Product 7 min read

Clause Risk Scoring: How It Works

Color-coded risk annotation marks on a legal document

When we describe Repovyn as clause risk scoring, the natural question is: risk according to whom? "Risk" in contract review is not a universal property of a clause — it is a property of the relationship between a clause and a specific legal team's approved positions. An indemnity cap at twelve months of fees might be HIGH risk for one company's playbook and OK for another's, depending on deal size, counterparty profile, and what has been negotiated as acceptable in prior agreements.

This is the foundational design decision in how Repovyn works: the scoring is always against your playbook, not against a generic risk model. There is no built-in assumption about what "good" indemnity language looks like that applies to all customers. The playbook your team defines is the ground truth. Our job is to apply that ground truth consistently and rapidly to incoming contract language.

The Three-State Score

Each clause Repovyn evaluates receives one of three scores: HIGH, REVIEW, or OK.

HIGH means the clause deviates from your playbook in a way that your team has designated as requiring attorney attention and likely redlining. HIGH flags are not automatic rejections — they are signals that a human decision needs to be made about this specific clause. The decision might be to redline it, to escalate it for business sign-off, or to accept it with documented reasoning. What HIGH means is that the clause cannot proceed without that decision having been made.

REVIEW means the clause has something worth looking at — a deviation that falls within your designated acceptable range or that depends on context to evaluate — but does not necessarily require redlining. REVIEW flags are a cue to the reviewer to check the clause, not an instruction to modify it.

OK means the clause matches your playbook position or falls within your defined acceptable deviation range. The reviewer has confirmation that this clause does not require attention, and can move on without the cognitive overhead of confirming compliance from scratch.

The OK score is as important as the HIGH score. In a 40-page vendor MSA, confirming that 80 percent of clauses are OK — that governing law matches the preferred jurisdiction, that the warranty disclaimer is present and complete, that the limitation of liability cap structure meets the playbook threshold — is what frees reviewer time for the 20 percent that require actual attention. Without systematic review, the reviewer has to do that confirmation work mentally on every clause, every time.

How the Matching Logic Works

For each clause type in your playbook, you define what OK, REVIEW, and HIGH look like. The definition takes the form of playbook rules — conditions on clause attributes that determine which score applies.

Consider a limitation of liability cap as an example. A playbook might specify:

  • OK: mutual cap at fees paid in the preceding 12 months, with carve-outs for gross negligence, willful misconduct, and IP indemnification
  • REVIEW: cap at fees paid in preceding 12 months but carve-outs not explicitly mutual, or cap at fees paid but reference period is not trailing 12 months from claim date
  • HIGH: unilateral cap (vendor's liability capped, customer's not), or cap amount below 12 months of fees paid, or no carve-out for IP indemnification

When Repovyn processes a contract, it extracts the limitation of liability clause and identifies the relevant attributes: cap amount basis, mutuality, carve-out list, and reference period calculation. Those extracted attributes are then matched against the playbook conditions to produce a score. The score is accompanied by a plain-language explanation of why the clause received that score — which specific attribute triggered the HIGH or REVIEW flag — so the reviewer knows exactly what to address.

The matching is not statistical or probabilistic. It is deterministic: given these clause attributes and these playbook rules, this score follows. This is a deliberate design choice. Probabilistic approaches to risk scoring can produce scores that are difficult to trace — "this clause has an 82% risk score" is not actionable for a reviewer trying to decide what to redline. A deterministic match against specific playbook conditions tells the reviewer what to look at and why.

What the Playbook Rules Cover

The scope of playbook rules in Repovyn follows the clause types that appear with meaningful frequency in commercial agreements. The starting set for most teams covers:

  • Indemnification — cap amount basis, mutuality, carve-out completeness, asymmetric structure between obligation types
  • Limitation of liability — cap amount, mutuality, carve-out list, LOL-indemnification interaction
  • IP assignment — ownership of work product, background IP license scope, derivative works definition, right-to-assign warranty
  • Confidentiality — definition scope, permitted disclosures, residuals clauses, tail period, breach notification obligations
  • Auto-renewal — non-renewal notice window length, renewal term duration, fee escalation at renewal
  • Governing law and forum selection — preferred state, acceptable alternatives, jury trial waiver
  • SOW acceptance criteria — presence of objective criteria, deemed-acceptance mechanism, acceptance period length

Teams add or modify clauses based on their agreement types and business context. A company with significant data processing obligations will have detailed playbook rules for data processing addendum terms. A company where professional services engagements are common will have rules for SOW payment milestones and change order procedures. The clause set expands to cover what the team actually reviews.

The Playbook Is Never Done

This is the part that matters operationally. A playbook that was built six months ago and has not been updated reflects the approved positions of six months ago — which may have changed as business circumstances, deal sizes, and negotiation experience have evolved. If your team has been consistently accepting a deviation that your current playbook would flag as HIGH, the playbook needs updating, not the team.

We're not saying that playbook maintenance is easy. It requires the same structured position resolution process as initial playbook building — identifying what has changed, confirming the new approved position, updating the rules. What we have designed into Repovyn is that when a reviewer accepts a deviation from a flagged clause — documenting the decision in the review record — that creates a data point for playbook review. Over time, a pattern of accepted deviations against a specific rule is evidence that the rule may need recalibration.

The playbook maintenance loop is how systematic clause review gets better over time rather than becoming stale. The scoring today is only as good as the playbook today. But a playbook that is informed by actual review decisions — which deviations are accepted, which are redlined, which generate escalations — is a playbook that reflects what the team actually does, not what it said it would do when the document was written.

What Clause Risk Scoring Does Not Do

There are things clause risk scoring is not designed to do, and being direct about that is important.

Clause risk scoring does not tell you whether to accept a deviation. That is a legal and business judgment that belongs with your attorneys. HIGH is not a directive — it is a flag. The decision about whether a deviation is acceptable given the specific counterparty, deal size, and business context is yours to make.

Clause risk scoring does not replace the attorney who reads the contract. The extraction and scoring process identifies clause attributes against playbook rules. It does not evaluate the contract as a whole, assess the quality of the counterparty's paper as a negotiated document, or replace the contextual judgment that experienced attorneys apply to complex or non-standard agreements. For routine commercial agreements where the majority of clauses are OK and a few are flagged for specific deviations, systematic review is efficient. For complex or novel agreement structures, it is a complement to attorney review, not a substitute for it.

Clause risk scoring also does not create playbook positions. We provide a starting-point clause set and rule templates for common commercial clause types, but the approved positions — what OK, REVIEW, and HIGH mean for your team — come from your attorneys. The scoring is only as good as the positions behind it, and the positions are your intellectual property, not ours.

This design reflects what we think clause review tooling should and should not do. The goal is to make the application of your team's existing judgment faster and more consistent — not to substitute a generic risk model for your team's considered positions. Your playbook is what makes your review yours.