Yeah. This is what always trips engineer-types up when dealing with legal. A contract isn’t code. There is usually, on both sides, a certain degree of BSing that goes on. Put another way, both parties are usually knowingly taking on risk associated with non-compliance. “We meet the security requirements in spirit only” is easily one of the more tame instances of this.
According to the writer's understanding of the law (and the risk tolerance they have for being caught) these are the terms they're putting to paper.
Generally, that means the writer's legal team feels confident that if everything goes sideways and they're standing in a courtroom, they have the best possible chance at winning the case with the language they used.
Now everyone around legal (e.g. sales, marketing, product, etc.) likely has different incentives. But the entire reason legal is somewhat firewalled is because they're the ones thinking about that future courtroom.
So it's less "there's a certain degree of BSing" and more that sometimes sales gets their preferred language and sometimes legal wins.
And of course, sometimes neither of them know relevant technical details and both their proposals are jibberish.
