ERP Contract Checklist

The ERP contract codifies the commercial and operational relationship between buyer and vendor for 5-15 years. Like any complex software contract, vendor templates favour the vendor; pushing back on specific clauses is standard practice for serious enterprise and mid-market buyers. This checklist covers the contract clauses that recurringly matter most in DACH ERP procurement — what to look for, what to push on, where vendors are typically flexible versus rigid.

Licence and subscription terms

• User-licence definitions — full users versus team members versus self-service users; concurrent versus named users; counting method for usage-based billing
• Module bundling — what is included, what is extra cost; bundling discounts versus ala-carte pricing
• Subscription escalators — annual price increases (typical 3-5%); cap on escalators; tied to specific indices (CPI, EU inflation)
• Volume tiers — pricing breakpoints as user count grows; ability to add and remove users without contract renegotiation
• Co-terming — aligning addon products and renewal dates to one contract anniversary

SLA and support terms

• Availability commitment — minimum 99.5%, target 99.9% for mid-market production ERP; verify exclusions (planned maintenance, force majeure, customer-caused)
• Support response times — by severity (P1-P4); negotiate tighter P1 commitments if production-critical
• Resolution targets — how fast issues are resolved or mitigated; financial credits if missed
• Service credits — cap and escalation; typical 5-25% of monthly fee
• Maintenance window scheduling — customer-friendly hours; advance notice requirements
• Patch and upgrade timing — customer-side control over major upgrades (especially cloud); ability to defer disruptive updates

Intellectual property and data

• Customer-data ownership — the customer should own all data they put into the ERP; vendor has limited rights to process for service delivery
• Vendor IP protection — vendor retains rights to underlying software; customer licensed to use, not own
• Customisation IP — who owns customer-funded customisations: customer-owned (strong), shared (typical), vendor-owned (weak for customer)
• Data Processing Agreement (see DPA) — GDPR Article 28 requirements covered comprehensively
• Indemnification — vendor indemnifies customer against third-party IP claims on the ERP; mutual indemnification on customer data
• Confidentiality — symmetric obligations protecting both parties' confidential information

Exit and termination

• Termination rights — specific events allowing termination (material breach, vendor insolvency, security incidents); cure periods
• Data extraction — vendor obligation to provide customer's data in usable format at exit; format specifications (CSV, JSON, database dump); reasonable timeframe
• Transition support — vendor cooperation during migration to successor system; pricing for transition services
• Wind-down period — reduced-functionality access for legal-retention purposes after termination
• Source-code escrow (on-premises only) — protection against vendor insolvency
• No early-termination fees if vendor breaches; pro-rata refund for unused subscription period

Audit and compliance

• Customer audit rights — right to verify vendor's compliance with contract; reasonable notice and frequency limits
• Vendor audit rights — vendor's right to verify licence compliance; limited to reasonable scope and frequency
• Compliance attestations — ISO 27001, SOC 2, GoBD attestation, industry-specific certifications maintained over the term
• Sub-processor management — list maintained, change notification, objection rights
• Breach notification — vendor notifies customer within tight time windows (24-72 hours) for security incidents

Related Topics

• ERP selection
• SLA
• DPA