Docaro

SaaS Agreement Negotiation Positions In The UK

Created:
This guide highlights key negotiation positions for SaaS agreements in the UK, helping buyers and suppliers understand common risks, priorities and fallback options. It is a practical companion to our AI Generated British Software as a Service (SaaS) Subscription Agreement.
Negotiation topic
Position summary
Issue type
Negotiation significance
Practical note
Supplier-friendly
Liability cap
Liability is capped at fees paid in the previous 12 months.
Legal, Financial
High
May leave the customer under-recovered for major outage or data loss.
Balanced
Liability cap
General cap applies, with higher caps for key risk areas.
Legal, Financial
High
Common compromise for data, confidentiality and indemnity risks.
Customer-friendly
Liability cap
Cap is high or uncapped for critical supplier breaches.
Legal, Financial
High
Useful where SaaS failure could cause material business loss.
Balanced
Uncapped liabilities
Death, personal injury, fraud and wilful misconduct remain uncapped.
Legal
High
Some liability exclusions are restricted or subject to reasonableness under UCTA.
Supplier-friendly
Exclusion of indirect loss
Excludes indirect, consequential and loss of profit claims.
Legal, Financial
High
Can significantly reduce recoverable losses after service failure.
Customer-friendly
Data loss liability
Supplier accepts enhanced liability for data loss or corruption.
Legal, Operational, Financial
High
Important where customer data is operationally critical or irreplaceable.
Supplier-friendly
Service availability SLA
Availability target is aspirational or heavily qualified.
Operational
High
Weak SLA may provide little leverage during recurring downtime.
Balanced
Service availability SLA
Availability is measured monthly with defined exclusions.
Operational
High
Gives both parties measurable performance expectations.
Supplier-friendly
Service credits
Service credits are the sole remedy for SLA failure.
Commercial, Legal, Financial
High
May prevent damages claims for outages exceeding credit value.
Customer-friendly
Service credits
Credits apply automatically and do not limit other remedies.
Commercial, Legal, Financial
Medium
Improves practical compensation for repeated performance failures.
Balanced
Planned maintenance
Maintenance excluded from uptime if notified in advance.
Operational
Medium
Notice windows help customers plan around service disruption.
Supplier-friendly
Emergency maintenance
Supplier may suspend service without notice for urgent maintenance.
Operational
Medium
Operationally necessary, but should be limited to genuine urgency.
Support hours
Support is limited to UK business hours only.
Operational, Commercial
Medium
May be unsuitable for customers with 24/7 operations.
Balanced
Support response times
Response times vary by incident severity level.
Operational
High
Severity definitions prevent disputes over support urgency.
Supplier-friendly
Resolution times
Supplier commits only to commercially reasonable resolution efforts.
Operational, Legal
Medium
Avoids firm deadlines, but weakens customer escalation rights.
Balanced
Security standards
Supplier must maintain documented security controls aligned to recognised standards.
Operational, Legal
High
NCSC cloud principles help assess SaaS security expectations.
Customer-friendly
ISO 27001 certification
Supplier must maintain ISO 27001 or equivalent certification.
Operational, Legal
Medium
Provides external assurance, but scope of certification should be checked.
Balanced
Data processing agreement
Processor terms include Article 28 UK GDPR requirements.
Legal, Operational
High
UK GDPR requires mandatory controller-processor contract terms.
Customer-friendly
Personal data breach notice
Supplier must notify suspected personal data breaches promptly.
Legal, Operational
High
Controllers may need to notify the ICO within 72 hours.
Supplier-friendly
Subprocessors
Supplier may appoint subprocessors with general authorisation.
Legal, Operational
High
Customers may need notice and objection rights for compliance oversight.
Balanced
International data transfers
Restricted transfers require appropriate safeguards and transfer documentation.
Legal
High
Relevant where hosting, support or subprocessors are outside the UK.
Customer-friendly
Data location
Customer data must remain in the UK or approved regions.
Legal, Operational
Medium
Can simplify transfer compliance and regulated-sector procurement.
Supplier-friendly
Audit rights
Customer receives summary compliance reports instead of direct audits.
Operational, Legal
Medium
Reduces supplier burden but may not satisfy customer assurance needs.
Customer-friendly
Audit rights
Customer may audit security and data processing on notice.
Operational, Legal
Medium
Important for regulated customers and material outsourcing arrangements.
Balanced
Customer data ownership
Customer retains ownership of data submitted to the service.
Legal, Operational
High
Prevents disputes over business data, records and customer content.
Supplier-friendly
Supplier platform IP
Supplier retains all rights in the SaaS platform and software.
Legal, Commercial
High
Essential for SaaS suppliers licensing a multi-customer platform.
Balanced
Licence scope
Customer receives a limited subscription licence for authorised users.
Legal, Commercial
High
Defines who may use the service and for what business purposes.
Customer-friendly
Affiliate use
Customer affiliates may use the SaaS under the same subscription.
Commercial, Legal
Medium
Useful for group companies, but affects pricing and liability allocation.
Supplier-friendly
Usage limits
Usage above plan limits triggers additional charges automatically.
Commercial, Financial
Medium
Can create unexpected cost if monitoring and alerts are weak.
Balanced
User count true-up
Additional users are charged pro rata during the subscription term.
Commercial, Financial
Medium
Avoids overcharging while allowing supplier revenue for increased use.
Supplier-friendly
Acceptable use policy
Customer must comply with supplier’s online acceptable use policy.
Operational, Legal
Medium
Online policies should be fixed or change-controlled for certainty.
Unilateral changes to terms
Supplier may update terms or policies by website notice.
Legal, Commercial
High
Can alter risk allocation after signature without real negotiation.
