← All posts

What to Do When a Vendor Sends a Non-Standard Contract

July 5, 2026

A vendor sends over their own agreement instead of signing yours, and the document that lands in your inbox looks nothing like the contract your legal team expects to review. This happens more often than most finance and procurement teams expect, especially with smaller or niche vendors who have no incentive to accept anyone else's paper. The right response is not to sign it as-is and not to reject it outright: it's a structured review process that most mid-market teams don't have in place.

Why vendors push their own paper instead of yours

Every vendor with in-house counsel or a template from a law firm has an incentive to keep every deal on that same document. A vendor's own paper is drafted entirely in their favor: liability caps set as low as possible, indemnification obligations pushed onto the customer, and renewal and amendment terms that require minimal ongoing effort from the vendor's side. Getting a new customer to sign existing paper is also faster and cheaper for the vendor than negotiating a bespoke agreement, so smaller vendors and category-specific tools will often default to sending their own document rather than accepting your master service agreement (MSA).

Size drives leverage here more than almost anything else. A vendor with thousands of customers and a standard onboarding flow has little reason to deviate from its own template for a mid-market account worth tens of thousands of dollars a year. A vendor competing hard for your business has more reason to negotiate. Knowing which situation you're in changes how much time is worth spending on redlines.

What "non-standard" usually means in practice

A non-standard contract isn't necessarily a bad one. Plenty of vendor paper is reasonable. The term matters because the document hasn't been through your organization's playbook, so none of the assumptions your legal or finance team normally relies on can be taken for granted. The clauses most likely to differ from your standard paper, and most likely to shift risk onto you, are:

  • Liability caps set below the standard 12 months of fees paid. Some vendor paper caps liability at a single month's fees, or excludes data breaches and confidentiality failures from the cap entirely, capping the vendor's exposure but leaving yours uncapped.
  • Asymmetric indemnification. Vendor paper frequently requires the customer to indemnify the vendor broadly, while the vendor's indemnification of the customer is narrow or limited to a small IP infringement carve-out.
  • Unilateral amendment rights. Some vendor templates reserve the right to change pricing, features, or terms with only email notice, taking effect automatically unless the customer objects within a short window.
  • Auto-renewal with a short notice window. Vendor-drafted paper tends to set notice windows on the shorter end, and some documents bury the exact notice date in a schedule or exhibit.
  • Warranty disclaimers broader than your standard. "As-is" language with no uptime or performance warranty is common, even when the vendor's own marketing promises specific service levels.
  • Assignment and change-of-control silence. Vendor paper is frequently silent on what happens if the vendor is acquired, meaning the agreement transfers automatically to a new owner with no exit right for the customer.
  • Governing law and venue set far from your jurisdiction. This raises the practical cost of any future dispute, since litigating in the vendor's home jurisdiction is materially more expensive than doing so in your own.

None of these are unusual individually. The risk is in how many of them appear together, and whether any single one is severe enough to be a deal-breaker regardless of the rest of the document.

A five-step framework for reviewing a vendor's paper

Step 1: Triage by deal size and risk before you read a single clause. A contract worth $8,000 a year for a low-risk tool that touches no sensitive data does not need the same scrutiny as a $150,000 agreement for a system storing customer financial records. A reasonable rule for mid-market teams: contracts under $25,000 annually get a 30-minute check against a short list of must-fix clauses; contracts above that threshold get a full review against your standard checklist.

Step 2: Run the document against a fixed checklist, not a full read-through. Reading a 25-page agreement top to bottom without a target is slow and inconsistent between reviewers. Search for the seven clause categories listed above, plus payment terms, termination rights, and data ownership. A checklist review of a contract under 30 pages takes most reviewers 45 minutes to two hours once they know what to look for.

Step 3: Sort every flagged clause into one of three buckets. Must-fix items create unacceptable exposure regardless of deal size: uncapped indemnification, no data breach carve-out from the liability cap, or unilateral amendment rights with no customer exit right. Negotiate items are worth pushing on but not worth losing the deal over: a 90-day auto-renewal notice you'd prefer at 60 days, or a 10 percent escalation cap you'd prefer at 5 percent. Accept items differ from your standard paper but carry low practical risk given the deal size.

Step 4: Consolidate every requested change into a single redline pass. Sending a vendor several rounds of separate edits as issues surface slows the deal and signals disorganization. Industry benchmarking on commercial contract negotiation consistently finds typical agreements go through three to five rounds of redlines before signature, and each additional round adds days to weeks. Front-loading your full set of requested changes into one document, ranked from must-fix to nice-to-have, is the single most effective way to compress that cycle.

Step 5: Escalate deal-breakers early, not after everything else is settled. If a must-fix item is unlikely to be resolved, for example a vendor who flatly refuses to cap indemnification, that conversation needs to happen before your team spends more time negotiating price or minor terms. Escalating early gives the business time to evaluate alternatives if the vendor won't move, rather than discovering a walk-away issue during what was supposed to be final signature.

A worked example

A 140-person professional services firm evaluates an HR analytics platform priced at $42,000 per year. The vendor, a smaller company competing against two much larger incumbents, sends its own order form and terms of service rather than accepting the buyer's standard MSA. On review, three issues surface: the liability cap is set at three months of fees rather than twelve, there is no carve-out for data breaches given that the platform processes compensation and performance data, and the auto-renewal notice window is 30 days, buried in an exhibit.

