条款风险优先级矩阵 Clause Priority Matrix
判断在有限协商时间下应重点关注哪些条款 Which clauses deserve your negotiation focus with limited bandwidth
必须争取 (Q1)
Must Fight (Q1)
条款 1, 2, 4, 10, 15
Clauses 1, 2, 4, 10, 15
数据/IP/赔偿/责任/终止
重点关注 (Q2)
Important (Q2)
条款 3, 5, 6, 12, 8
Clauses 3, 5, 6, 12, 8
保证/治理/安全/合规/锁定
可选关注 (Q3)
Discretionary (Q3)
条款 7, 11, 13, 14
Clauses 7, 11, 13, 14
SLA/变更/保密/争议
持续监控 (Q4)
Monitor (Q4)
条款 9
Clause 9
定价与费用
15大条款总览表 15 Clauses Overview
| ## | 条款Clause | 关键风险Key Risk | 风险级Level | 优先级Priority |
|---|---|---|---|---|
| 1 | 数据权利Data Rights | 供应商不限制用途使用客户数据训练Supplier unlimited data use for training | 高HIGH | 必须争取Must Fight |
| 2 | IP归属IP Ownership | AI输出版权不确定性与交叉污染AI output copyright uncertainty & cross-contamination | 高HIGH | 必须争取Must Fight |
| 3 | AI保证AI Warranties | 幻觉问题无准确性保证Hallucinations with no accuracy warranties | 高HIGH | 重点关注Important |
| 4 | 赔偿保护Indemnification | AI内容侵权不在赔偿范围AI output infringement excluded from indemnity | 高HIGH | 必须争取Must Fight |
| 5 | 模型治理Model Governance | 供应商随意更新模型行为Supplier arbitrary model updates | 高HIGH | 重点关注Important |
| 6 | 安全保护Security | 数据泄露通知延迟、子处理器覆盖不足Breach notification delays, sub-processor gaps | 高HIGH | 重点关注Important |
| 7 | SLA与可用性SLA & Availability | 延迟高于阈值等同宕机High latency equivalent to downtime | 中MED | 可选关注Discretionary |
| 8 | 供应商锁定Vendor Lock-in | 提示词与微调模型无所有权No ownership of prompts & fine-tuned models | 高HIGH | 重点关注Important |
| 9 | 定价调整Pricing | 供应商单方涨价无上限Unilateral price increases | 中MED | 持续监控Monitor |
| 10 | 责任限制Liability | 责任帽过低、相互豁免间接损失Low liability cap, mutual waiver of indirect damages | 高HIGH | 必须争取Must Fight |
| 11 | 变更管理Change Management | 供应商单方变更未尽通知义务Supplier unilateral changes with inadequate notice | 中MED | 可选关注Discretionary |
| 12 | 监管合规Compliance | 供应商推脱合规责任、成本分担不明Supplier pass-through of compliance burden | 高HIGH | 重点关注Important |
| 13 | 保密隔离Confidentiality | 提示词与模型记忆泄露风险Prompt injection & model memory leaks | 中MED | 可选关注Discretionary |
| 14 | 争议解决Dispute Resolution | 美国单方选择法律与仲裁地US-centric jurisdiction & arbitration | 中MED | 可选关注Discretionary |
| 15 | 终止与迁出Termination & Exit | 供应商广泛单方终止权、客户被困Broad supplier termination rights, customer trapped | 高HIGH | 必须争取Must Fight |
高风险High Risk
条款1 · 数据权利与所有权Clause 1 · Data Rights & Ownership
最根本的条款。企业将数据输入AI时,供应商标准条款通常赋予其"改进服务"的广泛数据使用权。这意味着你的商业机密、客户数据、产品策略等可能被用于训练通用模型,最终供应商的所有客户都将从你的数据中受益。
The foundational clause. When enterprises input data into AI, standard vendor terms typically grant broad data usage rights for "improving services." This means your trade secrets, customer data, and product strategies may be used to train general models, ultimately benefiting all of the vendor's customers from your data.
⚠ 风险陷阱Trap
供应商标准条款:"Customer grants Provider a non-exclusive, worldwide, royalty-free license to use Customer Data to improve and develop our services and AI models."
Vendor standard: "Customer grants Provider a non-exclusive, worldwide, royalty-free license to use Customer Data to improve and develop our services and AI models."
▶ 谈判策略Strategy
第一步:删除"improve AI models"授权。明确规定提供商只能使用数据来提供特定的约定服务,不能用于开发新模型或训练通用AI。
First: Remove "improve AI models" license. Specify that Provider can only use Customer Data to deliver the contracted service, not to develop new models or train general-purpose AI.
参考条款语言Sample Clause Language
Section 8.1 Customer Data Ownership
Customer retains all right, title, and interest in Customer Data. Provider shall not use Customer Data for any purpose other than to deliver the Services as expressly specified in this Agreement.
Section 8.2 Prohibited Uses
Provider shall NOT: (a) use Customer Data to train, improve, or develop any AI models, including general-purpose or third-party models; (b) share Customer Data with third parties except subprocessors; (c) retain Customer Data after termination except as required by law.
Section 8.3 Data Deletion
Within 30 days of termination or Customer request, Provider shall delete or return all Customer Data in its possession, with no residual copies in training datasets or backup systems.
Section 8.1 Customer Data Ownership
Customer retains all right, title, and interest in Customer Data. Provider shall not use Customer Data for any purpose other than to deliver the Services as expressly specified in this Agreement.
Section 8.2 Prohibited Uses
Provider shall NOT: (a) use Customer Data to train, improve, or develop any AI models, including general-purpose or third-party models; (b) share Customer Data with third parties except subprocessors; (c) retain Customer Data after termination except as required by law.
Section 8.3 Data Deletion
Within 30 days of termination or Customer request, Provider shall delete or return all Customer Data in its possession, with no residual copies in training datasets or backup systems.