Balanced
Change control
Material contract changes require written agreement by both parties.
Legal, Commercial, Operational
High
Protects agreed pricing, scope, security and compliance commitments.
Feature changes
Supplier may improve features but not materially reduce core functionality.
Operational, Commercial
Medium
Supports product evolution while protecting customer dependency.
Implementation services
Implementation milestones, responsibilities and dependencies are specified.
Operational, Commercial
High
Reduces disputes over delays, configuration and customer readiness.
Customer-friendly
Acceptance testing
Customer may test configured services before go-live acceptance.
Operational, Commercial
Medium
Important for configured SaaS or paid onboarding projects.
Supplier-friendly
Fees and invoicing
Fees are payable annually in advance and non-refundable.
Commercial, Financial
High
Improves supplier cash flow but increases customer lock-in risk.
Customer-friendly
Fee refunds
Prepaid fees are refunded pro rata after supplier default termination.
Financial, Legal
Medium
Avoids paying for unused service after serious supplier breach.
Supplier-friendly
Price increases
Supplier may increase fees on renewal at its discretion.
Commercial, Financial
High
Customer may face material cost increase after integration dependency.
Balanced
Price increases
Annual increases are capped by CPI or an agreed percentage.
Commercial, Financial
High
Provides budget certainty while preserving inflation adjustment.
Supplier-friendly
Late payment interest
Overdue sums accrue statutory or contractual interest.
Financial, Legal
Low
UK late payment rules may imply interest in business contracts.
Balanced
Payment dispute process
Undisputed invoices are paid while disputed amounts are investigated.
Commercial, Financial
Medium
Prevents tactical non-payment and improper service suspension.
Taxes and VAT
Fees are exclusive of VAT unless stated otherwise.
Financial, Legal
Medium
Clarifies whether VAT is added to subscription charges.
Supplier-friendly
Suspension for non-payment
Supplier may suspend access after overdue payment notice.
Commercial, Operational, Financial
High
Customer should require notice and protection for disputed invoices.
Balanced
Suspension for security risk
Supplier may suspend affected access to prevent security harm.
Operational, Legal
Medium
Should be proportionate, prompt and limited to affected users or systems.
Supplier-friendly
Initial term
Customer commits to a fixed multi-year initial term.
Commercial, Financial
Medium
Improves revenue certainty but increases switching risk for customers.
Auto-renewal
Subscription renews automatically unless cancelled before notice deadline.
Commercial, Financial, Legal
High
Missed notice dates can create unwanted renewal liabilities.
Balanced
Renewal notice period
Either party may prevent renewal on 30 to 90 days’ notice.
Commercial, Operational
Medium
Allows planning for migration, budgeting and renewal negotiations.
Supplier-friendly
Termination for convenience
Customer has no right to terminate during the committed term.
Commercial, Financial, Legal
High
Locks in revenue but limits customer flexibility if needs change.
Customer-friendly
Termination for convenience
Customer may terminate for convenience on notice.
Commercial, Financial
High
Often resisted unless fees, minimum term or exit charges compensate supplier.
Balanced
Termination for material breach
Either party may terminate for uncured material breach.
Legal, Commercial
High
Cure periods should reflect whether breaches are remediable.
Customer-friendly
Termination for repeated SLA failure
Customer may terminate after repeated serious service level failures.
Operational, Legal, Commercial
High
Gives a meaningful exit where service credits are insufficient.
Balanced
Insolvency termination
Termination rights apply on insolvency events where legally effective.
Legal, Commercial, Operational
Medium
UK insolvency rules can affect enforcement of termination clauses.
Customer-friendly
Exit assistance
Supplier must provide migration support after termination.
Operational, Commercial
High
Reduces business disruption and vendor lock-in at exit.
Balanced
Data export
Customer can export data in a usable format during and after term.
Operational, Legal
High
Essential for migration, continuity and records retention.
Post-termination data deletion
Supplier deletes or returns personal data after services end.
Legal, Operational
High
Article 28 requires return or deletion at end of processing.
Backup retention
Backups are retained for a defined period and securely overwritten.
Operational, Legal
Medium
Affects recovery, deletion compliance and incident response.
Customer-friendly
Disaster recovery
Supplier commits to defined RTO and RPO targets.
Operational
High
Critical for business continuity and acceptable data loss tolerance.
Business continuity testing
Supplier must test continuity plans and share summary results.
Operational
Medium
Assures customers that recovery commitments are operationally credible.
Balanced
Confidentiality duration
Confidentiality applies during the term and for a defined period after.
Legal
Medium
Trade secrets may need longer or indefinite protection.
Confidentiality exclusions
Standard exclusions apply for public, known or independently developed information.
Legal
Low
Prevents overbroad confidentiality duties covering non-confidential material.
Customer-friendly
IP infringement indemnity
Supplier indemnifies customer for third-party IP infringement claims.
Legal, Financial
High
Important because supplier controls platform code and technology stack.
Supplier-friendly
IP indemnity exclusions
Indemnity excludes customer data, combinations and unauthorised modifications.
Legal, Financial
Medium
Prevents supplier covering risks caused outside its control.
Customer-friendly
Data protection indemnity
Supplier indemnifies customer for supplier-caused data protection breaches.
Legal, Financial
High
Often negotiated due to ICO exposure and data subject claims.
Balanced
Indemnity procedure
Indemnified party must give notice and allow defence control.
Legal
Medium
Protects indemnifier from unmanaged settlements or prejudiced defence.
Supplier-friendly
Warranties
Service is provided as is with broad warranty disclaimers.
