Order Form — Enterprise SaaS (District of Columbia)

ORDER FORM — ENTERPRISE SAAS

DISTRICT OF COLUMBIA

Order Form No.: [________________________________]

1. DEFINITIONS

For purposes of this Order Form, in addition to terms defined in the Master Agreement, the following terms shall have the meanings set forth below:

"Authorized Users" means the named individuals or concurrent users designated by Customer who are authorized to access and use the Services under the credentials and usage limits specified in this Order Form. Authorized Users may include Customer's employees, contractors, and agents acting on Customer's behalf, but shall not include third parties unless expressly permitted herein.

"Confidential Information" means all non-public information disclosed by one party (the "Disclosing Party") to the other party (the "Receiving Party"), whether orally, in writing, or in electronic form, that is designated as confidential or that a reasonable person would understand to be confidential given the nature of the information and circumstances of disclosure. Confidential Information includes, without limitation, the terms and pricing of this Order Form, Provider's proprietary technology, Customer Data, trade secrets, business plans, financial data, and security architecture.

"Customer Data" means all data, content, records, files, information, and materials that Customer or its Authorized Users upload to, transmit through, store within, or generate through use of the Services, including all Personal Data processed on Customer's behalf.

"Documentation" means all user guides, technical manuals, API documentation, release notes, knowledge-base articles, and other materials made generally available by Provider that describe the functionality, configuration, and operation of the Services.

"Force Majeure Event" means any event beyond a party's reasonable control, including acts of God, natural disasters, pandemics, epidemics, government orders or actions (including embargoes and sanctions), war, terrorism, riots, civil disturbance, labor disputes (other than those involving the affected party's own employees), fire, flood, earthquake, power or telecommunications failure, cyberattack by a state actor, or other similar circumstances; provided, however, that a Force Majeure Event shall not include a party's financial inability to perform, changes in market conditions, or a failure of a party's subcontractors or suppliers unless such failure is itself caused by a Force Majeure Event.

"Personal Data" means "personal information" as defined in the District of Columbia Consumer Security Breach Notification Act (D.C. Code § 28-3851(3)), including an individual's first name or first initial and last name, or phone number, or address, and any one or more of the following data elements: (a) Social Security number or taxpayer identification number; (b) driver's license number, District of Columbia identification card number, passport number, military identification number, or other unique identification number issued on a government document used to verify identity; (c) credit card number or debit card number; (d) any other number or code or combination of numbers or codes, such as account number, security code, access code, or password, that allows access to or use of an individual's financial or credit account; (e) medical information; (f) genetic information or DNA profile; (g) health insurance information, including a policy number, subscriber identification number, or unique identifier used by a health insurer; (h) biometric data; or (i) any combination of data elements included in subparagraphs (a) through (h) that would allow a person to commit identity theft without reference to a person's name or other independent data element.

"Provider IP" means the Services (including the underlying software, platform, and SaaS application), APIs, tools, algorithms, methodologies, processes, user interfaces, documentation, and all intellectual property rights therein, together with all modifications, improvements, enhancements, and derivative works thereof, whether or not developed in connection with this Order Form.

"Services" means the cloud-based software-as-a-service application and associated functionality identified in Section 5 (Services and Entitlements), including hosting, maintenance, standard support, and updates provided by Provider to Customer under this Order Form.

"SLA" means the service level agreement governing availability, performance, and support response commitments for the Services, as set forth in Section 7 (Service Levels and Support) and any referenced attachments.

2. PARTIES

Note: The District of Columbia is a federal district and is not a state. All references herein to the "District of Columbia" shall mean the government, laws, courts, and territory of the District of Columbia. Provider and Customer each represent that they are duly organized and validly existing under the laws of their respective jurisdictions and have all requisite authority to enter into this Order Form.

3. TERM

Non-Renewal Mechanics. Unless either party delivers written notice of non-renewal at least the number of days specified above prior to the end of the then-current term, this Order Form shall automatically renew for successive periods equal to the Renewal Term Length specified above. Any notice of non-renewal must be delivered in writing to the Notices Address specified in Section 2 or by email to the address designated for legal notices in Section 17.