高风险High Risk
条款2 · IP归属与输出权Clause 2 · IP Ownership & Output Rights
AI生成内容的版权归属存在法律不确定性。美国版权局在2023年明确表态:纯AI生成的内容不受版权保护。但部分供应商仍对AI输出保留权利,可能向不同客户生成相似或相同的输出,造成IP交叉污染和法律风险。
AI-generated content ownership is legally uncertain. The US Copyright Office clarified in 2023 that purely AI-generated content is not copyrightable. Yet some vendors still claim IP rights to outputs, potentially generating similar outputs for multiple customers, causing cross-contamination and legal risk.
⚠ 风险陷阱Trap
供应商对AI输出保留权利。某些供应商可能宣称对生成内容享有权益,导致你无法独占使用这些输出,甚至竞争对手也可能收到相同的生成结果。
Vendors retain rights to AI outputs. Some vendors may claim ownership stakes in generated content, preventing you from exclusive use, and competitors may receive identical outputs.
▶ 谈判策略Strategy
争取"输出物100%归客户所有"的明确承诺。如果供应商坚持保留某种权利,至少要获得永久、独占、可转让的授权,以及禁止其向他人提供相同输出的明确条款。
Secure an explicit commitment that "100% of outputs belong to Customer." If vendors insist on retaining rights, obtain at minimum a perpetual, exclusive, transferable license with an explicit prohibition against providing identical outputs to others.
参考条款语言Sample Clause Language
Section 9.1 Ownership of Outputs
All Output generated by the Services is the sole and exclusive property of Customer. Provider waives all claims to the Output, including copyright, moral rights, and other intellectual property rights.
Section 9.2 License to Provider IP
To the extent Output incorporates Provider pre-existing IP, Customer receives a perpetual, irrevocable, worldwide, royalty-free license to use such IP in the Output.
Section 9.3 No Identical Outputs to Competitors
Provider warrants it shall not provide substantially identical Outputs to any other customer for a period of 12 months from the date of generation.
Section 9.1 Ownership of Outputs
All Output generated by the Services is the sole and exclusive property of Customer. Provider waives all claims to the Output, including copyright, moral rights, and other intellectual property rights.
Section 9.2 License to Provider IP
To the extent Output incorporates Provider pre-existing IP, Customer receives a perpetual, irrevocable, worldwide, royalty-free license to use such IP in the Output.
Section 9.3 No Identical Outputs to Competitors
Provider warrants it shall not provide substantially identical Outputs to any other customer for a period of 12 months from the date of generation.
高风险High Risk
条款3 · AI保证与准确性Clause 3 · AI Warranties & Accuracy
AI幻觉问题是企业应用最大的实际风险。供应商的标准条款通常直接豁免任何准确性保证,简单地宣称"AS-IS"提供服务。在医疗诊断、法律研究、财务咨询等场景下,幻觉可能直接导致企业损失或合规风险。
AI hallucinations are the single biggest operational risk for enterprises. Standard vendor terms typically disclaim all accuracy warranties, simply stating services are provided "AS-IS." In medical diagnosis, legal research, and financial advisory scenarios, hallucinations can directly cause business losses or compliance violations.
⚠ 风险陷阱Trap
"THE AI SERVICES ARE PROVIDED 'AS IS' WITHOUT WARRANTY OF ACCURACY OR COMPLETENESS."供应商明确免除输出准确性、完整性或有用性的任何保证。
"THE AI SERVICES ARE PROVIDED 'AS IS' WITHOUT WARRANTY OF ACCURACY OR COMPLETENESS." Vendor explicitly disclaims any warranty regarding output accuracy, completeness, or usefulness.
▶ 谈判策略Strategy
要求可量化的准确性基准。例如:"准确性不低于95%(基于行业标准基准测试)"或"平均幻觉率不超过3%"。建立最低性能标准、准确性降级时的通知机制,以及补救措施(如降费或使用积分)。
Require quantifiable accuracy benchmarks. E.g., "accuracy ≥95% (per industry-standard benchmark)" or "hallucination rate ≤3% average." Establish minimum performance standards, degradation notification, and remedies (service credits or price reductions).
参考条款语言Sample Clause Language
Section 10.1 Accuracy Warranty
Provider warrants that the AI Services will maintain a minimum accuracy rate of 95% as measured against the [Industry Benchmark Test], verified quarterly.
Section 10.2 Minimum Performance Standards
If accuracy falls below 90% for two consecutive quarters, Customer may elect either: (a) service credits equal to 50% of monthly fees until accuracy restores to 95%, or (b) terminate without penalty.
Section 10.3 Accuracy Degradation Notice
Provider shall notify Customer within 5 business days of any identified accuracy degradation exceeding 5 percentage points, with a remediation plan.
Section 10.1 Accuracy Warranty
Provider warrants that the AI Services will maintain a minimum accuracy rate of 95% as measured against the [Industry Benchmark Test], verified quarterly.
Section 10.2 Minimum Performance Standards
If accuracy falls below 90% for two consecutive quarters, Customer may elect either: (a) service credits equal to 50% of monthly fees until accuracy restores to 95%, or (b) terminate without penalty.
Section 10.3 Accuracy Degradation Notice
Provider shall notify Customer within 5 business days of any identified accuracy degradation exceeding 5 percentage points, with a remediation plan.
高风险High Risk
条款4 · 赔偿与侵权保护Clause 4 · Indemnification & IP Protection
AI版权诉讼正在快速增加。企业可能因使用侵权AI内容而被列为共同被告。供应商标准条款通常将赔偿责任严格限制在"技术本身"侵权(如代码盗用),而明确排除"AI输出内容"侵权(如文本、图像生成侵权)。这留下了巨大的法律漏洞。
AI copyright litigation is rising rapidly. Enterprises can be named co-defendants for using infringing AI-generated content. Standard vendor indemnity clauses typically limit indemnification to "technical" infringement (like code theft) while explicitly excluding "AI output" infringement (like text or image generation infringement). This creates a massive legal loophole.
⚠ 风险陷阱Trap
供应商赔偿条款:"Provider shall indemnify Customer for third-party claims that the underlying AI technology infringes third-party IP, excluding claims related to the content or output generated by the Services."