The buyer's procurement lead sorts these into buckets: the liability cap and missing data breach carve-out go into must-fix, given the sensitivity of the data involved, and the 30-day notice window goes into negotiate, with a request for 60 days plus a required renewal reminder. All three requests go back to the vendor in a single redline. Because the vendor is competing hard for the deal and the requests are consolidated rather than trickling in over multiple rounds, the vendor's counsel turns around a revised draft in four business days, accepting the liability cap change and the data breach carve-out, and settling on a 45-day notice window with a required reminder as a middle position. Total time from first redline to signature: eleven days, well under the five-to-ten-week range industry benchmarks report for medium-complexity negotiations overall.

When to push back and when to let it go

Not every non-standard term is worth a fight, and treating every deviation as a must-fix item burns negotiating capital and slows deals that don't need to be slow. Three factors should drive the decision on any given clause: the dollar value at risk if the clause is triggered, the probability the clause is actually invoked over the life of the contract, and the vendor's demonstrated willingness to negotiate at all.

A liability cap set at three months of fees on a $10,000 annual contract for a low-risk scheduling tool is a low-value fight: the exposure difference between a three-month and twelve-month cap is a few thousand dollars, and the tool doesn't touch data that would generate outsized claims. The same clause on a $180,000 contract for a platform processing customer payment data is a different calculation, because the realistic cost of a breach event is measured in the hundreds of thousands or millions, not thousands.

Vendor size and competitive position matter just as much as the dollar figures. A vendor with no serious competitor and thousands of existing customers on the same paper has little incentive to carve out an exception for a single mid-market account, and pushing hard on cosmetic terms with that kind of vendor mostly wastes time. A vendor actively competing for the deal is far more likely to move on real requests.

How long this actually takes

Mid-market teams without a review process tend to badly underestimate how much a vendor's non-standard paper adds to the deal cycle. Industry data on commercial contract negotiation gives a useful baseline: typical agreements go through three to five rounds of redlines, and medium-complexity contracts average seven to ten weeks from first draft to signature across the full population of organizations surveyed. Top-quartile organizations, meaning those with a defined review process and consolidated redlining, close the same category of contract in roughly five weeks. Bottom-quartile organizations, typically those without a fixed checklist or clear escalation path, take close to sixteen weeks for contracts of similar complexity. That gap is rarely about the vendor being unusually difficult: it's about whether the buyer's side has a fixed process for triaging risk and consolidating requested changes into a single round.

Questions to ask before you sign

  • Does the liability cap exclude data breaches, confidentiality failures, or IP infringement from the general cap, and if so, at what level?
  • Can the vendor amend pricing, features, or terms unilaterally, and if so, what notice period applies and does the customer have a corresponding right to terminate without penalty?
  • What is the exact auto-renewal notice date, calculated from the contract's actual anniversary, and is the vendor obligated to send any reminder before that date?
  • What happens to this agreement, and to the data covered by it, if the vendor is acquired or ceases operations?
  • Is the governing law and venue set somewhere that would make a future dispute meaningfully more expensive to pursue than your home jurisdiction?
  • Does the indemnification obligation run only one way, and if so, is that asymmetry justified by the actual risk each party is taking on?

Frequently asked questions

Is it normal for a vendor to refuse to sign our standard MSA?

Yes, particularly for smaller vendors, category-specific point solutions, and any vendor whose internal processes are built around a single template. Refusal to use your paper is not itself a red flag. What matters is whether the vendor's own document contains the specific risk-shifting terms outlined above, and whether the vendor is willing to negotiate those terms even while keeping their document as the base.

How long should a review of a vendor's non-standard contract take?

For a contract under 30 pages, a checklist-based review takes most reviewers 45 minutes to two hours once they know what to look for. Full negotiation to signature typically runs one to three weeks for a well-run process and can extend to seven to ten weeks or longer without a consolidated approach, based on industry benchmarking of medium-complexity commercial contracts.

What is the biggest red flag in a vendor's own contract paper?

A liability cap that excludes data breach and confidentiality claims from its general limit, combined with broad, one-way indemnification running from customer to vendor. Individually, either term appears in a meaningful share of vendor-drafted agreements. Together, on a contract involving sensitive data, they leave the customer effectively uncapped while the vendor's own liability stays capped at a small multiple of fees paid.

Should we ever just accept a vendor's non-standard terms without negotiating?

For low-value, low-risk contracts, yes. Spending two weeks negotiating a $6,000 annual tool that touches no sensitive data and carries no meaningful liability exposure is a poor use of procurement and legal time. Reserve full negotiation effort for contracts above your organization's risk threshold, typically set based on annual contract value, data sensitivity, or operational dependency, and apply a lighter, faster check to everything below it.

How many rounds of redlines should we expect before a vendor contract is signed?

Industry surveys of commercial contract negotiation put the typical range at three to five rounds. Consolidating your organization's full list of requested changes into a single, prioritized redline rather than sending issues as they're discovered is the most reliable way to stay at the lower end of that range, since each additional round adds turnaround time on both the vendor and buyer side.

Related Articles

No items found.

Procr

Stop renewing blind.

See what Procr does with your real vendor portfolio.

Book a demo →