SAAS MASTER SUBSCRIPTION AGREEMENT WITH AI GOVERNANCE CLAUSES

STATE OF SOUTH CAROLINA

Agreement No.: [________________________________]

Effective Date: [__/__/____]

PROVIDER:
Name: [________________________________]
Address: [________________________________]
City/State/ZIP: [________________________________]
Contact Email: [________________________________]
Contact Phone: [________________________________]

CUSTOMER:
Name: [________________________________]
Address: [________________________________]
City/State/ZIP: [________________________________]
Contact Email: [________________________________]
Contact Phone: [________________________________]

This Master Subscription Agreement with AI Governance Clauses (this "Agreement") is entered into as of the Effective Date by and between the Provider and the Customer identified above (each a "Party" and collectively the "Parties").

ARTICLE 1: DEFINITIONS

1.1 "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party, where "control" means ownership of more than fifty percent (50%) of voting securities.

1.2 "AI Features" means any artificial intelligence, machine learning, deep learning, natural language processing, computer vision, generative AI, or other algorithmic decision-making capabilities integrated into or accessible through the Services, as described in Schedule AI-1.

1.3 "Algorithm" means a set of computational rules, including statistical models and machine learning models, used to process data, make predictions, generate outputs, or automate decisions.

1.4 "Authorized User" means any individual employee, contractor, or agent of Customer or its Affiliates authorized to access the Services.

1.5 "Automated Decision-Making" means a decision made through automated processing without meaningful human oversight, including profiling, scoring, classification, or recommendation outputs.

1.6 "Bias" means systematic and unfair discrimination in AI outputs that disproportionately affects individuals or groups based on protected characteristics under South Carolina or federal law.

1.7 "Confidential Information" means all non-public information disclosed by one Party to the other that is designated as confidential or that a reasonable person would understand to be confidential.

1.8 "Covered Minor" means an individual under the age of eighteen (18), consistent with the South Carolina Age-Appropriate Design Code Act.

1.9 "Customer Data" means all data, content, materials, and information submitted, uploaded, or transmitted by or on behalf of Customer or its Authorized Users, including Personal Identifying Information.

1.10 "Documentation" means user guides, technical manuals, and other materials describing the Services.

1.11 "Explainability" means the ability to describe the factors, logic, and decision criteria used by an AI Feature to produce a specific output.

1.12 "Feedback" means suggestions or other feedback about the Services.

1.13 "Generative AI" means AI Features that create new content based on patterns learned from training data.

1.14 "Hallucination" means an AI output that is factually incorrect, fabricated, or unsupported by input or training data.

1.15 "Human Override" means the ability of a natural person to review, modify, reverse, or supersede an AI Feature output.

1.16 "Model" means a trained computational artifact that processes input data to generate predictions, classifications, or other outputs.

1.17 "Order Form" means a document specifying Services, subscriptions, and fees, attached as Schedule OF-1.

1.18 "Personal Identifying Information" has the meaning ascribed under South Carolina data breach notification law (S.C. Code Ann. § 39-1-90), meaning the first name or first initial and last name in combination with and linked to any one or more of the following: (a) Social Security number; (b) driver's license number or state identification card number; (c) financial account number, credit card number, or debit card number in combination with any required security code, access code, or password that would permit access; (d) other numbers or information that may be used to access a person's financial accounts or numbers assigned to individuals for identification purposes by federal government agencies, including a passport number, alien registration number, or tax identification number.

1.19 "Services" means the SaaS application(s) and cloud services described in the Order Form, including AI Features.

1.20 "Subscription Term" means the access period specified in the Order Form.

1.21 "Training Data" means datasets used to develop, train, validate, test, or fine-tune Models or Algorithms.

ARTICLE 2: SUBSCRIPTION AND ACCESS

2.1 License Grant. Subject to terms and payment, Provider grants Customer a non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to access and use the Services per the Order Form.

2.2 Authorized Users. Customer may permit Authorized Users to access the Services. Customer responsible for their compliance.

2.3 Usage Limits. Per Order Form.

2.4 Access Credentials. Customer shall maintain credential security, implement MFA where available, and notify Provider of unauthorized access.

