies - Vague "improvements" ownership - Restrictions on using competitive products REDLINE POSITIONS: Customer-favorable: Customer owns all custom deliverables Balanced: Customer owns custom; vendor retains tools/methodologies with license Vendor-favorable: Vendor retains all IP, customer gets license ``` ### Data Protection ``` DATA PROTECTION CLAUSE ESSENTIALS: MUST INCLUDE: - Definition of personal data and processing activities - Roles (controller vs processor) - Processing instructions and limitations - Sub-processor management (notice, approval) - Security measures (technical and organizational) - Breach notification (timing, content) - Data subject rights assistance - Audit rights - Data return/deletion on termination - Cross-border transfer mechanisms (SCCs, adequacy) RED FLAGS: - No Data Processing Agreement (DPA) at all - DPA not GDPR/CCPA compliant - Unrestricted sub-processor appointment - No breach notification obligation - No data deletion on termination - Broad rights to use customer data - Missing cross-border transfer safeguards ``` ## Industry-Specific Patterns ### SaaS Agreements | Clause | Typical Terms | Negotiate For | |--------|-------------|---------------| | **SLA** | 99.9% uptime, credits only | Meaningful credits or termination right | | **Data** | Vendor stores, customer owns | Clear data portability, export rights | | **Security** | SOC 2, encryption | Pen testing rights, breach notification SLA | | **Pricing** | Annual increase caps | CPI cap, multi-year lock, volume discounts | | **Integration** | API access included | API SLA, backward compatibility commitment | ### Professional Services Agreements | Clause | Typical Terms | Negotiate For | |--------|-------------|---------------| | **Scope** | SOW-defined | Clear change order process, rate locks | | **Staffing** | Vendor discretion | Key person clause, replacement approval | | **IP** | Vendor retains | Customer owns custom deliverables | | **Acceptance** | Deemed accepted after X days | Explicit acceptance criteria, UAT period | | **Non-Solicitation** | Mutual, 12 months | Narrower scope, hire fee alternative | ### Software Licensing | Clause | Typical Terms | Negotiate For | |--------|-------------|---------------| | **Grant** | Named user / concurrent | True-up flexibility, audit notice period | | **Restrictions** | No reverse engineering, etc. | Reasonable use, interoperability rights | | **Maintenance** | 18-22% annually | Multi-year cap, service level for patches | | **Audit** | Annual, at licensor's discretion | Reasonable notice (30+ days), cure period | | **Escrow** | Not standard | Source code escrow for mission-critical | ## Redline Notation Conventions ``` MARKUP FORMAT: [ADDITION] = New language to add (shown in brackets) [DELETION] = Language to remove (strikethrough in Word) [MODIFICATION] = Changed language (tracked change) COMMENT NOTATION: [MUST-HAVE] - Non-negotiable position [STRONG PREFERENCE] - Strongly prefer this change [NICE-TO-HAVE] - Would improve terms, but can concede [BUSINESS INPUT NEEDED] - Requires business team decision [LEGAL RISK] - Flagged for legal review PRIORITY CODING: P1: Must resolve before signing (deal-breaker if rejected) P2: Strong preference, expect to negotiate P3: Opening position, prepared to concede P4: Cosmetic or clarification only ``` ## Negotiation Strategy ### Leverage Analysis ``` ASSESS YOUR LEVERAGE: HIGH LEVERAGE (you have options): - Multiple competing vendors - Large deal value relative to vendor revenue - Long-term commitment being offered - Strategic account for vendor - Vendor initiated the deal LOW LEVERAGE (they have options): - Sole-source / no alternatives - Small deal value - Short-term engagement - Commodity service - You initiated / urgently need solution LEVERAGE TACTICS: High leverage: Lead with must-haves, concede P3s as goodwill Balanced: Trade concessions (give on term, get on liability cap) Low leverage: Focus on P1s only, accept standard terms elsewhere ``` ### Negotiation Playbook ``` ROUND 1: INITIAL REDLINE - Include all P1, P2, and P3 positions - Provide brief rationale for each change - Set professional, collaborative tone ROUND 2: RESPONSE TO COUNTER - Accept reasonable P3 counter-positions - Hold firm on P1 items with explanation - Propose compromise language on P2 items - Identify trade opportunities ROUND 3: FINAL POSITIONS - Resolve remaining P1 and P2 items - Escalate unresolved P1 items to business sponsors - Document any agreed exceptions - Prepare final execution version DEADLOCK RESOLUTION: - Suggest alternative language that addresses both concerns - Propose risk mitigation (insurance, escrow, guarantees) - Escalate to executive sponsors - Consider side letter for sensitive terms - Walk away if P1 items cannot be resolved ``` ## Risk Register Template ``` RISK REGISTER: | # | Clause | Section | Risk Level | Issue | Redline Position | Priority | |---|--------|---------|-----------|-------|-----------------|----------| | 1 | Liability Cap | 8.1 | HIGH | Uncapped liability | Cap at 12 mo fees | P1 | | 2 | Indemnification | 9.2 | HIGH | One-sided | Add mutual indemnity | P1 | | 3 | Data Protection | 11 | HIGH | No DPA | Add GDPR-compliant DPA | P1 | | 4 | Termination | 6.2 | MEDIUM | No convenience right | Add 90-day notice | P2 | | 5 | IP Ownership | 10.1 | MEDIUM | Vendor retains custom | Customer owns custom | P2 | | 6 | Auto-Renewal | 6.1 | LOW | 60-day notice | Extend to 90 days | P3 | EXECUTIVE SUMMARY: Total clauses reviewed: ___ Critical risks identified: ___ High risks identified: ___ Must-negotiate items: ___ Estimated negotiation rounds: ___ Recommendation: Proceed / Proceed with changes / Do not proceed ``` ## Pre-Signature Checklist ``` FINAL REVIEW: PARTIES AND EXECUTION: - [ ] Legal entity names correct and complete - [ ] Signatories have authority - [ ] Effective date specified - [ ] All exhibits and schedules attached - [ ] All blanks filled in (no TBDs remaining) COMMERCIAL TERMS: - [ ] Pricing matches proposal/negotiation - [ ] Payment terms acceptable - [ ] Term and renewal provisions clear - [ ] SLAs and metrics defined LEGAL PROTECTIONS: - [ ] Liability cap in place - [ ] Indemnification is mutual - [ ] Termination rights adequate - [ ] IP ownership clear - [ ] Confidentiality provisions mutual COMPLIANCE: - [ ] Data protection addendum attached (if personal data) - [ ] Governing law and jurisdiction reviewed - [ ] Insurance requirements reviewed - [ ] Regulatory compliance addressed - [ ] Export control provisions (if applicable) INTERNAL APPROVALS: - [ ] Legal approval obtained - [ ] Finance/procurement approval obtained - [ ] Business owner approval obtained - [ ] Any required board/executive approval obtained ``` ## See Also - [Legal Compliance](../legal-compliance/SKILL.md) - [Fortune 50 Risk Management](../fortune50-risk-management/SKILL.md)