An ERP contract is not a standard document you sign after negotiating the price. It is a three-to-seven-year commitment that governs your relationship with the vendor, your ability to leave, and — most importantly — what you actually pay beyond the headline figure.
Most CFOs and CIOs at mid-market organisations negotiate the annual fee and sign everything else. This is understandable: vendors field experienced sales teams, deploy contracts optimised entirely in their favour, and the customer is typically at the end of a lengthy selection process, under deadline pressure. The result is that unfavourable clauses pass unnoticed until the first renewal or the first crisis.
This guide reviews 15 concrete clauses. For each: what the standard contract proposes, what you should demand, and why it matters.
Why ERP contracts are structurally unbalanced
The power dynamic is against the mid-market buyer
A vendor such as SAP, Oracle, Sage, or Access Group signs contracts with thousands of organisations every year. Their standard agreement has been refined over years of legal and commercial iteration. Your organisation may sign an ERP contract once every seven to ten years. The information asymmetry is radical.
Perpetual licence vs SaaS: two different logics
Under a perpetual licence model (on-premise), you purchase the right to use the software indefinitely and pay an annual maintenance fee (typically 18–22% of the licence cost). Under SaaS, you rent access to the software and own nothing. The logic around exit, data portability, and version upgrades is fundamentally different. Make sure you are signing the right model for your situation.
Read the contract before go-live
This seems obvious but is rarely followed: contracts are often reviewed after the project starts, when the power balance has shifted even further. Build a week of contractual review into your selection timeline, before communicating your final decision.
Financial clauses (clauses 1 to 5)
Clause 1: Annual price indexation
What the vendor offers by default: automatic indexation linked to an IT services industry index or a fixed percentage of 3–5% per year.
What you should demand: a cap on indexation (for example: index-linked but capped at 3%) or a more stable reference index. For SaaS, negotiate a pricing stability clause covering the first two years.
Why it matters: a SaaS subscription at £50,000 per year indexed at 4% means £2,000 extra in year one, £4,160 cumulative by end of year two, and over £10,000 in additional cost over five years compared to a stable rate. Over the life of a multi-year contract, uncapped indexation typically costs more than the commercial discount you secured at signing.
Clause 2: Scope of annual maintenance
What the vendor offers by default: a “standard” maintenance package covering patches and minor updates, without precise definition of support response times or associated service levels.
What you should demand: an explicit list of what is included (P1/P2/P3 patches, minor updates, hotline access, ticket quota) and — critically — what is excluded (major version upgrades, training, custom development).
Why it matters: in many contracts, annual maintenance does not cover new features or major releases. These are billed separately, sometimes at a cost equivalent to the annual subscription.
Clause 3: Hidden fees and unlisted extras
What the vendor offers by default: a contract listing the licence or subscription price without detailing ancillary costs: initial and ongoing training, support surcharges beyond a ticket threshold, pre-production environment fees, access to technical documentation.
What you should demand: a comprehensive annex listing all potential charges with unit prices. If the vendor is also your implementer, negotiate inclusion of initial training in the project fee.
Why it matters: ancillary charges regularly represent 15–30% of total cost over three years. They are almost never anticipated in initial budgets.
Clause 4: SaaS usage overages
What the vendor offers by default: a SaaS contract with defined thresholds (named users, transaction volumes, storage) and automatic overage penalties.
What you should demand: an overage tolerance band (for example, 10% above the threshold before automatic surcharges kick in), a regularisation window before additional billing, and tiered pricing for volume growth.
Why it matters: a 15% increase in active users mid-year can trigger an unplanned billing threshold. Without a tolerance clause, the surcharge is immediate.
Clause 5: Unilateral price revision by the vendor
What the vendor offers by default: a clause allowing the vendor to modify pricing during the contract with 30–90 days’ notice.
What you should demand: either removal of the unilateral revision clause for the contract term, or a minimum 180-day notice period with a right to terminate without penalty if the increase exceeds an agreed threshold (for example, more than 5% above the contracted indexation).
Why it matters: without guardrails, the vendor can raise prices mid-contract with limited notice and no easy exit for you.
Technical and service clauses (clauses 6 to 10)
Clause 6: SLA and meaningful penalties
What the vendor offers by default: a 99.5% or 99.9% availability SLA with token penalties for non-compliance (for example, one day’s subscription credit).
What you should demand: a minimum 99.9% SLA (equivalent to no more than 8.7 hours of downtime per year), with real financial penalties calculated against your monthly subscription, and a precise definition of what constitutes an outage (including restoration time, excluding scheduled maintenance windows). Also demand a Recovery Time Objective (RTO) per criticality level.
Why it matters: a 99.9% SLA backed by a one-day credit on a £50,000 annual subscription is worth roughly £140. That is not a credible commitment. SLA penalties must be financially significant enough to ensure they are taken seriously.
Clause 7: Major version upgrades
What the vendor offers by default: minor updates included in maintenance; major version upgrades billed separately, with optional technical support.
What you should demand: for SaaS, explicit inclusion of major upgrades in the subscription, with a minimum six-month notice before any forced migration. For on-premise licences, a published upgrade cost schedule by release.
Why it matters: a major version migration on a core ERP can cost 30–100% of the original implementation cost. If this is not contractually accounted for, it arrives as an unbudgeted surprise.
Clause 8: Data residency and sovereignty
What the vendor offers by default: hosting in “European datacentres” or “GDPR-compliant infrastructure” without specifying the country, the hosting provider, or conditions around data access.
