RGPD
Negotiating a SaaS (Software as a Service) contract is necessary to formalise the relationship between the software publisher and the customer.
Reading time:
14 min
Negotiating a SaaS contract (Software as a Service) is necessary to formalise the relationship between the software publisher and the customer.
This type of contract, often complex, must be clear and comprehensive in order to avoid disputes and to define the responsibilities of both parties. A well-drafted SaaS contract anticipates the operational and legal needs of both parties while offering flexibility suited to changes in the software or in the customer's expectations.
A well-structured contract protects the interests of both the publisher and the customer by setting out the service levels (SLA), the protection of personal data (in particular with regard to the GDPR), the rights of use, and reversibility upon termination of the contract.
Below are the main points to watch for when negotiating or drafting a SaaS contract, accompanied by concrete examples to better understand what is at stake.
When negotiating the SaaS contract, the agreement must clearly define the rights of use granted to the customer, since SaaS is based on a model of licence of use, not of ownership.
It is important to specify:
Point to watch: Restrictions must be sufficiently clear to prevent any abusive exploitation by the customer, while taking care not to impose limitations that could hinder legitimate use of the software. Make sure the contract includes a clause specifying that any use outside the specified terms will constitute a breach of the contract.
A well-structured SaaS contract protects the publisher's rights while clearly defining the uses available to the customer.
Concrete example: My client had integrated software into its agricultural equipment and wished to restrict use of the source code to its users in order to retain control over it. I secured user access to the source code, taking care to insert measures to protect against abusive use of the source code, such as the non-assignment of rights to the software.
Other points to consider:
Let's discuss your needs for 15 minutes!
The SLA (Service Level Agreement) is an essential element of a SaaS contract, as it guarantees the quality and availability of the service (negotiating a SaaS contract).
This document must specify:
Point to watch: A poorly defined or unrealistic SLA can lead to customer frustration and expose the publisher to disputes if the service does not match expectations.
The SLA goes beyond standard commitments: it may also include specific guarantees to reassure customers and to set the expectations of both parties.
Concrete example: When a SaaS customer in the medical field experienced an unexpected outage, a well-structured SLA with repair commitments within 4 hours made it possible to avoid costly disputes, while protecting the publisher's reputation.
Point to watch: SLA clauses must be realistic; overly ambitious commitments can generate high financial risks for the publisher. Add a limitation of liability for financial compensation in the event of a breach (for example, a maximum equivalent to one month's subscription).
I want to ensure the availability of my SaaS software
Confidentiality and data security are crucial aspects of SaaS contracts, particularly since the entry into force of the GDPR, notably its Article 13 (negotiating a SaaS contract).
The contract must include measures to protect data and guarantee its confidentiality:
Point to watch: If data protection obligations are not properly defined, the publisher may incur significant penalties in the event of a security breach. Also include a clause limiting the publisher's liability in the event of unforeseeable external attacks.
To strengthen data protection, the SaaS contract must also include:
Concrete example: A SaaS company hosting health data had to include a quarterly audit to reassure its customers regarding GDPR compliance and ISO 27001 security standards.
Point to watch: Insufficient data protection commitments can not only expose the publisher to financial penalties, but also damage its reputation. Add a clause specifying that customer data will remain accessible even upon termination in order to facilitate migration.
I want to ensure GDPR compliance for my SaaS software
The question of intellectual property is crucial in SaaS contracts. Although the customer benefits from rights of use, the publisher generally retains intellectual property over the software (negotiating a SaaS contract).
The contract must clarify:
Point to watch: Any ambiguity regarding ownership can lead to costly disputes. Include a specific clause for modules or extensions jointly developed by the customer and the publisher, in order to clearly define their ownership.
In some cases, customers may request modifications or adaptations to the software. The contract must provide for these situations:
Concrete example: One of my clients developed an automotive software solution of which he wishes to remain the exclusive owner. By including specific clauses limiting or even prohibiting users from reproducing the software, he secured the exclusive retention of the intellectual property.
