The Autonomous Procure-to-Pay  /  PG 03  /  PG 04 — Contract Negotiation & Award
Contract Core Architecture ← PG 03 PG 05 →
PG 04 · The Autonomous Procure-to-Pay · Contract Negotiation & Award[cite: 5]

From 156 pages of supplier draft
to two executed contracts.
Every clause scored. Every redline explained.[cite: 5]

The Contract Agent receives the rfx.awarded event from PG 03, loads both supplier draft contracts from Ariba Contract Workspace, extracts and classifies every clause using a rule-based NLP pipeline, scores each clause for risk with an XGBoost model whose SHAP output is written to Firestore before any redline is generated, and routes all high-risk clauses to Legal for review[cite: 5]. No clause is autonomously accepted above the risk threshold[cite: 5]. No contract is autonomously executed — ever[cite: 5].

Clause Extraction Risk Scoring Redline Agent CSRD Clause Enforcement Dual-Pipeline Rule-Based NLP HITL Legal Review HITL Sign-off SAP Ariba Contract Workspace EU AI Act — High Risk GDPR Art. 22
Governed by ADR-004 · ADR-006 · ADR-007 · ADR-008[cite: 5]
Agent Architecture · State Machine[cite: 5]

Ten states. Two human checkpoints.
HITL nodes wider by design.[cite: 5]

HITL_LEGAL and HITL_SIGN are rendered taller and wider than agent states — a visual statement that they carry proportionally more weight in the architecture[cite: 5]. The machine cannot advance past either without a named human decision written to Firestore[cite: 5]. Step through the simulation below to watch the active state update in real time[cite: 5].

S0
IDLE
S1
INTAKE
S2
CLAUSE_EXTRACT
S3
RISK_SCORE
S4
REDLINE_DRAFT
⏸ HITL-1
HITL_LEGAL
S6
NEGOTIATE
S7
FINAL_REVIEW
⏸ HITL-2
HITL_SIGN
S9
EXECUTED
Current active state
HITL checkpoint (taller — first-class state)[cite: 5]
Completed processing state
Agent Architecture · Dual-Pipeline Design[cite: 5]

Two contracts. One agent.
Shared HITL checkpoints.[cite: 5]

The Contract Agent processes both supplier contracts in parallel[cite: 5]. Track A (Medpack SE, 62 pages, standard GTC) and Track B (Sterimäk AG, 94 pages, heavily modified terms) converge at both HITL nodes — Legal reviews clauses from both contracts in a single session, CPO signs both in a single decision[cite: 5]. Processing them separately would double HITL overhead and create negotiation timing asymmetry[cite: 5]. See ADR-007[cite: 5].

Trigger
rfx.awarded — from PG 03 Sourcing / RFx[cite: 5]
Medpack SE 62% · €2.1M · Sterimäk AG 38% · €1.3M · 3-year term · CSRD Annex I mandatory · sterile packaging film ISO 11607[cite: 5]
Parallel tracks
TRACK A[cite: 5]
Medpack SE — Munich, DE[cite: 5]
62 pages · Standard GTC · 8 deviating clauses · liability cap below ClaraVis floor · payment terms non-standard[cite: 5]
TRACK B[cite: 5]
Sterimäk AG — Vienna, AT[cite: 5]
94 pages · Heavily modified terms · 23 deviating clauses · CSRD clause absent · IP assignment overbroad · force majeure scope expanded[cite: 5]
Shared pipeline
CLAUSE_EXTRACT[cite: 5]
218 clauses · 9 types · rule-based NLP + ML classifier[cite: 5]
RISK_SCORE[cite: 5]
XGBoost v1.4 · 14 high-risk · SHAP to Firestore[cite: 5]
REDLINE_DRAFT[cite: 5]
31 redlines · 14 held for HITL · 17 autonomous[cite: 5]
HITL-1[cite: 5]
⏸ HITL_LEGAL — Legal Counsel reviews 14 high-risk clauses across both contracts[cite: 5]
EU AI Act Art. 14 · 48h SLA · clause-by-clause: approve / modify / accept-as-is · immutable audit record per clause decision[cite: 5]
Negotiate
NEGOTIATE[cite: 5]
Redlines sent to both via Ariba · Medpack 7/8 accept · Sterimäk 19/23 accept · 5 counter-proposals received[cite: 5]
FINAL_REVIEW[cite: 5]
Re-score negotiated text · portfolio risk 0.71→0.44 · 2 unresolved clauses flagged (Sterimäk AG)[cite: 5]
HITL-2[cite: 5]
⏸ HITL_SIGN — CPO executes both contracts · GDPR Art. 22 unconditional[cite: 5]
No autonomous execution under any circumstances · 72h SLA · unresolved clause summary + risk delta presented · both contracts signed in single CPO decision[cite: 5]
Outputs
SAP Ariba Contract Workspace[cite: 5]
Two executed contract records · full clause audit trail attached · renewal triggers set[cite: 5]
SAP S/4HANA + Pub/Sub[cite: 5]
Both vendor masters activated · contract.executed → PG 05 PO Agent[cite: 5]