Legal, Commercial
High
May undermine expectations about performance, security and fitness.
Balanced
Performance warranty
Supplier warrants material conformity with documentation.
Legal, Operational
Medium
Ties service quality to objective product documentation.
Customer-friendly
Malware warranty
Supplier warrants it will not knowingly introduce malicious code.
Legal, Operational
Medium
Supports security assurance, though absolute malware warranties are resisted.
Balanced
Compliance with laws
Each party complies with laws applicable to its obligations.
Legal
Medium
Avoids one party guaranteeing the other’s regulatory compliance.
Anti-bribery compliance
Parties must comply with the Bribery Act 2010.
Legal
Low
Often required in UK corporate procurement and compliance policies.
Modern slavery compliance
Supplier must comply with modern slavery policies and applicable law.
Legal, Operational
Low
Relevant for larger UK organisations with supply chain reporting duties.
Sanctions compliance
Parties must not use the service in breach of UK sanctions.
Legal, Operational
Medium
Important for cross-border customers, users and payment flows.
Export controls
Customer must not export or use software in breach of controls.
Legal, Operational
Medium
Relevant for encryption, defence, dual-use and international access.
Customer-friendly
Insurance
Supplier must maintain cyber, professional indemnity and public liability insurance.
Financial, Legal
Medium
Insurance supports recovery but does not replace contractual liability.
Security incident cooperation
Supplier must investigate incidents and provide reasonable cooperation.
Operational, Legal
High
Helps customers meet notification, mitigation and stakeholder obligations.
Penetration testing reports
Supplier shares recent penetration test summaries under confidentiality.
Operational, Legal
Medium
Useful assurance, but reports may need redaction for security.
Balanced
Vulnerability remediation
Supplier remediates vulnerabilities according to severity-based timescales.
Operational, Legal
High
Turns security assurance into operationally measurable obligations.
Access controls
Customer manages users while supplier protects administrative access.
Operational, Legal
Medium
Allocates responsibility for account compromise and permission misuse.
Customer-friendly
Multi-factor authentication
MFA is required or available for administrative and user accounts.
Operational, Legal
Medium
NCSC recommends MFA to reduce account takeover risk.
Supplier-friendly
Customer responsibilities
Customer is responsible for users, devices, credentials and input data.
Operational, Legal
Medium
Supplier should not bear risk for customer-controlled environments.
Third-party integrations
Supplier is not liable for third-party integration failures.
Operational, Legal, Commercial
Medium
Customers relying on integrations should clarify support boundaries.
Balanced
APIs
API access is provided subject to rate limits and documentation.
Operational, Commercial
Medium
API reliability and limits matter where SaaS is integrated into workflows.
Open source software
Supplier manages open source use and licence compliance.
Legal, Operational
Medium
Reduces risk from copyleft obligations and unpatched components.
Supplier-friendly
Feedback rights
Supplier may freely use customer feedback to improve the platform.
Legal, Commercial
Low
Customers may restrict use of confidential or competitive ideas.
Aggregated analytics
Supplier may use anonymised aggregated usage data for analytics.
Legal, Commercial
Medium
Should exclude personal data and customer-identifiable confidential data.
Customer-friendly
AI training use
Customer data cannot be used to train AI models without consent.
Legal, Commercial
High
Increasingly important for confidentiality, data protection and IP control.
Balanced
Generated outputs
Customer owns outputs generated from its inputs, subject to platform IP.
Legal, Commercial
High
Relevant for AI-enabled SaaS and content generation tools.
Supplier-friendly
Benchmarking restriction
Customer may not publish performance benchmarks without approval.
Commercial, Legal
Low
Protects supplier reputation but may limit transparency for customers.
Publicity rights
Supplier may name customer as a client in marketing materials.
Commercial, Legal
Low
Customers may require prior written approval for brand use.
Balanced
Assignment
Assignment requires consent, except for group restructuring or sale.
Legal, Commercial
Medium
Protects customer from unknown suppliers while enabling corporate transactions.
Subcontracting
Supplier may subcontract but remains responsible for subcontractor acts.
Legal, Operational
Medium
Preserves delivery flexibility without diluting accountability.
Force majeure
Neither party is liable for events beyond reasonable control.
Legal, Operational
Medium
Should not excuse payment obligations or avoidable continuity failures.
Governing law
Agreement is governed by English law.
Legal
High
Usually preferred for UK-facing SaaS contracts and enforcement certainty.
Jurisdiction
English courts have exclusive jurisdiction over disputes.
Legal
High
Avoids parallel proceedings and uncertainty over dispute forum.
Dispute escalation
Operational disputes escalate to senior representatives before litigation.
Operational, Legal
Medium
Can resolve service issues quickly without formal proceedings.
Notices
Formal notices must be sent to specified legal notice addresses.
Legal, Operational
Low
Important for termination, breach notices and renewal deadlines.
Order of precedence
Negotiated order forms override standard online terms if inconsistent.
Legal, Commercial
High
Prevents standard terms undermining bespoke negotiated protections.
Entire agreement
Contract excludes reliance on pre-contract statements except fraud.
Legal
Medium
Customers should ensure sales promises are written into the agreement.
No waiver
Delay in enforcing rights does not waive them.
Legal
Low
Standard protection where parties tolerate minor breaches temporarily.
Severance
Invalid provisions may be severed without invalidating the contract.
Legal
Low
Helps preserve the agreement if a clause is unenforceable.
Third party rights
Third party enforcement rights are excluded unless expressly granted.
Legal
Low
Controls rights under the Contracts Rights of Third Parties Act 1999.

