Back

ESSAYS · AS-E06

How to read an AI MSA: seven clauses that change everything

The negotiation is won or lost on clauses rarely read — rights over fine-tunes, embedding portability, log jurisdiction.

29 APR 2026Company6 min read

The wrong variable

When a legal team receives an AI vendor's MSA for review, the first instinct is almost always the same: go to the pricing table and the uptime SLA. It's an instinct inherited from two decades of conventional software contracts, where those two variables did in fact concentrate most of the risk. A payroll SaaS that goes down for two hours a month is an operational incident. A fine-tuned model built on three years of proprietary data that the organization cannot export is a structural dependency — and that difference never shows up in any uptime clause.

The mistake isn't looking at price and SLA. It's looking only at those first, when they are precisely the variables a vendor with market position will make easiest to negotiate, because they are the ones that least compromise its long-term advantage. A vendor can concede two points of discount or add 99.95% availability without giving up anything structural. What does compromise its long-term advantage — and is therefore drafted with more care, not less — is everything that determines whether the client organization can leave.

This is exactly what the Sovereign Architecture framework calls constitutional reversibility: no contract should turn into irreversible a decision that, at the moment of signing, still looked reversible. An AI MSA is, in practice, the document where an organization decides how much of its execution layer it delegates and under what conditions it can recover it. The question to ask the contract is not "how much does it cost and how available is it?" but "how trapped are we once the system is in production and a year's worth of operational data lives on the vendor's infrastructure?" That question is answered by reading seven clauses that rarely get the attention given to price and SLA.

Seven clauses

Ownership and portability of training data. Every organization that does fine-tuning contributes its own data — support tickets, transcripts, internal documents, user interactions. The clause that defines who owns that data once it enters the vendor's pipeline, and in what format it can leave if the contract ends, is the foundation for everything else. If the contract is ambiguous here, it doesn't matter how well the other six are drafted: the organization has already given up the input that made the system possible in the first place.

Ownership of the fine-tuned model. The output of fine-tuning can be treated in two entirely different ways: as an exportable artifact — weights, LoRA adapters, checkpoints — that the organization owns and can run on other infrastructure, or as an object that exists solely as an endpoint inside the vendor's cloud. The difference between the two isn't apparent on the day the contract is signed. It becomes apparent the day the organization wants to switch vendors and discovers that months of fine-tuning aren't a portable asset but a configuration that disappears along with the account.

Portability of embeddings and vectors. Production AI systems generate vector representations of large volumes of proprietary content, and those representations are usually stored in a vector database managed by the same vendor. If the format of those vectors is proprietary and not exportable to a standard format, the organization doesn't just lose the model if it leaves — it also loses the semantic retrieval layer built over years of indexed content, and has to rebuild it from scratch with another vendor.

Jurisdiction and control of logs. Every interaction with the system generates records — prompts, responses, usage metadata — that frequently contain sensitive information about the organization or its customers. The relevant clause specifies where those logs are stored, under which legal jurisdiction, who inside the vendor has access, and for how long they are retained after the contract ends. A log stored under a jurisdiction different from the one the business operates in, with indefinite retention and undocumented access, is a sovereignty leak that requires nothing to go wrong to materialize: it's enough that the log exists wherever it exists.

Advance notice of discontinuation or material change of terms. No AI vendor guarantees that its current product will still exist in its current form two years from now — the pace of the industry means terms change, models get deprecated, and prices get restructured frequently. What the contract can guarantee is how much real notice the organization gets before a material change. Thirty days' notice to migrate a production system with dependent integrations is not notice: it's an ultimatum with a legal letterhead.

Real cost and mechanics of export at contract termination. A contract can promise, in writing, the right to export all data at the end of the relationship. The question that promise doesn't answer is whether that export is technically viable in practice — in what format, with what tools, on what timeline, at what additional cost. An export right that in practice requires months of uncontracted engineering work, or that delivers the data in a format no other system can ingest, is a right on paper only.

Independent audit rights. The organization needs to be able to verify, with a third party of its choosing, how the vendor actually uses its data — not just trust the vendor's stated usage policy. Without an enforceable audit right, every other clause on this list depends on good faith, and good faith is not a contractual variable.

How to prioritize

In a real negotiation, few legal teams manage to close all seven clauses on the terms they'd prefer. Vendors with dominant market position concede on some and hold firm on others, and knowing which ones to negotiate to the breaking point — and which to accept with a less favorable condition — is itself an exercise in constitutional reversibility: identifying which concession, if lost, turns irreversible a decision that should still be reversible.

The hierarchy is clear once you look at it from that angle. Portability of the organization's own training data comes first, non-negotiable, because without it there is no starting point to rebuild anything with another vendor — it is the input, not the output. Ownership of the fine-tuned model comes second, because it determines whether months of fine-tuning work become an owned asset or a sunk cost that expires with the contract. Together, these two are the line that separates a vendor relationship from a structural dependency, and they are the ones that warrant escalating the negotiation above the legal team if necessary.

The rest — embeddings, log jurisdiction, advance notice, export mechanics, audit — matters, but allows for intermediate conditions without compromising underlying reversibility: a shorter-than-ideal notice period can be offset by a documented migration plan; a suboptimal log jurisdiction can be offset by bounded retention clauses and audited access. Conceding on those five hurts, but doesn't close the exit door. Conceding on the first two does close it, and the moment to notice this is not once the organization already depends on the system in production — it's before signing, reading clauses that price and SLA never forced anyone to look at.

Stable identifier
AS-E06·v1.0·May 2026
arquitecturasoberana.com/en/escritos/msa-ia-clausulas