Track A — Medpack SE  ·  Track B — Sterimäk AG  ·  Amber rows = HITL checkpoints — human decision required to advance[cite: 5]

Workflow Simulation · Contract Negotiation

Sterile packaging film — two supplier drafts.
156 pages. 218 clauses. Two HITL gates.[cite: 5]

The Contract Agent works through both supplier drafts simultaneously[cite: 5]. Step through each state to see clause extraction output, risk scoring with SHAP, the CSRD clause diff (full text), Legal HITL review with clause-by-clause interface, negotiation tracking, and CPO sign-off[cite: 5].

ML Model Specifications · Two Models[cite: 5]

Two models. Different jobs.
Both auditable. Both explainable.[cite: 5]

Clause extraction and clause risk scoring are distinct problems requiring distinct architectures[cite: 5]. The extractor is deterministic and classification-only — no SHAP required[cite: 5]. The risk scorer is probabilistic and high-stakes — SHAP is mandatory before any HITL presentation[cite: 5].

Model A — Clause Risk Scorer[cite: 5]
Model Engine Architecture
XGBoost classifier (v1.4) — trained on 6 years of ClaraVis contract negotiation outcomes[cite: 5]. Retrained semi-annually via Vertex AI Pipelines[cite: 5]. Deterministic output for identical inputs — required for reproducible audit under EU AI Act Article 13[cite: 5].
Evaluated Input Features
Eight features per clause, all derivable from the extracted clause text and ClaraVis standard playbook:[cite: 5]
Clause type Deviation magnitude Jurisdiction flag Liability cap ratio Termination notice days IP assignment breadth CSRD coverage score Force majeure scope
Inference Target Output
Risk score 0.0–1.0 per clause, plus 4-dimension breakdown: Financial · Operational · Compliance · IP[cite: 5]. SHAP values for all high-risk clauses ($\geq0.75$) written to Firestore before HITL_LEGAL is presented — EU AI Act Article 13 compliance[cite: 5].
Confidence Threshold Gates
≥ 0.75 — High Risk: HITL_LEGAL mandatory · agent cannot autonomously accept or redline[cite: 5]
0.45–0.74 — Medium: agent redlines autonomously using ClaraVis standard playbook v2.4[cite: 5]
< 0.45 — Low: agent accepts supplier clause or applies standard playbook substitution[cite: 5]
Explainability UX Contract
Top-2 risk dimensions per high-risk clause rendered as horizontal bars in the Legal HITL interface[cite: 5]. Legal Counsel sees why a clause is high-risk — not just the score[cite: 5]. This is the EU AI Act Article 13 transparency obligation expressed as a per-clause UX contract, not a post-hoc audit report[cite: 5].
Model B — Clause Extractor[cite: 5]
Segmentation Backbone
Rule-based NLP + ML classifier hybrid[cite: 5]. Stage 1 (deterministic): rule engine segments both contract documents into clause units using section header patterns, numbered-list markers, and defined-term anchors[cite: 5]. Stage 2 (learned): fine-tuned BERT classifier assigns each clause to one of 9 types[cite: 5]. See ADR-006[cite: 5].
Extracted Structural Types
Liability Termination IP Assignment Payment Terms Confidentiality Force Majeure Compliance / CSRD Warranty Governing Law
Explainability Posture
Classification only — no risk decision, no SHAP required[cite: 5]. BERT classifier confidence score written to audit log per clause[cite: 5]. Stage 1 rule output is fully deterministic and human-readable: a compliance auditor can re-run it and get identical clause boundaries[cite: 5]. This reproducibility is the reason the hybrid was selected over a pure LLM approach[cite: 5].
Model Registry
Both models stored in Vertex AI Model Registry with versioned Model Cards[cite: 5]. Every inference log entry references the model version hash — enabling point-in-time audit of any past clause classification or risk score[cite: 5].
HITL Specification · Two Checkpoints[cite: 5]

