What Are the Red Flags I Should Look for in an AI Agency Contract?

19 May 2026

Red Flag 1: Vague or Undefined Deliverables

The single most common source of dispute in AI agency engagements is a contract that does not clearly define what the agency is actually building. AI projects are complex enough that vague deliverable definitions are genuinely dangerous - they allow the agency to deliver something that technically satisfies the contract while bearing no resemblance to what you actually needed.

Warning language to watch for: "AI-powered solution," "intelligent automation," "machine learning integration," "AI consultancy services." These phrases describe a category of work, not a specific deliverable. A contract using this language gives you no basis for dispute if the output does not meet your expectations.

What good deliverable definitions look like: specific function by function descriptions of what the system will do; defined input and output formats; named integrations with specific systems; performance benchmarks (accuracy rates, response times, throughput); and acceptance criteria that state clearly how you will verify whether the deliverable meets specification. If the agency cannot or will not provide this level of specificity, that tells you something important about how they plan to manage the engagement.

The practical test: read the deliverables section of the contract and ask whether you could take it to a different technical team and have them build exactly what is specified. If the answer is no - if the specification is too vague to build from - the contract does not adequately protect you.

This is particularly important for AI projects because AI system performance is probabilistic, not deterministic. An AI model does not always produce the same output for the same input the way a conventional application does. If the contract does not specify what level of performance is acceptable and how it will be measured, you have no contractual basis for arguing the system underperforms.

Red Flag 2: IP Ownership Clauses That Leave You with Nothing

Intellectual property is the most significant long-term risk in AI agency contracts, and it is the area where the widest range of contract terms exists in the market. Some agencies transfer full IP ownership to the client on payment. Others retain ownership of everything and grant you a licence. Most fall somewhere between, with terms that determine what you actually own at the end of the engagement.

The clause to look for: who owns the trained models, the training data pipelines, the integration code, the prompts, and the workflow logic. These are all potentially valuable assets. If the agency retains ownership of the trained model and only licenses it to you, you are in a vendor dependency relationship for as long as you use that system - and the licence terms matter enormously.

Specific red flags in IP clauses: language stating the agency retains ownership of any \"pre-existing IP or methodologies incorporated into the deliverables\" without clearly defining what pre-existing IP covers. In practice, this clause can be used to argue that almost everything in the deliverable is pre-existing IP, leaving you with very little. Watch also for licence terms that give the agency the right to use your data, your prompts, or your outputs to train their models for other clients.

What to insist on: full assignment of IP for anything built specifically for your project, on payment of the agreed fees. For genuinely pre-existing agency components (libraries, frameworks, proprietary tooling they developed before your engagement), a perpetual, irrevocable, royalty-free licence at minimum - so you can continue using what they built without being held to ransom if the relationship ends. And an explicit clause stating they will not use your data, your prompts, or your outputs for any purpose other than your engagement.

This matters more as AI systems become more central to business operations. An AI system that powers your customer service, your sales qualification, or your compliance monitoring is critical infrastructure. If you do not own it, your dependency on the agency that built it is permanent.

Red Flag 3: Accuracy Disclaimers That Disclaim Everything

AI systems produce probabilistic outputs. No reputable vendor will guarantee 100% accuracy, and you should be suspicious of any that do. But there is an enormous difference between a reasonable disclaimer that AI systems have inherent limitations and a disclaimer so broad it removes the agency's accountability for delivering a system that works at all.

The worst versions of this clause state that the agency makes no warranties regarding the accuracy, completeness, or fitness for purpose of any AI outputs, and that the client bears full responsibility for verifying AI outputs before acting on them. In extreme cases, this language is broad enough to disclaim responsibility if the system you paid hundreds of thousands of pounds to build produces systematically wrong outputs on day one of deployment.

What reasonable accuracy provisions look like: agreed benchmark performance levels that the system must meet before sign-off (for example, 94% accuracy on the defined test dataset, measured using the agreed methodology); a warranty period during which the agency is responsible for fixing performance issues at no additional cost; and SLAs that define acceptable performance in production, with remedies if those levels are not maintained.

The test for whether an accuracy disclaimer is reasonable: does the contract still give you any basis for dispute if the AI system is simply bad? If an agency delivers a document classification system that correctly classifies 55% of documents when you expected 90%, does the contract give you any remedy? If the answer is no, the disclaimer is too broad.

