What is a Vendor Agreement and how does it differ from a Supply Agreement?

A Vendor Agreement and a Supply Agreement are closely related commercial contracts, both used in England and Wales to govern the ongoing provision of goods or services from one party to another. The principal differences are primarily terminological and contextual rather than strictly legal. A Supply Agreement typically refers to a contract between a supplier and a buyer for the supply of specific goods (for example, raw materials, components, or finished products), and tends to focus on product specifications, quantities, pricing, delivery terms, and quality standards. A Vendor Agreement, on the other hand, tends to be used in the context of a company's procurement or purchasing function, where the company is setting up an approved or preferred vendor relationship with a supplier of goods or services (which may include both physical goods and services such as IT support, professional services, or facilities management). A Vendor Agreement often includes additional provisions relevant to the company's supplier management framework, such as compliance with a supplier code of conduct, anti-bribery and anti-corruption obligations under the Bribery Act 2010, modern slavery due diligence under the Modern Slavery Act 2015, data protection requirements under the UK GDPR and the Data Protection Act 2018, and service level agreements. Both agreements are governed by the Sale of Goods Act 1979 (for goods) or the Supply of Goods and Services Act 1982 (for services or mixed goods and services contracts) and are subject to general English contract law.

What obligations does the Bribery Act 2010 impose on vendors supplying companies in England and Wales?

The Bribery Act 2010 is one of the most stringent anti-bribery statutes in the world and has significant implications for both companies and their vendors in England and Wales. The Act creates four principal offences: (1) offering, promising, or giving a bribe (section 1); (2) requesting, agreeing to receive, or accepting a bribe (section 2); (3) bribing a foreign public official (section 6); and (4) the corporate offence of failing to prevent bribery by an associated person (section 7). The section 7 corporate offence is particularly significant in the context of vendor relationships. Under section 7, a commercial organisation (including a company incorporated in the UK or carrying on business in the UK) is guilty of an offence if a person associated with it (which expressly includes agents, subsidiaries, distributors, and suppliers who perform services on its behalf) bribes another person to obtain or retain business for the company. A section 7 offence can result in an unlimited fine. The only defence is that the organisation had in place ‘adequate procedures’ to prevent bribery by associated persons. The Ministry of Justice has published guidance on what constitutes adequate procedures, which includes conducting due diligence on third parties, including anti-bribery provisions in contracts with third parties, and providing anti-bribery training. A Vendor Agreement should therefore include express provisions requiring the vendor to comply with all applicable anti-bribery laws, including the Bribery Act 2010, prohibiting the vendor from offering bribes or facilitation payments in connection with the contract, and entitling the company to terminate the agreement immediately if the vendor breaches these obligations.

What are a company's obligations under the Modern Slavery Act 2015 in relation to its vendors?

The Modern Slavery Act 2015 (MSA 2015) is a landmark piece of UK legislation that consolidates and enhances the law relating to slavery, servitude, forced and compulsory labour, and human trafficking. The MSA 2015 has two principal implications for companies and their vendor relationships. First, section 54 of the MSA 2015 imposes a mandatory supply chain transparency obligation on commercial organisations that supply goods or services in the UK and have an annual turnover of £36 million or more. These organisations must produce an annual slavery and human trafficking statement, approved by their board of directors, setting out the steps they have taken to ensure that slavery and human trafficking are not taking place in their supply chains. The statement must be published on the company's website. Second, even for companies below the section 54 turnover threshold, the MSA 2015 creates reputational, regulatory, and contractual risks in relation to supply chain management. Many large buyers now include contractual requirements in their vendor agreements requiring vendors to: (a) confirm that they are compliant with applicable anti-slavery laws; (b) conduct due diligence on their own supply chains; (c) permit the buyer to audit the vendor's compliance; and (d) report any identified instances or reasonable suspicions of modern slavery. A well-drafted Vendor Agreement for a UK company should include modern slavery compliance provisions, particularly where the vendor's supply chain extends to jurisdictions with a higher risk of labour exploitation.

What service levels are typically included in a Vendor Agreement?

