What is a SaaS Agreement?
A software as a service (SaaS) agreement is a contract between a software company and a client that sets out the terms under which that client can use the software and other services (technically, it is a "subscription agreement" because the client subscribes to the service). The term "agreement" is very important because it allows for an offer and acceptance process that can be confirmed through required negotiation and a signature (in electronic or other form). The SaaS model has gained great momentum and is used by virtually every software company regardless of size or sector. In fact, recent research found that 77% of software companies now prefer this pricing model to the traditional ownership model. SaaS licensing is an essential part of a software company’s survival because it allows for predictable and regular revenue streams .
But it is also essentially a way for the software company to protect itself from its customers.
The first discussion in any contract negotiation should be the terms and conditions for termination and review of that process by the board of directors.
Some of the more common terms and conditions found in a SaaS agreement are:
- Authorized users have no rights to access the source code or object code or any derivative work;
- Clients are granted only a limited and non-exclusive right to use the service;
- Warranties and disclaimers of the service;
- Limitation of liability;
- Protects the intellectual property of the parties;
- Confidentiality of the parties’ information;
- Non-solicitation; and
- Other terms and conditions.
Key Provisions in a SaaS Agreement
Even before the Cloud became fashionable, data security was a hot issue. When considering data security, with respect to a SaaS agreement, issues include how the data is secured outside the company network, who owns the data, disaster recovery and other contingencies if the vendor fails, and whether there is adequate support for a company’s incident response plan. In addition to data security, there are a number of other important clauses to look for when assessing a SaaS agreement. For example, there should be express provisions addressing when and how the agreement terminates, along with any return of data (unless the company can obtain a copy via its own exports) and how the data will be destroyed after termination. If a SaaS vendor goes out of business, shutdown, or can no longer provide its service, these issues take on even greater importance. Compliance and security concerns may also result in the early termination of the SaaS agreement by the customer. Companies that license multiple SaaS solutions should consider whether the SaaS provider will allow the customer to export and use the data in each solution if the SaaS vendor is acquired or otherwise ceases to provide its solution. The SaaS agreement should also address other important issues. When is the data owned by the SaaS vendor, when does the customer own it, when does the customer have a license to the software and data (and on what terms)? What happens if the data is destroyed? What happens if the software is lost, corrupted, superseded, or improved? Who owns the intellectual property created and who owns and has the right to take the company’s data with them when they leave the employ of the company? Are there SLAs (service level agreements) associated with the SaaS software? Formal SLAs are helpful in negotiating and refining expectations and planning correction procedures.
Tasks of a SaaS Agreement Attorney
A SaaS agreement lawyer specializes in the review, drafting and negotiation of SaaS agreements. It is a distinct practice area due to the specialized knowledge of cloud technology, privacy law, cybersecurity law, software licensing, and the payment, usage and technology-neutral contract terms that are specific to SaaS agreements. Finally, it is the equivalent of a residential rental contract. It is a multifaceted agreement and requires a lawyer that has skills in sales contracts, licensing, software development, webinars, and many more. SaaS Lawyers are experts that perform due diligence and ensure compliance with laws like export control, privacy laws, anti-spam, and anti-corruption.
Legal Issues in a SaaS Agreement
Businesses often encounter a range of potential legal issues in their SaaS agreements. Some of these issues are on the surface, such as liability for service outages or failure to meet service levels; however, there are deeper issues such as compliance with data protection laws of numerous jurisdictions, liability for the data breach of a cloud provider, and potential international liability in the event of international data theft. There are also intellectual property issues, such as the obligation to defend the customer from infringement claims, or how to handle open source requirements.
Liability for Service Outages
One of the main legal issues businesses face in a SaaS agreement is what liability will the provider have if the service, or an aspect of the service, goes down. "Uptime" guarantees are common in SaaS agreements. However, several provisions can address this issue: The most common approach to setting liability for service outages is to cap the liability at a multiple of the fees charged, or in some cases to only cap liability if the outage persists for more than 48 hours. The key here is for the parties to agree what constitutes a service outage. The definition can be anything from a major outage rendering the service completely inoperative, to a partial outage that just means one aspect or component of the service isn’t functioning properly.
