OpenAI's standard enterprise agreements are drafted to maximise OpenAI's flexibility and minimise its liability. Default terms include short-notice price change rights, no formal SLA, heavily capped liability, and broad discretion over service modifications. This guide provides the independent framework for negotiating an OpenAI enterprise agreement that balances innovation access with appropriate commercial and legal protections across six critical contract areas.
OpenAI is not a traditional enterprise software vendor. Its contract structure, pricing model, and risk profile differ fundamentally from the SAP, Microsoft, or Oracle agreements your procurement team is accustomed to negotiating. The technology is new, model capabilities and pricing change frequently, and the regulatory landscape is still being written.
OpenAI's standard contract is designed for a startup moving fast. Your enterprise needs a contract designed for an organisation that cannot afford surprises in pricing, in data handling, in service reliability, or in liability allocation. Default terms include 14-day price change rights, no formal SLA, heavily capped liability, and broad discretion over service modifications. For a vendor handling your sensitive data and powering business-critical applications, these defaults are wholly insufficient.
The master contract governing your overall relationship. Contains data usage policies, IP ownership, liability caps, indemnification, warranties (or disclaimers), termination provisions, and governing law. This is where most negotiation effort should concentrate, particularly around data handling, liability carve-outs, and termination rights.
Defines the specific commercial terms: product selection (ChatGPT Enterprise, API access, dedicated capacity), user counts, committed usage volumes, pricing tiers, discount levels, and contract duration. Ensure it cross-references the protective terms in the Services Agreement.
Required if personal data is processed. Establishes OpenAI as a data processor with obligations around encryption, access controls, subprocessor transparency, breach notification timelines, and data residency. Essential for GDPR, CCPA, and sector-specific compliance. Must be executed alongside the Services Agreement, not deferred.
OpenAI's published policies on acceptable use, content moderation, and rate limits. Typically incorporated by reference into the Services Agreement. Review carefully. They may restrict use cases that are legitimate for your enterprise. Negotiate carve-outs or clarifications for any restrictions that conflict with your intended deployment.
| Pricing Element | Standard OpenAI Terms | What to Negotiate |
|---|---|---|
| Per-token API pricing | List price per 1K tokens; no volume discount by default | Volume-tiered discounts (20 to 35% off list for significant commitments); rate lock for contract term |
| ChatGPT Enterprise seats | Per-user monthly fee; limited flexibility on seat counts | Volume pricing for large deployments; right to adjust seat count quarterly (plus/minus 10%) |
| Price change rights | OpenAI can change rates with 14 days' notice | Price lock for full contract term; cap annual increases at 3 to 5% at renewal |
| Overage handling | Usage beyond commitment billed at on-demand rates | Overage at committed rate or max 10% premium; monthly spend alerts at 75% and 100% |
| Commitment flexibility | Fixed annual commitment; unused capacity lost | Ramp-up schedule; quarterly adjustment rights; rollover of unused credits |
| Total cost transparency | Bundled pricing may obscure component costs | Itemised breakdown: API tokens, seats, fine-tuning, dedicated capacity, support each priced separately |
Build three consumption models: baseline (conservative), expected (planned deployment), and high (rapid adoption). Present the expected scenario for pricing, but ensure contract terms protect you in both low (avoid overpaying) and high (overage protections and spend caps). This scenario modelling is your most powerful pricing negotiation tool.
Obtain pricing from Azure OpenAI Service (same models through Microsoft's infrastructure), Google Vertex AI, Anthropic, and open-source deployment estimates. These benchmarks prove you are an informed buyer and create competitive pressure. OpenAI's pricing is more negotiable when they know you have costed alternatives.
Enterprise use of generative AI involves sending sensitive data (proprietary documents, customer information, source code, strategic plans) to an external service and receiving AI-generated outputs that may be incorporated into products, communications, and decisions. The contract must provide ironclad protections for both inputs and outputs.
Explicit clause prohibiting OpenAI from using your inputs or outputs to train, fine-tune, or improve its models without written consent. OpenAI's policy states this for enterprise customers, but policy is not contract. Get it in writing with legal enforceability and a liability carve-out if the clause is breached.
OpenAI should delete prompts and outputs immediately after processing, or within a defined short period (30 days maximum). Negotiate the right to request immediate deletion on demand. Confirm that your data is logically isolated from other customers' data and that no customer's prompts or outputs can influence another customer's results.