Vendor indemnity clause: "Provider shall indemnify Customer for third-party claims that the underlying AI technology infringes third-party IP, excluding claims related to the content or output generated by the Services."
▶ 谈判策略Strategy
争取赔偿明确覆盖AI生成输出内容的第三方侵权索赔。这是最关键的保护。要求供应商对因其输出侵犯第三方IP而导致的诉讼费用、和解款等进行赔偿。
Secure indemnification that explicitly covers third-party IP claims arising from AI-generated output. This is the critical protection. Require the vendor to cover litigation costs, settlements, and damages from third-party claims that the vendor's output infringes IP rights.
参考条款语言Sample Clause Language
Section 11.1 Broad Indemnification
Provider shall defend, indemnify, and hold harmless Customer from any third-party claim that: (a) the underlying AI technology infringes third-party IP; (b) the Output generated by the Services infringes third-party copyright, patent, or trademark rights.
Section 11.2 Scope of Indemnity
Provider's indemnification obligation covers all reasonable costs including attorney fees, settlements, damages, and injunctive relief related to such claims.
Section 11.3 Exclusions
Customer's use of Output in violation of law or this Agreement shall not trigger indemnity.
Section 11.1 Broad Indemnification
Provider shall defend, indemnify, and hold harmless Customer from any third-party claim that: (a) the underlying AI technology infringes third-party IP; (b) the Output generated by the Services infringes third-party copyright, patent, or trademark rights.
Section 11.2 Scope of Indemnity
Provider's indemnification obligation covers all reasonable costs including attorney fees, settlements, damages, and injunctive relief related to such claims.
Section 11.3 Exclusions
Customer's use of Output in violation of law or this Agreement shall not trigger indemnity.
高风险High Risk
条款5 · 模型治理与审计Clause 5 · Model Governance & Audit
AI供应商频繁更新底层模型,有时每隔数周即可发布新版本。每次模型更新可能根本性改变模型行为——准确性下降、输出风格改变、甚至引入新的安全问题。供应商标准条款通常保留"随时更新模型"的绝对权利,而不提前通知或给予客户任何补救机制。
AI vendors frequently update underlying models, sometimes releasing new versions every few weeks. Each model update can fundamentally alter behavior—degrading accuracy, changing output style, or introducing new safety issues. Standard terms typically reserve the absolute right to update models without advance notice or remedies for customers.
⚠ 风险陷阱Trap
供应商可在任何时间单方面更新模型,无需提前通知客户。这可能破坏客户已经调整的工作流程、依赖的输出格式或集成的系统。
Vendors can unilaterally update models at any time without advance notice. This can break customer workflows, change expected output formats, or break integrated systems.
▶ 谈判策略Strategy
争取三项保护:(1)重大模型更新提前30天通知;(2)模型版本锁定权——客户有权冻结使用特定模型版本,至少12个月内不被强制升级;(3)独立审计权——客户可定期要求进行安全和性能审计。
Secure three protections: (1) 30-day advance notice for major model updates; (2) Model pinning rights—Customer can freeze a specific model version, protected from forced upgrades for at least 12 months; (3) Audit rights—Customer can periodically demand security and performance audits.
参考条款语言Sample Clause Language
Section 12.1 Model Update Notice
Provider shall provide written notice of any major model update at least 30 days in advance, including detailed release notes on functionality, accuracy, and performance changes.
Section 12.2 Model Pinning
Customer may elect to pin its deployment to a specific model version. Provider shall continue supporting pinned versions for a minimum of 12 months from the customer's pinning date.
Section 12.3 Audit Rights
Customer has the right to request independent security and performance audits of the AI model twice per contract year, at Provider's expense.
Section 12.1 Model Update Notice
Provider shall provide written notice of any major model update at least 30 days in advance, including detailed release notes on functionality, accuracy, and performance changes.
Section 12.2 Model Pinning
Customer may elect to pin its deployment to a specific model version. Provider shall continue supporting pinned versions for a minimum of 12 months from the customer's pinning date.
Section 12.3 Audit Rights
Customer has the right to request independent security and performance audits of the AI model twice per contract year, at Provider's expense.
高风险High Risk
条款6 · 安全与数据保护Clause 6 · Security & Data Protection
企业向AI输入最敏感的数据。供应商作为数据处理者,对数据安全有法律责任。但许多AI供应商的标准条款在这方面极为宽松:泄露通知期限长达60天、不涵盖第三方子处理器的安全事件、未要求国际数据传输保护。
Enterprises input their most sensitive data into AI systems. Vendors as data processors have legal obligations for data security. Yet many AI vendors' standard terms are extremely loose: breach notifications can take 60 days, don't cover sub-processor incidents, and lack international data transfer protections.
▶ 谈判策略Strategy
建立高标准的安全要求:(1)要求供应商获得ISO 27001和SOC 2 Type II认证;(2)数据泄露通知期限压缩至24小时内;(3)明确涵盖第三方子处理器的安全事件;(4)确保敏感数据的国际传输符合当地法规(如GDPR、PIPL)。
Establish high security standards: (1) Require ISO 27001 & SOC 2 Type II certifications; (2) Compress breach notification to 24 hours; (3) Explicitly cover sub-processor security incidents; (4) Ensure international data transfers comply with local regulations (GDPR, PIPL, etc.).
参考条款语言Sample Clause Language
Section 13.1 Security Standards
Provider shall maintain ISO 27001 and SOC 2 Type II certifications at all times. Provider shall implement industry-standard security controls including encryption at rest and in transit, access controls, and regular security testing.
Section 13.2 Breach Notification
Provider shall notify Customer of any confirmed security breach within 24 hours of discovery, including scope, timeline, and impact assessment. This obligation extends to all subprocessors.
Section 13.3 Data Transfer Compliance
Provider shall comply with GDPR, PIPL, CCPA, and other applicable data protection laws in all data transfers and processing.
Section 13.1 Security Standards
Provider shall maintain ISO 27001 and SOC 2 Type II certifications at all times. Provider shall implement industry-standard security controls including encryption at rest and in transit, access controls, and regular security testing.
