IT Agreements

Why your SaaS agreement deserves more than a generic template

A SaaS agreement is not a traditional software licence. The client does not purchase a product — they access a hosted service, updated on an ongoing basis, whose data flows through third-party infrastructure. That model raises specific contractual issues that standard templates fail to address.

For over ten years, I have been advising SaaS vendors on drafting, negotiating and auditing their contracts. The pattern I see most often is the same: a contract thrown together for the first client, never updated since, that proves inadequate the moment the company signs larger accounts or expands internationally.

Getting the contract right from the start

Your SaaS agreement should mirror the way your service actually works. At a minimum, it needs to address access and usage terms, service levels (SLA) with measurable KPIs, personal data processing through a DPA compliant with Article 28 GDPR, and termination provisions — including data portability.

Data portability has become a central concern since the Data Act (Regulation (EU) 2023/2854) came into force. The regulation introduces new obligations on data processing service providers around portability and switching. If your contract does not account for these requirements, you risk facing termination requests you are not equipped to handle.

I have written a detailed guide on SaaS contract termination under the Data Act to help vendors prepare for these changes.

Negotiating with your clients and partners

Across vendors of all sizes, I find that the same clauses spark the hardest negotiations: liability caps, SLA penalties, intellectual property rights and termination.

As a vendor, the goal is to offer a contract that is fair but protective. Systematically accepting your client’s paper is risky: their templates are rarely designed for the SaaS model and often contain commitments that are impractical — or outright inconsistent — with how your service operates. You are better off leading with your own template, which you control, and negotiating adjustments case by case.

If your SaaS incorporates AI features, the contract should also include a dedicated AI clause: training data usage, ownership of generated outputs, liability limitations on model-produced content. This area remains largely uncharted legally, which makes it all the more important to address it upfront.

Auditing an existing contract portfolio

A contract audit is usually triggered by an event: a fundraising round (investors expect a legal review), a pricing model change, or the arrival of a large client with higher contractual requirements.

The exercise involves reviewing every contract in force — clients, vendors, partners — to flag inconsistencies, missing provisions and risks. In practice, the gaps I identify most frequently are missing DPAs, SLAs promised verbally but never formalised, and ambiguous intellectual property clauses around code developed for a specific client.

My SaaS contracting guide walks through the essential clauses to verify and the most common mistakes I encounter during audits.