Online contracts are increasingly prevalent in business-to-business relationships. So what’s the best way to approach managing them and to mitigate their associated risks?

In this first of two blogs, we take you through how to identify if you have any exposure to risk from your current online contracts.

Then, in the second part, we’ll take you through how to reduce that risk and protect your business.

What is an Online Contract?

First things first, an online contract is a set of terms and conditions that governs access to certain parts of a web site or to specific functionality provided by a web site, such as downloading software. The applicable terms may be displayed in part in a scroll box, or be accessible by clicking a link.

There are two main types:

  • A clickwrap agreement requires deliberate action to signify acceptance of the terms, typically by clicking something similar to 'I agree' which results in formation of an online contract and provision of the desired access. This applies whether or not the terms were actually read. Rejection of the terms by clicking something similar to 'Cancel' simply maintains the default lack of access.
  • A browsewrap agreement requires only optional action to signify acceptance of the terms. Typically a link to the terms is shown, accompanied by a recommendation to click something similar to 'I agree' and a warning that continued use of the web site without clicking 'I agree' will be deemed as acceptance of the terms anyway. The only way to stop formation of an online contract is to leave the web site at this point.

Many countries consider that a valid online contract has been formed once 'I agree' gets clicked, possibly subject to the terms and conditions being clearly accessible, irrespective of any later claim that the terms and conditions weren't actually read or read in full.

Basically, the 'I agree' is considered to mean what it says.

Online contract visibility

A key issue with online contracts is that they can be almost invisible from a governance, risk and compliance perspective. Here are the key questions to ask yourself in order to test visibility:

  1. How many of your current critical and important suppliers have negotiated contracts in place?
  2. How many of your current critical and important suppliers use online contracts?
  3. How many online contracts have been formed with these suppliers?
  4. What are these online contracts for?
  5. How many of the negotiated contracts state that their terms and conditions take priority over those in online contracts covering the same subject matter?
  6. How many online contract terms and conditions were assessed for acceptability, legality and so on?
  7. How many online contracts contain terms conflicting with negotiated contracts covering the same subject matter?
  8. Were the assessors authorised and qualified to perform the assessments?
  9. How many assessment results were published in an online contracts register as a guideline for future acceptance of the terms?
  10. Who accepted the terms and conditions for each online contract?
  11. Were the acceptors authorised to do so, in accordance with existing delegations of authority?
  12. How many online contract terms and conditions were accepted without being assessed or published in an online contracts register?
  13. How many online contract terms and conditions were accepted despite an unfavourable assessment?
  14. How many online contract terms and conditions documents were provided to Legal or Contract Management staff following acceptance for storing in the contracts repository?
  15. How many online contracts have been formally terminated by notice to the supplier?
  16. How many online contracts ought to be terminated but lack a method for doing so?

Online contract risks

The visibility test questions above give some clues about the potential risks of online contracts. Here are some of the key risks to be aware of:

Unknown terms and conditions
It is widely recognised that people in general will not read anything containing or even suggestive of legal content.

Credit cards, mobile phones, property leases, mortgages, TV warranties and countless other matters are used without any reference to the 'fine print'. It should be no surprise that online contracts are likely to get the same treatment.

Suppliers understand this kind of 'no-read' behaviour, and some are known to have taken advantage of it, particularly in the mass-market consumer space.

Terms can be extremely one-sided in the supplier's favour and unsurprisingly are not negotiable. A supplier can increase the customer's obligations and reduce their rights, while granting themselves seemingly excessive and unexpected rights.

Recent examples of this behaviour from some very large, very well-known companies include:

  1. Customers being denied rights to obtain a refund or post negative comments about the supplier using social media.
  2. The supplier granting itself ownership of customers' posted photographs and other information.
  3. The supplier denying all responsibility for the performance of its software.
  4. The supplier granting itself the right to enter the customer's premises to check that the terms are being complied with.
  5. The supplier's terms and conditions for a simple device with limited functionality containing 74,000 words, estimated to take 9 hours to read in full before 'I agree' should be clicked. 
  6. Customers being limited to binding arbitration with a proportion of their fees non-refundable and a requirement to pay the supplier's legal fees in the event that arbitration favoured the customer, and being unable to take the supplier to court or participate in class actions against the supplier

There's no real way to tell if this supplier mentality is also being directed at the business world, but it can't hurt to assume that it is.

It may also be reasonable to presume that the no-read behaviour is likely to be prevalent across your organisation.

Given these two presumptions, it would also be reasonable to expect only a remote likelihood that the terms and conditions were read in full, were understood and assessed for completeness and acceptability by a qualified person and are mutually fair.

Key Question: Given the drive to get the terms right for contracts that are negotiated, can agreeing to online contract terms sight-unseen be considered as an acceptable risk?

Unauthorised commitment
Contracts which have a value can usually only be authorised by people who have a signing limit covering that value. Other contracts which don't have a value, like an NDA, might also only be signable by certain people.

