Every B2B contract has roughly twelve clauses that determine whether the relationship works. The other 90% of the document is boilerplate. Knowing which twelve to read carefully — and what good vs. toxic looks like for each — is the difference between a fast review and a six-month renegotiation. Here are the twelve, in the order they typically appear.
1. Term and renewal
Watch for: auto-renewal clauses with notice windows shorter than 60 days. Good practice: explicit renewal opt-in, or notice window ≥ 90 days. AI contract review surfaces auto-renewals on every scan because they are the single most-missed clause in B2B procurement.
2. Pricing structure & escalators
Watch for: "at our sole discretion" language on year-2 pricing, or escalators tied to CPI without a cap. Good practice: capped annual increase (e.g. lesser of CPI or 5%).
3. Termination for convenience
Watch for: termination rights that exist only for the vendor. Good practice: mutual termination-for-convenience with a notice period proportional to the contract length.
4. Liability cap
Watch for: liability caps under 1× annual contract value, or carve-outs that swallow the cap. Good practice: 1×–2× annual fees minimum, with breaches of confidentiality / IP indemnity / gross negligence explicitly outside the cap.
5. Indemnification
Watch for: one-way indemnification clauses, or IP indemnification limited to "fees paid in the prior 12 months". Good practice: mutual indemnification with full defence and settlement obligations on the indemnifying party.
6. Data processing / DPA
Watch for: missing or boilerplate Data Processing Agreement, vague sub-processor language, no breach notification SLA. Good practice: a signed DPA referencing the controller-processor relationship, listing sub-processors, with breach notification within 72 hours.
7. Service Level Agreement (SLA)
Discussed in detail in our SLA comparison checklist. The contract version should reference the SLA exhibit, include the penalty calculation, and define how credits are claimed.
8. Security & compliance commitments
Watch for: "industry-standard security" with no concrete certifications. Good practice: explicit list of certifications (SOC2 Type II, ISO 27001, GDPR, HIPAA as applicable) with annual audit obligations and a right for the customer to review reports.
9. Data ownership and portability
Watch for: ambiguous data ownership, no portability obligation on termination. Good practice: customer owns all data, vendor commits to providing exports in a documented format within 30 days of termination.
10. Governing law and dispute resolution
Watch for: governing law in a jurisdiction inconvenient to you, mandatory binding arbitration in a forum that favours the vendor. Good practice: neutral jurisdiction, optional arbitration, or jurisdiction in the customer's home territory.
11. Confidentiality / non-disclosure
Watch for: overly broad confidentiality definitions that capture aggregated metrics, or non-disclosure terms that survive termination indefinitely. Good practice: reciprocal confidentiality, mutual return-of-materials on termination, expiry after 3-5 years.
12. Change-control / amendments
Watch for: unilateral amendment rights ("we may update these terms at any time"). Good practice: amendments require mutual written agreement.
How AI contract review fits
An AI contract review tool doesn't replace legal counsel — it makes counsel's job 4× faster. The AI extracts each of the twelve clauses from the document, normalises the language across vendors when you're comparing multiple contracts, and flags the toxic patterns above. Your legal review then focuses on the 10-15% where judgement matters.