What CIOs need to know going into AI vendor negotiations

Know your leverage before you enter the room

Most CIOs underestimate their leverage. The gap is rarely about deal size.

Enterprise buyers often lose their position before negotiations even begin, according to John Burns,  senior director of financial systems and controls at Summit BHC. Much of this happens because buyers don’t know their own data well enough.

"They haven't mapped which datasets the AI will touch, how those datasets connect to other systems or what happens to model outputs over time," Burns said. "Vendors know this and use it to push through vague data ownership language."

Organizations should also know what access they are granting to vendors, said Sebastian Arriada, CIO at Globant. Auditing vendor access requests is one of the first steps in any negotiation. Most vendors ask for more access than the work actually requires and that excess directly increases organizational risk.

"Least-privilege principles that are standard in cybersecurity are rarely carried over into AI vendor conversations," Arriada said.

Data should be a negotiating asset, according to Derek Schaffner,  a partner in technology transactions law at Conn Kavanaugh, who has spent years watching enterprise buyers undervalue the one thing vendors actually want from them.

"The real leverage is data, specifically, whether the vendor needs your data to improve their model," Schaffner said. "If they do, you have more negotiating power than you realize, and most clients leave that on the table entirely."

Murali Swaminathan, CTO of Freshworks, negotiates from both sides of the table every day and agrees that data is power in negotiations.

"In AI negotiations, leverage comes down to one thing -- who controls the data," Swaminathan said.

In AI negotiations, leverage comes down to one thing, who controls the data.

Running a structured RFP creates genuine competitive pressure even when a preferred vendor is identified, he said. Precise consumption modeling wins better terms.

"The AI tool is cheap. The compute, storage and integration work that makes it functional is not," Swaminathan said.

AI tools are cheap, but the computing requirements, storage and integration work that make AI functional are not, said Burns.

"I've seen companies sign what looked like a reasonable deal and then face three times the cost in supporting infrastructure the vendor conveniently offers as add-ons," he said.

Governance can also be leverage. A 2025 Gartner survey  found that those deploying AI governance platforms are 3.4 times more likely to achieve high effectiveness in AI governance. CIOs who demonstrate governance maturity signal to vendors that they are a deployment-ready buyer worth competing for.

The contract terms that matter most - and what to push back on

Several clauses in AI contracts carry risks that most buyers do not scrutinize until it is too late.

Data ownership and model training rights. Arriada has seen the same two questions go unaddressed in most negotiations. Is organizational data being used to train vendor models? Is it stored beyond the transaction? The default answer to both is often yes unless explicitly negotiated otherwise.

Start the conversation before the pilot. It's important to have a conversation about terms as early as possible.

"By the time the legal team gets involved, the business team has already agreed to a pilot, the vendor's standard terms are embedded in the relationship and ownership has quietly been replaced by a perpetual license that runs in the vendor's favor," Schaffner said.

Pricing structure. Buyers negotiate the headline fee and often miss everything underneath it. Consumption-based models with uncapped usage, automatic tier escalations and vague seat or API call definitions can turn reasonable-looking AI contract terms into a serious cost problem.

SLA and performance guarantees. AI model performance degrades in ways traditional software does not. Swaminathan tracks accuracy, drift and cost trends across every vendor relationship as part of his team's standard governance practice. Contracts should define accuracy baselines, uptime commitments and latency thresholds. Without them, there is no basis for remediation.

Exit and portability. Understanding data portability and how to exit agreements is often also overlooked. Most enterprises do not see the operational trap until they are already in it. Vendors will agree to let enterprises leave an agreement, but they won't agree to give data back in a usable format, help migrate or keep the system running during a transition, Burns said.

"You end up technically free to exit but operationally trapped," he said.

Audit and compliance rights. Timelines, scope and consequences for non-compliance all need to be defined in the contract itself.

 Schaffner has a straightforward test. "A clause that gives you the right to audit, but requires six months' notice, limits scope to vendor-selected documentation and charges you for the privilege, is not a real audit right," he said.