2.5 Restrictions. Customer shall not: (a) sublicense, sell, or redistribute; (b) modify or create derivative works; (c) reverse engineer; (d) use for competitive analysis; (e) transmit malicious code; (f) interfere with Services; or (g) violate applicable law, including South Carolina law.

2.6 Reservation of Rights. Provider reserves all rights not expressly granted.

ARTICLE 3: AI FEATURES AND GOVERNANCE

3.1 AI Feature Documentation. Provider shall maintain complete documentation of AI Features including: (a) purpose and use cases; (b) data types processed; (c) decision-making logic; (d) known limitations; (e) Bias and Hallucination risks; and (f) Human Override procedures. Documentation in Schedule AI-1, updated quarterly.

3.2 Training Data Restrictions.
(a) No use of Customer Data for generalized Model training without express written consent.
(b) If consent granted: (i) anonymize and aggregate; (ii) ensure non-extractability; (iii) document in Schedule AI-1; (iv) provide opt-out.
(c) Training Data lawfully obtained.

3.3 Explainability Requirements.
(a) For AI Features generating decisions or classifications: (i) key factors; (ii) factor importance; (iii) alternative outcomes; (iv) confidence levels.
(b) Plain language accessible to non-technical users.

3.4 Human Override.
(a) Customer may override any AI output.
(b) Provider shall enable: (i) pre-action review; (ii) parameter modification; (iii) feature disabling; (iv) non-AI fallback.
(c) Override shall not be impractical by design.

3.5 Prohibited AI Uses. Neither Party shall use AI Features for:
(a) Automated Decision-Making with legal or similarly significant effects without Human Override;
(b) Discriminatory profiling in violation of South Carolina or federal anti-discrimination law;
(c) Deceptive content generation;
(d) Mass surveillance without lawful basis;
(e) Generation or distribution of deepfake content depicting explicit sexual acts, consistent with South Carolina deepfake legislation; or
(f) Any purpose violating applicable federal, state, or local law.

3.6 South Carolina AI and Privacy Landscape.
(a) South Carolina does not currently have a comprehensive consumer data privacy law or an AI-specific regulatory framework. However, Provider acknowledges that:
(i) The South Carolina Unfair Trade Practices Act (S.C. Code Ann. §§ 39-5-10 et seq.) prohibits unfair or deceptive acts or practices in trade or commerce, and AI systems that produce deceptive, misleading, or harmful outputs may be subject to enforcement;
(ii) The South Carolina Attorney General has enforcement authority over unfair trade practices and may apply existing consumer protection standards to AI;
(iii) Pending legislation, including H.3401 (Technology Transparency Act), may impose additional requirements regarding consumer data transparency;
(iv) South Carolina has enacted deepfake legislation prohibiting certain AI-generated content.
(b) Provider shall monitor South Carolina legislative developments regarding AI and data privacy regulation and promptly notify Customer of new requirements.
(c) Provider shall ensure AI Features comply with all applicable South Carolina laws, even in the absence of AI-specific regulation.

3.7 South Carolina Age-Appropriate Design Code Act Compliance.
(a) If the Services are "reasonably likely to be accessed" by Covered Minors, Provider shall comply with the South Carolina Age-Appropriate Design Code Act (H.3431, signed February 5, 2026), including:
(i) Not processing Personal Identifying Information of Covered Minors except as necessary to provide the Services;
(ii) Not using covered design features to increase, sustain, or extend a minor's use of the online service, unless the design feature demonstrably benefits the minor;
(iii) If the Services meet the revenue or data-processing thresholds (annual gross revenues exceeding $25 million, processing personal data of 50,000+ consumers, or deriving 50%+ revenue from data sales), issuing annual public reports prepared by independent third-party auditors containing descriptions of algorithms, data collection practices, and design features as they pertain to minors;
(iv) Submitting required reports to the South Carolina Attorney General;
(v) Not using Profiling by default for known Covered Minors unless the Profiling is necessary to provide the service and appropriate safeguards are in place.
(b) Provider shall implement age-verification or age-estimation mechanisms where required.
(c) //GUIDANCE: The Age-Appropriate Design Code Act applies to "covered online services" and includes specific algorithmic transparency requirements. If the Services may be accessed by minors, review full Act requirements with counsel.