For regulated industries - financial services, healthcare, legal - this section of the contract needs careful attention. If an AI system makes systematically wrong decisions in a regulated context, the client is liable to their regulator regardless of what the agency contract says. You need to ensure that the agency's accountability provisions are adequate to support your own regulatory obligations.

Red Flag 4: Exit Terms That Trap You

Exit terms are the area where the gap between agency-friendly and client-friendly contracts is starkest. Many AI agency contracts are written to make leaving expensive, operationally difficult, or both. This is especially problematic in AI engagements where the system being built may take many months to develop and significant switching costs accumulate throughout the engagement.

The red flags: auto-renewing contracts with short notice periods (less than sixty days) buried in the terms; cancellation fees expressed as a percentage of the remaining contract value rather than a reasonable estimate of the agency's actual costs; data portability clauses that are absent or vague (what happens to your data when you leave?); and system handover provisions that are undefined or exclude the transfer of trained models, integration code, or documentation.

Auto-renewal clauses deserve particular attention in AI contracts because the pace of change in AI tools and models is rapid. A contract signed in early 2025 for an AI system built on the tools available then may be significantly sub-optimal by late 2026. If auto-renewal means you are locked into maintaining an outdated system with the agency that built it, and switching costs are prohibitive, you have a long-term problem.

What good exit terms look like: a defined notice period of at least sixty to ninety days; cancellation fees calculated as the agency's reasonable costs incurred rather than a punitive percentage; data portability provisions that guarantee your data is returned in a usable format within a defined timeframe; and system handover provisions that include transfer of trained models (where contractually owned by you), integration code, API credentials, documentation, and a defined transition period during which the agency provides reasonable handover support.

The practical question to ask before signing: if this relationship ends badly six months from now, what are your actual options? Can you move to a different provider without losing the work done to date? Can you get your data back? Can you keep running the system while you transition?

Red Flag 5: Missing SLAs and Liability Caps That Do Not Reflect the Risk

Service level agreements and liability provisions are the final category where AI agency contracts frequently fail to reflect the actual risk being transferred to the client. For an AI system that is critical to business operations, an agency with no contractual accountability for uptime or performance is an agency with no incentive to prioritise your system when things go wrong.

SLA red flags: no defined uptime or availability commitment for production AI systems; no response time commitments for issue reports; no defined resolution time targets by severity; and no financial remedy (service credits or otherwise) if SLA levels are not met. Some contracts include SLAs but exclude from the calculation any downtime caused by the underlying AI model provider (OpenAI, Anthropic, Google) - which in practice means the SLA has very limited teeth, since most AI system outages are caused by or related to underlying model availability.

Liability cap red flags: caps expressed as the lesser of a fixed amount and the total fees paid in the preceding three months. For a multi-month AI implementation project, three months of fees may be a small fraction of the total investment. If an agency delivers a system that fundamentally does not work and their maximum liability is three months of retainer fees, you are bearing the majority of the risk of the project failing.

What reasonable SLA and liability provisions look like: uptime commitments of 99.5% or better for production systems, with defined measurement periods and exclusions that are narrow and specific rather than broad; liability caps set at the total project value or total fees paid under the contract rather than a short lookback period; and explicit carve-outs from the liability cap for willful misconduct, fraud, breach of IP assignment obligations, and data protection breaches.

For AI systems handling personal data under UK GDPR, the contract should also address data processor obligations explicitly. If the agency is acting as a data processor on your behalf, the contract must include the mandatory GDPR Article 28 clauses - and their liability for data protection breaches should not be subject to the general liability cap in a way that undermines your ability to recover regulatory fines caused by their actions.

When to Walk Away and What to Ask For Instead

Not every red flag is a dealbreaker. Some are negotiating points - terms that a reasonable agency will adjust when challenged, and that exist in the first-draft contract because the agency's template defaults to their preferred position rather than a fair one. Others reflect a fundamental position the agency will not move from, and those are genuinely diagnostic of whether this is an agency you want to work with.

The terms most agencies will negotiate: deliverable definitions (they often want to be vague to retain flexibility, but most will accept specificity if you push for it); IP assignment for project-specific work (most will agree to assign custom-built components on full payment); notice periods and data portability provisions; and liability caps, which are frequently negotiable upward in exchange for a cap on the client's own liability for delayed decisions or access.

