TL;DR: The “compliance with laws” clause is the provision most likely to be dismissed as boilerplate, and most likely to become the center of a nine-figure dispute. When a counterparty violates the FCPA, trips a sanctions screening, or fails to comply with GDPR, the question is not whether someone broke the law (they did) but whether the contract allocated that risk and gave the innocent party an exit. A well-drafted compliance clause is the difference between having a termination right with indemnification and being dragged into someone else’s enforcement action with no contractual recourse. In regulated industries like energy, financial services, defense, healthcare, technology - this clause is negotiated as aggressively as the price term.
What Is a Compliance with Laws Clause?
A compliance with laws clause is a contractual provision requiring one or both parties to comply with all applicable laws, regulations, rules, orders, and governmental requirements in the performance of their obligations under the agreement. At its simplest, it is a covenant that the party will not break the law. At its most sophisticated, it is a detailed regulatory compliance framework specifying particular legal regimes, imposing affirmative compliance obligations, creating audit rights, and establishing remediation procedures.
The clause serves multiple functions simultaneously. It operates as a risk allocation mechanism, placing the cost and consequences of non-compliance on the breaching party. It functions as a termination trigger, giving the innocent party the right to exit the relationship if the counterparty’s legal violations create regulatory, reputational, or operational risk. It serves as a representation and covenant hybrid, often combining a present-tense statement of compliance (representation) with a forward-looking obligation to remain compliant (covenant). And increasingly, it operates as a due diligence artifact—evidence that a company took reasonable steps to ensure its business partners shared its commitment to legal compliance.
The scope of “applicable laws” is the central drafting variable. A general compliance clause referencing “all applicable laws and regulations” casts the widest net but creates ambiguity about which party’s laws apply, what “applicable” means in a cross-border transaction, and whether the clause covers laws that take effect after contract execution. Specific compliance clauses enumerate particular statutes—FCPA, UK Bribery Act, GDPR, OFAC sanctions, export controls—providing clarity but risking gaps if a relevant regime is omitted.
Why It Matters
Key Elements of a Well-Drafted Compliance with Laws Clause
Market Position & Benchmarks
Where Does Your Clause Fall?
Market Data
Sample Language by Position
Customer-Favorable: “Supplier shall comply, and shall ensure that its officers, directors, employees, agents, and subcontractors comply, with all applicable laws, regulations, and governmental requirements, including without limitation the U.S. Foreign Corrupt Practices Act, the UK Bribery Act 2010, all applicable economic sanctions laws and regulations administered by OFAC, the EU, and the United Nations, all applicable export control laws including the EAR and ITAR, and all applicable data protection laws including GDPR and CCPA. Supplier shall maintain a compliance program reasonably designed to prevent and detect violations of the foregoing. Customer shall have the right, upon reasonable notice, to audit Supplier’s compliance with this Section. Any violation of this Section shall constitute a material breach entitling Customer to terminate this Agreement immediately without liability.”
Balanced: “Each Party shall comply with all applicable laws, regulations, and governmental orders in the performance of its obligations under this Agreement, including applicable anti-corruption laws, economic sanctions, export controls, and data protection laws. Each Party shall promptly notify the other Party of any material violation of this Section or any governmental investigation related thereto. A material violation of this Section that is not cured within thirty (30) days of written notice (or, in the case of anti-corruption or sanctions violations, immediately upon notice) shall constitute a material breach entitling the non-breaching Party to terminate this Agreement.”
Vendor-Favorable: “Each Party shall perform its obligations under this Agreement in compliance with all laws and regulations applicable to such Party’s business. Neither Party shall be liable for any failure to comply with laws or regulations that are enacted or modified after the Effective Date to the extent that compliance would require a material modification to the Party’s existing business operations, provided that such Party shall use commercially reasonable efforts to achieve compliance within a reasonable timeframe.”
Example Clause Language
International Distribution Agreement: “Distributor represents, warrants, and covenants that in the performance of its obligations under this Agreement, Distributor has complied and shall continue to comply with all applicable laws, including without limitation: (a) the U.S. Foreign Corrupt Practices Act of 1977, as amended, and all applicable local anti-corruption laws in each jurisdiction in which Distributor operates; (b) all applicable economic sanctions laws and regulations, including those administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control, the European Union, and the United Nations Security Council; and (c) all applicable export control laws, including the U.S. Export Administration Regulations and the International Traffic in Arms Regulations. Distributor shall not, directly or indirectly, offer, pay, promise, or authorize the payment of any money, gift, or thing of value to any government official, political party, or candidate for political office for the purpose of influencing any act or decision, securing any improper advantage, or obtaining or retaining business. Distributor shall maintain accurate books and records reflecting all transactions under this Agreement and shall make such records available for audit by Company or its designees upon reasonable notice.”