3.8 Bias Monitoring and Mitigation.
(a) Ongoing monitoring: (i) statistical testing; (ii) output disparity analysis; (iii) training data review; (iv) corrective action documentation.
(b) Notification and correction within [____] business days.
(c) Periodic reports no less than [quarterly/semi-annually].

3.9 Model Documentation and Versioning.
(a) Version-controlled records of Models.
(b) [____] days' advance notice of material changes.
(c) Rollback within [____] days.

ARTICLE 4: AI RISK CLASSIFICATION AND ASSESSMENT

4.1 Risk Tiers.

☐ Tier 1 - Minimal Risk: Routine processing, formatting, search, or administrative tasks.

☐ Tier 2 - Limited Risk: Recommendations and analytics informing human decisions.

☐ Tier 3 - Elevated Risk: Significant influence on decisions affecting access to services, employment, credit, housing, insurance; processing of data concerning Covered Minors; or processing of sensitive personal information.

☐ Tier 4 - High Risk: Autonomous decisions with legal or similarly significant effects, automated eligibility, risk scoring, biometric identification, or processing concerning minors that involves Profiling or behavioral manipulation.

4.2 Impact Assessments.
(a) For Tier 3 and Tier 4: description, purpose, data types, benefits/risks, Bias analysis, mitigation, Human Override, monitoring plans.
(b) Available to Customer; updated annually or upon material change.

4.3 South Carolina-Specific Risk Considerations.
(a) Insurance Sector: If Customer is an insurance licensee, the South Carolina Insurance Data Security Act (S.C. Code Ann. §§ 38-99-10 et seq.) applies. Provider shall support Customer's compliance with:
(i) Implementation of an information security program based on a risk assessment;
(ii) Oversight of third-party service providers (including Provider);
(iii) Annual certification to the Director of Insurance;
(iv) Notification to the Director of Insurance within seventy-two (72) hours of determining a cybersecurity event has occurred;
(v) Investigation and documentation of cybersecurity events.
(b) Minors' Data: If AI Features may process data of Covered Minors, Provider shall implement enhanced safeguards per Section 3.7 and conduct an impact assessment specific to the effects on minors.
(c) Provider shall implement reasonable security measures consistent with the standards applicable to the industry in which Customer operates.

ARTICLE 5: IMPLEMENTATION AND SUPPORT

5.1 Implementation Services. Per Schedule PS-1, including AI Feature configuration and compliance controls.

5.2 Training. On AI Features, applicable South Carolina regulatory requirements, and age-appropriate design compliance if applicable.

5.3 Technical Support. Per Schedule SUP-1: support channels, response times, escalation, AI support.

5.4 Updates and Enhancements. Included during Subscription Term. Advance notice of material changes; no removal of material functionality without consent.

5.5 Change Management. Advance notification, documentation, testing, and rollback for AI Feature updates.

ARTICLE 6: FEES AND PAYMENT

6.1 Fees. Per the Order Form. Non-refundable except as stated.

6.2 Invoicing. Per Order Form frequency. Due within [____] days. Disputes within [____] days.

6.3 Late Payment. Interest at the lesser of [____]% per month or the maximum permitted under South Carolina law. //GUIDANCE: South Carolina's legal rate of interest is 8.75% per annum (S.C. Code Ann. § 34-31-20(A)). However, parties may contract for a higher rate. The maximum contractual rate is generally governed by the agreement terms; unconscionable rates may be challenged. For amounts under $50,000, the maximum interest rate is generally the lesser of 18% per annum or the Federal Reserve discount rate plus 6% (S.C. Code Ann. § 34-31-20(B)). Confirm with counsel.