What you should demand: explicit country-level data residency (UK or EU, depending on your compliance requirements), identification of the sub-processor hosting the data, and a clause prohibiting data transfer outside your chosen jurisdiction without explicit consent. For regulated sectors (healthcare, defence, financial services, public sector), verify relevant certifications such as ISO 27001, SOC 2 Type II, Cyber Essentials Plus, or sector-specific accreditations.
Why it matters: “hosted in Europe” can mean datacentres in Ireland operated by a US parent company subject to US data access laws. For certain regulated sectors, this creates real compliance exposure.
Clause 9: Data portability and exit rights
What the vendor offers by default: a vague clause on data restitution “in a standard format” at end of contract, with no defined timeline or format specification.
What you should demand: a structured, machine-readable export format (CSV, JSON, or XML with documented schema — not PDF), a minimum 90-day post-termination data access window, and exit migration assistance at a pre-agreed rate.
Why it matters: without a precise portability clause, you can end up with data in a proprietary, unreadable format, or with an access window too short to ensure business continuity. This is one of the most frequently absent clauses in default SaaS contracts.
Clause 10: APIs and third-party connectors
What the vendor offers by default: API access “included” with no endpoint stability guarantee, no versioning commitment, and the right to modify or retire APIs with limited notice.
What you should demand: a stability commitment for APIs of at least 24 months after publication, a minimum 12-month deprecation notice, and shared responsibility for connectors developed by your integrator.
Why it matters: if your ERP connects to five or six third-party tools (CRM, WMS, e-commerce platform, payroll system), a unilateral API change can disrupt your critical business flows overnight.
Legal and exit clauses (clauses 11 to 15)
Clause 11: Contract term and early termination
What the vendor offers by default: a three-to-five-year commitment with early termination penalties equal to remaining instalments or a fraction of the total contract value.
What you should demand: an initial two-year term with annual renewal, an annual exit window from year two with six months’ notice and no excessive financial penalty. If the contract runs to three years, negotiate an 18-month break option with six months’ notice.
Why it matters: an ERP that no longer fits after 18 months of operation — due to poor integration, business growth, or a change in model — must be replaceable without prohibitive penalties. Contract term is typically the first concession vendors make in negotiation.
Clause 12: Change of control of the vendor
What the vendor offers by default: no specific clause, or a clause stating the contract is transferable in the event of acquisition or merger without prior customer consent.
What you should demand: a clause stating that any change of control (acquisition, merger, divestiture of the software division) gives you the right to terminate without penalty within six months of the announcement, or to renegotiate on equivalent terms.
Why it matters: the ERP market is in permanent consolidation. If your vendor is acquired by an organisation you would not have chosen as a supplier, or if pricing terms change post-transaction, you need a clean exit.
Clause 13: Ownership of configurations and custom development
What the vendor offers by default: a clause asserting that all development work on the software — including business configurations — belongs to the vendor or remains tied to the licence.
What you should demand: that your business configurations (management rules, workflows, custom chart of accounts) belong to you and can be exported or reimplemented in another system. For custom development you have funded, demand joint ownership or a rights assignment.
Why it matters: in some contracts, the business rules you spent months configuring legally belong to the vendor. In the event of exit, you cannot use them to migrate to a competing system.
Clause 14: Vendor liability cap
What the vendor offers by default: a liability limitation equal to one month or one year of subscription. On a £50,000 annual contract, that means £4,200–£50,000 regardless of actual losses incurred.
What you should demand: a liability cap of at least two years’ subscription value, with carve-outs for gross negligence, data loss or destruction, and breach of the confidentiality clause.
Why it matters: a prolonged ERP outage (three days to two weeks) can generate operational losses far exceeding one month’s subscription. The standard liability cap is frequently insufficient to cover the actual business impact.
Clause 15: Audit rights
What the vendor offers by default: no clause, or an audit right only in the vendor’s favour (compliance verification of licence usage).
What you should demand: a symmetric audit right allowing you to verify that the vendor is meeting its contractual commitments: service levels, data residency, backup policy, and security certification (ISO 27001, SOC 2 Type II). Request access to existing third-party audit reports rather than an intrusive on-site audit.
Why it matters: without audit rights, the vendor’s commitments remain unverifiable declarations. For sensitive data, the ability to verify real compliance is a basic governance requirement.
Negotiation strategy: how to approach the discussion
When to negotiate?
The negotiation window closes the moment you signal to the vendor that you have selected their solution. Once that signal is given, your leverage collapses. Conduct your contractual review and submit proposed amendments before communicating your final decision — ideally while keeping a credible alternative in the process.
The three most common concessions
Vendors typically concede on: contract term (moving from five to three years, or from three to two years with an exit option), indexation (capping or freezing it for two years), and onboarding costs (initial training included, or a discount on implementation). These are the standard commercial levers. Legal clauses — data portability, configuration ownership, liability cap — are harder to move but not impossible, especially when you engage a specialist IT contracts lawyer.
When to bring in a specialist IT lawyer?
For annual contracts below £25,000, a careful review by your CFO with a structured checklist is usually sufficient. Above £40,000 per year, or for any multi-year commitment exceeding £120,000 in total, engaging a specialist in IT contracts law delivers a clear return. Their fee rarely exceeds 1–2% of the contract value, and the clauses they secure can represent 10–20% savings over the life of the agreement.
Further reading
To complete your contractual due diligence:
- How to Choose an ERP Integrator: A 10-Criteria Scoring Framework — to protect yourself on the implementation contract as well.
- ERP Maintenance Contract Guide: TMA, SLA and Post Go-Live Best Practices — for post go-live clauses and ongoing maintenance.
- ERP Licence Audit 2026: Cut Costs Without Compliance Risk — to regain control of your licence costs mid-contract.
