What are the red flags I should look for in an AI agency contract?
16 June 2026
What are the red flags I should look for in an AI agency contract?
Look for anything that makes ownership, risk, cost, performance or exit unclear. A good UK AI agency contract should say exactly what is being delivered, what you own, how your data is handled, which suppliers are involved, how success is tested, what happens after launch, and how you leave without losing your work.
The short version: if the contract is vague, the risk is yours
An AI agency contract should make the messy parts explicit. If the proposal sounds impressive but the contract does not define the deliverables, acceptance criteria, ownership, data use, support, security and exit rights, you are not buying certainty. You are buying a demo with a dispute attached.
The practical test is simple: could a sensible third party read the contract and understand what the agency must deliver, by when, using which data and systems, to what standard, at what price, with what support afterwards? If the answer is no, the contract is not ready.
AI makes this more important than a normal website or marketing contract because the work often touches sensitive data, third-party model providers, cloud infrastructure, staff workflows, CRM records, customer communications and automated decisions. The commercial risk is not just that the project fails. The risk is that it fails after you have handed over data, changed processes, paid setup fees, and become dependent on something you cannot inspect or move.
For a small UK business, typical first AI agency engagements might be £2,000 to £8,000 for discovery, £5,000 to £25,000 for a focused pilot, £15,000 to £75,000 for a wider workflow implementation, and £1,500 to £10,000 per month for ongoing support or optimisation. At those numbers, the contract needs to be plain enough for the owner, finance lead and operations lead to understand before anyone signs.
Red flag 1: vague deliverables and no acceptance criteria
Be cautious of wording like "AI transformation", "workflow optimisation", "agent build", "automation setup" or "bespoke AI solution" without a concrete schedule of deliverables. Those phrases may be fine in a sales call. They are not enough in a contract.
The contract should list what will be delivered. That might include a process map, data audit, risk register, prototype, production workflow, integrations, prompts, evaluation set, documentation, training session, admin handover, test results, and support plan. It should also say what is excluded. Exclusions matter because most AI disputes start with different assumptions about scope.
Acceptance criteria are the part many weak contracts miss. For an AI support assistant, acceptance might include approved knowledge sources, escalation rules, maximum response latency, human review for high-risk topics, a target answer accuracy on a test set, and logging. For a sales admin automation, acceptance might include correct CRM field updates, failed-run alerts, audit logs and rollback. For a document workflow, it might include extraction accuracy thresholds and exception handling.
A demo is not acceptance. A chatbot answering three friendly questions in a meeting is not acceptance. You need a written test process using real or representative UK business scenarios, including edge cases, bad inputs and failure modes.
| Weak wording | Better wording |
|---|---|
| Build an AI assistant for customer support | Build a support assistant using approved help centre content, with escalation to staff for billing, legal, complaint and cancellation queries |
| Integrate with CRM | Read contacts, deals and notes from HubSpot; write only approved follow-up tasks; no email sending without human approval |
| Optimise performance | Review failure logs weekly for 30 days and reduce unresolved support triage errors below the agreed threshold |
Red flag 2: unclear IP ownership and reuse rights
Do not assume you own the system because you paid for it. Many agency contracts quietly separate background IP, newly created IP, templates, prompts, code, workflows, connectors, datasets, documentation and model configuration. That separation can be legitimate, but it must be clear.
A fair contract should say what the agency keeps, what you own, what you licence, and what happens at termination. It is reasonable for an agency to keep its general methods, internal frameworks, reusable components and pre-existing tools. It is not reasonable for you to pay for a business-specific workflow and then discover you cannot move it, inspect it, maintain it, or use it without the agency's ongoing platform.
Pay close attention to clauses that let the agency reuse your data, prompts, workflow design, staff interviews, customer examples, documentation or business logic for other clients. Anonymised learning is one thing. Replicating your operating model for a competitor is another.
