Established companies venturing into SaaS business or newbies starting off as SaaS companies have to deal with a lot of new and evolving challenges. Everything that you can possibly think of is different with SaaS model. To say that it is changing the software business is an understatement.
Starting with delivery model, architecture, sales, support companies, employees and customers need to get used to a new way of doing things. If you are one of the decision makers on either side of the transaction, the SaaS vendor or the Customer considering buying SaaS, there are a variety of legal issues you need to contend with.
Bruce Cleveland, a SaaS veteran and a pioneer of on-demand business while running the Siebel On-Demand, now a VC with Interwest Partners, must have been one of the first few to enter this uncharted territory. Defining new pricing model, subscription agreement, Service Level Agreements (SLA) is just the beginning. As a vendor you need to ensure you have backing agreements with your service providers like hosting company, license software providers for you to be able to meet all your commitments to your customers.
Bruce shared a detailed Q&A session on SaaS business model and legal issues, he had with his legal attorney during Siebel days, Cary Platkin of Platkin Law, on his blog. If you are starting off in your SaaS journey, this serves as a good starting reference.
Cary goes on to explain the basics of a Subscription Agreement and risk mitigation/sharing strategies by using similar or better back-to-back terms with your vendor. The larger your customer base, larger you share of the risks are.
SLAs are critical in providing services that customers run their business on. Most SaaS companies guarantee anywhere 99.5% to 99.9% up-time as part of their SLAs. As Cary rightly points out, most and the best SaaS providers have outages or unplanned downtime. So keeping that in mind, factor the availability, response times, performance commitments, Disaster Recovery commitments, while drafting a SLA. Service credits are becoming a critical part of SLAs. But in my experience after a service has delivered enough value to the them, (make sure you keep that as your focus), customers are more forgiving that you might think. We once had a service credit report of 250k (across a year) whittled down to a mere low thousand of dollars, when all was said and done.
Besides outage, data breach or leaks are the most concerning issue that will be raised by customers during contract negotiation. Customers are getting more educated on the Data Security concerns and the necessary process and infrastructure needs around Data Security to meet their regulatory mandates. As you saw from the Merrick v Savvis case, the service provider can be held liable for incidents of breach. Cary has the right advice for SaaS vendors is ensuring sufficient insurance, avoiding unlimited liability and avoidance of any ASP like terms.
If revenue recognition was not already complex, SaaS has some new twists considering that the agreements are signed upfront but the corresponding revenue recognized over the life of the contract.
Cary also explains the complexities surrounding multi-year agreements, international contracts, Data Privacy requirements, Data Ownership are all key areas to focus on during contract negotiation.
As with any legal issue, consult your attorney to ensure you have worked out the details around the complex legal issues involved while the SaaS model and the legalities continue to evolve.