Effect of Termination. Upon expiration or termination of this Order Form for any reason: (a) all rights and licenses granted to Customer hereunder shall immediately terminate; (b) Customer shall pay all fees accrued through the effective date of termination; (c) Provider shall make Customer Data available for export in a commercially standard format for a period of [____] days following the effective date of termination; and (d) each party shall return or destroy Confidential Information of the other party in accordance with Section 13.

4. SERVICES AND ENTITLEMENTS

Usage Limits:

Modules and Add-Ons:

5. FEES AND PAYMENT

One-Time Fees:

Usage and Overage Fees:

Renewal Uplift. Upon each renewal, subscription fees may increase by no more than [____]% per annum, or, if greater, the percentage increase in the Consumer Price Index for All Urban Consumers (CPI-U), Washington-Arlington-Alexandria, DC-VA-MD-WV (Series ID: CUURA311SA0), as published by the U.S. Bureau of Labor Statistics, comparing the most recently published twelve-month period to the immediately preceding twelve-month period. Provider shall provide Customer with written notice of any fee increase at least [____] days prior to the commencement of the applicable renewal term. If Customer objects to the increase, Customer may elect to non-renew this Order Form by providing written notice within [____] days of receipt of Provider's fee increase notice.

District of Columbia Sales and Use Tax. All fees stated in this Order Form are exclusive of applicable taxes. The District of Columbia imposes sales and use tax on SaaS and digital goods under D.C. Code § 47-2001 et seq. The parties acknowledge the following:

• (a) The general sales tax rate is 6.0% through September 30, 2026, and is scheduled to increase to 7.0% effective October 1, 2026, pursuant to the Sales Tax Increase Delay Amendment Act of 2025.
• (b) Provider shall itemize District of Columbia sales tax as a separate line item on each invoice.
• (c) If Provider has established economic nexus in the District of Columbia (gross receipts exceeding $100,000 or 200 or more separate transactions in the current or prior calendar year), Provider shall register for, collect, remit, and report all applicable District of Columbia sales taxes in accordance with applicable law.
• (d) If Customer is exempt from District of Columbia sales tax, Customer shall furnish a valid D.C. exemption certificate (Form OTR-368) to Provider prior to the Order Effective Date. Provider shall not collect sales tax on transactions covered by a valid exemption certificate. Customer shall indemnify Provider against any tax liability arising from an invalid or expired exemption certificate.

6. SERVICE LEVELS AND SUPPORT

SLA Credit Schedule:

Service credits shall be applied against the next invoice following Customer's written request submitted within [____] days of the applicable downtime incident. Service credits are Customer's sole and exclusive remedy for Provider's failure to meet the uptime commitment, except that if Provider fails to meet the uptime commitment for [____] consecutive months, Customer may terminate this Order Form for cause.

Support:

Response and Resolution Times:

Escalation. Provider shall maintain a documented escalation procedure. If a Severity 1 or Severity 2 issue is not resolved within the target resolution time, Customer may escalate to Provider's VP of Engineering or equivalent executive by contacting: [________________________________].

7. SECURITY AND DATA PROTECTION

Data Types Processed Under This Order Form:

7.1 District of Columbia Breach Notification Compliance

Provider shall comply in all respects with the District of Columbia Consumer Security Breach Notification Act (D.C. Code § 28-3851 et seq.), as amended by the Security Breach Protection Amendment Act of 2020 (D.C. Law 23-98). Without limiting the foregoing, in the event of a breach of the security of the system (as defined in D.C. Code § 28-3851(1a)) affecting Customer Data that includes the Personal Data of District of Columbia residents, Provider shall:

(a) Expedient Notification. Notify Customer in the most expedient time possible and without unreasonable delay following discovery of the breach, and in no event later than [____] hours after confirmed discovery, so that Customer may fulfill its own notification obligations under D.C. law.

(b) Attorney General Notification (50-Resident Threshold). If the breach affects fifty (50) or more residents of the District of Columbia, cooperate with and assist Customer in providing written notice to the Office of the Attorney General for the District of Columbia, as required by D.C. Code § 28-3852(b-1).

(c) Consumer Reporting Agency Notification (1,000-Resident Threshold). If the breach affects more than one thousand (1,000) residents of the District of Columbia, assist Customer in notifying the nationwide consumer reporting agencies without unreasonable delay, as required by D.C. Code § 28-3852(c).