For custom AI work, ask for a plain ownership schedule. It should cover source code, configuration, prompts, system instructions, evaluation data, vector database content, documentation, API accounts, cloud accounts, workflow diagrams, training material and generated outputs. If the agency will not provide that schedule, ask why.
The price should match the ownership model. A low monthly SaaS-style fee may reasonably come with limited ownership. A £40,000 custom implementation should give you much stronger rights to the assets built for your business.
Red flag 3: weak data protection, security and supplier clauses
This is the red flag UK businesses cannot treat as legal tidying. If the agency processes personal data for you, the contract may need UK GDPR processor terms. The ICO guidance on controller and processor contracts says contracts help both sides understand what needs to be included and covers matters such as documented instructions, confidentiality, security measures, sub-processors, data subject rights, end-of-contract provisions, audits and inspections. Source: ICO contracts and liabilities guidance.
AI agency contracts should also explain which third-party suppliers may touch your data. That can include OpenAI, Anthropic, Google, Microsoft, AWS, Azure, vector database providers, transcription tools, monitoring tools, workflow platforms and hosting providers. You need to know where data is processed, whether prompts or files are retained, whether data is used for model training, how deletion works, and who is responsible for breach notification.
The current UK cyber context makes this non-negotiable. The GOV.UK Cyber Security Breaches Survey 2025/2026 reported that 43% of UK businesses identified a cyber security breach or attack in the previous 12 months, equating to roughly 612,000 businesses. It also found only 15% of businesses formally reviewed risks from immediate suppliers and 6% reviewed the wider supply chain. Source: GOV.UK Cyber Security Breaches Survey 2025/2026.
That supplier-review gap is exactly where AI risk sits. If an agency connects a model, automation platform and CRM integration on your behalf, you have inherited a supply chain. The contract should not hide it behind the phrase "our technology stack".
Also look for a breach notification clause. For sensitive work, "we will tell you if there is a problem" is not enough. You want a specific timeframe, incident cooperation, log access, preservation of evidence, customer notification support if needed, and a clear statement of who pays for remediation when the agency caused the incident.
Red flag 4: unrealistic guarantees and no honest limitation section
Be sceptical of contracts or proposals promising guaranteed revenue growth, guaranteed labour savings, guaranteed accuracy, instant compliance, or fully autonomous operations. A good agency can commit to work, process, testing, documentation, support and measurable targets. It should be very careful about guaranteeing commercial outcomes it does not fully control.
For example, an agency can reasonably commit to building a quote-drafting workflow, integrating it with your CRM, training five staff, and measuring cycle time before and after launch. It cannot honestly guarantee that sales revenue will rise by 30% unless pricing, sales process, market demand, staff behaviour and lead quality are also controlled.
Accuracy claims need the same discipline. If the system extracts fields from supplier invoices, there should be a test set and a target. If it answers customer questions, there should be approved sources and escalation rules. If it analyses contracts, there should be a human legal review step. Anything involving finance, HR, health, legal advice, regulated decisions or vulnerable customers needs extra caution.
The ICO states that its AI guidance is intended to help organisations apply UK GDPR principles to the use of information in AI systems. Source: ICO artificial intelligence guidance. A contract that treats AI as magic rather than a controlled information system is already showing you how the project will be managed.
Red flag 5: black box pricing, change control and retainers
AI work often changes as the agency discovers messy data, undocumented processes, awkward integrations or tool limits. That does not make variable pricing wrong. It makes change control essential.
The contract should separate discovery, build, licences, hosting, model usage, third-party software, training, support, maintenance and optional enhancements. If a pilot is £12,000, ask what happens if the data is worse than expected. If a retainer is £4,000 per month, ask how many hours, reviews, incidents, changes or optimisation cycles are included. If model usage is recharged, ask whether it is at cost, marked up, capped, or estimated.
Watch for setup fees that are not tied to deliverables. A £3,000 setup fee can be fair if it covers process mapping, data review, security configuration, prompt design, testing and documentation. It is a red flag if it only means "onboarding" and nobody can explain the work.