Section 13.2 Breach Notification
Provider shall notify Customer of any confirmed security breach within 24 hours of discovery, including scope, timeline, and impact assessment. This obligation extends to all subprocessors.
Section 13.3 Data Transfer Compliance
Provider shall comply with GDPR, PIPL, CCPA, and other applicable data protection laws in all data transfers and processing.
中风险Medium Risk
条款7 · SLA与服务可用性Clause 7 · SLA & Availability
AI API中断会导致客户业务瘫痪。然而供应商的标准SLA通常只提供"商业合理努力"(best effort)的承诺,没有具体的可用性目标或服务级别保证。关键是要理解"可用性"与"性能"的区别——API可能在线但延迟30秒,在实际业务中等同于宕机。
AI API downtime paralyzes customer operations. Yet standard vendor SLAs often provide only "best effort" commitments with no specific uptime targets or guarantees. Critically, understand "availability" vs. "performance"—an API online but with 30-second latency is operationally equivalent to downtime.
▶ 谈判策略Strategy
争取量化的SLA承诺:(1)月度可用性≥99.9%(4.3小时/月宕机容限);(2)P95延迟指标(95%的请求在2秒内完成);(3)超出SLA时的服务积分——30-50%的月费用。考虑购买服务可用性保险。
Secure quantified SLA commitments: (1) ≥99.9% monthly uptime (4.3 hours/month downtime allowance); (2) P95 latency metrics (95% of requests complete within 2 seconds); (3) Service credits for SLA violations—30-50% of monthly fees. Consider purchasing uptime insurance.
参考条款语言Sample Clause Language
SLA 1 - Uptime Target
Provider shall maintain Service uptime of 99.9% per calendar month, measured as percentage of time API accepts and responds to requests.
SLA 2 - Performance Metrics
Provider shall maintain 95th percentile response latency ≤2 seconds and error rate <0.1% during normal operations.
SLA 3 - Service Credits
If uptime falls below SLA: 95.0-99.8% = 25% credit; 90.0-94.9% = 50% credit; <90% = 100% credit on that month's fees. Credits are Customer's sole remedy.
SLA 1 - Uptime Target
Provider shall maintain Service uptime of 99.9% per calendar month, measured as percentage of time API accepts and responds to requests.
SLA 2 - Performance Metrics
Provider shall maintain 95th percentile response latency ≤2 seconds and error rate <0.1% during normal operations.
SLA 3 - Service Credits
If uptime falls below SLA: 95.0-99.8% = 25% credit; 90.0-94.9% = 50% credit; <90% = 100% credit on that month's fees. Credits are Customer's sole remedy.
高风险High Risk
条款8 · 供应商锁定与可移植性Clause 8 · Vendor Lock-in & Portability
AI锁定风险远超传统软件。你的锁定不仅包括API调用,还包括提示词积累、微调模型权重、向量数据库等。供应商可以声称对你微调的模型享有所有权,客户无法导出数据或迁移到竞争对手。
AI lock-in risk far exceeds traditional software. Your lock-in includes not just API calls but also accumulated prompts, fine-tuned model weights, and vector databases. Vendors can claim ownership of your fine-tuned models, preventing data export or competitor migration.
▶ 谈判策略Strategy
三管齐下:(1)数据导出权——支持标准格式(JSON、CSV等)导出所有业务数据、提示词、微调权重;(2)微调模型所有权——明确声明客户拥有所有微调权重的完整所有权;(3)迁移协议——供应商应提供60天的迁移协助期,包括技术文档、接口映射和数据转换。
Three-pronged approach: (1) Export rights—support standard formats (JSON, CSV, etc.) to export all business data, prompts, and fine-tuned weights; (2) Fine-tuned model ownership—explicitly declare Customer owns all fine-tuned weights; (3) Migration—Provider provides 60-day migration assistance including documentation, API mapping, and data conversion.
参考条款语言Sample Clause Language
Section 14.1 Data Portability
Customer may export all Customer Data, prompts, conversation histories, and embeddings in standard formats (JSON, CSV, Parquet) at any time without additional fee.
Section 14.2 Fine-Tuned Model Ownership
All fine-tuned models, weights, and derivatives created from Customer Data are the exclusive property of Customer. Provider grants perpetual license to Customer to use fine-tuned models independent of Provider's services.
Section 14.3 Migration Assistance
Upon termination or Customer request, Provider shall provide 60 days of technical migration support at no charge, including API mapping documentation and data transformation scripts.
Section 14.1 Data Portability
Customer may export all Customer Data, prompts, conversation histories, and embeddings in standard formats (JSON, CSV, Parquet) at any time without additional fee.
Section 14.2 Fine-Tuned Model Ownership
All fine-tuned models, weights, and derivatives created from Customer Data are the exclusive property of Customer. Provider grants perpetual license to Customer to use fine-tuned models independent of Provider's services.
Section 14.3 Migration Assistance
Upon termination or Customer request, Provider shall provide 60 days of technical migration support at no charge, including API mapping documentation and data transformation scripts.
中风险Medium Risk
条款9 · 定价与费用调整Clause 9 · Pricing & Fee Adjustment
AI API通常以token计费,用量波动很大。供应商的标准条款往往允许单方涨价,而token计费不透明——用户无法准确预测月度账单。特别是在AI应用快速迭代的企业中,月度成本可能飙升数倍。
AI APIs typically charge by tokens, with usage highly variable. Standard vendor terms often permit unilateral price increases, and token pricing is opaque—users can't accurately forecast monthly bills. In enterprises rapidly iterating AI applications, monthly costs can spike multifold.
▶ 谈判策略Strategy
建立价格保障:(1)合同期内价格锁定——至少12个月内供应商不能涨价;(2)最惠国条款——你享受供应商给其他客户的最优价格;(3)用量报告与预警——每周发送用量统计和预计月度费用;(4)消费上限选项——可设定月度消费上限,超限自动停用服务。
Build price protections: (1) Price lock for contract term—Provider cannot increase prices for at least 12 months; (2) Most Favored Nation clause—You receive the best pricing Provider offers others; (3) Usage reporting & alerts—Weekly usage stats and projected monthly costs; (4) Consumption cap—Option to set monthly spending limits with auto-throttling above cap.
