Most IT vendor contracts contain clauses that quietly add 20-30% to your total cost. Here are 12 non-obvious red flags we find when reviewing MSP contracts, with real examples from healthcare, finance, retail, and manufacturing clients.
The trap: Contracts that automatically renew for additional terms with built-in price increases of 7-15% annually, often buried in termination sections.
Real example: A healthcare provider discovered their 3-year $180k contract automatically renewed with 12% annual increases, costing them $76k extra over the next term.
Detection: Search for "automatic renewal," "evergreen clause," or "price escalation" in termination sections. Look for percentage increases rather than CPI-based adjustments.
The trap: Early termination fees calculated as 100% of remaining contract value, not accounting for actual costs incurred.
Real example: A manufacturing company faced a $45k termination fee on a $60k annual contract when switching providers mid-term.
Detection: Review termination clauses for "liquidated damages" or "early termination fee" calculations. Ensure fees are proportional to actual costs.
The trap: Vendor claims ownership of custom configurations, scripts, or workflows developed during the engagement.
Real example: A financial services firm lost access to their custom security automation scripts when switching MSPs, requiring $30k in redevelopment.
Detection: Search for "work product," "intellectual property," or "proprietary" in scope and deliverables sections.
The trap: SLAs that measure response time from ticket creation, not from when the vendor actually sees it.
Real example: An e-commerce company discovered their "4-hour response" SLA did not start until the MSP acknowledged the ticket, often adding 6-8 hours.
Detection: Verify SLA definitions for "response time" triggers and business hour calculations.
The trap: Low initial rates with exorbitant change request fees (3-5x market rate) for any scope modifications.
Real example: A nonprofit paid $850 for a simple user permission change that should have cost $150, due to hidden change control terms.
Detection: Review change control procedures and fee structures in the MSA or service descriptions.
The trap: Contractual terms that make data migration difficult or expensive when terminating the relationship.
Real example: A law firm faced $12k in "data extraction fees" and 30-day delays to migrate their case management system.
Detection: Look for data migration clauses, export formats, and associated costs in termination sections.
The trap: Base support covers only limited hours or days, forcing expensive upgrades for actual business needs.
Real example: A retail chain discovered their "24/7 support" only covered 9-5 weekdays, with after-hours calls costing $295 each.
Detection: Map stated support hours against actual business operations and verify inclusion and exclusion lists.
The trap: Vendor rights to audit your compliance with their terms, often resulting in retroactive billing.
Real example: A tech startup received a $15k bill after the MSP "discovered" additional devices not covered by their per-device pricing.
Detection: Search for "audit," "compliance verification," or "true-up" clauses with financial penalties.
The trap: Primary vendor subcontracts actual work to third parties without accountability or quality control.
Real example: A healthcare provider experienced 48-hour delays because their MSP's subcontractor was overloaded with other clients.
Detection: Review subcontracting terms and require disclosure of all third-party providers.
The trap: Vendor carries minimal insurance that would not cover actual damages from security incidents.
Real example: A breached company discovered their MSP's $1M cyber insurance would not cover their $4.2M in damages.
Detection: Require certificate of insurance review and verify coverage amounts match potential risk exposure.
The trap: Vendors use "not limited to" language not in the service scope, but in the exclusions or exceptions section. "Exclusions include, but are not limited to..." means the vendor can exclude anything they want, even if it is not listed. It is an open-ended carve-out from coverage.
Real example: An MSP's MSA stated: "Services exclude, but are not limited to, third-party software licensing, hardware replacement, and user training." When a ransomware incident required rebuilding user workstations and retraining staff on new security tools, the MSP denied coverage under the exclusion clause. Because the language said "not limited to," the MSP argued the exclusion extended to the entire incident response effort, not just the three items named.
Why it concerns buyers: "Not limited to" after a list of inclusions is illustrative (good for the buyer). "Not limited to" after a list of exclusions is the inverse (bad for the buyer). It means every item on the list is excluded AND any other item the MSP chooses to argue should be excluded. The list looks short, but legally it has no ceiling.
Detection: If you see "excluding," "does not include," or "not covered" followed by "including but not limited to" or "not limited to," flag it immediately. Push for either: (a) a closed, exhaustive list ("exclusions are limited to: A, B, and C"), or (b) a clause stating "any exclusions not expressly listed in this section are not recognized."
The trap: Contracts reference "reasonable costs," "customary fees," or "industry-standard practices" without defining what those terms mean or how they will be measured.
Real example: A logistics company's contract required them to pay "reasonable" data migration costs at termination. When they invoked the clause, the MSP billed $28,000. The client obtained three competing quotes ranging from $4,500 to $7,200. The contract provided no mechanism for disputing the MSP's definition of "reasonable," and arbitration would have cost more than the disputed amount. The client paid the full $28,000.
Why it concerns buyers: Words like "reasonable," "customary," "typical," and "industry-standard" sound neutral but place all interpretive power with the vendor who drafts and enforces the terms. Without a benchmark (e.g., "not to exceed prevailing market rates as determined by [named source]" or "capped at X% of annual contract value"), these terms are functionally undefined and unenforceable from the customer's perspective.
Detection: Flag every instance of "reasonable," "customary," "typical," "industry-standard," "fair market," and "at vendor's sole discretion." For each one, demand a concrete definition: a dollar cap, a third-party reference, a fixed percentage, or a named benchmark. If the vendor will not define it, assume it means "whatever we charge."
These hidden clauses typically add 20-30% to total contract value:
Businesses that miss these red flags often face $50k-$250k in unexpected costs over a 3-year contract lifecycle.
Book a free contract review with our team to catch these traps before they cost you.