6.4 Taxes.
(a) Fees exclude taxes. Customer pays applicable taxes other than Provider's income taxes.
(b) South Carolina SaaS Tax Treatment: SaaS is subject to South Carolina sales and use tax at 6% (state rate; local option taxes may apply). South Carolina classifies access to vendor-hosted software (ASP/SaaS) as a taxable "communications service." Subscription-based software is taxed similarly to other prewritten software services, regardless of whether the software is downloaded.
(c) Exceptions: Custom software developed to a specific customer's specifications is generally not taxable. Downloaded or electronically delivered standalone software without a subscription model may also not be taxable.
(d) Provider shall itemize South Carolina sales tax on applicable invoices.
(e) South Carolina's economic nexus threshold is $100,000 in gross revenue from South Carolina sales in the prior or current calendar year.
(f) //GUIDANCE: Local option sales taxes vary by county and can add 1-3% to the state rate. Verify the applicable combined rate for Customer's delivery location.

6.5 Fee Increases. [____] days' notice; not to exceed [____]% per renewal.

6.6 Suspension. After [____] days' notice and [____] days' cure for non-payment.

ARTICLE 7: PROPRIETARY RIGHTS AND INTELLECTUAL PROPERTY

7.1 Provider Ownership. Provider retains all rights in Services, Documentation, Models, Algorithms, and related IP.

7.2 Customer Data Ownership. Customer retains all rights in Customer Data.

7.3 License to Customer Data. Limited license to process solely for providing Services and performing obligations.

7.4 Aggregated Data. Provider may use anonymized Aggregated Data with Customer's prior consent.

7.5 Feedback. License to use without disclosing Confidential Information.

7.6 AI-Generated Outputs. Customer owns outputs from Customer Data, subject to Provider's underlying IP.

ARTICLE 8: CUSTOMER DATA AND DATA PROCESSING

8.1 Data Processing Addendum. Execute Schedule DPA-1.

8.2 South Carolina Privacy Landscape.
(a) South Carolina does not currently have a comprehensive consumer data privacy statute. However, Provider shall comply with all applicable South Carolina data-related laws, including:
(i) The South Carolina Data Breach Notification Act (S.C. Code Ann. §§ 39-1-90 et seq.);
(ii) The South Carolina Insurance Data Security Act (if Customer is an insurance licensee);
(iii) The South Carolina Age-Appropriate Design Code Act (if Services may be accessed by minors);
(iv) The South Carolina Unfair Trade Practices Act (S.C. Code Ann. §§ 39-5-10 et seq.); and
(v) All applicable federal laws, including COPPA, FCRA, HIPAA, and GLBA as applicable.
(b) Provider shall apply data stewardship principles consistent with nationally recognized privacy frameworks (such as the NIST Privacy Framework) even in the absence of a comprehensive state privacy law.
(c) Provider shall monitor South Carolina legislative developments, including H.3401 (Technology Transparency Act), and promptly notify Customer of new privacy or AI requirements.

8.3 Data Localization. Customer Data in specified locations only. No transfers without consent.

8.4 Data Portability. Structured, machine-readable formats for export.

8.5 Data Retention and Deletion. Upon termination: (a) export for [____] days; (b) secure deletion within [____] days; (c) certification upon request.

8.6 Subprocessors. No engagement without consent. [____] days' notice; [____] days for objection.

ARTICLE 9: DATA PROTECTION AND SECURITY

9.1 Security Program. Aligned with:

☐ SOC 2 Type II
☐ ISO/IEC 27001
☐ NIST Cybersecurity Framework
☐ NAIC Insurance Data Security Model Law (if applicable to Customer's industry)
☐ Other: [________________________________]

9.2 Security Measures.
(a) Encryption in transit (TLS 1.2+) and at rest (AES-256);
(b) Role-based access, least privilege, MFA;
(c) Vulnerability assessments and penetration testing;
(d) Intrusion detection/prevention;
(e) Logging and monitoring;
(f) Employee training and background checks;
(g) Incident response;
(h) Business continuity and disaster recovery.