参考条款语言Sample Clause Language
Section 5.1 Price Lock
Pricing in effect at execution shall remain fixed for the initial 12-month term. Any price adjustments after Month 12 require 60 days' written notice and Customer right to terminate without penalty.
Section 5.2 Most Favored Nation
If Provider offers lower pricing to any customer with similar usage volumes and terms, Customer automatically receives such lower pricing retroactively.
Section 5.3 Usage Transparency & Controls
Provider shall provide weekly usage dashboards showing token consumption, estimated monthly costs, and cost trends. Customer may set monthly spending caps with auto-throttling if exceeded.
Section 5.1 Price Lock
Pricing in effect at execution shall remain fixed for the initial 12-month term. Any price adjustments after Month 12 require 60 days' written notice and Customer right to terminate without penalty.
Section 5.2 Most Favored Nation
If Provider offers lower pricing to any customer with similar usage volumes and terms, Customer automatically receives such lower pricing retroactively.
Section 5.3 Usage Transparency & Controls
Provider shall provide weekly usage dashboards showing token consumption, estimated monthly costs, and cost trends. Customer may set monthly spending caps with auto-throttling if exceeded.
高风险High Risk
条款10 · 责任限制Clause 10 · Limitation of Liability
供应商标准责任上限通常为过去12个月的费用,而相互免除间接损失(包括数据丧失、业务中断、利润损失等)。对于消费成本低但业务依赖高的AI服务,这意味着供应商造成的实际业务损失可能远高于可赔付金额,客户承担绝大多数风险。
Standard vendor liability caps are typically 12 months of fees, with mutual waiver of consequential damages (lost data, business interruption, lost profit, etc.). For low-cost-but-business-critical AI services, this means actual business losses from vendor failure far exceed recoverable damages—customers bear most risk.
⚠ 风险陷阱Trap
"MUTUAL WAIVER OF CONSEQUENTIAL DAMAGES"——这个对称的免责条款对低价格供应商和高价值客户是不对称的风险分配。
"MUTUAL WAIVER OF CONSEQUENTIAL DAMAGES"—this symmetric exclusion is actually asymmetric for low-cost services critical to high-value customer operations.
▶ 谈判策略Strategy
提升责任帽,并豁免关键条款:(1)责任上限提升至24个月费用或实际损失(取高者);(2)数据泄露、IP侵权、严重安全违反不受责任限制;(3)仅为"间接"损失互相豁免,而保留"直接"损失的索赔权利。
Raise liability cap and carve out critical scenarios: (1) Cap increases to 24 months of fees or actual damages (whichever is greater); (2) Data breaches, IP infringement, and gross negligence excluded from liability limits; (3) Mutual waiver only for "indirect" damages—preserve "direct" damage claims.
参考条款语言Sample Clause Language
Section 16.1 Liability Cap
Except as provided below, each party's total liability shall not exceed the greater of: (a) 24 months of fees paid, or (b) actual direct damages, up to $5M maximum.
Section 16.2 Exceptions to Cap
Notwithstanding the above, liability for the following is unlimited: data breaches or unauthorized access; IP infringement; gross negligence; and violations of data protection laws.
Section 16.3 Consequential Damages Waiver
Each party waives claims for indirect, incidental, or consequential damages, except for breaches arising from gross negligence or intentional misconduct.
Section 16.1 Liability Cap
Except as provided below, each party's total liability shall not exceed the greater of: (a) 24 months of fees paid, or (b) actual direct damages, up to $5M maximum.
Section 16.2 Exceptions to Cap
Notwithstanding the above, liability for the following is unlimited: data breaches or unauthorized access; IP infringement; gross negligence; and violations of data protection laws.
Section 16.3 Consequential Damages Waiver
Each party waives claims for indirect, incidental, or consequential damages, except for breaches arising from gross negligence or intentional misconduct.
中风险Medium Risk
条款11 · 变更管理Clause 11 · Change Management
供应商将变更权写入通用服务条款,通常在服务门户或邮件中宣布变更,客户很容易遗漏。尤其是"可能影响业务的实质性变更"(如功能移除、API废弃、地域限制增加),都应该有明确的通知和终止权。
Vendors embed change rights in T&Cs, typically announced on service portals or email—easily missed by customers. Material changes (feature removal, API deprecation, regional restrictions) should trigger explicit notice and termination rights.
▶ 谈判策略Strategy
定义"实质性变更":API功能移除、性能降级超过5%、地域可用性受限、安全功能删除等。要求:(1)重大变更提前30天书面通知;(2)实质性不利变更赋予客户不限原因终止权;(3)通知必须直接发送到客户指定的联系邮箱,而不是埋在门户邮件中。
Define "material changes": API feature removal, performance degradation >5%, regional availability restrictions, security feature removal. Require: (1) 30-day advance written notice for major changes; (2) Material adverse changes grant Customer unconditional termination right; (3) Notice must be sent directly to Customer's registered email, not buried in portal announcements.
参考条款语言Sample Clause Language
Section 7.1 Material Change Definition
Material Changes include: (a) removal or deprecation of documented APIs or features; (b) performance degradation >5% sustained over 30 days; (c) restriction of Customer's geographic availability; (d) removal of security or compliance features.
Section 7.2 Change Notification
Provider shall provide 30 days' written notice of any Material Change directly to Customer's registered contact email. Notice must include impact assessment and mitigation options.
Section 7.3 Termination Right for Adverse Changes
If a Material Change materially adversely impacts Customer's use, Customer may terminate without penalty within 30 days of receiving notice.
Section 7.1 Material Change Definition
Material Changes include: (a) removal or deprecation of documented APIs or features; (b) performance degradation >5% sustained over 30 days; (c) restriction of Customer's geographic availability; (d) removal of security or compliance features.
Section 7.2 Change Notification
Provider shall provide 30 days' written notice of any Material Change directly to Customer's registered contact email. Notice must include impact assessment and mitigation options.
