MSA: Final Pass Review Checklist

The MSA Review Checklist

Before you sign or renew any MSA, run through these checks. Each one maps to a pattern identified in LawSnap's analysis of 110 Contract Teardown Show episodes. They're ordered by how often they appear in technology agreements.

The Document Stack (Hidden Complexity Trap — the most common pattern in tech contracts)

• [ ] List every document incorporated by reference. MSA, Order Form, SOW, DPA, AUP, SLA, AI Addendum — how many documents make up your full agreement?
• [ ] Read all of them. Not just the MSA and Order Form. The AUP and DPA are where AI data usage rights and security obligations live.
• [ ] Check for "as may be updated from time to time" language. If present, the vendor can modify incorporated documents unilaterally. Flag for negotiation.
• [ ] Identify the precedence hierarchy. If the DPA says one thing about data usage and the AI Addendum says another, which controls?

The Real Deal (Invisible Operative Document)

• [ ] Where do the economics live? If pricing, renewal terms, and scope are in the Order Form, that's your primary negotiation document — not the MSA.
• [ ] What happens at renewal? Find the auto-renewal clause (it may be in the termination section, not the pricing section). Does pricing reset to list? What's the opt-out window?
• [ ] Does the SOW have an Assumptions section? Convert every assumption to a named dependency or an explicit out-of-scope exclusion.

The Warranty-Remedy Unit (Illusory Protection — common across tech contracts)

• [ ] Read the warranty AND the exclusive remedy AND the limitation of liability as a single unit. They are designed to work together.
• [ ] Is your remedy "at Vendor's option"? If yes, the vendor decides whether to fix the problem or refund your money. You should choose.
• [ ] Is there a data breach carve-out from the liability cap? If not, your maximum recovery for a breach of your entire customer database is capped at 12 months of fees. Only a small minority of vendor agreements offer an elevated cap — push for one.
• [ ] Does the indirect damages waiver carve out data security? If not, investigation costs, notification costs, regulatory fines, and reputational damage are all excluded from recovery.

The AI Provisions (Template Contamination + Verification Impossibility + Compliance Burden Shift)

• [ ] Is there a new AI Addendum or updated AUP since your last renewal? If the MSA looks identical to last year, check the incorporated documents for AI-specific changes.
• [ ] Who bears compliance liability for AI outputs? If the clause puts all regulatory compliance on the customer, push for shared responsibility and vendor cooperation obligations.
• [ ] Can the vendor use your data for model training? Look for "improve the Services" language in the DPA or AI Addendum. Check whether it's opt-in or opt-out, and when the opt-out window closes.
• [ ] Are AI-generated outputs excluded from warranty coverage or indemnification? If the product increasingly relies on AI features, this exclusion may hollow out your core warranty.
• [ ] What triggers when the vendor updates the model? Look for notice obligations, testing windows, and rollback rights.

The Quiet Traps (Silence Trap)

• [ ] Is there a defined process for disputed charges? "Good faith" without process, timeline, or escalation path is not a remedy.
• [ ] Can you withhold disputed amounts without triggering breach?
• [ ] When is the auto-renewal opt-out deadline? Calendar it now. Add a 30-day advance reminder.
• [ ] Are there any consent-by-silence provisions? Clauses where your inaction equals agreement — especially for data usage, AI terms, or pricing changes.

This checklist covers the 6 most common patterns in technology MSAs. For the full 37-pattern analysis, see Pattern Library Index.