9.3 Security Audits. Annual SOC 2 reports, questionnaires, and Customer assessments.

9.4 South Carolina Data Breach Notification.
(a) Provider shall comply with S.C. Code Ann. §§ 39-1-90 et seq., including:
(i) Notifying Customer of any breach of the security of the system involving Personal Identifying Information in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement or with measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system;
(ii) South Carolina law does NOT specify a fixed number of days for notification — the standard is "most expedient time possible and without unreasonable delay";
(iii) Notification may be delayed if law enforcement determines it would impede a criminal investigation;
(iv) Written notice to affected South Carolina residents shall include a description of the incident, the type of information compromised, and contact information for credit reporting agencies;
(v) If notification is required to more than one thousand (1,000) individuals at one time, Provider shall notify without unreasonable delay: (A) the Consumer Protection Division of the South Carolina Department of Consumer Affairs; and (B) all consumer reporting agencies that compile and maintain files on a nationwide basis, of the timing, distribution, and content of the notice;
(vi) Provider shall maintain documentation of all security breaches.
(b) SC Insurance Data Security Act — Enhanced Requirements: If Customer is an insurance licensee under S.C. Code Ann. §§ 38-99-10 et seq., Provider shall also:
(i) Notify Customer within [____] hours (and in no event later than seventy-two (72) hours as required by the Act) of determining a cybersecurity event has occurred;
(ii) Provide sufficient information for Customer to make its notification to the Director of Insurance within seventy-two (72) hours;
(iii) Support Customer's investigation requirements under the Act;
(iv) Cooperate with the Director of Insurance's examination authority.
(c) Provider shall bear costs of notification and remediation attributable to its breach.
(d) Records maintained for at least five (5) years.

9.5 AI-Specific Security.
(a) Adversarial attack and prompt injection protection;
(b) Secure Training Data and Model storage;
(c) Data poisoning monitoring;
(d) Model integrity verification;
(e) Customer data isolation in AI pipelines;
(f) Enhanced protections for data of Covered Minors in AI processing.

ARTICLE 10: CONFIDENTIALITY

10.1 Obligations. Strict confidence, need-to-know, Agreement purposes only.

10.2 Exclusions. Public, prior knowledge, independent development, third-party receipt.

10.3 Compelled Disclosure. Prompt notice, protective orders, minimum disclosure.

10.4 Trade Secrets Protection. The South Carolina Trade Secrets Act (S.C. Code Ann. §§ 39-8-10 et seq.) governs trade secret claims. The Act defines a trade secret as information that derives independent economic value from not being generally known or readily ascertainable and is subject to reasonable efforts to maintain its secrecy. The statute of limitations is three (3) years from discovery. Remedies include injunctive relief, actual damages, unjust enrichment, and reasonable royalties. Willful and malicious misappropriation may result in exemplary damages not exceeding twice actual damages and reasonable attorney's fees. A court may order preservation of secrecy during proceedings (S.C. Code Ann. § 39-8-50).

10.5 Return and Destruction. Return or destroy upon termination or request. Automated backup and legal exceptions. Certification upon request.

10.6 Duration. [____] years after termination; trade secrets for as long as they qualify.

ARTICLE 11: WARRANTIES AND DISCLAIMERS

11.1 Mutual Warranties. Duly organized, authority, no conflicts, compliance.

11.2 Provider Performance Warranty. Materially per Documentation, professional standard, no material functionality reduction.

11.3 AI Feature Warranties. Per Schedule AI-1; QA practices; Bias detection; lawful Training Data; Explainability; minors' data safeguards where applicable.

11.4 Security Warranty. Maintained measures; no malicious code.

11.5 Non-Infringement Warranty. No third-party IP infringement.

11.6 Age-Appropriate Design Warranty. If the Services may be accessed by Covered Minors, Provider warrants compliance with the South Carolina Age-Appropriate Design Code Act, including: not using design features to manipulate or extend minor use in harmful ways; providing age-appropriate privacy defaults; and submitting required audit reports.

11.7 Disclaimer. EXCEPT FOR EXPRESS WARRANTIES, SERVICES ARE "AS IS" AND "AS AVAILABLE." TO THE MAXIMUM EXTENT PERMITTED BY SOUTH CAROLINA LAW, PROVIDER DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS, TITLE, AND NON-INFRINGEMENT. AI FEATURES ARE NOT WARRANTED TO PRODUCE ACCURATE, COMPLETE, OR UNBIASED RESULTS IN ALL CIRCUMSTANCES.