(d) Required Notification Content. Ensure that any breach notification includes: (i) a description of the categories and types of Personal Data compromised; (ii) contact information for the entity providing the notification; (iii) contact information for the major consumer reporting agencies and information about security freezes; (iv) the toll-free telephone numbers, addresses, and website addresses for the Federal Trade Commission and the Office of the Attorney General for the District of Columbia; and (v) such other information as required by D.C. Code § 28-3852(a)(3).

(e) Identity Theft Prevention Services (SSN/TIN Breaches). If the breach involves Social Security numbers or taxpayer identification numbers, Provider shall, at Provider's sole cost and expense, provide identity theft prevention services to affected District of Columbia residents for a period of not less than eighteen (18) months, as required by D.C. Code § 28-3852(a-2).

(f) Reasonable Security Measures. Provider shall implement and maintain reasonable security measures to protect Personal Data from unauthorized access, use, modification, disclosure, or destruction, as required by D.C. Code § 28-3852.01.

CPPA Enforcement Nexus. The parties acknowledge that a violation of the Consumer Security Breach Notification Act constitutes an unfair or deceptive trade practice under the District of Columbia Consumer Protection Procedures Act (D.C. Code § 28-3904(kk)), subjecting the violating party to private actions, treble damages, and attorney's fees under D.C. Code § 28-3905(k)(2).

8. LIMITATION OF LIABILITY

8.1 Aggregate Cap. EXCEPT FOR THE CARVE-OUTS SET FORTH IN SECTION 8.3, EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS ORDER FORM, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL OR EQUITABLE THEORY, SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER UNDER THIS ORDER FORM DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) $[________________________________].

8.2 Exclusion of Consequential Damages. EXCEPT FOR THE CARVE-OUTS SET FORTH IN SECTION 8.3, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR LOSS OF PROFITS, REVENUE, GOODWILL, DATA, OR BUSINESS OPPORTUNITY, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE AND WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8.3 Carve-Outs. The limitations in Sections 8.1 and 8.2 shall not apply to, and the following shall be subject to a separate aggregate liability cap equal to [____] times the aggregate cap set forth in Section 8.1 (or, if "Uncapped" is selected, shall not be subject to any contractual cap):

☐ [____]x cap ☐ Uncapped

• (a) Either party's indemnification obligations for third-party intellectual property infringement claims under Section 9;
• (b) Provider's obligations arising from a breach of its security and data protection obligations under Section 7, including D.C. breach notification obligations;
• (c) Either party's breach of its confidentiality obligations under Section 12;
• (d) Either party's willful misconduct, gross negligence, or fraud; and
• (e) Customer's payment obligations for fees due and owing under this Order Form.

8.4 CPPA Liability Acknowledgment. The parties acknowledge that the District of Columbia Consumer Protection Procedures Act (D.C. Code § 28-3901 et seq.) provides consumers with a private right of action and authorizes treble damages (or $1,500 per violation, whichever is greater), plus reasonable attorney's fees, for willful violations (D.C. Code § 28-3905(k)(2)). To the extent any liability arises under the CPPA, the statutory remedies available thereunder cannot be contractually waived, and nothing in this Section 8 shall be construed to limit or waive any non-waivable statutory rights or remedies.

9. INDEMNIFICATION

9.1 Provider Indemnification. Provider shall defend, indemnify, and hold harmless Customer and its officers, directors, employees, agents, successors, and assigns from and against any third-party claims, demands, actions, suits, proceedings, losses, damages, liabilities, costs, and expenses (including reasonable attorney's fees) arising out of or related to:

• (a) IP Infringement. Any claim that the Services, as provided by Provider and used by Customer in accordance with this Order Form and the Documentation, infringe or misappropriate any United States patent, copyright, trademark, or trade secret of a third party. If the Services become, or in Provider's reasonable opinion are likely to become, the subject of an infringement claim, Provider shall at its option and expense: (i) procure for Customer the right to continue using the Services; (ii) modify the Services to make them non-infringing without materially reducing functionality; or (iii) replace the Services with a non-infringing equivalent. If none of the foregoing options is commercially reasonable, either party may terminate this Order Form, and Provider shall refund to Customer any prepaid fees covering the remainder of the then-current term.
• (b) Data Breach. Any claim arising from Provider's failure to comply with its security and data protection obligations under Section 7, including Provider's failure to comply with the D.C. Consumer Security Breach Notification Act, to the extent such breach was caused by Provider's negligence, willful misconduct, or failure to maintain reasonable security measures.

