The 12 clauses in Salesforce's MSA and order forms that carry the greatest commercial and operational risk, and exactly what to negotiate for each one.
This guide is part of our Salesforce Licensing Guide 2026. See also: Salesforce Negotiation Tips | SELA Agreements Explained | CIO Playbook: Negotiating Salesforce Contracts.
Salesforce's Master Subscription Agreement is a 30-page document written by Salesforce's lawyers to protect Salesforce's interests. Every default clause favours the vendor: fees are non-cancellable, quantities cannot be decreased, liability is capped at what you paid, and there is no contractual uptime guarantee. The CIO who signs without negotiating these terms is accepting a set of rules written entirely by the other side.
| Layer | What It Is | Negotiability |
|---|---|---|
| Master Subscription Agreement (MSA) | Overarching legal framework covering definitions, usage rights, fees, IP, confidentiality, liability, indemnification, termination, governing law. Click-through for most customers | Moderately negotiable for enterprise customers spending $500K+ annually |
| Order Form | Product-specific document: products, licence counts, per-unit price, term, product-specific terms. Order form terms override MSA where they conflict | Highly negotiable. Where the majority of commercial concessions are established |
| Data Processing Addendum (DPA) | GDPR/CCPA framework governing personal data processing, sub-processor lists, data transfer mechanisms, breach notification | Limited. Data residency, sub-processor notifications, and breach windows are negotiable |
| SLA Addendum | Uptime guarantees, support response times, service credit remedies. Does not exist by default. Without it, you have no contractual uptime guarantee | Available for enterprise customers on Premier or Signature support. Must be explicitly requested |
Every commercial concession Salesforce grants appears in the order form, and order form terms override the MSA where they conflict. Focus your negotiation energy on the order form. You do not need to change the MSA itself for most commercial terms.
Salesforce's default (MSA Section 5.1): "Payment obligations are non-cancelable and fees paid are non-refundable, and quantities purchased cannot be decreased during the relevant subscription term." A 1,500-user three-year contract at $175/user/month = $9.45M in non-cancellable fees. If an M&A event reduces the organisation to 800 users in year two, the remaining 700 licences continue billing at full rate: approximately $2.7M in waste.
What to negotiate: Annual downgrade rights of 10-15% at each anniversary. Termination for convenience with a defined penalty (50-75% of remaining fees rather than 100%). Ramp-up schedules aligning commitment to projected adoption rather than day-one capacity. Each provision documented as an order form amendment overriding the MSA default.
Default: subscriptions auto-renew unless 30 days' written notice given before term end. Miss the deadline and the contract renews at the current rate plus embedded uplift with no opportunity to renegotiate pricing, reduce counts, or adjust product mix.
What to negotiate: Extend notice to 90-120 days. Require Salesforce to send written notification 150 days before the auto-renewal date. Cap auto-renewal pricing at current per-unit rate with no uplift. Submit written non-renewal notice regardless of renewal intent to preserve your negotiation position.
Most enterprise order forms include a 7% annual price escalator. At 7% compounding, a three-year contract sees 22.5% cumulative increase. Over five years, 40.3%. For 1,000 Enterprise users starting at $175/month, the 7% default adds approximately $441,000 in cumulative excess cost over three years compared to flat pricing.
| Annual Uplift | Year 1 | Year 2 | Year 3 | 3-Year Excess vs Flat |
|---|---|---|---|---|
| 0% (flat) | $175 | $175 | $175 | $0 |
| 3% | $175 | $180 | $186 | $201K |
| 5% | $175 | $184 | $193 | $339K |
| 7% (default) | $175 | $187 | $200 | $441K |
What to negotiate: Target 0% (flat pricing) for 3+ year commitments. If unachievable, cap at 3% maximum tied to CPI. Ensure the order form uses locked multi-year per-unit pricing, not "then-current pricing" at renewal. For detailed strategies, see our Salesforce Negotiation Tips guide.
Default (MSA Section 3.2): Salesforce can force additional licence purchases if you exceed contractual entitlements. The prohibition against "circumventing" usage limits is broad enough to cover scenarios like using a Platform licence to access standard CRM objects through custom workarounds, or API integrations exceeding licenced scope.
What to negotiate: Add a 90-day cure period before any mandatory purchase. Require written notice specifying the exact usage limit exceeded with evidence. Price required purchases at existing contracted rate, not list price. Include a dispute resolution mechanism before payment obligation.
Enterprise agreements and SELAs include True-Up clauses adjusting costs upward if usage exceeds contracted quantities. True-Forward provisions carry overage-level pricing into subsequent periods. A temporary usage spike during a data migration, seasonal peak, or pilot programme can trigger a permanent cost increase.
What to negotiate: Materiality threshold of 5-10% below which no True-Up triggers. True-Up calculations using normalised 90-day rolling average, not peak or point-in-time measurement. Separate True-Up from True-Forward so an overage in one period does not inflate your baseline. Price True-Up purchases at existing discount level.
The MSA promises only "commercially reasonable efforts" to maintain availability. There is no contractual uptime percentage. No automatic service credits. No financial remedy for downtime. If Salesforce experiences a major outage taking your CRM offline for 48 hours during your busiest period, your contractual remedy is nothing.
What to negotiate: Request a formal SLA addendum with 99.9% monthly uptime minimum (8 hours 46 minutes maximum annual downtime). Tiered service credits: 10% of monthly fees below 99.9%, 25% below 99.5%, termination rights below 99% for three consecutive months. Monthly availability reports. Organisations on Premier or Signature support have the strongest position.
Default (MSA Section 10): Liability capped at fees paid in the 12 months preceding the claim. All consequential, indirect, incidental, and punitive damages excluded. Lost profits, lost revenue, lost data, and business interruption excluded. For a $2M/year customer, maximum recovery for any failure is $2M regardless of actual impact.
