Software as a Service agreements revisited

Offering software as a cloud-base software solution is important in this ever-increasing cloudy environment.  In a previous article we discussed the legal considerations for those commercialising a software as a service agreement (SaaS Agreement) as a business model.  Below we revisit SaaS Agreements and set out key issues to consider when going to market.

How long do you get the right to access the software for?

SaaS Agreements can be for a fixed term payable in advance or arrears, whether annually or monthly, or simply month to month and the service is suspended if the customer fails to pay the next month’s subscription fee.

Deciding on the subscription term will affect the underlying revenue model having regard to cash flow needs and the standard subscription term in the sector.  For example, SaaS Agreement terms for individual consumers tend to be month to month, whereas enterprise SaaS Agreements are usually annual.

The scalability of SaaS can also allow customers to scale use of the SaaS both up and down and choose tiered pricing and plans.  Additionally, or separately, fees may be based on the number of users or quantity of data uploaded to the SaaS.

How do subscribers sign up?

Usually individuals will subscribe online and agree to a SaaS provider’s terms and conditions when they subscribe.  Care must be taken to ensure the terms and conditions are clearly available and that there is a positive action of the subscriber to accept them, such as ticking an “I Accept” box.

Enterprise SaaS Agreements are usually negotiated and signed by the customer as the service is generally more complicated and may involve some customisation of the solution and integration with the customer’s other solutions.

What is the service?

The scope and functionality of the SaaS service must be clearly stated to avoid disputes.

A simple mechanism is to have the subscription plans and service specified on a website, which may also reference specifications and a statement of user features, otherwise for more complicated enterprise SaaS services which are signed by the parties the specifications and functionalities will be specified in a service schedule.

Will service levels be offered?

For SaaS services, customers usually want assurance that the SaaS services will be available.  This can take the form of a service level availability of a certain percentage, say 99%.  To determine the service level availability, suppliers usually reflect the service levels offered by their hosting service providers, such as Amazon, however many suppliers prefer to not offer service levels, or, if they do, they promise a response time, but not a rectification time.  If suppliers offer a rectification time, they will usually offer a service credit for a failure to achieve the services level.

If service credits are offered, suppliers should ensure that they are the sole and exclusive remedy for the failure to achieve the service level.  That way the customer cannot terminate or claim certain other losses.

How is data handled?

It is common for SaaS services to pull in data inputted by the subscriber.  In order for the SaaS to produce good results, the subscriber must be obligated to ensure the integrity of the data, otherwise poor data will produce poor results for which SaaS providers should not be liable.  Care needs to be taken to ensure that the subscriber warrants that it has the right to provide the data and that the use of the data, including personal information and intellectual property, will not infringe the rights of any third parties or breach any laws.

In order for the SaaS services to use the data, the customer must give the SaaS provider a licence to use the data for the purpose of providing the services.  To ensure the security of the data, SaaS providers need to take appropriate technical measures against unauthorised or unlawful disclosure of subscriber data or its loss or destruction.

Subscribers will often check where their data is hosted and by who.  Increasingly customers want their data hosted in Australia and SaaS providers handling health information will generally host that data in Australia.

Before disclosing personal information to an overseas recipient, SaaS providers must take reasonable steps to ensure that recipient does not breach the Privacy Act 1988 (Cth) (Privacy Act) in relation to that information.  In addition, where a SaaS provider has disclosed health information to an overseas recipient, it will be accountable for any conduct the recipient engages in which would breach the Australian Privacy Principles (APPs), although there are exceptions available to this requirement under the Privacy Act.

Who own the IP in customisations?

Generally, SaaS Agreement will have a default position that the SaaS provider will own any new intellectual property, such as software, created in the course of providing services, otherwise an assignment to the subscriber could create a lost revenue opportunity.  For example, a SaaS provider may be asked to create some customisation code for the SaaS Services which could also be potentially used for other customers and the SaaS provider would be prevented from doing this unless it is granted a wide exclusive licence to do so.  It is best not to assign the intellectual property, but grant a licence to the subscriber to use the customised SaaS Services for the purpose of using the standard SaaS services.

What is the liability?

It is important to limit liability for any loss or damage caused by the SaaS services.  The standard is to limit the SaaS provider’s liability to an amount equal to the fees paid, however this needs to be refined depending on the term of the SaaS Agreement.  For month to month terms, the liability should be limited to the fees paid in the month in which the events giving rise to the liability occurred.  For annual terms, the liability is often limited in each 12-month period to the fees paid in that 12-month period, thereby avoiding a larger liability cap by excluding the fees paid in previous 12-month periods.  In both cases, liability for indirect, special and consequential losses should be excluded, as well as liability for loss of data, loss of profits and loss of business, amongst others.


Going to market with a SaaS offering is an exciting time, however care must be taken to ensure the SaaS provider’s legal risk is minimised and the subscriber’s understanding of the SaaS and its rights are clearly captured in a SaaS Agreement.

Further references

Related articles by Dundas Lawyers

Legal issues in software support agreements

Managed services agreements for IT companies

Software as a service (SaaS) contracts – legal considerations

What is a software licence agreement?

Further information

If you need assistance with your services agreement, please telephone me for an obligation free and confidential discussion.

Malcolm Burrows B.Bus.,MBA.,LL.B.,LL.M.,MQLS.
Legal Practice Director
Telephone: (07) 3221 0013 | Mobile: 0419 726 535


This article contains general commentary only.   You should not rely on the commentary as legal advice.   Specific legal advice should be obtained to ascertain how the law applies to your particular circumstances.

Send this to a friend