9.2 Customer Indemnification. Customer shall defend, indemnify, and hold harmless Provider and its officers, directors, employees, agents, successors, and assigns from and against any third-party claims, demands, actions, suits, proceedings, losses, damages, liabilities, costs, and expenses (including reasonable attorney's fees) arising out of or related to:

• (a) Customer Data. Any claim that the Customer Data, or Customer's provision of Customer Data to Provider, infringes or misappropriates any intellectual property right or other right of a third party, or violates any applicable law.
• (b) Customer Misuse. Any claim arising from Customer's use of the Services in violation of this Order Form, the Master Agreement, or applicable law.
• (c) Violation of Law. Any claim arising from Customer's violation of any applicable law, regulation, or ordinance in connection with Customer's use of the Services, including the D.C. Human Rights Act.

9.3 Indemnification Procedures. The indemnifying party's obligations under this Section 9 are conditioned on the indemnified party: (a) providing prompt written notice of the claim (provided that failure to provide prompt notice shall not relieve the indemnifying party of its obligations except to the extent materially prejudiced by such failure); (b) granting the indemnifying party sole control of the defense and settlement of the claim; (c) providing reasonable cooperation and assistance at the indemnifying party's expense; and (d) not settling or compromising any claim without the indemnifying party's prior written consent. The indemnifying party shall not settle any claim in a manner that imposes any obligation, restriction, or liability on the indemnified party without the indemnified party's prior written consent, which shall not be unreasonably withheld.

10. INSURANCE

Provider shall procure and maintain, at Provider's sole cost and expense, the following minimum insurance coverages during the term of this Order Form and for a period of two (2) years following its expiration or termination:

Provider shall furnish certificates of insurance evidencing the foregoing coverages upon Customer's written request, and shall provide Customer at least thirty (30) days' prior written notice of any material change, cancellation, or non-renewal of such policies. All policies shall be issued by carriers with an A.M. Best rating of A- VII or better.

11. INTELLECTUAL PROPERTY

11.1 Provider IP Ownership. Provider retains all right, title, and interest in and to the Services, including the underlying software, platform, APIs, tools, algorithms, methodologies, processes, user interfaces, and Documentation, together with all modifications, improvements, enhancements, and derivative works thereof, and all intellectual property rights therein (collectively, "Provider IP"). Nothing in this Order Form transfers ownership of any Provider IP to Customer.

11.2 Customer Data Ownership. Customer retains all right, title, and interest in and to all Customer Data. Provider acquires no right, title, or interest in Customer Data except the limited license expressly granted in Section 11.3(b).

11.3 License Grants.

• (a) Provider to Customer. Provider hereby grants to Customer a non-exclusive, non-transferable, non-sublicensable (except to Authorized Users) license to access and use the Services and Documentation during the Subscription Term solely for Customer's internal business purposes, subject to the usage limitations set forth in this Order Form.
• (b) Customer to Provider. Customer hereby grants to Provider a non-exclusive, worldwide, royalty-free license to use, process, store, transmit, host, copy, and display Customer Data solely as necessary to provide, maintain, support, and improve the Services under this Order Form and the Master Agreement, and for no other purpose.

11.4 Feedback. If Customer provides suggestions, enhancement requests, recommendations, or other feedback regarding the Services ("Feedback"), Provider may freely use such Feedback to improve, enhance, modify, or develop the Services and related offerings without restriction, obligation, attribution, or compensation to Customer. Customer hereby assigns to Provider all right, title, and interest in and to such Feedback.