What SaaS Agreement Terms Are Usually Most Negotiated In The UK?

Liability caps, data protection, service levels, termination rights and IP ownership are usually the highest-impact negotiation points. They determine the customer’s practical remedy if the service fails, the supplier’s maximum exposure, and whether the customer can exit or recover data if the relationship breaks down.

How Should UK SaaS Customers Approach Supplier-Friendly Terms?

Customers should pay particular attention to clauses that exclude indirect loss, cap liability at fees paid, disclaim service continuity, allow unilateral changes, or limit audit and security commitments. These provisions can be commercially acceptable, but only if the customer has assessed dependency on the SaaS, regulatory exposure and business continuity risk.

What UK Legal Issues Should Not Be Treated As Boilerplate?

  • Data protection: UK GDPR and Data Protection Act 2018 obligations often require detailed processor clauses, security commitments and subprocessors controls.
  • Unfair terms and reasonableness: exclusions and limitations may need to be reasonable under the Unfair Contract Terms Act 1977 in business contracts.
  • IP and confidentiality: ownership of customer data, supplier software, feedback and generated outputs should be express to avoid disputes.
  • Financial controls: price increases, auto-renewal, payment suspension and tax provisions can materially alter lifetime contract cost.

What Is A Balanced SaaS Negotiation Position?

A balanced SaaS agreement usually protects the supplier’s reusable platform and commercial model while giving the customer clear service commitments, workable data protection protections, transparent pricing, defined exit rights, and remedies proportionate to business impact.

SaaS Agreement Negotiation Positions
Want to Generate Your own Software as a Service (SaaS) Subscription Agreement?
Docaro AI can help you write your own Software as a Service (SaaS) Subscription Agreement for use in the United Kingdom in minutes.
Generate Your Document Now

FAQs

They are the typical stances a supplier or customer may take when negotiating a SaaS subscription agreement, including positions on liability, service levels, data protection, payment, termination and intellectual property.
Show All FAQs

You Might Also Be Interested In

SaaS Subscription Agreement Clause Library
UK SaaS subscription agreement clause library with key contract terms, drafting insights and practical guidance for software providers.
SaaS Pricing and Billing Models
Explore United Kingdom SaaS pricing and billing models to compare costs, reduce risk, and plan better subscription agreements.

References and Information Sources