You also need a clear approval process for new costs. AI projects can quietly accumulate extra tools: a vector database, automation runner, observability platform, scraper, transcription service, cloud host, API usage, storage and analytics. None of those are necessarily bad. They are bad when they appear on the invoice after the decision has already been made.
Red flag 6: no post-launch support, SLA or monitoring plan
Launch is not the finish line for AI. Models change, prompts drift, data becomes stale, integrations break, users find edge cases, API costs move, and staff develop workarounds. If the contract ends at go-live without support, monitoring or handover, you may be left with a system nobody owns.
For a low-risk internal workflow, post-launch support might be light: 30 days of bug fixes, one handover session, documentation and a review call. For customer-facing AI or operational automation, you need more. That may include uptime expectations, incident response times, model output review, cost monitoring, prompt and retrieval updates, failed-run alerts, security patching, access reviews and regular performance reporting.
The NCSC secure AI system development guidance covers secure design, development, deployment, and operation and maintenance. Source: NCSC guidelines for secure AI system development. The important point for buyers is that AI security and reliability do not stop when the system goes live.
A basic SLA for an SME AI workflow might say critical incidents are acknowledged within 4 business hours, high-priority failures within 1 business day, minor bugs within 3 business days, and monthly health checks are included for the first 3 months. The exact numbers can vary. The absence of any numbers is the problem.
Red flag 7: poor exit rights and vendor lock-in
Before signing, ask how you leave. If the agency becomes unavailable, expensive, acquired, unreliable or strategically wrong for you, what happens to the system?
A mature contract should cover termination, notice periods, data export, deletion, documentation, access credentials, account transfer, source code or configuration handover where applicable, and reasonable transition assistance. If the agency hosts everything inside its own accounts, you need to know whether you can move to your own cloud, your own model provider, your own CRM admin, or another supplier.
Be especially cautious where the contract says the agency can suspend access quickly for non-payment or dispute, but does not give you a practical route to retrieve your data and operational assets. You do not want your sales follow-up, support assistant or document workflow held hostage during a billing disagreement.
For custom work, ask for an exit pack. It should include system architecture, credentials handover process, supplier list, data export instructions, prompt and configuration inventory, support history, known issues and maintenance guidance. If the agency says this is unnecessary because they will always look after it, that is not a contractual answer.
What should a good AI agency contract include?
A strong contract does not have to be long, but it does have to be specific. For most UK SME AI projects, look for these items before you sign:
- Clear deliverables, exclusions, milestones and dependencies.
- Acceptance criteria and a testing process using realistic scenarios.
- Ownership schedule for code, prompts, workflows, data, documentation and outputs.
- UK GDPR roles, processor terms where needed, subprocessor list and transfer position.
- Security responsibilities, access controls, logging and breach notification duties.
- Transparent pricing for discovery, build, licences, usage, hosting, support and changes.
- Post-launch support, SLA, monitoring and maintenance obligations.
- Change control process for scope, cost, timeline, tools and model changes.
- Limits on agency reuse of your data, workflow design, prompts and commercial information.
- Exit rights, data return or deletion, documentation and transition assistance.
- Balanced liability wording, including confidentiality, data protection, IP infringement and negligence.
Do not expect every small AI project to have enterprise procurement paperwork. A £2,500 workshop does not need the same contract as a £75,000 operational implementation. But the risk should match the paperwork. The more the agency touches live data, customers, finance, HR, regulated work or business-critical processes, the more specific the contract needs to be.
When this does NOT apply
This guidance may be too heavy for a one-off AI training session, a public-content workshop, a generic prompt-writing course, or a short advisory call where no personal data, confidential information or system access is involved. For low-risk work under £1,000, a simple statement of work, payment terms and confidentiality wording may be enough.
It also does not mean every agency using templates is risky. Templates can be efficient. The issue is whether the template has been completed with your project specifics: deliverables, systems, data, suppliers, risks, ownership and exit.