11.5 Customizations.

☐ Custom integrations, configurations, or developments created under this Order Form shall be owned by:

☐ Provider — with a perpetual, irrevocable, non-exclusive license granted to Customer for Customer's internal business use

☐ Customer — as a work made for hire to the extent qualifying under 17 U.S.C. § 101, and by irrevocable assignment to the extent not so qualifying

☐ Jointly owned — each party may exploit without accounting to the other, subject to confidentiality obligations

District of Columbia Practice Note: The work-for-hire doctrine is narrowly defined under federal copyright law (17 U.S.C. § 101) and must fall within one of nine enumerated categories. See Community for Creative Non-Violence v. Reid, 490 U.S. 730 (1989), a landmark Supreme Court decision originating in the District of Columbia establishing the multi-factor test for distinguishing employees from independent contractors in the copyright context. The District of Columbia does not maintain a jurisdiction-specific statute restricting employer invention assignment agreements. Practitioners should ensure that IP assignment and work-for-hire provisions are clearly documented, supported by adequate consideration, and that the relationship between the parties is properly characterized under the Reid multi-factor test.

12. CONFIDENTIALITY

12.1 Obligations. The Receiving Party shall: (a) hold the Disclosing Party's Confidential Information in strict confidence using at least the same degree of care it uses to protect its own confidential information, but in no event less than reasonable care; (b) not disclose Confidential Information to any third party except to its employees, contractors, advisors, and agents who have a need to know and are bound by confidentiality obligations no less protective than those herein; and (c) use Confidential Information solely for the purpose of performing its obligations or exercising its rights under this Order Form.

12.2 Exclusions. Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) was rightfully known to the Receiving Party without restriction prior to disclosure; (c) is independently developed by the Receiving Party without reference to the Disclosing Party's Confidential Information; or (d) is rightfully obtained from a third party without restriction on disclosure.

12.3 Compelled Disclosure. The Receiving Party may disclose Confidential Information if required by law, regulation, or court order, provided that the Receiving Party: (a) gives the Disclosing Party prompt written notice (to the extent legally permissible); (b) reasonably cooperates with the Disclosing Party's efforts to obtain a protective order; and (c) discloses only the minimum amount of Confidential Information required.

12.4 Order-Form-Specific Terms. The parties agree that: (a) all pricing, fee structures, discount terms, and commercial terms of this Order Form constitute Confidential Information of both parties; (b) Provider shall not publicly reference Customer's name, logo, or trademarks in any marketing materials, press releases, case studies, or customer lists without Customer's prior written consent; and (c) the terms of any DPA, security addendum, or audit report produced in connection with this Order Form are Confidential Information of both parties.

12.5 Survival. Confidentiality obligations under this Section 12 shall survive expiration or termination of this Order Form for a period of three (3) years; provided, however, that obligations with respect to trade secrets shall continue for as long as such information qualifies as a trade secret under applicable law.

13. AUDIT RIGHTS

13.1 Security and Compliance Audits. Customer (or an independent third-party auditor selected by Customer and reasonably acceptable to Provider) may audit Provider's compliance with Provider's security, data protection, and breach notification obligations under this Order Form and the Master Agreement once during each twelve (12) month period. Customer shall provide Provider with at least thirty (30) days' prior written notice of any audit. Audits shall be conducted during Provider's normal business hours and in a manner that does not unreasonably interfere with Provider's operations.

13.2 Scope. Audits may include review of Provider's security controls, data handling practices, subprocessor management, breach notification procedures, and compliance with the D.C. Consumer Security Breach Notification Act. Provider shall make available relevant records, personnel, and facilities reasonably necessary for the audit.

13.3 Costs. Customer shall bear the costs of any audit. If an audit reveals a material non-compliance by Provider, Provider shall: (a) promptly remediate the non-compliance at Provider's sole expense; and (b) reimburse Customer for the reasonable costs of the audit that identified the non-compliance.

13.4 Certification Alternative. In lieu of an on-site audit, Provider may, at its option, provide Customer with a current SOC 2 Type II report, ISO 27001 certificate, or equivalent independent third-party audit report covering the controls relevant to Customer's audit request, provided such report is no more than twelve (12) months old.

14. FORCE MAJEURE

14.1 Excused Performance. Neither party shall be liable for any delay or failure in performing its obligations under this Order Form (other than payment obligations) to the extent such delay or failure is caused by a Force Majeure Event.

14.2 Notice. The affected party shall notify the other party in writing within [____] business days after becoming aware that a Force Majeure Event has caused or is likely to cause a delay or failure in performance, specifying the nature of the Force Majeure Event, its expected duration, and the obligations affected.

14.3 Mitigation. The affected party shall use commercially reasonable efforts to mitigate the effects of the Force Majeure Event and resume performance as promptly as practicable.