Service level provisions in a Vendor Agreement set out the minimum performance standards that the vendor must meet in the supply of goods or services. The specific service levels will vary significantly depending on the nature of the goods or services being supplied, but common examples include the following. For goods supply: delivery lead times (for example, delivery within 5 business days of a purchase order); defect rates (for example, the vendor's defect rate must not exceed 1% of goods delivered per quarter); fill rates (for example, the vendor must be able to fulfil 95% of ordered lines from stock); and packaging and labelling standards. For services supply: response times for queries, complaints, or support requests (for example, a response within 4 hours for Priority 1 issues); resolution times for problems or faults; availability or uptime targets (for example, a service must be available 99.5% of the time); and reporting obligations. Where service level provisions are included, the Vendor Agreement should also specify the consequences of failure to meet service levels. Common remedies include the right to terminate the agreement for persistent failure, service credits (financial penalties deducted from the vendor's invoices), or the right to source equivalent goods or services from an alternative provider at the vendor's cost. Service credits should be carefully structured to be proportionate and to comply with the rules on penalty clauses under English law, as clauses that are extravagant or unconscionable in their effect may be unenforceable.

What data protection obligations apply in a UK Vendor Agreement?

Data protection is an increasingly important aspect of vendor relationship management in the United Kingdom. Following the UK's departure from the European Union, the UK has retained the EU General Data Protection Regulation in domestic law as the UK General Data Protection Regulation (UK GDPR), supplemented by the Data Protection Act 2018 (DPA 2018). Where a vendor processes personal data on behalf of a company (for example, a payroll processor, an HR software provider, an IT managed services provider, or a cloud storage provider), the vendor is a ‘data processor’ under the UK GDPR and the company is the ‘data controller’. Article 28 of the UK GDPR requires that processing by a processor be governed by a binding contract that sets out a number of mandatory provisions, including that the processor: (a) only processes personal data on the documented instructions of the controller; (b) ensures that persons authorised to process the data are subject to confidentiality obligations; (c) implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk; (d) assists the controller in responding to requests from data subjects; (e) assists the controller in ensuring compliance with its security, breach notification, data protection impact assessment, and prior consultation obligations; (f) deletes or returns personal data at the end of the services; and (g) provides all information necessary to demonstrate compliance and allows for audits. A Vendor Agreement that involves the processing of personal data by the vendor must therefore include a data processing agreement (DPA) meeting the Article 28 requirements. A standalone DPA may be incorporated by reference into the Vendor Agreement.

Vendor Agreement (UK) — United Kingdom

Establish a formal vendor relationship for the ongoing supply of goods or services in England and Wales with this Vendor Agreement. Drafted in accordance with the Supply of Goods and Services Act 1982, the Late Payment of Commercial Debts (Interest) Act 1998, the Bribery Act 2010, the Modern Slavery Act 2015, and the UK GDPR. Covers vendor obligations, service levels, preferred vendor status, payment terms, confidentiality, data protection, and termination.

What Is a Vendor Agreement (UK)?

A Vendor Agreement is a legally binding commercial contract used in England and Wales to govern an ongoing relationship between a company (acting as a purchaser or buyer) and a vendor (acting as a supplier of goods, services, or both). The Vendor Agreement provides the overarching contractual framework within which individual purchase orders are placed and fulfilled, setting out the terms applicable to all such transactions during the life of the agreement.

Vendor agreements are a standard feature of modern procurement practice in the United Kingdom across all industry sectors, including manufacturing, retail, financial services, healthcare, technology, hospitality, and the public sector. They are used wherever a company establishes a recurring commercial relationship with a supplier from whom it regularly procures goods or services, as opposed to a one-off transaction governed by a standalone purchase order or sales contract.

Common examples of vendor relationships formalised by a Vendor Agreement include: a retailer appointing an approved supplier of own-brand products or packaging materials; a technology company appointing a hardware reseller as a preferred vendor for IT equipment; a professional services firm appointing an approved print and stationery supplier; a manufacturer appointing an approved logistics company for the distribution of finished goods; and a company appointing an approved provider of facilities management services.