Section 7.3 Termination Right for Adverse Changes
If a Material Change materially adversely impacts Customer's use, Customer may terminate without penalty within 30 days of receiving notice.
高风险High Risk
条款12 · 合规与监管适应Clause 12 · Regulatory Compliance
EU AI Act、中国《生成式AI服务管理暂行办法》、美国州级隐私法等快速立法。企业作为AI部署者有独立的合规义务。但许多AI供应商的标准条款将所有合规责任推给客户,同时自己不提供任何合规协助或技术保障。这在实践中不可行。
EU AI Act, China's generative AI regulations, and US state privacy laws are rapidly evolving. Enterprises deploying AI have independent compliance obligations. Yet many vendor T&Cs shift all compliance burden to customers while offering zero technical assistance. This is impractical.
▶ 谈判策略Strategy
共同承担合规责任:(1)供应商负责技术合规措施(如bias detection、透明度报告、audit logs);(2)客户负责业务层合规(如获取同意、隐私政策);(3)监管变化引起的合规成本,供应商承担合理的技术实现成本,客户承担业务变更成本;(4)供应商应主动更新其服务以适应新监管。
Share compliance responsibility: (1) Provider handles technical compliance measures (bias detection, transparency reports, audit logs); (2) Customer handles business-layer compliance (consent, privacy policies); (3) Compliance costs from regulatory changes—Provider covers technical implementation, Customer covers business changes; (4) Provider proactively updates services for new regulations.
参考条款语言Sample Clause Language
Section 17.1 Shared Compliance Responsibility
Provider is responsible for: (a) implementing technical controls (logging, audit trails, bias testing); (b) maintaining compliance with data protection laws; (c) providing transparency documentation for Customer's regulatory filings.
Section 17.2 Compliance Assistance
Provider shall provide reasonable technical assistance to help Customer meet applicable AI regulations, including documentation of model training data, testing results, and audit trails, at no additional cost.
Section 17.3 Regulatory Updates
If new regulations materially increase Provider's delivery costs, costs shall be shared 50/50 with Customer. Customer retains right to terminate without penalty if costs exceed 20% of annual fees.
Section 17.1 Shared Compliance Responsibility
Provider is responsible for: (a) implementing technical controls (logging, audit trails, bias testing); (b) maintaining compliance with data protection laws; (c) providing transparency documentation for Customer's regulatory filings.
Section 17.2 Compliance Assistance
Provider shall provide reasonable technical assistance to help Customer meet applicable AI regulations, including documentation of model training data, testing results, and audit trails, at no additional cost.
Section 17.3 Regulatory Updates
If new regulations materially increase Provider's delivery costs, costs shall be shared 50/50 with Customer. Customer retains right to terminate without penalty if costs exceed 20% of annual fees.
中风险Medium Risk
条款13 · 保密与数据隔离Clause 13 · Confidentiality & Prompt Isolation
企业与AI的对话可能包含最敏感的信息——战略决策、财务数据、客户列表、代码等。AI特有的风险包括提示词注入(prompt injection)、模型记忆泄露(model memory leaks)、对话日志被误用等。供应商必须明确承诺数据隔离和提示词保护。
AI conversations may contain the most sensitive information—strategic decisions, financial data, customer lists, code. AI-specific risks include prompt injection, model memory leaks, and conversation log misuse. Vendors must explicitly commit to data isolation and prompt protection.
▶ 谈判策略Strategy
三层隔离保护:(1)限制供应商员工访问——只有持证授权人员可访问,需要多因素认证和审计日志;(2)会话后数据清理——对话结束30天内,所有提示词和输出应从供应商系统中删除(除合法保留);(3)系统提示作为商业秘密——供应商应将客户的系统提示保护为最高级别的商业秘密,禁止用于任何其他目的。
Three-layer isolation: (1) Restrict vendor staff access—only authorized personnel with MFA and audit logging; (2) Session deletion after 30 days—all prompts and outputs deleted from vendor systems (except legal holds); (3) System prompts as trade secrets—Vendor protects Customer system prompts as highest-tier trade secrets, prohibited from any other use.
参考条款语言Sample Clause Language
Section 18.1 Access Controls
Provider shall limit human access to Customer conversations and prompts to authorized personnel only. All access requires multi-factor authentication, with full audit logs maintained.
Section 18.2 Session Retention Policy
Provider shall delete all Customer prompts, conversation histories, and outputs within 30 days of session termination. No copies shall remain in training datasets, backup systems, or logs.
Section 18.3 System Prompt Protection
Customer system prompts, custom instructions, and tuning parameters are treated as Customer's highest-level trade secrets and confidential information. Provider shall not use them for any purpose other than delivering services to Customer.
Section 18.1 Access Controls
Provider shall limit human access to Customer conversations and prompts to authorized personnel only. All access requires multi-factor authentication, with full audit logs maintained.
Section 18.2 Session Retention Policy
Provider shall delete all Customer prompts, conversation histories, and outputs within 30 days of session termination. No copies shall remain in training datasets, backup systems, or logs.
Section 18.3 System Prompt Protection
Customer system prompts, custom instructions, and tuning parameters are treated as Customer's highest-level trade secrets and confidential information. Provider shall not use them for any purpose other than delivering services to Customer.
中风险Medium Risk
条款14 · 争议解决Clause 14 · Dispute Resolution
头部AI供应商(如OpenAI、Anthropic、Google)均为美国公司。它们的标准条款通常单方选择加州(或美国其他州)的法律和联邦法院。对中国企业、欧洲企业特别不利——需要在美国诉讼或仲裁,涉及国际法律成本、时差、语言障碍等。
Major AI vendors (OpenAI, Anthropic, Google) are all US companies with T&Cs selecting California law and US courts. Terrible for non-US enterprises—forces litigation in the US, adding international legal costs, time zones, language barriers, and enforcement challenges.