11.8 Warranty Remedy. Customer may elect: (a) re-performance; (b) pro-rata credit; or (c) termination with refund.

ARTICLE 12: SERVICE LEVELS AND CREDITS

12.1 SLA Commitments. Per Schedule SLA-1.

12.2 Uptime. [____]% monthly, excluding maintenance and force majeure.

12.3 Service Credits.

12.4 Credit Request. Within [____] days. Applied to future invoices.

12.5 Chronic Failure. [____]+ months in [____]-month period: terminate with refund.

12.6 AI Feature Performance. Per Schedule AI-1.

ARTICLE 13: INDEMNIFICATION

13.1 Indemnification by Provider. Against third-party claims from:
(a) Breach of this Agreement;
(b) IP infringement;
(c) Breach of data protection, security, or confidentiality;
(d) Violation of the SC Unfair Trade Practices Act, SC Data Breach Notification Act, SC Insurance Data Security Act, SC Age-Appropriate Design Code Act, or other applicable law;
(e) Gross negligence or willful misconduct;
(f) Bias, Hallucination, or AI defects attributable to Provider; or
(g) Harm to Covered Minors resulting from Provider's failure to comply with age-appropriate design requirements.

13.2 Indemnification by Customer. Against third-party claims from:
(a) Customer Data;
(b) Use in violation of Agreement or law;
(c) Acceptable Use breaches; or
(d) Failure to implement Human Override.

13.3 Procedures. Prompt notice, defense control, cooperation.

13.4 IP Remedies. Procure use, modify, replace, or terminate and refund.

ARTICLE 14: LIMITATION OF LIABILITY

14.1 Consequential Damages Exclusion. TO THE MAXIMUM EXTENT PERMITTED BY SOUTH CAROLINA LAW, NO LIABILITY FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES.

14.2 Liability Cap. AGGREGATE LIABILITY NOT TO EXCEED [____] TIMES FEES PAID IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

14.3 Excluded Claims.
(a) Indemnification;
(b) Data protection or security breach;
(c) Confidentiality breach;
(d) Gross negligence or willful misconduct;
(e) IP infringement;
(f) Claims under the SC Unfair Trade Practices Act (which provides for treble damages under S.C. Code Ann. § 39-5-140);
(g) Claims under the SC Insurance Data Security Act;
(h) Claims related to Covered Minors under the Age-Appropriate Design Code Act; or
(i) Customer's payment obligations.

14.4 SC Unfair Trade Practices Act Remedies. The South Carolina Unfair Trade Practices Act (S.C. Code Ann. § 39-5-140) permits recovery of treble damages (up to three times actual damages) and attorney's fees for willful or knowing violations. Nothing in this Agreement limits statutory remedies where limitation is prohibited.

14.5 Essential Purpose. LIMITATIONS REFLECT INFORMED RISK ALLOCATION.

ARTICLE 15: TERM AND TERMINATION

15.1 Term. Continues until all Order Forms expire or are terminated.

15.2 Renewal. Auto-renewal unless [____] days' notice.

15.3 Termination for Cause. Material breach not cured within thirty (30) days, insolvency, cessation.

15.4 Termination for Convenience. Customer upon [____] days' notice, subject to current-term payment.

15.5 Termination for AI or Compliance Non-Compliance. Customer may terminate immediately if:
(a) Material AI governance breach not cured within fifteen (15) days;
(b) Regulatory determination of violation;
(c) Failure to comply with the SC Insurance Data Security Act (if applicable);
(d) Failure to comply with the SC Age-Appropriate Design Code Act (if applicable); or
(e) Provider fails to notify Customer of a data breach within the timeframe required by this Agreement.

15.6 Effects of Termination.
(a) Cessation of use and access.
(b) Data export for [____] days.
(c) Surviving provisions: Articles 7, 10, 11.7, 13, 14, 16, 17.
(d) Secure deletion after export.
(e) Transition cooperation.