Liability for Data Loss
An area of concern as SaaS agreements evolve is the service provider’s liability if there is a data breach. In the early days of cloud computing, the cloud was considered the "wild west," where the security standards and protocols were inconsistent and evolving. Now , businesses are starting to take a closer look at the security and privacy policies of cloud providers.
The most significant takeaway for businesses is that cloud providers are increasingly focusing on the security effort. This is a result of several factors, including regulatory pressures, increased competition and customers refusing to accept the status quo. As a result, cloud providers are now taking a hard look and investing significantly in security, particularly with large enterprise customers. The concern now is whether cloud providers will be able to keep pace with the rapid increases in data breaches, hacking, phishing and data skimming that we are seeing today. While the number and exposure of data breaches continues to increase, the chances that your data will be comprised are fairly low.
Data Protection and Compliance
The requirement of consent is one of the most conspicuous difficulties in cloud computing business transactions. Significant data protection legislation has been enacted across jurisdictions over the last decade, and those substantive obligations are extending to cloud providers.
Data protection laws generally impose a number of obligations on the data processor, such as: Combined with the principles of data protection, which can include a limitation that personal data may only be collected for specific, legitimate purposes, that it must be accurate and kept up to date, and that storage must not be longer than necessary. However, not all jurisdictions have adopted all of these principles.
The obligations on the data controller remain, even if the data controller contracts with a cloud provider (as the data processor). The data controller still needs to retain control over the data, including the right to access the data, determine the means and purposes of processing, and approve any disclosures of the data.
Advantages of a SaaS Agreement Attorney
While the upsides of SaaS solutions can be immense, they can also leave unwitting businesses in a real pickle. Like any service that operates over the internet, Software as a Service (SaaS) is subject to a patchwork of international, national, state and local laws that govern everything from intellectual property to health care and beyond. Technology lawyers with real experience in Software as a Service can work with both service providers and end users to ensure compliance with these regulations. A Service Provider who cuts corners may find himself on the wrong side of an expensive lawsuit. An End User is a sitting duck for those same lawsuits if they do not understand their rights and responsibilities. A Software as a Service Agreement lawyer will consider the following benefits: Generally speaking, hiring a lawyer with the right experience is essential to ensure your SaaS project is a success and the benefits of SaaS solutions are fully realized.
SaaS Contracting Trends
There are a number of trends that we see, specific to SaaS agreements. First, the most common business model for any SaaS agreement is use-based and subscription and these models continue to evolve. For example, many service providers will be moving to a multi-year subscription model, where the subscription is paid in an upfront, one-time fee for a three or five-year period. This is a shift from traditional licensing agreements, where there were annual renewal licensing fees. This can be great for both parties. It can be great for the vendor because the service provider gets all the money up front, but it is also great for the customer because the customer knows their costs for the next few years.
It is important to note that customers still have some flexibility for a change in the scope of a service. If the customer is spending a lot more than anticipated in the first year of the subscription, the customer can scale back. While most SaaS agreements are specifically for named individual users, many agreements also include a clause that allows the customer to add subscriptions mid-way through the subscription and adjust pricing accordingly . This allows the service provider to earn more revenue, but also gives the customer relief if they decide that the use by one or more of its personnel is not necessary.
One other trend we are starting to see is the rise of the consortium. This is not unique to SaaS agreements, but rather a general trend across licensing agreements. A consortium is a way for a number of customers to buy into a subscription as a group, and claim credits for each subscription. Not only is this beneficial from an economy of scale perspective, but it is also a good way to negotiate pricing, as the service provider will have no choice but to negotiate. In addition, the consortium will likely include customers that are in the same industry, so that there are no antitrust considerations.
Lastly, while SaaS agreements are not new, there have been changes in the law that impact SaaS agreements, including the General Data Protection Regulation (GDPR), which is a European law that impacts any SaaS vendor or customer that does business in Europe (and many others); the California Consumer Privacy Act (CCPA), a new law in California that may make its way across the United States; along with a number of other changes.