Point to watch: These clauses must be drafted in such a way as to protect the publisher's business model while respecting the customer's legitimate rights. Also add a clause specifying the remedies in the event of a breach, such as an immediate suspension of access to the software.
Termination and reversibility clauses are essential in a SaaS contract, especially at the end of the commercial relationship. They define the conditions of termination and the procedures for retrieving the customer's data (negotiating a SaaS contract).
The contract must specify:
Point to watch: A well-drafted reversibility clause is crucial to avoid disputes upon termination of the contract and to guarantee the customer access to its data. Also mention whether fees apply for the retrieval or secure destruction of data after termination.
Reversibility is a central concern for customers when they wish to change provider or end their contract. The contract must also provide for:
Concrete example: A SaaS customer wishing to migrate to another solution was able to retrieve all of its data in a standard format (CSV) thanks to a clear reversibility clause, thereby allowing a smooth transition without any service interruption.
Point to watch: Provide for a clause prohibiting the customer from withholding outstanding payments as leverage to accelerate or influence reversibility. Add a mention of the obligation of both parties to cooperate during the migration process.
The limitation of liability is a key point of the SaaS contract, allowing the publisher to be protected against costly claims while setting the customer's expectations (negotiating a SaaS contract).
The contract must include:
Point to watch: A well-drafted limitation of liability clause is essential to avoid costly and unforeseen disputes. Add a section detailing the remedies available to the customer in the event of a serious breach by the publisher, such as limited compensation or early termination without charge.
To strengthen the protection of both parties and prevent abuse, the contract may also include:
Concrete example: When a customer claimed financial compensation for a loss of revenue linked to a temporary outage, a limitation of liability clause capped at one month's subscription made it possible to limit the financial losses for the publisher while offering acceptable compensation for the customer.
Point to watch: These clauses must be balanced so as to protect the publisher without appearing too restrictive for the customer. Add a specific clause for situations in which the customer contributed to the incident (example: misconfiguration of SaaS access).
To learn more
A SaaS (Software as a Service) contract formalises the relationship between the publisher of online-accessible software and its customer. It is based on a model of licence of use, not of ownership. When well drafted, it sets out service levels, data protection, rights of use and reversibility upon termination of the contract.
The contract must specify the type of licence (subscription, limited or perpetual use), the number of authorised users and the conditions for adding them, the usage restrictions (prohibition on modifying, reselling or sub-licensing) and the duration. As SaaS is based on a licence and not on ownership, these rights must be delimited with precision.
The SLA (Service Level Agreement) defines the guaranteed service levels: software availability (uptime), recovery time, performance, support. It sets out measurable commitments and often penalties in the event of a breach. It is a central element of the SaaS contract, as it determines the actual quality of the service provided to the customer.
The reversibility clause organises the retrieval of the customer's data at the end of the contract, in a usable format, and the migration to another solution. Without it, the customer risks losing access to its data or being locked in by the publisher. It is an essential protection against technological dependence.
Where the SaaS processes personal data on behalf of the customer, the publisher is generally a processor within the meaning of the GDPR. The contract must then incorporate the provisions of Article 28: security, instructions, further sub-processing, assistance with data subjects' rights. GDPR compliance is an unavoidable aspect of the negotiation.
The contract may provide for a limitation of liability clause, capping the indemnities. Care must be taken, however: it must not deprive the publisher's essential obligation of its substance, on pain of being deemed unwritten. The balance between protecting the publisher and providing guarantees to the customer is a key point of the negotiation.
The contract must state that the SaaS is granted under licence, without any assignment of rights to the software or to the source code. Non-assignment, non-reproduction and prohibition of reverse-engineering clauses protect the publisher. Any use outside the agreed terms must be characterised as a breach of the contract, giving rise to a sanction.
Because a SaaS contract combines intellectual property, personal data, service levels and liability. Imprecise drafting exposes you to disputes and to a loss of control over the software or the data. A lawyer calibrates the rights of use, the SLA, reversibility and the limitations of liability in favour of the party they advise.
Still have questions?
Our team is available!
Have a question?

Ressources
Aller plus loin