Skip to main content

Best Company Secretary Firm in India | Bhavya Sharma & Associates

Startup Blogs

Enterprise Customer Contract Checklist for Indian Startups: MSA, SLA, IP, Data, Payment and Liability Clauses

Before an Indian startup signs an enterprise customer contract, the founders should check scope, payment triggers, tax treatment, service levels, intellectual property, data use, confidentiality, liability…

Bhavya Sharmaenterprise customer contract checklist for startups India15 July 202615 Jul 20266 min read
Quick takeaway: Direct answer: Indian startup founders want a practical checklist for reviewing enterprise customer contracts before signing MSAs, SaaS agreements, SLAs or pilot contracts.

Direct answer for founders

Before an Indian startup signs an enterprise customer contract, the founders should check scope, payment triggers, tax treatment, service levels, intellectual property, data use, confidentiality, liability cap, indemnity, termination, renewal, audit rights, governing law and signing authority. A large logo is useful only if the contract does not quietly transfer risk the startup cannot absorb.

This matters because enterprise buyers usually send their own master services agreement, purchase order terms, security schedule and data processing language. Early founders often sign quickly to close the quarter. Later, the same document can block fundraising because investors see weak payment terms, customer-owned product IP, broad indemnities, uncapped liability, personal-data exposure or missing board authority.

The legal base is not one single startup law. Founders should read the Indian Contract Act, 1872 for contract enforceability (https://www.indiacode.nic.in/handle/123456789/2187), the Information Technology Act, 2000 for electronic records and digital contracting context (https://www.indiacode.nic.in/handle/123456789/1999), the Digital Personal Data Protection Act, 2023 where personal data is involved (https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf), and the Companies Act, 2013 for board authority and corporate approvals (https://www.mca.gov.in/Ministry/pdf/CompaniesAct2013.pdf).

Contract review table

ClauseWhat to checkFounder risk if ignored
Scope of workDeliverables, exclusions, assumptions and dependenciesCustomer expects work not priced or planned
PaymentMilestones, credit period, invoicing, GST and late paymentRevenue booked but cash collection delayed
SLAUptime, support hours, response time and service creditsSmall issue becomes recurring penalty
IP ownershipBackground IP, customer data, custom work and product improvementsCore product rights get diluted
Data and securityPersonal data, access controls, breach notice and subprocessorsDPDP, customer audit and trust risk
Liability capCap amount, exclusions and indirect damagesStartup accepts risk beyond balance sheet
IndemnityIP, data, tax, confidentiality and third-party claimsOne-sided indemnity drains runway
TerminationConvenience termination, cure period and transition helpCustomer exits before payback period
RenewalAuto-renewal, price changes and notice windowPricing stays frozen as usage grows
AuthorityBoard or authorised signatory approvalInvestor asks who could legally sign

Clauses founders should negotiate carefully

1. Scope should be specific

Avoid vague phrases like “all services required by customer.” Define modules, users, integrations, support level, implementation assumptions and customer dependencies. If the buyer must provide data, approvals, APIs, access or UAT feedback, write it clearly.

2. Payment should match delivery economics

Check advance payment, milestone billing, GST, withholding, reimbursement, invoice approval, dispute process and late-payment rights. A 90-day payment cycle can be difficult for a startup paying salaries monthly. If implementation work is heavy, founders should avoid carrying all cost before the first invoice is paid.

3. IP should protect the product

The customer may own its data, brand material and specific reports, but the startup should normally retain its platform, algorithms, tools, templates, know-how, libraries and product improvements. If custom development is funded by the customer, separate product IP from customer-specific deliverables.

4. SLA should reflect actual capacity

Do not promise 24×7 support, instant response, unlimited credits or enterprise-grade uptime unless the team can deliver it. Define exclusions for planned downtime, customer-side failures, third-party systems and force majeure. Link service credits to fees actually paid, not open-ended damages.

5. Data clauses should be operational, not decorative

If the contract involves customer, employee or user personal data, founders should map what data is processed, why it is processed, where it is stored, who can access it, which vendors are involved and how incidents are reported. DPDP readiness is not only a privacy policy issue; it affects enterprise contracting.

6. Liability should be capped

Many enterprise templates start with broad indemnities and uncapped liability. Founders should negotiate a reasonable cap, exclude indirect damages and keep only narrow uncapped exceptions where unavoidable. A startup should not sign a contract where one breach can exceed the company’s available capital.

Documents to keep in the data room

DocumentWhy it helps
Final signed MSA and order formShows actual commercial terms
Statement of workProves scope and delivery obligations
Board or authority recordConfirms signatory power
Security questionnaireShows buyer diligence and responses
Data processing scheduleShows privacy and vendor responsibilities
SLA scheduleShows measurable service commitments
Change request logPrevents unpaid scope expansion
Invoice and collection trackerSupports revenue and receivable diligence

Common mistakes to avoid

  • Signing purchase order terms without checking that they override the negotiated MSA.
  • Giving the customer ownership of all product improvements.
  • Accepting unlimited liability because the buyer says the clause is standard.
  • Promising support hours the team cannot staff.
  • Ignoring GST, withholding and invoice approval language.
  • Not checking whether the founder had authority to sign the contract.
  • Letting sales teams agree to custom commitments in email.
  • Forgetting to update the investor data room after a major customer win.

Practical example

A Pune SaaS startup closes a large manufacturing customer. The buyer asks for unlimited liability, customer ownership of custom dashboards and 99.99 percent uptime. A cleaner version caps liability to fees paid in the previous 12 months, lets the customer own its data and reports, keeps platform IP with the startup, defines support hours and adds a paid change-request process. The founder still gets the logo, but the company does not absorb hidden enterprise risk.

Founder next steps

  1. Create a standard contract review checklist before the next enterprise negotiation.
  2. Mark non-negotiable clauses for IP, data, liability and payment.
  3. Keep one authorised signatory matrix for sales contracts.
  4. Use a contract summary sheet for every major customer.
  5. Add signed contracts, amendments and invoices to the investor data room.
  6. Review high-value contracts before fundraising diligence begins.

Sources

FAQ Section

Should every enterprise contract be reviewed by a lawyer?

High-value, long-term, data-heavy or IP-sensitive customer contracts should be reviewed before signing. Smaller contracts can still use a founder checklist.

What is the biggest risk in an enterprise MSA?

For startups, the biggest risks are usually broad IP assignment, unlimited liability, unclear payment milestones, heavy SLA penalties and one-sided termination rights.

Can a customer own custom work?

Yes, but founders should separate customer-specific deliverables from the startup’s background IP, platform, tools, templates, know-how and reusable product improvements.

Should SaaS startups accept customer audit rights?

Audit rights can be accepted if they are limited, confidential, scheduled, reasonable in frequency and do not expose other customers’ data or source code.

What should investors check in customer contracts?

Investors check revenue quality, payment terms, concentration risk, IP ownership, data obligations, termination rights, liability exposure and whether the contract was signed with authority.

Founder / Business Takeaway

Enterprise contracts should convert sales momentum into clean revenue, not silent risk. The Best CS Firm In India mindset is to make every major customer agreement fundraise-ready before diligence starts.

Need expert support?

BSA helps startups review enterprise customer contracts, MSAs, SaaS agreements, data clauses, authority records and investor-ready contract summaries.

Talk to BSA

Need expert support?

BSA supports founders across India with ROC, FEMA, due diligence, fundraising readiness, and company secretarial execution.

Published by Bhavya Sharma & Associates for Indian founders, operators, CFOs, and compliance teams.

Leave a Reply

Your email address will not be published. Required fields are marked *

WhatsApp chat with Bhavya Sharma and Associates