▶ 谈判策略Strategy
争取国际友好的仲裁安排:(1)选择新加坡或香港作为仲裁地(国际商业友好、法律成熟、中国企业便利);(2)选择中文作为仲裁语言之一;(3)三人仲裁庭,其中一名仲裁员由客户指定;(4)费用由败诉方承担;(5)保留30天的"冷却期"进行和解谈判,在正式仲裁前最后努力。
Negotiate international-friendly arbitration: (1) Singapore or Hong Kong as seat of arbitration (business-friendly, mature law, convenient for Chinese enterprises); (2) Chinese as permitted arbitration language; (3) Three-arbitrator panel, one appointed by Customer; (4) Loser pays arbitration costs; (5) 30-day cool-off period for settlement negotiations before formal arbitration.
参考条款语言Sample Clause Language
Section 19.1 Governing Law
This Agreement shall be governed by and construed in accordance with the laws of Singapore, without regard to its conflict of law principles.
Section 19.2 Arbitration
Any dispute shall be resolved by binding arbitration under SIAC Rules (Singapore International Arbitration Centre) in Singapore, with three arbitrators, one appointed by each party and the third chosen by the two appointed arbitrators.
Section 19.3 Arbitration Language
Arbitration proceedings shall be conducted in both English and Chinese, with neutral translation provided at Provider's expense.
Section 19.4 Pre-Arbitration Settlement
Prior to initiating arbitration, the parties commit to 30 days of good-faith settlement negotiations. Attorney fees and arbitration costs shall be borne by the non-prevailing party.
Section 19.1 Governing Law
This Agreement shall be governed by and construed in accordance with the laws of Singapore, without regard to its conflict of law principles.
Section 19.2 Arbitration
Any dispute shall be resolved by binding arbitration under SIAC Rules (Singapore International Arbitration Centre) in Singapore, with three arbitrators, one appointed by each party and the third chosen by the two appointed arbitrators.
Section 19.3 Arbitration Language
Arbitration proceedings shall be conducted in both English and Chinese, with neutral translation provided at Provider's expense.
Section 19.4 Pre-Arbitration Settlement
Prior to initiating arbitration, the parties commit to 30 days of good-faith settlement negotiations. Attorney fees and arbitration costs shall be borne by the non-prevailing party.
高风险High Risk
条款15 · 终止与迁出权Clause 15 · Termination & Exit Rights
供应商握有广泛的单方终止权,客户的终止权往往受限。例如,供应商可因"违反使用政策"而立即终止,而使用政策本身可能模糊、不透明,甚至能被单方修改。客户则需等待合同期满或支付高额违约金才能退出,造成"被困"局面。
Vendors have broad unilateral termination rights while customer termination is restricted. E.g., vendors can immediately terminate for "AUP violation," yet AUPs are often vague, opaque, and unilaterally modifiable. Customers must wait for contract expiry or pay heavy penalties to exit—a "trapped" situation.
⚠ 风险陷阱Trap
"Provider may terminate immediately for violation of AUP"——而使用政策(AUP)本身可能被供应商随意单方修改。
"Provider may terminate immediately for violation of AUP"—yet the AUP itself can be unilaterally changed by Provider at any time.
▶ 谈判策略Strategy
平衡终止权:(1)供应商终止须基于客户的实质违约(不是模糊的"违反政策"),需提前30天通知和整改期;(2)客户获得无原因终止权(convenience termination),至少30天通知;(3)数据导出——客户可随时导出所有数据,支持标准格式;(4)过渡期——终止后供应商应提供90天的过渡支持,确保业务连续性。
Balance termination rights: (1) Provider termination requires material Customer breach (not vague "policy violation"), with 30-day notice and cure period; (2) Customer convenience termination right with 30-day notice; (3) Data export—Customer can export all data anytime in standard formats; (4) Transition period—90 days of Provider transition support post-termination for business continuity.
参考条款语言Sample Clause Language
Section 20.1 Provider Termination
Provider may terminate only for Material Breach (substantial violation of Agreement terms), with 30 days' written notice and opportunity to cure. Alleged AUP violations must be specific and material, not abstract.
Section 20.2 Customer Convenience Termination
Customer may terminate without cause upon 30 days' written notice. No penalties or early termination fees apply.
Section 20.3 Transition and Data Export
Upon termination, Provider shall: (a) immediately provide all Customer Data in standard formats; (b) provide 90 days of transition support at no additional charge; (c) delete all retained data within 30 days unless legally required to retain.
Section 20.1 Provider Termination
Provider may terminate only for Material Breach (substantial violation of Agreement terms), with 30 days' written notice and opportunity to cure. Alleged AUP violations must be specific and material, not abstract.
Section 20.2 Customer Convenience Termination
Customer may terminate without cause upon 30 days' written notice. No penalties or early termination fees apply.
Section 20.3 Transition and Data Export
Upon termination, Provider shall: (a) immediately provide all Customer Data in standard formats; (b) provide 90 days of transition support at no additional charge; (c) delete all retained data within 30 days unless legally required to retain.
术语表 Glossary
基础模型
Foundation Model
大规模预训练的神经网络,可用于多个下游任务(如文本生成、理解等)。例如GPT-4、Gemini。
Large-scale pre-trained neural network usable across multiple downstream tasks (text generation, understanding, etc.). Examples: GPT-4, Gemini.
幻觉
Hallucination
AI模型生成看似合理但实际上不准确或无根据的信息,常见于基础模型。
AI models generating plausible-sounding but inaccurate or unfounded information. Common in foundation models.
微调
Fine-tuning
使用特定任务的少量数据对预训练模型进行进一步训练,以改进特定用途的性能。
Further training a pre-trained model using task-specific data to improve performance for a specific use case.
提示词
Prompt
输入给AI模型的文本指令,决定了模型的输出行为。
Text input to an AI model that governs model output behavior.
嵌入向量
Embeddings
将文本、图像或其他数据转换为数值向量形式,便于机器学习模型处理。
Representation of text, images, or data as numerical vectors for machine learning processing.
检索增强生成
Retrieval-Augmented Generation (RAG)
从外部数据库检索相关信息,然后输入给AI模型以生成更准确的回答。
Retrieving relevant information from external databases and feeding it to an AI model to generate more accurate answers.