What to negotiate: Carve-outs placing data breach/security incidents, indemnification obligations, and IP claims outside the general cap. Push for a 2-3x multiplier (24-36 months of fees). Require Salesforce to maintain cybersecurity insurance at specified minimums with your organisation as additional insured.
Default (MSA Section 11): 30 days after termination to request data export. After 30 days, Salesforce has no obligation to maintain data and will delete all copies. For complex orgs with millions of records, custom objects, attachments, and metadata, 30 days is often insufficient.
What to negotiate: Extend to 180 days minimum. Data in standard machine-readable formats (CSV, JSON, XML) without incremental charges. Reasonable technical assistance during export. Written certification of data deletion within 90 days of your request following the access period. For GDPR organisations, align with data processing records and right-of-access requirements.
Salesforce can audit customer usage to verify licence compliance. Unlike Oracle or SAP, Salesforce does not typically deploy third-party audit firms, but enforces compliance commercially through platform telemetry, True-Up provisions, and renewal-time usage reviews.
What to negotiate: Limit audits to once per 12-month period. Require 30 days' advance written notice. Restrict scope to specific products and entitlements under review. Independent third-party arbitration for disputed findings. Salesforce bears audit costs unless non-compliance exceeds 5% of contracted quantities.
Salesforce indemnifies customers against third-party IP infringement claims. If unresolvable, Salesforce may modify the service (potentially removing functionality) or terminate your contract. The customer-to-Salesforce indemnity covers not just illegal content but how you configure, integrate, and deploy the platform.
What to negotiate: Ensure Salesforce indemnification is outside the general liability cap. Narrow your indemnity to knowing and intentional misuse rather than any use triggering a third-party claim. Require 12 months' notice before any termination-as-remedy for IP issues, providing time to migrate.
The MSA's "Affiliate" definition covers entities you control (>50% ownership). Acquired entities are not automatically covered. Divested entities cannot take licences without agreement. An acquisition may require new licences at current list price rather than extending existing discounted rates. A divestiture may leave you paying for licences the divested entity's users occupied.
What to negotiate: Explicit M&A protection clauses permitting acquired entities at existing per-unit rate. Proportional licence reductions for divestitures. 12-month transition period post-transaction. Change-of-control provisions must not give Salesforce the right to terminate or renegotiate pricing.
US customers: California law, San Francisco courts. International: varies by contracting entity. Litigating against Salesforce in San Francisco, where they are headquartered, is not the same as litigating in your home jurisdiction.
What to negotiate: Governing law aligned with your principal place of business. Mandatory mediation step before litigation. Consistent governing law across all order forms and addenda. For regulated industries, ensure compatibility with regulatory obligations for vendor oversight, data handling, and operational resilience.
The terms of your Salesforce contract determine your cost trajectory, operational risk exposure, and negotiation leverage at every future renewal. Every counter-position described in this guide has been successfully negotiated in real enterprise Salesforce agreements across engagements managed by Redress Compliance. The CIO who invests in clause-by-clause negotiation before signing avoids years of compounding cost and inflexibility.
Yes, for enterprise customers. While the MSA is presented as a standard click-through, every substantive term can be modified through order form amendments and side letters. Pricing, uplift caps, downgrade rights, auto-renewal periods, SLA commitments, liability carve-outs, data portability periods, and M&A provisions have all been successfully negotiated. Salesforce's willingness correlates with deal size, competitive pressure, and fiscal year timing.
The 7% annual uplift. While non-cancellable fees has the largest absolute exposure, the uplift is the most expensive clause for organisations that do not actively negotiate it because it compounds silently year after year. Over five years, the 7% default adds approximately 40% to total cost compared to flat pricing.
Not by default. The standard MSA promises only "commercially reasonable efforts" with no specific percentage and no financial remedy for downtime. You must negotiate a separate SLA addendum to obtain a contractual uptime commitment (typically 99.9%) with service credits. Most achievable for customers on Premier or Signature support plans.
Not under default terms. MSA Section 5.1 states quantities cannot be decreased during the subscription term. To gain mid-term flexibility, negotiate explicit downgrade rights (typically 10-15% annual reduction) or a SELA with a true-down provision. Without these, you pay for every licence through the end of the term regardless of usage.
30 days under default terms. After 30 days, Salesforce has no obligation to maintain your data. For complex orgs with millions of records and custom objects, 30 days is often insufficient. Negotiate extension to 180 days with data in standard machine-readable formats at no additional charge.
Fees paid in the 12 months preceding the claim, with all consequential damages excluded. If you pay $2M/year and a failure causes $20M impact, maximum recovery is $2M. Push for a 2-3x multiplier and carve-outs for data breaches, security incidents, and IP indemnification that sit outside the general cap.
Your contract renews automatically at the current rate plus embedded uplift. You lose the opportunity to renegotiate pricing, reduce licences, or adjust terms for the entire renewal period. The default window is 30 days. Negotiate to 90-120 days and submit written non-renewal notice well in advance regardless of renewal intentions.
Yes, if annual Salesforce spend exceeds $500,000. Salesforce negotiates enterprise contracts daily; your team negotiates a Salesforce contract every 1-5 years. Independent advisory brings current benchmarking, knowledge of Salesforce's internal approval processes, and experience across hundreds of comparable negotiations. Typical return on advisory investment is 5:1 to 10:1.
Redress Compliance reviews enterprise Salesforce contracts clause by clause, identifying risk exposure and negotiating specific term improvements. No Salesforce partnership. No referral fees. Every recommendation made purely in your commercial interest.
Salesforce Advisory ServicesIndependent Salesforce contract review. Clause-by-clause risk assessment. Term improvement negotiation. 100% vendor-independent, fixed-fee engagement.