The contract must state that you retain all rights to both input data and AI-generated outputs. OpenAI receives only a limited licence to process data for service delivery. Nothing more. An executed Data Processing Addendum must be in place before any personal data is processed, specifying data residency, subprocessor transparency, breach notification within 24 to 48 hours, and your right to audit or receive compliance certifications.
The Samsung incident, where employees inadvertently fed proprietary source code into ChatGPT, demonstrated what happens when AI data governance is managed by policy rather than contract. Every data protection that matters must be in the agreement with legal enforceability, not in a FAQ on OpenAI's website. Require SOC 2 Type II certification (or equivalent) and annual compliance reports upon request. Require encryption in transit and at rest for all customer data.
OpenAI's standard enterprise terms include no formal SLA. The service is provided on a best-effort basis. For any production deployment, this is unacceptable.
| SLA Component | Standard Terms (Default) | Enterprise Negotiation Target |
|---|---|---|
| Uptime guarantee | No commitment; best-effort only | 99.9% monthly uptime (less than 44 min downtime/month) |
| Service credits | None; no remedy for downtime | 10% credit for 99.0 to 99.9%; 25% for below 99.0%; 50% for below 95.0% |
| Support response time | Email only; no response time commitment | P1 (critical): 1-hour response, 24/7. P2: 4-hour. P3: 1 business day. |
| Dedicated account management | Not included | Named account manager + quarterly business reviews for commitments above $500K |
| Incident notification | Status page only; no proactive notification | Proactive email/SMS within 15 minutes; post-incident RCA within 5 business days |
| Chronic failure exit right | No termination right based on performance | Right to terminate without penalty if uptime falls below 99.0% for 2 consecutive months |
OpenAI's standard terms heavily limit its liability: typically capping it at the fees paid in the prior 12 months, disclaiming all indirect damages, and providing the service "as is" with no accuracy guarantees.
Negotiate exceptions to the liability cap for: breach of confidentiality or data privacy obligations (if OpenAI causes a data leak, the standard cap should not apply), gross negligence or wilful misconduct, and breach of the no-training clause (if OpenAI uses your data for model training in violation of the contract). These carve-outs ensure that the most consequential breaches carry meaningful financial accountability.
Request indemnification for third-party IP claims arising from AI-generated outputs. OpenAI may resist broad indemnity for generated content, but you can negotiate narrower protections: indemnity for claims arising from the model itself (not from your prompts), or a cap-limited indemnity for IP claims. Some AI vendors now offer copyright indemnity programmes. Use these as benchmarks.
Push to raise the overall liability cap from 12 months' fees to 24 months (or the total contract value). Ensure the cap applies per-incident, not aggregate, so a single early incident does not exhaust your entire remedy for the contract term.
If you deploy OpenAI in the EU, the AI Act may classify certain use cases as "high-risk," requiring transparency about how the model works, human oversight mechanisms, and documentation of AI decision-making processes. Your contract should require OpenAI to provide the technical documentation and cooperation needed for you to meet these obligations.
Financial regulators increasingly require explainability, auditability, and model risk management. Ensure your contract grants audit rights, model documentation, and human review workflows. If personal health information (PHI) is involved, a HIPAA Business Associate Agreement is required in the US. Verify OpenAI can execute a BAA and meet specific security requirements. Do not assume a standard DPA covers healthcare obligations.
Include a provision allowing you to terminate or modify the agreement if regulatory changes make continued use non-compliant. If a new regulation prohibits the use of third-party AI for specific data types or decisions, you should be able to exit without penalty. This forward-looking clause protects you from regulatory risk in a rapidly evolving environment.
