Following on from our first article about online contracts, here we look beyond what they are and what the common risks are, and instead focus on what you can do to mitigate the risks involved.

Dealing with online contract risks

The following three-step process to understand the size of the problem, develop risk minimisation approaches, then implement those approaches, will likely be time-consuming.

You should also expect active resistance from suppliers, who see online contracts as an easy way to operate under very favourable terms and to minimise the number of negotiations they have to conduct.

There may also be resistance from internal staff who see only impediments to doing their job.

While there can be a fine balance between minimising risk and inconveniencing people, some expectations may need to be reset for the benefit of the organisation as a whole.

Clear communication to suppliers and staff about the rationale for the risk-minimisation approaches adopted may help to limit push-back.


Step 1: Determine the size of the problem

When there isn't a negotiated agreement in place with a supplier, the following activities are required to determine if a problem exists and how big it is.

Identify scope of online contracts in use by suppliers
Ask important current suppliers, and any potential suppliers, if they ever require any online contracts to be agreed to, for what purpose, and how such agreement is provided.

Alternatively, simply check the web sites of those suppliers to discover where terms and conditions need to be, or are recommended to be, accepted.

When a supplier has such contracts, ask for, or obtain from the website, electronic copies of the current versions of their terms and conditions to allow full risk assessment by Legal and / or Contract Management teams.

Identify scale of online contracts in place
When a current supplier uses online contracts, ask for details of every online contract that has been agreed to by somebody from your organisation.

This information should include:

  • The identification of the web page where agreement to the terms and conditions was registered
  • The date of agreement
  • The terms and conditions in force on that date
  • All information used to identify the person who authorised formation of the contract
  • Specifics about the subject matter of the agreement
  • Any other pertinent information.

When online contracts are known to exist, the supplier's inability or unwillingness to provide the desired details may be further cause for concern.

Risk assess existing online contracts
Assessment of each online contract's terms by qualified people should identify and classify all concerns in accordance with the risk likelihood, impact and criticality scales normally used in the organisation.

The details should be recorded in the organisation's standard risk matrix to obtain an overall view.

Where a negotiated agreement with a supplier must coexist with online contracts, all conflicts between the two contract types should also be identified, rated and recorded as above.

Depending on the number of online contracts discovered, a formal project might be needed to manage this activity.

Step 2: Fixing the problem

When the actual or potential size of the online contracts problem warrants attention, your next steps should be as follows:

Prepare a policy covering online contracts
An organisation-wide policy outlining how online contracts are to be handled, and why, is critical for relaying to all staff that this is not a trivial matter for the organisation. The policy should cover at least the following:

  1. Purpose of the policy, version number and date issued, name of the business function responsible for the policy
  2. A definition of online contract, maybe similar to that shown in Part 1 of this series
  3. The pre-conditions for online contract creation, such as prior approval of its terms and conditions and availability of a person authorised to accept the terms and conditions online
  4. People who can approve the terms and conditions, such as Legal or Contract Management staff
  5. People who can accept the terms and conditions, such as Contract Management staff
  6. Record-keeping requirements, such as an Online Contracts Register or via a Contract Management Solution. This should also assign responsibility for timely delivery to Contract Management staff of a properly annotated copy of the terms of conditions of each new online contract formed
  7. Emergency approval and acceptance, such as after-hours situations or general unavailability of the necessary staff. This should cover temporary verbal, written or electronic delegation of authority to an available unauthorised person by an authorised person unable to assess the terms and conditions, physically perform the acceptance step or locate an available authorised person. 
  8. An approach for dealing with unacceptable terms when there is no alternative supplier available, such as seeking senior management approval, or requesting a negotiated agreement with the supplier
  9. Consequences of non-compliance, such as disciplinary action against the offender, a penalty reduction in the offender's business unit's budget, holding the offender personally liable for the online contract, or any other fitting disincentive against non-compliance
  10. An approach for reducing online contract numbers, such as attempting to negotiate an agreement with a supplier where one doesn't exist or when some threshold number of online contracts is reached.