Legal review. Then sign-off.
No contract executes without a human.[cite: 5]

GDPR Article 22 prohibits automated decisions that produce significant legal effects[cite: 5]. A contract execution is the definition of such a decision[cite: 5]. HITL-2 is therefore unconditional — no risk score, no spend threshold, no clause count can trigger or bypass it[cite: 5].

HITL-1 — Legal Clause Review Block
Entry State Criteria
Any clause risk score ≥ 0.75 (High Risk) OR any clause deviating from mandatory ClaraVis standard terms (CSRD Annex I disclosure, data protection minimum, liability cap floor)[cite: 5]
Policy Route Target
General Counsel / Legal (S-04) — named approver per legal governance policy[cite: 5]. Deputy Counsel if primary unavailable beyond 8 hours[cite: 5].
Presentation Contract
Original clause text · Agent redline · Risk dimension SHAP bars (top-2 dimensions) · Plain-English justification · ClaraVis playbook reference clause · Supplier track label (A — Medpack SE or B — Sterimäk AG)[cite: 5]
Decision Interface
Clause-by-clause: Approve redline / Modify redline inline / Accept supplier clause as-is (mandatory justification $\geq50$ characters)[cite: 5]. Each decision written to Firestore independently before advancing to the next clause[cite: 5].
Timeout SLA
48 hours from routing → escalate to CPO + engage outside counsel[cite: 5]. Agent remains paused[cite: 5]. No autonomous redline on any timed-out high-risk clause — ever[cite: 5].
Audit Payload Schema
{approver_id, clause_id, timestamp, decision, modified_text, justification, risk_score, shap_ref} → Firestore per clause (immutable append — IAM write-only, no update or delete permitted)[cite: 5]
HITL-2 — Contract Sign-off Gate
Entry State Criteria
Always — unconditional[cite: 5]. GDPR Article 22 prohibits automated execution of contracts that produce significant legal effects on ClaraVis or its suppliers[cite: 5]. No risk score, spend threshold, or clause count overrides this gate under any circumstances[cite: 5].
Policy Route Target
CPO (S-01) — single approver for both contracts in a single decision session[cite: 5]. CFO (S-02) notified (not co-signature required) when combined contract value exceeds €3M[cite: 5].
Presentation Contract
Final portfolio risk score delta (pre vs post negotiation) · Unresolved clause summary with Legal Counsel recommendation · CSRD Annex I status per supplier · Combined contract value · Supply continuity countdown (days to incumbent contract expiry)[cite: 5]
Decision Interface
Execute both contracts / Execute Track A only, return Track B to NEGOTIATE / Reject both — return to NEGOTIATE[cite: 5]. On Execute: agent writes both contracts to Ariba Contract Workspace, activates both S/4HANA vendor masters, and fires contract.executed to Pub/Sub — all in a single atomic sequence[cite: 5].
Timeout SLA
72 hours from routing → escalate to CPO + CFO with supply continuity risk flag (incumbent contract expiry countdown displayed)[cite: 5]. Agent remains paused[cite: 5]. No autonomous execution under timeout[cite: 5].
Audit Payload Schema
{approver_id, timestamp, decision, unresolved_clauses_acknowledged, contract_value_a, contract_value_b, model_version} → Firestore (immutable append)[cite: 5]
Integration Points

What the agent reads. What it writes.