Negotiate advance renewal notice (90 days minimum vs auto-renewal), termination for convenience with 90 days' notice, data export within 30 days of termination in a standard machine-readable format, and confirmation that all customer data is permanently deleted within 30 days of contract end. These exit provisions ensure you can leave the relationship cleanly if business needs or market conditions change.
| Contract Area | Standard OpenAI Terms | Negotiated Enterprise Terms |
|---|---|---|
| Data usage for training | Policy-based; not contractually enforceable | Explicit prohibition with legal enforceability and liability carve-out |
| Data retention | May retain for troubleshooting; unclear timeline | Zero retention or defined maximum (30 days); deletion on demand |
| IP ownership | Customer owns outputs (per policy) | Explicit contractual assignment of all output rights to customer |
| Pricing | List rates; 14-day change notice; no volume discount | 20 to 35% volume discount; rate lock for term; 3 to 5% renewal cap |
| SLA | No uptime commitment; best-effort | 99.9% uptime; service credits; chronic failure exit right |
| Support | Email only; no response time SLA | 24/7 P1 support; 1-hour response; named account manager |
| Liability cap | 12 months' fees; no exceptions | 24 months or total contract value; carve-outs for data breach and confidentiality |
| Indemnification | None or minimal | IP indemnity for model-originated claims; data breach indemnity |
| Termination and exit | Auto-renewal; limited termination rights; no data export assistance | Advance renewal notice; termination for convenience (90 days); data export within 30 days |
OpenAI's policy states that enterprise customer data is not used for model training. However, policy is not contract. For enterprise-grade protection, you need an explicit contractual clause prohibiting OpenAI from using your inputs or outputs for training, fine-tuning, or model improvement, with legal enforceability and a liability carve-out if the clause is breached. Get it in writing in the Services Agreement, not just referenced in a policy document.
OpenAI's standard enterprise terms include no formal SLA. The service is provided on a best-effort basis with no uptime commitment, no service credits for downtime, and no response time guarantees for support. For production deployments, negotiate a 99.9% monthly uptime guarantee with service credits (10 to 50% depending on severity), 1-hour P1 response time for critical issues, and a chronic failure exit right if uptime falls below 99.0% for two consecutive months.
Yes. OpenAI's standard pricing includes no volume discounts, but enterprises with significant commitments ($500K+ annually) can negotiate 20 to 35% off list pricing. The key is demonstrating a credible multi-year commitment with modelled consumption scenarios, and benchmarking against alternatives (Azure OpenAI Service, Google Vertex AI, Anthropic) to create competitive pressure. Also negotiate price locks for the contract term and caps on annual renewal increases (3 to 5%).
OpenAI's policy states that the customer owns outputs. However, ensure this is explicitly stated in the contract (not just policy) with a clear assignment of all rights to both input data and AI-generated outputs. OpenAI should receive only a limited licence to process data for service delivery. For IP indemnification, negotiate protection against third-party claims arising from model-originated content, particularly if outputs are used in customer-facing products or communications.
Under standard terms, termination and data handling provisions are minimal. Negotiate data export within 30 days of termination in a standard machine-readable format, confirmation that all customer data is permanently deleted within 30 days of contract end, advance renewal notice (90 days minimum vs auto-renewal), and termination for convenience with 90 days' notice. Without these provisions, you may face auto-renewal, data access issues, or uncertainty about data retention after exit.
If you deploy OpenAI in the EU, the AI Act may classify certain use cases as high-risk, requiring transparency about model operation, human oversight mechanisms, and documentation of AI decision-making. Your contract should require OpenAI to provide technical documentation, safety testing results, and cooperation needed for compliance. Include a regulatory change clause allowing you to terminate or modify the agreement if new regulations make continued use non-compliant.
Azure OpenAI Service provides the same OpenAI models through Microsoft's infrastructure, with Microsoft's enterprise contract terms, SLAs, data residency options, and compliance certifications. For organisations already on Microsoft Enterprise Agreements, Azure OpenAI may offer better contractual protections out of the box and integration with existing Azure security and compliance frameworks. However, OpenAI direct may offer earlier access to newest models and features. Evaluate both options and use the comparison as negotiation leverage with whichever vendor you prefer.
Redress Compliance provides independent GenAI contract negotiation: pricing benchmarking, data privacy and IP protection, SLA negotiation, liability allocation, compliance alignment, and exit strategy planning for OpenAI, Anthropic, Google, and Microsoft Copilot enterprise agreements. We help enterprises secure 20 to 35% volume discounts, enforceable data protections, and production-grade SLAs. Complete vendor independence. No AI vendor partnerships, no resale commissions.
GenAI Negotiation ServicesIndependent GenAI advisory helping enterprises negotiate OpenAI, Anthropic, Google, and Microsoft Copilot contracts with enforceable data protections, production-grade SLAs, and volume discounts. Fixed-fee engagement models.