Prepare a register of online contracts and authorisers
An Online Contracts Register should be set up, that will show at least the following, grouped by supplier:

  1. Supplier details
  2. Details of any existing negotiated contract covering the same subject matter as the online contracts, including if the contract has priority over any online contracts
  3. For each set of online contract terms and conditions that have been risk assessed:
    • The name of the terms
    • The approval status assigned to the terms
    • Any explanatory text needed when the status is anything other than 'Approved'
    • The business function and the individual responsible for creating the online contract, when possible.

The register should also separately list the people authorised to review online contract terms and conditions and assign approval status, or to accept those terms.

The register should be maintained by Legal, Contract Management or other authorised staff. The approval status of a particular set of terms and conditions can be changed as and when circumstances permit.

Of course, this can all be managed in straightforward fashion via a dedicated Contraction Management Solution if you have one. 

The register should be generally available for viewing to provide guidance to people wishing to create a new online contract.

Suggested approval status values are:

  1. Approved: the terms can be accepted to form a new online contract
  2. Conditionally Approved: before the terms can be accepted, the instructions described in the explanatory text must be followed and signed off
  3. Denied: the terms cannot be accepted for the reasons described in the explanatory text. An override mechanism could be provided if deemed necessary.

Establish an online contracts approval request process
A process is needed to handle requests for approval of the terms and conditions of an online contract, such as follows:

  1. Requester to confirm that the applicable terms and conditions are not listed in the Online Contracts Register
  2. Requester to download or copy into a document the applicable terms and conditions, without triggering the creation of a new online contract
  3. Requester to submit the terms to an approver listed in the Online Contracts Register, requesting assessment of the terms on an emergency, urgent or standard basis (however these classifications are defined)
  4. Approver to assess the overall acceptability of the terms and determine any conflicts with a negotiated agreement covering the same subject matter
  5. Approver to assign an approval status to the online contract terms
  6. Approver to update the Online Contracts Register with details of the terms, its approval status, and explanatory text / instructions when the status is 'Conditionally Approved' or 'Denied'
  7. Approver to advise requester of the assessment outcome

Step 3: Implement risk minimisation approaches

In order to limit the chances of any further issues, you can think about putting the following things in place:

Populate the Online Contracts Register
Using the risk matrix prepared in step 1, a consolidated picture of each online contract can be entered into the Online Contracts Register, an approval rating derived, and any required explanatory text composed.

The existence of a negotiated agreement with the supplier covering the same subject matter as an online contract should also be noted, with an indicator as to whether or not it takes priority over online contracts.

Publicise and activate the Online Contracts Policy
Since the Online Contracts Policy is applicable organisation-wide, a simple email to all staff with the policy attached may be sufficient to activate the policy.

A more targeted and detailed communication to the management of each business function may help to ensure that the message gets through.

Update negotiated contracts to override online contract terms
A risk assessment may have revealed an inherent conflict between the terms and conditions of a negotiated contract containing an 'Entire Agreement' clause and online contracts from the same supplier covering the same subject matter.

When warranted, discussions should be held with the supplier in an effort to give the negotiated agreement priority over any online contracts by way of a simple amendment.

One way this prioritisation may be achieved is by inserting an additional statement in the 'Entire Agreement' clause specifying that a negotiated and signed agreement will always prevail over an online contract.

Subject to a formal legal opinion, this extra statement could say something like 'No “clickwrap,” “browsewrap” or other terms which Customer or its end users may be required to “accept” in order to access certain functionality on Supplier's website shall have any force or effect'.

The Online Contracts Register should be updated accordingly whenever a negotiated agreement gets updated with this amendment.

Depending on the number of negotiated contracts where such an amendment is desired, a formal project might be needed to manage this activity.

Replace online contracts with negotiated agreements
A risk assessment may have revealed an uncomfortable level of concern about online contracts that are the only agreements in place with a supplier.

Where warranted, discussions should be held with the supplier in an effort to negotiate one or more agreements, all with priority over online contracts covering the same subject matter, to replace all the online contracts.