14.4 Termination Right. If a Force Majeure Event continues for a period of ninety (90) consecutive days or more, either party may terminate this Order Form upon thirty (30) days' written notice to the other party. In the event of such termination, Provider shall refund to Customer any prepaid fees allocable to the period following the effective date of termination.

15. PROFESSIONAL SERVICES

Acceptance Process. Customer shall review each deliverable and either accept the deliverable or provide written notice of rejection specifying in reasonable detail the deficiencies within the Acceptance Period. If Customer does not deliver written notice of rejection within the Acceptance Period, the deliverable shall be deemed accepted. If Customer rejects a deliverable, Provider shall use commercially reasonable efforts to correct the identified deficiencies and resubmit the deliverable within [____] business days. If Provider fails to deliver a conforming deliverable after [____] resubmission cycles, Customer may terminate the applicable SOW and receive a refund of fees paid for the non-conforming deliverable.

16. CUSTOMER CONTACTS

All formal notices under this Order Form shall be sent to the Legal / Notices Contact at the address or email specified above, with a copy to the Primary Contact specified in Section 2.

17. SPECIAL TERMS / EXCEPTIONS

☐ No special terms or exceptions apply to this Order Form.

☐ The following special terms, negotiated deviations, or exceptions to the Master Agreement apply solely to this Order Form and shall not establish precedent for any other order form or amendment:

1. [________________________________]

2. [________________________________]

3. [________________________________]

18. ORDER OF PRECEDENCE

This Order Form is executed pursuant to and governed by the Master Agreement referenced in Section 2. In the event of any conflict or inconsistency among the documents comprising the agreement between the parties, the following order of precedence shall apply (highest to lowest priority):

1. This Order Form (with respect to commercial terms, pricing, entitlements, and District of Columbia-specific provisions);
2. Any Data Processing Agreement, Security Addendum, or BAA executed in connection with this Order Form;
3. The Master Agreement;
4. Any Statement of Work executed under this Order Form;
5. The Service Level Agreement and Support Terms;
6. The Documentation.

Where this Order Form expressly sets forth terms that differ from the Master Agreement with respect to commercial entitlements, usage limits, pricing, or District of Columbia-specific legal requirements, the terms of this Order Form shall control with respect to those specific provisions.

19. DISTRICT OF COLUMBIA-SPECIFIC PROVISIONS

19.1 Consumer Protection Procedures Act (CPPA). The parties acknowledge that the District of Columbia Consumer Protection Procedures Act (D.C. Code § 28-3901 et seq.) is among the broadest consumer protection statutes in the United States. The CPPA provides a private right of action for any "consumer" (D.C. Code § 28-3905(k)), authorizes treble damages or $1,500 per violation (whichever is greater) for willful violations, plus reasonable attorney's fees. To the extent Customer qualifies as a "consumer" or "consumer organization" under the CPPA, nothing in this Order Form or the Master Agreement shall be construed to waive, limit, or restrict any rights or remedies available to Customer under the CPPA. Violations of the Consumer Security Breach Notification Act constitute unfair or deceptive trade practices under D.C. Code § 28-3904(kk) and are independently actionable under the CPPA.

19.2 District of Columbia Sales and Use Tax. Provider acknowledges that SaaS and digital goods are subject to District of Columbia sales and use tax under D.C. Code § 47-2001 et seq. The applicable general sales tax rate is 6.0% through September 30, 2026, and is scheduled to increase to 7.0% effective October 1, 2026, pursuant to the Sales Tax Increase Delay Amendment Act of 2025. Provider shall monitor and apply the correct tax rate as of the date of each invoice. Provider shall register for and maintain a valid D.C. sales tax permit if Provider has established nexus in the District (physical presence or economic nexus of $100,000 in gross receipts or 200 or more separate transactions in the current or prior calendar year).

19.3 Governing Law. This Order Form and the Master Agreement shall be governed by, and construed in accordance with, the laws of the District of Columbia, without regard to its conflict of laws principles. The District of Columbia is not a state; references to "state law" in the Master Agreement or any attachment shall be construed to refer to the laws of the District of Columbia where applicable.