Technology SaaS Agreement: “Provider shall comply with all applicable laws and regulations in the performance of the Services, including without limitation all applicable data protection and privacy laws (including, where applicable, the General Data Protection Regulation (EU) 2016/679 and the California Consumer Privacy Act), all applicable information security laws and standards, and all applicable export control and sanctions laws. Provider represents that it is not, and none of its officers, directors, or employees is, a Specially Designated National or Blocked Person as designated by OFAC, or located in, organized under the laws of, or a resident of any country or territory that is the target of comprehensive U.S. sanctions. Provider shall promptly notify Customer in writing of any actual or reasonably suspected breach of this Section, any data security incident involving Customer Data, or any governmental investigation, inquiry, or enforcement action related to Provider’s compliance with applicable laws.”
Supply Chain Agreement: “Supplier shall comply with all applicable laws and regulations, including without limitation: (i) all applicable labor and employment laws, including laws prohibiting forced labor, child labor, and human trafficking; (ii) all applicable environmental laws and regulations; (iii) all applicable health and safety laws; and (iv) the principles set forth in the International Labour Organization’s Declaration on Fundamental Principles and Rights at Work. Supplier shall not utilize forced, bonded, indentured, or involuntary prison labor in the production of goods or provision of services under this Agreement. Supplier shall permit Buyer, or Buyer’s designated third-party auditor, to conduct announced and unannounced inspections of Supplier’s facilities to verify compliance with this Section. Any material violation of this Section shall entitle Buyer to terminate this Agreement immediately and without liability for any cancellation charges.”
Common Contract Types
Negotiation Playbook
Key Drafting Notes
Common Pitfalls
Jurisdiction Notes
United States: The U.S. enforcement environment makes the compliance clause uniquely high-stakes. The FCPA applies to all U.S. issuers and domestic concerns, and its accounting provisions have strict liability components. OFAC sanctions violations carry civil penalties regardless of intent, with maximum penalties exceeding $300,000 per violation (or twice the value of the transaction). The DOJ’s Evaluation of Corporate Compliance Programs guidance explicitly evaluates whether companies impose contractual compliance requirements on third parties. The False Claims Act creates qui tam liability for government contractor non-compliance. Export control violations under the EAR and ITAR carry criminal penalties of up to $1 million per violation and 20 years imprisonment. State-level compliance requirements (California’s Transparency in Supply Chains Act, New York’s Fashion Act) add additional layers.
United Kingdom: The UK Bribery Act 2010 is in many respects broader than the FCPA, covering commercial as well as governmental bribery and imposing corporate liability for failure to prevent bribery unless the company can demonstrate “adequate procedures.” Contractual compliance requirements on business partners are a core element of “adequate procedures.” The Modern Slavery Act 2015 requires commercial organizations with turnover exceeding £36 million to publish annual slavery and human trafficking statements and is driving compliance clause requirements in supply chain agreements. Post-Brexit, the UK maintains its own sanctions regime (administered by OFSI) that is increasingly divergent from EU sanctions, requiring separate compliance obligations in contracts involving UK parties.
European Union and Other Jurisdictions: The EU Corporate Sustainability Due Diligence Directive (CS3D), adopted in 2024, will require large companies to conduct human rights and environmental due diligence across their value chains, including imposing contractual compliance obligations on business partners. This represents a fundamental shift from voluntary to mandatory supply chain compliance contracting. The EU’s sanctions regime, administered under Common Foreign and Security Policy, has expanded dramatically since 2022 and requires specific contractual provisions in agreements involving sanctioned jurisdictions or sectors. The German Supply Chain Due Diligence Act (LkSG), in effect since 2023, requires companies with 1,000+ employees to establish compliance management systems covering their supply chains. In Asia-Pacific, Singapore’s Prevention of Corruption Act and Australia’s Criminal Code Act 1995 (foreign bribery provisions) impose compliance requirements with extraterritorial effect. Companies operating in multiple jurisdictions must ensure their compliance clauses address the overlapping and sometimes conflicting requirements of all applicable regimes.
Related Clauses
This glossary entry is provided for informational and educational purposes only and does not constitute legal advice. Compliance obligations vary by jurisdiction, industry, transaction type, and the specific regulatory regimes applicable to the parties and their activities. Regulatory enforcement priorities and interpretive guidance evolve continuously. Consult qualified legal counsel with expertise in the relevant regulatory areas before drafting, negotiating, or relying on any compliance with laws provision.
.avif)