The Online Contracts Register should be updated accordingly when a new negotiated agreement gets executed.

Depending on the number of suppliers involved, a formal project might be needed to manage this activity.

Terminate all redundant online contracts
When there is a negotiated contract in place that doesn't have a statement declaring its priority over online contracts, or when there isn't a negotiated contract at all, and online contracts exist, discussions should be held with the supplier about terminating any online contracts that are no longer relevant for some reason.

The Online Contracts Register should then be updated accordingly.

Consider replacing uninterested suppliers
A supplier may show no interest in or actively resist negotiating a new agreement, amending an existing agreement to override his online contracts, or terminating irrelevant online contracts.

If such a supplier has competition in the market, it may be worthwhile opening discussions with the other suppliers to determine if any might be more amenable, then decide if and when replacement of the current supplier is feasible.


The growth in use of online contracts presents new challenges to businesses seeking clear, central oversight of all their vendor relationships. 

Using the principles and processes described in these two articles should give you a good basis for reducing the risk to your business. 

Implementing a contract management system can also give you the visibility and automation required to make the process straightforward.

For more information on managing contracts you can read our related blog articles or download our Complete Guide to Contract Management.

Download Your Free Contract Management Guide >>

Rod Linsley
Rod Linsley

Rod is a seasoned Contracts Management and Procurement professional with a senior IT Management background, specialising in ICT contracts


Contract Management , Contract Lifecycle Management , Vendor Management , Contract Lifecycle , Contract Management Software , Case Study , Supplier Management , CLM , Contracts , Contract Risk Management , Gatekeeper Guides , Negotiation , Risk , Risk Mitigation , COVID-19 , Contract Ownership , Contract Redlining , RFP , Vendor Management Software , Artificial Intelligence , Business continuity , Compliance , Contract Automation , Contract Management Strategy , Legal , AI , Clause Library , Contract Management Plans , Contract Managers , Contract Performance , Contract Repository , Contract Risk , Electronic Signatures , Excel , Legal Ops , Metadata , Procurement Strategy , Redline , SaaS , Security , Spend Analysis , Supplier Performance , Vendor Onboarding , Workflows , collaboration , contract renewals , CLM solutions , Clause Template , Contract Administration , Contract Governance , Contract Outcomes , Contract Review , Contract Templates , Contract Tracking , Data Fragmentation , Employee Portal , Gatekeeper , IT , KPIs , Obligations Management , Procurement Planning , RBAC , Suppler Management Software , Sustainable Procurement , Vendor Portal , automation , central repository , eSign , webinar , Australia , BCP , Breach of Contract , Brexit , Business Case , Business Growth , CCPA , CMS , CSR , Categorisation , Certifications , Cloud , Conferences , Confidentiality , Contract Ambiguity , Contract Analysis , Contract Breach , Contract Community , Contract Disputes , Contract Drafting , Contract Economics , Contract Execution , Contract Management Audit , Contract Monitoring , Contract Obligations , Contract Obscurity , Contract Stratification , Contract Value , Contract Volatility , Contracting Standards , Contracting Standards Review , Dashboards , Data Privacy , Data Sovereignty , Definitions , Digital Transformation , Disputes , ESG , EU , Enterprise , Enterprise Contract Management , FCA , Financial Services , Force Majeure , GDPR , Hotels , ISO , ISO Certification , Implementation , Intergrations , Kanban , Key Contracts , Measurement , Mergers and Acquisitions , Modern Slavery , NDA , Operations , Parallel Approvals , Partnerships , Pharma , Planning , Port Agency , Pricing , Procurement , RAG Status , Recession Planning , Regulation , Requirements , SOC Reports , SaaStock , Scaling Business , Shipping , Spend optimzation , Startups , Technology , Touchless Contracts , Usability , remote working , time-to-contract , vendor centric

Related Content


subscribe to our newsletter


Sign up today to receive the latest GateKeeper content in your inbox.

Subscribe to Email Updates