SaaS contract – Key legal points | IT-Medienrecht

Discover key legal aspects of your SaaS contract. Protect your business with clear terms on SLA, data protection & GDPR compliance. Get expert insights…

The SaaS Contract: Definition and Key Legal Considerations

A SaaS contract fundamentally regulates the provision of software as an online service, rather than a locally installed license. Under this model, the provider makes software available to the customer via the internet (a cloud service), typically for a periodic fee. This structure distinguishes SaaS from traditional software purchases.

Key Legal Aspects of SaaS Contracts

Subject Matter and Type of SaaS Contract

In the Software-as-a-Service (SaaS) model, a provider offers a software application via the internet, allowing customers to use it without local installation. The SaaS contract defines the object of the service. Customers gain access to the provider’s software and its associated IT infrastructure.

Unlike a traditional software purchase, the customer does not acquire a copy of the software. Instead, they receive only the right to use it for the contract's duration. Legally, a SaaS contract is therefore often classified as a rental contract, concerning the transfer of software use, or as a hybrid of rental and service contracts. The provider is obligated to ensure software availability, while the customer pays the agreed fee, typically on a monthly or annual basis.

Availability, Service Levels, and Support (SLA)

A key element of any SaaS contract is the availability of the service. Since the software operates in the cloud, customers expect high uptime. Therefore, contracts frequently include service level agreements (SLAs) that specify minimum availability, such as 99% on an annual average. These SLAs typically cover several crucial aspects:

Data Protection and Data Security in SaaS

Given that a SaaS provider typically stores and processes customer data on its servers, data protection and IT security are contractually highly relevant. The provider usually acts as a processor under the GDPR. This necessitates a separate data processing agreement (DPA).

Within the SaaS contract itself, specific points should be clarified to ensure robust data handling:

Further Contractual Components and Liability in SaaS Agreements

A comprehensive SaaS contract typically includes several other standard provisions.

Conclusion

For startups offering a SaaS service, a well-structured contract or clear general terms and conditions are essential for building customer trust and mitigating risks. Similarly, startups that utilize SaaS solutions themselves must meticulously review the contract terms. This ensures full awareness of their rights in case of disruptions and a clear understanding of the data security standards provided.