The common practice for online contracts appears to be that whoever is using a supplier's web site in a fashion that raises the need for the agreement simply agrees to the terms and conditions in order to progress.

The likelihood that this person has the authority to commit the organisation to compliance with those terms could be slim, given the typical ratio of authorised to unauthorised people in an organisation.

Key Question: Given that there is usually a strict contract authorisation regime in place for reasons of probity, can unauthorised commitment to an online contract be considered as an acceptable risk?

Unrecognised contract existence
Since most contracts are signed by all parties, whether physically or electronically, there's usually a document that can be stored in some kind of repository, allowing key details to be extracted for contract summarisation purposes and entered into a Contract Management System, if one is in use.

Unless the person who accepts an online contract's terms and conditions provides Legal or Contract Management staff with a properly annotated and dated copy of the agreed-to terms, there's little chance of broader organisational awareness that such contracts exist.

Key Question: Given the heightened contract risk awareness delivered by a centralised contract repository, can the unrecognised existence of online contracts be considered as an acceptable risk?

Unclear precedence of terms

Many negotiated contracts contain an 'Entire Agreement' clause. This clause essentially says that the terms and conditions of the negotiated contract are the only ones that apply with respect to the subject matter of the contract, that they take precedence over any other contract's terms and conditions for the same subject matter.

The clause may also say that the negotiated contract's terms and conditions can only be modified using a written document signed by all parties.

Some suppliers seem to believe that both a negotiated contract and an online contract for the same subject matter apply simultaneously, regardless of any 'Entire Agreement' clause and any conflicting clauses between the two.

Key Question: Given all the effort that went into negotiating an agreement with a supplier, can the supplier's unilateral imposition of non-negotiable additional terms, covering the same subject matter, be considered as an acceptable risk?

Conclusion & Next Steps

Your answers to these key questions will inform the next steps that you need to take. You may consider these online contracts to be of minimal risk and be happy to proceed without clear policy in place. 

However, if you can see potential for significant risk in relation to online contracts being signed on behalf of your business, then make sure you read the second part of our blog series

You can also download our free 38-page ebook - The Complete Guide to Contract Management - which gives further detailed advice on how to get the most out of your contract and vendor relationships. 

Download Your Free Contract Management Guide >>

Rod Linsley
Rod Linsley

Rod is a seasoned Contracts Management and Procurement professional with a senior IT Management background, specialising in ICT contracts


Contract Management , Contract Lifecycle Management , Vendor Management , Contract Lifecycle , Contract Management Software , Case Study , Supplier Management , CLM , Contracts , Contract Risk Management , Gatekeeper Guides , Negotiation , Risk , Risk Mitigation , COVID-19 , Contract Ownership , Contract Redlining , RFP , Vendor Management Software , Artificial Intelligence , Business continuity , Compliance , Contract Automation , Contract Management Strategy , Legal , AI , Clause Library , Contract Management Plans , Contract Managers , Contract Performance , Contract Repository , Contract Risk , Electronic Signatures , Excel , Legal Ops , Metadata , Procurement Strategy , Redline , SaaS , Security , Spend Analysis , Supplier Performance , Vendor Onboarding , Workflows , collaboration , contract renewals , CLM solutions , Clause Template , Contract Administration , Contract Governance , Contract Outcomes , Contract Review , Contract Templates , Contract Tracking , Data Fragmentation , Employee Portal , Gatekeeper , IT , KPIs , Obligations Management , Procurement Planning , RBAC , Suppler Management Software , Sustainable Procurement , Vendor Portal , automation , central repository , eSign , webinar , Australia , BCP , Breach of Contract , Brexit , Business Case , Business Growth , CCPA , CMS , CSR , Categorisation , Certifications , Cloud , Conferences , Confidentiality , Contract Ambiguity , Contract Analysis , Contract Breach , Contract Community , Contract Disputes , Contract Drafting , Contract Economics , Contract Execution , Contract Management Audit , Contract Monitoring , Contract Obligations , Contract Obscurity , Contract Stratification , Contract Value , Contract Volatility , Contracting Standards , Contracting Standards Review , Dashboards , Data Privacy , Data Sovereignty , Definitions , Digital Transformation , Disputes , ESG , EU , Enterprise , Enterprise Contract Management , FCA , Financial Services , Force Majeure , GDPR , Hotels , ISO , ISO Certification , Implementation , Intergrations , Kanban , Key Contracts , Measurement , Mergers and Acquisitions , Modern Slavery , NDA , Operations , Parallel Approvals , Partnerships , Pharma , Planning , Port Agency , Pricing , Procurement , RAG Status , Recession Planning , Regulation , Requirements , SOC Reports , SaaStock , Scaling Business , Shipping , Spend optimzation , Startups , Technology , Touchless Contracts , Usability , remote working , time-to-contract , vendor centric

Related Content


subscribe to our newsletter


Sign up today to receive the latest GateKeeper content in your inbox.

Subscribe to Email Updates