The Contract Agent reads supplier drafts and the ClaraVis standard playbook[cite: 5]. It writes only on human approval — no Ariba contract record is created, no S/4HANA vendor master is activated, until CPO sign-off is logged in Firestore[cite: 5].

Pattern System Context Transacted Payload Element Protocol Profile
READPATTERN
SAP Ariba Contract Workspace
Contract document source[cite: 5]
Supplier draft contracts (PDF/DOCX) · existing contract templates · award metadata from PG 03[cite: 5] Ariba Contract API (read scope)[cite: 5]
READPATTERN
GCP Pub/Sub
Event trigger from PG 03[cite: 5]
rfx.awarded event payload — supplier IDs, award split, contract value, CSRD status, contract term[cite: 5] Pub/Sub subscription[cite: 5]
READPATTERN
ClaraVis Contract Playbook
Standard clause library — Firestore[cite: 5]
Standard clause templates by type · minimum acceptable fallback positions · mandatory CSRD / GDPR clause text · current version: v2.4[cite: 5] Firestore SDK (read-only)[cite: 5]
WRITEPATTERN
SAP Ariba Contract Workspace
Executed contract archives[cite: 5]
Two executed contract records with full negotiated clause text · effective date · renewal triggers · CSRD compliance tier[cite: 5] Ariba Contract API (write scope)[cite: 5]
WRITEPATTERN
SAP S/4HANA
Vendor master activation database[cite: 5]
Vendor master status: Active · contract reference · agreed payment terms · CSRD compliance tier · effective date[cite: 5] SAP OData v4 (write scope)[cite: 5]
WRITEPATTERN
Firestore
Audit trail ledger · append-only IAM[cite: 5]
All clause risk scores · SHAP values per high-risk clause · HITL-1 per-clause decisions · HITL-2 sign-off record · all state transitions with timestamps[cite: 5] Firestore SDK (append-only IAM)[cite: 5]
WRITEPATTERN
GCP Pub/Sub
Asynchronous downstream messaging bus[cite: 5]
contract.executed — supplier IDs, Ariba contract IDs, effective date, payment terms, CSRD status per supplier[cite: 5] Pub/Sub push topic[cite: 5]
WRITEPATTERN
Vertex AI Registry
Model operations inference tracer[cite: 5]
Inference log per clause: model version hash · clause_id · risk score · input feature hash · timestamp[cite: 5] Vertex AI SDK[cite: 5]
Architecture Decision Records[cite: 5]

Every design choice has a record.

Four ADRs govern this module[cite: 5]. ADR-004 is carried from PG 03 — the same Firestore audit log pattern applies unchanged to every clause decision and HITL record in this module[cite: 5].