Token / 词元
Token
AI模型处理文本的最小单位。通常一个单词对应1-2个token。AI供应商通常按token数量计费。
Smallest unit of text processed by AI models. Typically one word = 1-2 tokens. Vendors usually charge by token volume.
子处理器
Sub-processor
与供应商合作处理客户数据的第三方服务提供商(如云存储、支付网关等)。
Third-party service providers that Process Customer Data on behalf of the vendor (cloud storage, payment gateways, etc.).
高风险AI系统
High-Risk AI System
根据EU AI Act,在医疗、法律、教育等敏感领域使用的AI系统,需要更严格的合规和测试要求。
Per EU AI Act, AI systems deployed in sensitive domains (medical, legal, education) requiring stringent compliance and testing.
模型版本锁定
Model Pinning
客户选择固定使用某个特定版本的AI模型,不自动升级到新版本。
Customer's ability to freeze deployment to a specific model version, preventing automatic upgrades.
数据处理协议
Data Processing Agreement (DPA)
在GDPR和其他数据保护法下,数据控制者和处理者之间的合法协议,规范数据处理方式。
Legal agreement between data controller and processor under GDPR and data protection laws, governing data processing.
最惠国条款
Most Favored Nation (MFN)
客户享受供应商给其他客户的最优价格和条款。
Customer receives the best pricing and terms the vendor offers to other customers.
AI合同谈判检查清单 AI Contract Negotiation Checklist
📊
数据与IP保护
Data & IP Protection
供应商禁止将客户数据用于模型训练或改进(条款1)
Vendor prohibited from using customer data for model training or improvement (Clause 1)
AI输出物100%归客户所有(条款2)
100% ownership of AI outputs by Customer (Clause 2)
供应商对AI输出侵权提供赔偿保护(条款4)
Vendor indemnification for AI output IP infringement (Clause 4)
30天内完成数据删除承诺(条款1)
Data deletion commitment within 30 days (Clause 1)
🔧
模型治理与安全
Model Governance & Security
模型重大更新提前30天通知(条款5)
30-day advance notice for major model updates (Clause 5)
模型版本锁定权至少12个月(条款5)
Model pinning rights for at least 12 months (Clause 5)
每年至少两次独立审计权(条款5)
Right to independent audits at least twice yearly (Clause 5)
ISO 27001 + SOC 2 Type II认证(条款6)
ISO 27001 & SOC 2 Type II certifications (Clause 6)
数据泄露24小时内通知(条款6)
Breach notification within 24 hours (Clause 6)
💼
商业与退出保护
Commercial & Exit Protection
AI输出准确性≥95%保证(条款3)
AI output accuracy ≥95% warranty (Clause 3)
月度可用性99.9% SLA(条款7)
99.9% monthly uptime SLA (Clause 7)
标准格式数据导出权随时可用(条款8)
Data export rights in standard formats anytime (Clause 8)
微调模型权重100%归客户所有(条款8)
100% customer ownership of fine-tuned weights (Clause 8)
90天迁移协助承诺(条款8)
90-day migration assistance (Clause 8)
合同期内价格锁定(条款9)
Price lock for contract term (Clause 9)
⚖️
合规保护
Compliance Protection
责任限制提升至24个月费用或实际损失(条款10)
Liability cap increased to 24 months of fees or actual damages (Clause 10)
数据泄露/IP侵权豁免责任限制(条款10)
Data breach/IP infringement excluded from liability cap (Clause 10)
无原因终止权,30天通知(条款15)
Convenience termination with 30-day notice (Clause 15)
新加坡/香港仲裁,允许中文(条款14)
Singapore/Hong Kong arbitration with Chinese language option (Clause 14)
以合同管理AI不确定性 Managing AI Uncertainty Through Contracts
AI合同谈判本质上是在一个高度不确定的技术领域中争取尽可能多的控制权和保护。与传统SaaS不同,AI的输出结果是概率性的,模型可以随时更新,监管框架仍在不断演变。这意味着完美的合同是不存在的,但良好的合同可以显著降低你的风险。
AI contract negotiation is fundamentally about securing maximum control and protection in an inherently uncertain technology domain. Unlike traditional SaaS, AI outputs are probabilistic, models can change at any time, and regulatory frameworks are still evolving. This means perfect contracts don't exist, but good ones dramatically reduce your risk.
我的建议是:从优先级矩阵开始。如果你的协商时间有限,重点关注Q1象限的5个条款(数据权利、IP归属、赔偿保护、责任限制、终止权)。这些是防线,直接保护你的数据、IP、财务和退出权。一旦这些有了合理的保护,再逐步争取Q2象限的条款。
My advice: Start with the priority matrix. If negotiation bandwidth is limited, focus on the 5 Q1 clauses (data rights, IP ownership, indemnification, liability, termination). These are your defensive line—protecting data, IP, finances, and exit rights. Once those are reasonable, progressively secure Q2 clauses.
最后,记住合同是活体文件。AI技术仍在快速演变。每隔6-12个月,建议审查你的AI供应商合同,评估:
- 供应商模型是否有重大变更?
- 监管环境是否变化,要求新的条款?
- 是否有新的AI供应商更符合你的需求?
- 价格或性能是否下降,需要重新谈判?
Finally, remember contracts are living documents. AI technology evolves rapidly. Every 6-12 months, review your AI vendor contracts to evaluate:
- Major model updates from your vendor?
- Regulatory changes requiring new clauses?
- New vendors better aligned with your needs?
- Degraded pricing or performance requiring renegotiation?
通过这份手册的15大条款框架,你已经拥有了AI合同谈判的完整工具集。祝你谈判顺利!
With this 15-clause framework, you now have a complete toolkit for AI contract negotiation. Good luck!
需要专业指导?
Need Expert Guidance?
AI供应商合同条款需要逐一审核。如果你正在与AI供应商谈判,或需要评估既有合约的风险,我可以帮助你制定谈判策略、审核条款、识别隐藏风险。
AI vendor contract clauses require expert review. If you're negotiating with AI suppliers or assessing existing agreements, I can help you develop negotiation strategies, review terms, and identify hidden risks.