ARTICLE 16: DISPUTE RESOLUTION

16.1 Governing Law. Laws of the State of South Carolina, without conflict of laws principles.

16.2 Venue. Exclusive jurisdiction in state and federal courts in [Richland County / Charleston County], South Carolina.

16.3 Escalation.
(a) Operational contacts: fifteen (15) business days;
(b) Executive escalation: fifteen (15) additional business days;
(c) Non-binding mediation in Columbia or Charleston, South Carolina, within thirty (30) days, costs shared.

16.4 Jury Waiver. TO THE FULLEST EXTENT PERMITTED BY SOUTH CAROLINA LAW, EACH PARTY IRREVOCABLY WAIVES ANY RIGHT TO TRIAL BY JURY. //GUIDANCE: South Carolina courts generally uphold contractual jury waivers in commercial contracts between sophisticated parties where the waiver is clear, conspicuous, and knowing. See South Carolina Rule of Civil Procedure 38. Ensure the waiver is prominently displayed and mutual.

16.5 Injunctive Relief. Either Party may seek injunctive relief without bond or proof of actual damages.

16.6 Prevailing Party. Reasonable attorneys' fees and costs.

16.7 SC Unfair Trade Practices Act. Claims under the SC Unfair Trade Practices Act must be commenced within three (3) years (S.C. Code Ann. § 39-5-150). A private right of action exists under § 39-5-140, which permits treble damages and attorney's fees. The Act applies to unfair methods of competition and unfair or deceptive acts or practices in the conduct of trade or commerce.

ARTICLE 17: GENERAL PROVISIONS

17.1 Notices. Written, deemed given upon personal delivery, confirmed email, one (1) business day by overnight courier, three (3) business days by certified mail.

17.2 Assignment. No assignment without consent, except merger/acquisition/sale of substantially all assets.

17.3 Subcontracting. Not without consent. Provider responsible.

17.4 Force Majeure. Except payment obligations. Termination if [____]+ consecutive days. //GUIDANCE: South Carolina is subject to hurricanes and coastal weather events. Consider whether natural disaster provisions should be more detailed, including specific reference to hurricane declarations by the Governor's office.

17.5 Non-Compete. Any competitive restrictions shall comply with South Carolina law, which enforces non-compete agreements under a traditional reasonableness analysis. South Carolina courts evaluate: (a) whether the agreement is necessary to protect a legitimate business interest (trade secrets, customer relationships, goodwill); (b) whether the restriction is reasonably limited in time (generally two years or less); (c) whether the restriction is reasonably limited in geography; and (d) whether the restriction imposes undue hardship. South Carolina courts may blue-pencil or reform overbroad provisions rather than voiding the entire restriction.

17.6 Electronic Signatures. Per S.C. Code Ann. Title 26, Chapter 6 (South Carolina UETA).

17.7 Consumer Protection Compliance. The Parties shall comply with the South Carolina Unfair Trade Practices Act (S.C. Code Ann. §§ 39-5-10 et seq.). The Act prohibits unfair methods of competition and unfair or deceptive acts or practices in trade or commerce.

17.8 Entire Agreement. Complete with Schedules and Exhibits. Supersedes prior agreements.

17.9 Amendments. Written, signed.

17.10 Severability. Reform invalid provisions; remainder continues.

17.11 Waiver. Written only.

17.12 Independent Contractors. No employment, partnership, or joint venture.

17.13 Third-Party Beneficiaries. None.

17.14 Counterparts. Effective in counterparts.

17.15 Order of Precedence. (a) DPA; (b) Agreement; (c) Order Forms; (d) SOWs; (e) other Schedules.

17.16 Publicity. No use of other Party's name without consent.

17.17 Export Compliance. EAR, ITAR, and sanctions.

17.18 Anti-Corruption. FCPA and applicable anti-corruption laws.

SCHEDULES AND EXHIBITS

• Schedule OF-1: Order Form Template
• Schedule SLA-1: Service Level Agreement
• Schedule SUP-1: Support Policy
• Schedule PS-1: Professional Services Statement of Work
• Schedule DPA-1: Data Processing Addendum
• Schedule AI-1: AI Feature Description, Risk Classification, and Controls
• Schedule SEC-1: Security Controls and Compliance Certificates