In England and Wales, Vendor Agreements are governed primarily by general English contract law principles and the specific statutes applicable to the type of goods or services supplied. For goods, the Sale of Goods Act 1979 implies terms as to title, description, quality, and fitness for purpose. For services, the Supply of Goods and Services Act 1982 implies terms that the service must be carried out with reasonable care and skill. Statutory compliance provisions in Vendor Agreements commonly reference the Bribery Act 2010, the Modern Slavery Act 2015, the UK GDPR and the Data Protection Act 2018, and the Late Payment of Commercial Debts (Interest) Act 1998.

When Do You Need a Vendor Agreement (UK)?

A Vendor Agreement should be put in place whenever a company intends to establish an ongoing supply relationship with a vendor from whom it will regularly procure goods or services. It is particularly important in the following situations.

First, where the company is establishing an approved or preferred vendor list. Many organisations formalise their procurement processes by maintaining a list of approved vendors with whom standing commercial arrangements have been agreed, streamlining the purchasing process and providing greater commercial and legal certainty for both parties.

Second, where the supply of goods or services involves access to the company's premises, systems, data, or confidential information. In these cases, a Vendor Agreement provides the legal framework for managing access, confidentiality, and data protection obligations, and ensures compliance with the UK GDPR and the Data Protection Act 2018.

Third, where the company wishes to impose vendor compliance requirements, such as obligations to comply with the Bribery Act 2010, the Modern Slavery Act 2015, a supplier code of conduct, or environmental and sustainability standards. These obligations are most effectively imposed through a written Vendor Agreement that the vendor signs and agrees to before any supply commences.

Fourth, where the company is concerned about the quality or consistency of supply and wishes to establish service levels, performance standards, defect rate requirements, or other measurable obligations that the vendor must meet. Service level provisions are most easily incorporated into a framework Vendor Agreement rather than negotiated on a transaction-by-transaction basis.

Fifth, where the volume or regularity of supply means that conducting individual contract negotiations for each purchase order would be commercially inefficient. The Vendor Agreement provides a standing contractual framework that the parties operate within on a day-to-day basis.

What to Include in Your Vendor Agreement (UK)

A well-drafted Vendor Agreement for use in England and Wales should address all of the following key elements to protect both the company and the vendor.

Scope of supply. The agreement should clearly describe the goods or services that the vendor will supply under the agreement, including any relevant specifications, quality standards, or statements of work. The scope should be broad enough to cover all of the vendor's expected supply activities, but specific enough to avoid uncertainty.

Pricing and payment terms. The agreement should specify the pricing basis (for example, a fixed price, a rate card, or a reference to the vendor's published price list), the invoice frequency, the payment period, and the consequences of late payment. Reference to the Late Payment of Commercial Debts (Interest) Act 1998 is important to inform the vendor of the company's right to statutory interest on overdue payments.

Term and renewal. The agreement should specify the initial term and whether it renews automatically or requires active renewal. Many Vendor Agreements renew automatically on an annual basis unless either party gives notice to terminate.

Preferred vendor status. If the company wishes to commit to sourcing a minimum proportion of its requirements from the vendor, or to granting the vendor any form of preferred status, this should be clearly documented to avoid misunderstandings.

Service levels. Where applicable, the agreement should specify measurable performance standards that the vendor must meet, and the consequences of persistent failure to meet those standards.

Vendor obligations. The agreement should include comprehensive vendor compliance obligations covering quality, legal compliance, anti-bribery (Bribery Act 2010), modern slavery (Modern Slavery Act 2015), insurance, and data protection (UK GDPR and Data Protection Act 2018).

Confidentiality. The agreement should include mutual confidentiality obligations covering all confidential information exchanged in the course of the vendor relationship.

Data protection. Where the vendor processes personal data on behalf of the company, the agreement must include data processing provisions compliant with Article 28 of the UK GDPR.

Termination. The agreement should specify clear termination rights, including notice periods, grounds for immediate termination (such as insolvency, material breach, or bribery), and the consequences of termination including transition arrangements.

Governing law. The agreement should confirm that it is governed by the laws of England and Wales.

What Is a Vendor Agreement (UK)?

When Do You Need a Vendor Agreement (UK)?

What to Include in Your Vendor Agreement (UK)

Frequently Asked Questions

Related Documents

Supply Agreement (UK)

Service Agreement (UK)

Distribution Agreement (UK)

Non-Disclosure Agreement (NDA) (UK)

Data Processing Agreement — UK GDPR (England & Wales)