19.4 Venue and Jurisdiction. The parties irrevocably submit to the exclusive jurisdiction and venue of the Superior Court of the District of Columbia or the United States District Court for the District of Columbia for any action, suit, or proceeding arising out of or relating to this Order Form. Each party waives any objection to the laying of venue in such courts and any claim that any such action has been brought in an inconvenient forum.

19.5 Statute of Limitations. The parties acknowledge that the statute of limitations for breach of contract actions in the District of Columbia is three (3) years from the date of accrual (D.C. Code § 12-301(7)). Nothing in this Order Form shall shorten the applicable statute of limitations below the minimum period permitted by D.C. law.

19.6 D.C. Human Rights Act. Each party shall comply with the District of Columbia Human Rights Act of 1977 (D.C. Code § 2-1401.01 et seq.) in the performance of its obligations under this Order Form. Neither party shall discriminate against any individual on the basis of race, color, religion, national origin, sex, age, marital status, personal appearance, sexual orientation, gender identity or expression, family responsibilities, genetic information, disability, matriculation, political affiliation, or any other characteristic protected under D.C. law.

19.7 Procurement Practices Reform Act. If Customer is a District of Columbia government agency or instrumentality, or if this Order Form is funded in whole or in part by District of Columbia government funds, the parties acknowledge that the D.C. Procurement Practices Reform Act (D.C. Code § 2-351.01 et seq.) may impose additional requirements. In such event, Provider shall comply with all applicable procurement regulations, including Certified Business Enterprise (CBE) participation requirements and equal employment opportunity provisions.

19.8 Data Security as Unfair Trade Practice. Provider acknowledges that the failure to implement and maintain reasonable security measures to protect the Personal Data of District of Columbia residents may constitute an unfair or deceptive trade practice under D.C. Code § 28-3904(kk), independent of whether a breach of the security of the system has occurred. Provider shall maintain security practices consistent with industry standards and the requirements of D.C. Code § 28-3852.01.

20. ELECTRONIC SIGNATURES

The parties agree that this Order Form and any related documents may be executed by electronic signature, which shall be considered as valid and binding as an original handwritten signature. Electronic signatures are legally recognized and enforceable under:

• (a) The District of Columbia Uniform Electronic Transactions Act (D.C. Code §§ 28-4901 to 28-4918), which provides that a record or signature may not be denied legal effect or enforceability solely because it is in electronic form (D.C. Code § 28-4907); and
• (b) The federal Electronic Signatures in Global and National Commerce Act (E-SIGN Act, 15 U.S.C. §§ 7001–7031).

Each party agrees that: (i) its electronic signature shall have the same legal effect, validity, and enforceability as a manually executed signature; (ii) the electronic version of this Order Form shall constitute an "original" for all purposes; (iii) neither party shall challenge the validity or enforceability of this Order Form solely on the basis that it was executed electronically; and (iv) printed copies of this electronically signed Order Form may be used as evidence in any judicial or administrative proceeding in the District of Columbia or elsewhere.

21. SIGNATURES

ENTIRE AGREEMENT. This Order Form, together with the Master Agreement and all exhibits, attachments, schedules, addenda, and documents incorporated by reference herein, constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior and contemporaneous proposals, negotiations, representations, understandings, and agreements, whether written or oral, relating to the subject matter of this Order Form. No amendment or modification of this Order Form shall be effective unless in writing and signed by authorized representatives of both parties.

IN WITNESS WHEREOF, the parties have caused this Order Form to be executed by their duly authorized representatives as of the Order Effective Date set forth above.

PROVIDER:

By: [________________________________]

Name: [________________________________]

Title: [________________________________]

Date: [__/__/____]

Email: [________________________________]

CUSTOMER:

By: [________________________________]

Name: [________________________________]

Title: [________________________________]

Date: [__/__/____]

Email: [________________________________]

This Order Form consists of [____] pages. Any amendments, modifications, or waivers must be in writing and signed by authorized representatives of both parties.

DISCLAIMER: This template is provided for informational purposes only and does not constitute legal advice. This document must be reviewed and customized by a qualified attorney admitted to practice in the District of Columbia before execution. Laws, regulations, and tax rates change frequently; verify all statutory citations and rates are current at the time of execution. The District of Columbia is a unique jurisdiction with its own body of statutory and common law distinct from any state. Do not execute this template without professional legal review.