Finally, some restrictions are commercially normal. An agency may fairly protect its pre-existing IP, limit liability to a sensible cap, charge for transition help, and refuse to hand over generic internal tools. The red flag is not the agency protecting itself. The red flag is the agency protecting itself while leaving you with unclear ownership, unclear risk and unclear recourse.
The practical answer before you sign
Before signing an AI agency contract, mark it up in three colours. Highlight anything about money in one colour, anything about ownership in another, and anything about data or security in a third. If those highlighted sections do not answer the basic questions, pause.
Ask the agency these five questions in writing: what exactly will we receive, what exactly will we own, which third parties will touch our data, how will success be tested, and what happens if we leave? A credible agency will answer directly. A weak one will retreat into jargon.
If the agency reacts badly to these questions, that is useful information. Good AI delivery depends on clarity, not mystique. You are not being difficult by asking for ownership, data protection, acceptance criteria and exit rights. You are acting like a responsible buyer.
If you want to explore whether an AI project makes sense for your business, start with a focused workflow review before signing a build contract. No pitch, no pressure. The right first question is not "Which AI tool should we buy?" It is "What risk are we taking on, and is the contract honest about it?"
Is This Right For You?
This applies if you are a UK business considering an AI audit, AI automation project, custom agent, internal copilot, CRM integration, knowledge base, support chatbot, workflow automation, or ongoing AI agency retainer. It is especially relevant if the agency will access your customer data, internal documents, CRM, email, finance system, staff data, website, analytics, codebase, or operational processes.
It does not replace legal advice. If the contract value is material to your business, the project touches personal data, the agency will process regulated information, or the wording affects intellectual property, liability, termination or employment processes, get a UK commercial solicitor to review it before signature. A £750 to £2,500 legal review is cheap compared with losing control of your data, IP or live operating system.
Frequently Asked Questions
Should I let an AI agency own the prompts and workflows?
Only if the price and risk reflect that. For a low-cost managed service, limited ownership may be acceptable. For a custom implementation paid for by your business, you should usually have rights to use, inspect, maintain and transfer the prompts, workflow configuration and documentation created specifically for you.
Do I need a solicitor to review an AI agency contract?
For a small workshop or low-risk advisory project, probably not. For a project over £10,000, anything touching personal data, or anything business-critical, a UK commercial solicitor review is sensible. Expect roughly £750 to £2,500 depending on complexity.
What is a normal liability cap in an AI agency contract?
There is no single normal figure. Many SME contracts cap liability at fees paid over 6 to 12 months, but data protection, confidentiality, IP infringement, fraud and deliberate misconduct may need separate treatment. The red flag is a cap so low that it gives you no practical remedy if the agency causes serious loss.
Can an AI agency use my data to improve its models?
Not unless the contract clearly allows it and the data protection position supports it. Be very cautious. Your contract should say whether your prompts, files, transcripts, CRM data, customer records and workflow examples can be used for training, testing, benchmarking or future product development.
What should the contract say about third-party AI tools?
It should identify the important suppliers or supplier categories, explain what data they receive, who controls the accounts, who pays for usage, what happens if prices change, and whether the agency can swap tools without your approval.
Is a no-refund clause a red flag?
Not always. Agencies need protection against clients cancelling after work has been done. But a no-refund clause is risky if there are no milestones, no acceptance criteria and no remedy for poor delivery. Payment should track work completed and accepted.
What is the biggest AI contract red flag for a UK SME?
The biggest red flag is a contract that gives the agency access to your data and systems but does not define data protection roles, security responsibilities, sub-processors, breach notification, deletion rights and exit support. That is where operational, legal and commercial risk meet.
Can I ask an agency to change its standard contract?
Yes. Serious agencies expect sensible questions. You may not get every change you ask for, but the conversation will show you how the agency handles risk, transparency and accountability before you are dependent on them.