Indemnification carve-outs. Watch for clauses that exclude vendor liability for AI-generated outputs. When vendors disclaim responsibility for their own model outputs, the enterprise absorbs the risk.

Building the internal coalition for a stronger position

Internal misalignment is one of the most consistent predictors of a bad AI vendor agreement.

"I've seen deals collapse six months after signing because security had concerns that never got raised, finance modeled costs differently than IT or the business unit expected capabilities the contract didn't include," Burns said. "Get legal, finance, security and the business owners in the same room before you start negotiating. Disagreements are cheaper to resolve before you've signed anything."

Finance and legal. CFOs are scrutinizing AI ROI timelines more carefully than two years ago. CIOs who present a joint position on pricing and milestone-based payment terms carry more weight at the table.

"A deal isn't done until legal signs off," Swaminathan said. "You can have full alignment from the CIO and CISO, but if legal isn't on board, nothing moves."

Business unit buy-in. Negotiations are stronger when the CIO can demonstrate committed demand across multiple business units. Vendors price more aggressively against buyers who cannot show broad internal adoption.

Security and risk. Pre-negotiation alignment with the CISO and risk teams prevents last-minute blockers and gets security requirements into the contract from the start.

Structuring the relationship for long-term value

Most of the governance failures in AI vendor relationships happen after the contract is signed, not before.

"The biggest thing we've had to unlearn is treating AI vendor governance like a traditional SaaS contract," Swaminathan said. "You can't just sign and move on. Models change, behaviors drift and risk profiles evolve."

Pilot-to-scale structures. Negotiate phased commitments that let the organization validate AI performance before expanding commercial terms. Locking in full deployment pricing before a pilot proves value is among the most common mistakes in enterprise AI procurement.

Quarterly business reviews with teeth. Organizations should tie quarterly business review outcomes directly to pricing adjustments or scope changes, Burns said. Without that structure reviews drift into status theater.

"They become status meetings where the vendor shows usage graphs and everyone nods," he said.

Renegotiation triggers. Market conditions in AI are shifting fast enough that a deal structured today may look very different in 18 months. Schaffner recommends a contractual mechanism to revisit terms if a competitor releases comparable capability at lower cost. Vendors may resist it, but it's fair to ask.

Innovation access. Without written provisions, enterprises risk being pushed to older product tiers while newer customers get better tools at lower cost. Schaffner suggests pushing for most-favored-customer pricing on new features, contractual notice periods before capabilities are deprecated and beta access rights before new pricing tiers are imposed.

Red flags that signal a vendor to avoid

Most bad AI vendor deals are identifiable before signing. The patterns show up in how vendors behave at the table and in what their contracts actually say.

Contract treated as a formality. Watch how a vendor responds to markup.

"If they are resistant to marking up standard terms, slow to respond to redlines or dismissive when you raise data handling questions, that tells you everything about what the relationship will look like when something goes wrong," Schaffner said.

Urgency pressure. Phrases like "this pricing expires Friday" or "we only have three enterprise slots left this quarter" exist to prevent proper diligence, not because supply is actually constrained, Burns said.

How a vendor treats legal and security teams during negotiations is equally revealing, he said. Frustration or dismissiveness during talks signals how they will behave post-signature.

Ambiguity on data use. Enterprises should walk away if a vendor cannot explain how organizational data is used, how models are trained or how security works. Other warning signs include:

• Pricing structures with steep overage fees tied to adoption growth.
• Clauses that let the vendor change pricing or security posture with little notice and no recourse.
• Roadmap promises not reflected in contractual commitments.
• No reference customers at comparable scale.
• Immature compliance certifications.
• Unclear funding runway or financial stability for early-stage vendors.

Burns has a single test he applies before any other due diligence. The clearest red flag is a vendor that resists putting their sales claims in the contract.

"If they promise accuracy rates, latency or integration timelines in the pitch but won't commit to them in writing, that tells you everything," he said.

Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He has pulled Token Ring, configured NetWare and been known to compile his own Linux kernel. He consults with industry and media organizations on technology issues.