Software As A Service Agreement Template for England and Wales
Generate a bespoke document
What is a Software As A Service Agreement?
A Software as a Service agreement is a contract under which a provider grants a customer access to software hosted in the cloud, typically on subscription terms. In England and Wales, it must address intellectual property licensing, service levels, liability limits, and the mandatory data processing agreement required by UK GDPR. The provider licences the software rather than transferring ownership, and the customer's data remains the customer's property throughout the term and after termination.
Frequently Asked Questions
What should a SaaS agreement governed by English law include?
It should define the licensed service, service levels, data processing obligations, acceptable use restrictions, fees and payment terms, intellectual property ownership, confidentiality, limitation of liability, and termination rights. A data processing agreement (DPA) schedule is mandatory where the provider processes personal data on behalf of the customer.
Who owns the customer data uploaded to a SaaS platform?
Customer data belongs to the customer. The SaaS agreement should confirm that the provider has no ownership claim over customer data, may use it only to provide the service, and must return or delete it promptly on termination. This is a key negotiating point and a UK GDPR requirement under the data processing agreement.
What service level commitments are typical in an English SaaS agreement?
Typical SLAs specify uptime of 99.5% to 99.9% measured monthly, planned maintenance windows, incident response times by severity level, and remedies for SLA failure such as service credits. Credits are usually the sole remedy for SLA breaches, so customers should consider whether the credit regime is sufficient for business-critical software.
How are liability caps typically structured in English SaaS contracts?
Most providers cap liability at 12 months of fees paid. Certain losses (death or personal injury from negligence, fraud, and in some contracts IP infringement indemnities) are typically excluded from the cap. The Unfair Contract Terms Act 1977 requires any cap to be reasonable; a very low cap may be struck down by an English court.
What UK GDPR obligations does the SaaS agreement need to address?
The provider processes personal data on behalf of the customer controller, making it a data processor. The agreement must include a DPA covering: processing instructions, confidentiality of personnel, security measures, sub-processor lists and approval, assistance with data subject rights and breach notifications, deletion or return of data on termination, and audit rights.
Can the provider change pricing or features during a fixed-term contract?
Only if the agreement includes a change clause permitting it. Without an express right, unilateral material changes constitute a breach of contract in English law. Providers commonly include rights to increase fees annually by CPI or a fixed percentage, with reasonable notice, but any increase that fundamentally alters the bargain may give the customer a right to terminate.
What happens to customer data on termination of the SaaS agreement?
The agreement should set out a data return or deletion window, typically 30 to 90 days after termination. During this window the customer should be able to export their data in a portable format. After the window, the provider should certify deletion. UK GDPR Article 28 requires this to be specified in the DPA schedule.
Does the SaaS agreement need to address sub-processors?
Yes. UK GDPR requires the DPA to either list authorised sub-processors by name or category or provide a mechanism for the customer to object to new sub-processors. The customer must receive reasonable notice before a sub-processor is added. The provider remains fully liable for sub-processor breaches as if it had committed them directly.
About the Software As A Service Agreement
A Software as a Service Agreement is a comprehensive legal contract that governs the relationship between cloud software providers and their customers in the United States. This agreement establishes the terms under which you can access and use subscription-based software applications hosted on the provider's infrastructure, while defining the rights, responsibilities, and obligations of both parties throughout the service relationship.
When do you need this document?
You need a Software as a Service Agreement whenever you're providing or purchasing cloud-based software solutions on a subscription basis. This includes scenarios where your business offers web-based applications to customers, when you're procuring software for your organization's operations, or when you're establishing partnerships for software integration services. The agreement is particularly crucial for businesses handling sensitive data, operating in regulated industries like healthcare or finance, or serving government entities that require specific security and compliance standards. You'll also need this document when expanding internationally, as it helps establish clear jurisdictional boundaries and applicable law provisions.
Key legal considerations
Critical legal elements include service level agreements that define uptime guarantees, response times, and performance metrics with corresponding remedies for failures. Data protection clauses must address ownership, processing, storage location, and security measures, particularly given increasing privacy regulations. Intellectual property provisions should clearly delineate ownership of software, customer data, and any derivative works or customizations. Limitation of liability clauses are essential to cap financial exposure for both parties, while termination provisions must address data return, service migration, and post-termination obligations. Acceptable use policies help prevent misuse that could trigger Computer Fraud and Abuse Act violations, and integration requirements should specify technical standards and support obligations.
Legal requirements in United States
Under United States law, SaaS agreements must comply with federal regulations including the Computer Fraud and Abuse Act, which governs authorized system access and prohibits exceeding permitted use. If serving government entities, compliance with the Federal Information Security Management Act is mandatory, requiring specific security controls and incident reporting procedures. The Electronic Communications Privacy Act and Stored Communications Act impact data transmission and storage practices, particularly regarding third-party access to customer information. State-specific requirements may include breach notification laws, consumer protection regulations, and professional licensing requirements depending on your industry. Export control regulations under the International Traffic in Arms Regulations and Export Administration Regulations may apply if your software contains controlled technology or serves international customers. Additionally, sector-specific compliance requirements such as HIPAA for healthcare applications or SOX for financial services must be incorporated where applicable.
GOVERNING LAW
Applicable law
This Software As A Service Agreement is drafted to comply with England and Wales law. Key legislation includes:
Explore 208,390+ legal templates
Explore 208,390+ legal templates
Genie's Security Promise
Genie is the safest place to draft. Here's how we prioritise your privacy and security.
Your data is private:
We do not train on your data; Genie's AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it