SaaS Contracts: What Are The Key Need-To-Know Risk Areas When it Comes To Contracting?

July 11, 2024

What is a SaaS agreement?

A software as a service (SaaS) agreement is a contract between a provider and a customer of a cloud-based software application.

The agreement defines the terms and conditions of the service, such as the scope, duration, fees, service levels, data protection, intellectual property rights, and termination clauses.

A SaaS agreement is different from a software license agreement, which grants the customer the right to install and use a software product on their own devices.

What are the benefits of SaaS?

SaaS is generally flexible and allows users to enjoy cost-effective cloud-based solutions, eliminating the need for heavy investments in hardware and software.

The provider delivers updates and improvements, ensuring users can access the latest features and minimising specific business training requirements.

For providers, SaaS agreements enable centralised data storage, leveraging economies of scale for enhanced efficiency and facilitating seamless updates and maintenance to minimise user disruptions.

What are the main components of a SaaS agreement?

Typically a SaaS agreement will cover the following main components:

Service description: the agreement should describe the features and functionalities of the software service, as well as the technical requirements and specifications. It may also include any limitations, exclusions, or restrictions on the use of the service.

Service level agreement (SLA): the agreement should define the performance standards and expectations of the service, such as the availability, uptime, reliability, security, and support. It should also specify the remedies and penalties for any service failures or breaches. Some SaaS contracts heavily favour the provider, limiting remedies for service downtime, support failures, data breaches, and losses. A thorough understanding of SLAs and negotiating fair terms can help businesses avoid one-sided agreements and better manage service-related disputes.

Fees and payment: the agreement should outline the pricing and payment terms of the service, such as the subscription fees, billing cycles, payment methods, taxes, and refunds. It may also set out any discounts, incentives, or penalties for early or late payments.

Data protection and privacy: the agreement should address the rights and obligations of the parties regarding the collection, processing, storage, and transfer of personal data and confidential information. It should cover the compliance with applicable data protection laws and regulations, such as the General Data Protection Regulation (GDPR).

Intellectual property rights: the agreement should clarify the ownership and licensing of the intellectual property rights related to the software service, such as the trademarks, copyrights, patents, and trade secrets. It should also define the scope and any limitations of the customer's right to access and use the service, as well as the provider's right to monitor and audit the service.

Termination and renewal: the agreement should specify the conditions and procedures for terminating or renewing the agreement, such as the notice period, the effect of termination, and the post-termination obligations. It should also include any clauses for early termination, automatic renewal, or survival of certain provisions.

What are the main risk areas of SaaS agreements and how can these be addressed?

Availability and performance of the service, and the remedies or penalties for any service failures or interruptions. You may want to negotiate the service level agreements (SLAs) that define the minimum standards of quality and reliability that the provider must meet, or the compensation or credits that you can claim if the provider fails to meet them.

Security and confidentiality of the data and systems that are accessed or stored by the service, and the responsibilities and liabilities for any data breaches or cyberattacks. You may want to negotiate the security measures that the provider must implement to protect the data and systems, or the notification and mitigation procedures that they must follow in case of an incident. Non-compliance can lead to severe consequences, including significant fines and damage to the business's reputation. Clearly outlining responsibilities for data handling and storage mitigates these risks.

Interoperability and compatibility of the service with your existing or future software or hardware, and the support and maintenance services that the provider will offer. You may want to negotiate the integration and customization options that the provider will provide, or the updates and upgrades that they will deliver.

Vendor lock-in risks. While SaaS offers advantages, businesses face the risk of becoming locked into a specific provider. SaaS agreements should address this risk by giving businesses flexibility and options to adapt, minimising the potential negative impact of dependency on a single provider.

Intellectual property disputes. SaaS agreements should have clear delineations of intellectual property rights. This ensures both parties understand the limitations and permissions regarding the use of the software, reducing the likelihood of legal conflicts.

Should you use a template SaaS?

A template software as a service agreement can be a useful starting point for drafting your own contract with a provider, but it should not be used without careful review and customization. A template agreement may not cover all the specific terms and conditions that are relevant to your situation or reflect the latest legal developments and best practices in the industry.

What are the key takeaways when it comes to SaaS and minimising contract risk?

We recommend always to:

  • carefully review a SaaS agreement, especially if you are dealing with complex or high-value software services that may involve significant risks or liabilities.
  • do your own due diligence on the provider and their software service, and verify their credentials, reputation, and performance. You should check their references, reviews, and testimonials, and ask for a demonstration or a free trial of the service.
  • read the supplier’s privacy policy, security policy, and service level agreement, and ensure that they comply with the applicable laws and standards.

If you need help reviewing and negotiating a commercial contract, please get in touch!

Receive our insights directly to your inbox by signing up to our newsletter

Recommended content