ADR-004 · Firestore for Audit Log[cite: 5]
Immutable append — carried from PG 03, applies unchanged[cite: 5]
GDPR Article 22 and EU AI Act Article 12 require a complete decision trail for every clause risk inference and every HITL decision[cite: 5]. Firestore append-only IAM enforces immutability at infrastructure level — no application code can delete or modify a logged clause decision[cite: 5]. Every HITL-1 per-clause decision and the HITL-2 sign-off record are written independently, ensuring a partial review can be audited even if the session is interrupted[cite: 5].
Status: Accepted[cite: 5]
ADR-006 · Structural Segmentation Engines[cite: 5]
Rule-Based NLP + ML Classifier over Pure LLM Extraction[cite: 5]
A pure LLM extraction approach produces non-deterministic clause boundaries and classifications — the same document may segment differently across runs[cite: 5]. For legal contract analysis, reproducibility is a compliance requirement: a compliance auditor must be able to re-run extraction and get identical clause boundaries and type assignments[cite: 5]. The rule-based Stage 1 segmenter is deterministic by construction; Stage 2 BERT classification adds learned signal while maintaining auditability via confidence scores[cite: 5]. Alternative rejected: pure LLM extraction (stochastic boundaries, non-reproducible output, no confidence calibration, fails EU AI Act Article 13)[cite: 5].
Status: Accepted[cite: 5]
ADR-007 · Dual-Pipeline Strategy[cite: 5]
Dual-Pipeline with Shared HITL Checkpoints[cite: 5]
Processing Medpack SE and Sterimäk AG contracts sequentially would double HITL overhead and create negotiation timing asymmetry — Sterimäk AG would receive redlines 48+ hours after Medpack SE, creating leverage imbalance between the two suppliers[cite: 5]. Parallel processing with shared HITL sessions normalises the negotiation timeline and reduces total calendar time from 28 days to under 8[cite: 5]. Alternative rejected: sequential processing (doubles HITL wait time, creates supplier leverage asymmetry, extends total cycle time beyond incumbent contract expiry window)[cite: 5].
Status: Accepted[cite: 5]
ADR-008 · Mandatory Legal Execution Thresholds[cite: 5]
GDPR Art. 22 as Unconditional HITL-2 Trigger[cite: 5]
GDPR Article 22 prohibits automated decisions that produce legal effects or significantly affect natural persons or legal entities[cite: 5]. A contract execution creates binding legal obligations on ClaraVis and the supplier — it is categorically within Article 22's scope regardless of contract value or risk score[cite: 5]. HITL-2 is therefore unconditional by legal necessity, not architectural preference[cite: 5]. Implementing a score-gated bypass would constitute a GDPR violation regardless of the threshold chosen[cite: 5]. Alternative rejected: score-gated HITL-2 allowing autonomous execution of low-risk contracts — rejected as non-compliant with GDPR Article 22, no acceptable threshold exists[cite: 5].
Status: Accepted[cite: 5]
Cost & ROI Model[cite: 5]

What the Contract Agent costs.
What it saves. What it returns.[cite: 5]

Infrastructure cost per contract pair processed on GCP europe-west3, annual savings from legal review time reduction and outside counsel avoidance at ClaraVis volumes, and combined year-1 ROI[cite: 5]. All figures sourced or referenced below[cite: 5].

€6.80
GCP infra cost per single contract pair
Cloud Run + Firestore + Vertex AI calculations · GCP Calculator ↗
€1.1M
Estimated annual savings at benchmark[cite: 5]
Legal operations + outside counsel displacement · WorldCC Insights ↗
904×
Calculated Year-1 ROI yield ceiling[cite: 5]
Based on ClaraVis volume run rate scale of 180 pairs/annum[cite: 5]
GCP Infrastructure Cost Matrix (Per 1,000 runs)[cite: 5]
Cloud Run Compute (Agent + NLP Backbone)[cite: 5]€2,800
Firestore Clause-Level Audit Trails[cite: 5]€600
Vertex AI XGBoost Inference Tasks[cite: 5]€2,200
Ariba Contract Engine Sync Overheads[cite: 5]€800
Pub/Sub Core Message Bus[cite: 5]€80
Total Pipeline Cost Per 1,000 Runs[cite: 5]€6,480
Annual Savings Projections (ClaraVis Context)[cite: 5]
Legal Compression (14 Days → 2 Days)[cite: 5]+€540,000
Outside Counsel Displacement Yield[cite: 5]+€280,000
CSRD Penalty Avoidance Buffers[cite: 5]+€180,000
Execution Compression Contingency[cite: 5]+€100,000
Total Realized Annual Savings[cite: 5]€1,100,000
Methodology Reference. Legal review savings assume a blended in-house Legal rate of €180,000/year fully loaded, 180 contract pairs/year, and cycle time reduction from 14 days to 2 days per pair — consistent with World Commerce & Contracting 2024 benchmarks on AI-assisted contract review[cite: 5]. Outside counsel avoidance modelled at €1,600/hour average rate, 3.5 hours average per high-risk clause currently escalated externally, approximately 50 externally-escalated clauses per year at ClaraVis current volumes[cite: 5]. CSRD enforcement savings represent estimated regulatory penalty avoidance based on current ClaraVis CSRD exposure and EU CSRD penalty provisions (Directive 2022/2464)[cite: 5]. Infrastructure on GCP europe-west3 on-demand pricing via GCP Pricing Calculator[cite: 5]. All figures are indicative estimates[cite: 5].