SaaS (Software as a Service) subscription arrangements are incredibly common these days. As hosting costs have come down and hosting reliability and stability have gone up, choosing a SaaS model over traditional modes of software delivery, such as downloadable or "on premise" software, is simply a smart business decision.
For vendors, SaaS offers greater protection of their intellectual property (the customer never gets access to the software and source code), as well as more insight and control over how it is being used and an agile development process (with constant updating and improving capabilities). Customers prefer subscription services for their ease of use, efficiency, cost effectiveness, and faster and easier implementation. In some situations, implementation is as easy as logging in, rather than downloading, installing, integrating, etc.
And with continued innovation in areas such as AI-powered applications and 5G edge computing capability, SaaS solutions will undoubtedly continue gaining popularity among tech-oriented businesses. With this in mind, business teams on both sides of a SaaS arrangement may wish to sharpen their understanding of the key legal issues associated with a subscription services agreement, particularly if they are to play any role in their company's review or negotiation of a such deals.
The below comparison chart summarizes the top 15 legal issues in SaaS agreements from the perspectives of both vendors and customers. Additional insights for certain topics are provided in "read more" links. The below chart is intended to be a resource that you can review with your legal counsel.
| Common Vendor Preferences: | Common Customer Preferences: | |
| License Scope | A narrow scope, limited to specified named users, to be used only internally within the customer entity. Standard license restrictions (e.g., no reverse engineering, reselling, using competitively, etc.). | A broader scope, to include possible use by subsidiaries, affiliates and contractors. Fewer license restrictions, that are fair and reasonable. |
| Payment Terms Read more here. |
Payment in advance. Shorter payment terms (e.g., net 30 after invoice date). Right to charge interest and collection costs for late payments. | Payment in arrears. Longer payment terms with right to dispute payments in good faith (e.g., net 60 after receipt of undisputed invoice). Avoid interest and penalties; or minimize their impact via a written notice requirement and cure periods before any interest or penalties can begin. |
| Service Level Agreement (SLA) Read more here. |
Reasonable SLAs (if any). Include "commercially reasonable efforts" standard, and manageable targets, as well as exceptions for things beyond vendor's control (e.g., general internet issues). | Robust SLAs, including a right to service credits or refunds for excessive downtime, as well as a right to terminate after a certain number (or length) of incidents. |
| Use of Data/ Data Rights | Rights to use customers' aggregated, anonymized usage data, especially when such data is needed to train vendor AI. | Retain all rights to its data; or grant limited rights to vendor for the use aggregated and anonymized data only. |
| Data Privacy Addendum (DPA) Read more here. |
Reasonable DPA that meets the requirements of applicable privacy laws. | DPA that requires prompt vendor notice (e.g., 48 hours) in the event of not only an actual security breach, but also any suspected or alleged security breaches; quick remediation (at vendor expense); termination rights for customer; and indemnity for security breach with either unlimited liability or a higher "super-cap." |
| Reps and Warranties | Standard, but narrow, vendor reps and warranties, such as a representation that vendor's services will substantially comply with the documentation. | Standard, but broader, vendor reps and warranties, e.g., that vendor will comply with applicable laws and industry standards, confidentiality and privacy protections, IP rights (non-infringement), etc. |
| Indemnities Read more here. | Offer only basic indemnities (e.g., non-infringement), if any, to customer and include exceptions for modification or misuse of the Services. If possible, secure indemnities from the customer regarding its IP rights to any data or content being shared with vendor. | No indemnities given to vendor; or give indemnities with a narrow scope (and include exceptions for modification or misuse of your content or data). Robust indemnities from vendor (e.g., non-infringement, confidentiality & privacy, injury to persons or property, arising from any material breach, etc.). |
| Limitation on Liability Read more here |
Limit vendor liability. May give a "super cap" for certain issues, like indemnity, IP violations, and confidentiality/privacy. | Uncapped vendor liability, if possible, especially for issues such as indemnities, IP violations, and confidentiality or privacy breaches. May accept Super caps if they are reasonable, based on the scope of possible harm, not necessarily proportional to the size of the deal. |
| Termination Rights | Limited termination rights for the customer, and no obligation to provide refunds, or refunds only in very limited circumstances. | Broad termination rights (e.g., due to vendor breach, SLA failures, privacy issues, decrease in service features or functionality, chronic issues, and, if possible, for convenience); with rights to pro-rata refund, if possible. |
| Renewal Read more here | Auto-renewals for reduced churn. | Auto-renewal may be acceptable, but only with reasonable opt out dates for customer to avoid paying for an unwanted renewal term. (See Notice Periods below). |
| Notice Periods | Preferred length of notice periods will vary. Short notice periods (5-10 days) for things like your notice to customer for non-payment; and longer notice requirements for others such as customer's notice to you (e.g., 60-90 days prior) to opt out of auto renewal. |
Preferred length of notice periods and timelines also
varies. Shorter notice requirements for things relating to customer rights. Longer notice periods for any provisions giving the vendor a right to pursue remedies against customer. |
| Insurance | Vendor insurance requirements match scope of vendor's current policies and would not require to you obtain incremental or custom insurance for this transaction. | Vendor insured for general liability, errors & omissions/professional liability, cyber liability, and workmen's comp. Plus, an umbrella policy and other applicable coverage based on circumstances (car, shipping, air, etc.). |
| Publicity | Right to use customer's name, and possibly logo, in vendor marketing, or at least in list of customers. | Right to approve any use of customer name or logos, including prior approval of use in lists of clients. |
| Assignment | Vendor assignment rights only; customer cannot assign. | Mutual restriction of assignment, with a mutual exception for M&A activity or reorganizations. |
| Other | If asked to sign customer template contract, review for
non-standard terms such as: · Custom SLAs · Unreasonable reps and warranties · Excessive data security requirements |
If asked to sign vendor template contract, review for
non-standard terms to avoid, such as: · Exclusivity – read more · Non-solicitation clauses – read more · Liens and security interests · Anything else unusual or non-standard. |
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