EXECUTION BLOCK

☐ Provider has reviewed and agrees to the terms of this Agreement
☐ Customer has reviewed and agrees to the terms of this Agreement
☐ Legal counsel review completed
☐ AI Feature Schedule (Schedule AI-1) has been reviewed and accepted
☐ Data Processing Addendum (Schedule DPA-1) has been executed
☐ SC Insurance Data Security Act compliance assessed (if applicable)
☐ SC Age-Appropriate Design Code Act compliance assessed (if applicable)

IN WITNESS WHEREOF, the Parties have executed this Agreement as of the Effective Date.

EXHIBIT A: AI FEATURE SCHEDULE TEMPLATE

AI Feature Name: [________________________________]
Version: [________________________________]
Risk Tier: ☐ Tier 1 ☐ Tier 2 ☐ Tier 3 ☐ Tier 4
Description: [________________________________]
Data Inputs: [________________________________]
Output Type: [________________________________]
Training Data Sources: [________________________________]
Human Override Available: ☐ Yes ☐ No
Explainability Level: ☐ Full ☐ Partial ☐ Limited
Bias Testing Completed: ☐ Yes ☐ No
Last Assessment Date: [__/__/____]
Accessible to Covered Minors: ☐ Yes ☐ No
Age-Appropriate Design Audit Required: ☐ Yes ☐ No
Insurance Data Security Act Applicable: ☐ Yes ☐ No
Known Limitations: [________________________________]

EXHIBIT B: ORDER FORM TEMPLATE

Order Form No.: [________________________________]
Effective Date: [__/__/____]
Subscription Term: [________________________________]
Services: [________________________________]
Number of Authorized Users: [____]
Monthly/Annual Fees: $[________________________________]
SC State Sales Tax (6%): $[________________________________]
SC Local Option Tax ([____]%): $[________________________________]
Total with Tax: $[________________________________]
Payment Terms: [________________________________]
Data Storage Location: [________________________________]
AI Features Included: ☐ Yes ☐ No
Services Accessible to Minors: ☐ Yes ☐ No
Customer is SC Insurance Licensee: ☐ Yes ☐ No

EXHIBIT C: SLA SUMMARY

EXHIBIT D: DATA PROCESSING ADDENDUM SUMMARY

Data Controller: Customer
Data Processor: Provider
Categories of Data Subjects: [________________________________]
Types of Personal Identifying Information: [________________________________]
Covered Minors' Data Processed: ☐ Yes ☐ No
Purpose of Processing: [________________________________]
Duration: Subscription Term plus export period
Subprocessors: ☐ Yes (see list) ☐ No
Breach Notification: Most expedient time possible (S.C. Code Ann. § 39-1-90)
Insurance Data Security Act Notification: 72 hours (if applicable)
Consumer Protection Division Notice: Required if 1,000+ individuals affected
Data Deletion Post-Termination: [____] days
Cross-Border Transfers: [________________________________]

EXHIBIT E: SC INSURANCE DATA SECURITY ACT COMPLIANCE CHECKLIST

(Complete only if Customer is a South Carolina insurance licensee)

☐ Information security program established based on risk assessment
☐ Board of directors or senior management oversight documented
☐ Third-party service provider oversight program implemented (including this Agreement)
☐ Cybersecurity event investigation procedures established
☐ 72-hour notification to Director of Insurance procedure confirmed
☐ Annual certification to Director of Insurance scheduled
☐ Employee training program on information security in place
☐ Incident response plan documented and tested
☐ Access controls and authentication procedures implemented
☐ Encryption of nonpublic information in transit and at rest confirmed
☐ Regular testing and monitoring of information security program scheduled

This template is provided for informational purposes only and does not constitute legal advice. This template should be reviewed and customized by a qualified attorney licensed in South Carolina before use. Laws and regulations change frequently; verify all statutory citations are current at the time of execution. South Carolina's data privacy and AI regulatory landscape is evolving — monitor pending legislation including H.3401 (Technology Transparency Act).