The terms that reveal a fundamental problem: a refusal to define any performance benchmarks for the AI system; a position that all IP (including custom-trained models) remains with the agency regardless of what is paid; broad accuracy disclaimers combined with no warranty period; and data portability terms that would leave you unable to migrate to a different provider. If an agency will not move on these, the contract reflects a fundamental misalignment about who bears the risk of the project failing - and that misalignment will surface as a dispute.

The practical process: review the contract against this checklist before engaging a lawyer, so you know which clauses to focus on. Raise your concerns directly with the agency before sending the contract to your solicitor - many issues can be resolved in a conversation before legal involvement. Get any verbal commitments confirmed in writing before signing. And if the contract cannot be made acceptable despite negotiation, the cost of not signing is almost always lower than the cost of a failed AI engagement governed by a bad contract.

Finally: take references. Ask the agency for two or three clients you can speak to who are at least twelve months into their engagement. Ask those clients specifically about what happened when something went wrong - not just whether they are happy. How an agency handles problems is a better predictor of the relationship than how they perform when everything is going well.

Is This Right For You?

This post is for any UK business that is considering hiring an AI agency, AI consultancy, or AI development firm. It is especially relevant if you are reviewing a contract for a custom AI build, an AI integration project, or an ongoing managed AI service.

If you are already in a contract and things are not going well, some of this is still relevant - particularly the sections on deliverable definitions and dispute resolution. But contract review is most valuable before you sign.

If you are the AI agency reading this: the red flags listed here are not unreasonable client demands. They are the terms any competent, honest agency should be happy to agree to. If you cannot agree to them, your potential clients should know why before they sign.

Frequently Asked Questions

Should I use a solicitor to review an AI agency contract?

For any engagement over approximately £10,000, yes. AI agency contracts frequently contain specialist terms around IP, data processing, model licensing, and performance that a general commercial solicitor may not be familiar with. Ideally, use a tech-specialist firm that has reviewed AI development contracts before. The cost of a contract review is typically a small fraction of the engagement value and can prevent disputes worth significantly more.

What is a reasonable liability cap for an AI agency contract?

The most client-protective position is the total fees paid under the contract. Many agencies will resist this and propose a three or six month lookback period instead. A reasonable compromise for larger projects is a cap at the total fees paid in the twelve months preceding the claim. Carve-outs from the cap (unlimited liability for IP breach, data protection breaches, and fraud) are industry standard and should be non-negotiable.

What happens to my data if I terminate the contract early?

This should be defined in the contract before you sign. You want a provision requiring the agency to return all your data in a defined format within a specific timeframe (thirty days is reasonable), confirm deletion from their systems, and provide a written certification of deletion. Without this clause, data recovery after a difficult termination can be a protracted process - and if the agency goes insolvent, recovery may be impossible.

How do I check whether an AI agency's work is actually original?

Ask for a technical architecture document before signing that describes what they are building and using. Ask specifically: are any pre-existing components, licensed models, or third-party frameworks being incorporated, and if so under what licence terms? Request that the contract include a warranty from the agency that the deliverables do not infringe any third-party IP. Be cautious of agencies that are vague about their technical stack - honest agencies will tell you what they are using.

What should an AI agency contract say about GDPR and data protection?

If the agency will process personal data on your behalf, the contract must include the Article 28 Data Processing Agreement provisions required by UK GDPR. These must specify the subject matter and duration of processing, the nature and purpose of processing, the type of personal data and categories of data subjects, and the agency's obligations and rights. The agency's standard contract should include this - if it does not, ask why.

Is it normal for an AI agency to retain ownership of trained models?

It varies. Some agencies retain model ownership and licence usage rights to clients. Others transfer full ownership on payment. Retaining model ownership is not automatically unreasonable - it depends on whether the model was built entirely for you or whether it incorporates pre-existing model assets. What matters is that the licence terms are clearly defined and give you sufficient rights to use, operate, and if necessary migrate the system without dependency on the agency's ongoing involvement.

What is a reasonable notice period to terminate an AI agency contract?

Sixty to ninety days is typical for ongoing managed service agreements. For project-based contracts, the more important provisions are milestone-based exit points and what happens to IP and data at each stage. Be wary of contracts with notice periods shorter than thirty days that auto-renew annually - these give you a very narrow window each year to decide to leave, and missing that window commits you to another full year.