Docaro

United Kingdom SaaS Subscription Agreement Clause Library

Created:
Explore key clauses for SaaS subscription agreements in the UK. This clause library helps you understand common contract terms and links to the main AI Generated British Software as a Service (SaaS) Subscription Agreement category for broader guidance.
Clause name
Purpose
Importance level
Usually included
Drafting considerations
Core commercial clause
Agreement Structure And Order Form
Links the main terms to the customer-specific order details.
High
true
State precedence between order form, main terms, schedules, policies and data processing addendum.
Parties And Customer Details
Identifies the contracting parties and customer entity.
High
true
Use correct legal names, company numbers, registered addresses and authorised signatories.
Definitions And Interpretation
Defines key terms and rules for interpreting the agreement.
High
true
Define service, users, data, fees, term, business day, confidential information and documentation consistently.
Service Description
Describes the SaaS product and functionality supplied to the customer.
High
true
Avoid vague promises
specify modules, environments, exclusions, documentation and dependencies.
Subscription Grant
Grants the customer a limited right to access and use the SaaS service.
High
true
State non-exclusive, non-transferable, subscription-based access scope and permitted internal business use.
Authorised Users
Controls who may access the SaaS service under the customer account.
High
true
Define employees, contractors, affiliates, named users, concurrent users and customer responsibility for user acts.
Usage Limits
Sets limits on users, storage, transactions, API calls or other usage metrics.
High
true
Tie limits to billing metrics and explain monitoring, overages, throttling and upgrades.
Service operation clause
Acceptable Use Policy
Prohibits misuse of the service and protects the provider platform.
High
true
Cover unlawful content, security testing, spam, scraping, reverse engineering, malware and excessive load.
Customer Responsibilities
Sets the customer obligations needed for the service to work properly.
High
true
Address user management, internet access, configurations, lawful data, cooperation and account security.
Core commercial clause
Fees And Charges
Sets subscription fees and other amounts payable by the customer.
High
true
Specify currency, billing basis, included features, professional services, overages and non-refundable charges.
Payment Terms
Explains when and how subscription fees must be paid.
High
true
Include invoice timing, payment method, due date, disputed invoices and consequences of non-payment.
VAT And Taxes
Allocates responsibility for VAT and other applicable taxes.
High
true
State whether prices are exclusive of VAT and address withholding tax and tax evidence.
Late Payment Interest
Allows interest and recovery costs on overdue business debts.
Medium
true
Decide whether to rely on statutory interest or specify a contractual interest rate.
Price Increases
Permits changes to subscription pricing during renewals or the term.
Medium
true
State notice period, cap, indexation, renewal timing and customer cancellation rights.
Initial Term
Sets the first committed subscription period.
High
true
Specify start date, service commencement, minimum commitment and whether implementation time counts.
Renewal
Explains whether and how the subscription renews after the initial term.
High
true
Choose auto-renewal or manual renewal and state cancellation notice requirements clearly.
Legal compliance clause
Auto-Renewal Transparency
Reduces enforceability and consumer fairness risk for automatic renewal terms.
Medium
false
For consumer or small business-like users, make renewal timing, charges and cancellation prominent.
Service operation clause
Service Availability
States the target uptime or availability of the SaaS service.
High
true
Define measurement period, excluded downtime, monitoring source and remedy for failure.
Service Levels
Sets measurable operational commitments for the service.
High
true
Specify uptime, response times, incident severity, reporting and whether credits are exclusive remedy.
Risk allocation clause
Service Credits
Provides a financial remedy for service level failures.
Medium
true
Set claim process, credit caps, exclusions and whether credits are sole remedy.
Service operation clause
Support Services
Describes helpdesk and technical support provided to the customer.
High
true
State channels, hours, languages, severity levels, response targets and excluded support.
Maintenance Windows
Allows scheduled downtime for updates, repairs and maintenance.
Medium
true
Define notice, timing, emergency maintenance and whether planned downtime affects availability metrics.
Updates And Changes To Service
Permits the provider to improve or modify the SaaS service.
High
true
Reserve change rights but restrict material degradation of core functionality during committed terms.
Risk allocation clause
Beta Features
Controls use of experimental or pre-release service features.
Medium
false
Exclude warranties, service levels and support
allow withdrawal and protect feedback rights.
Service operation clause
Implementation Services
Covers setup, configuration, onboarding or deployment work.
Medium
false
Define milestones, assumptions, dependencies, acceptance, charges and delay consequences.
Training
Sets any training services included with the subscription.
Low
false
Specify format, number of sessions, attendees, materials, timing and extra fees.
Documentation
Identifies user guides and technical documentation for the service.
Medium
true
Clarify whether documentation is contractual, changeable and subject to separate licence limits.
Customer Account Security
Requires the customer to protect login credentials and account access.
High
true
Require strong passwords, MFA where available, prompt notice of compromise and user access reviews.
Legal compliance clause
Information Security Measures
Sets the provider security commitments for the SaaS service.
High
true
Describe organisational and technical measures without promising unattainable absolute security.
Security Certifications
Records any security standards or certifications maintained by the provider.
Medium
false
Specify certification scope, current status, audit reports, replacement standards and notice of lapse.
Service operation clause
Backups
Explains whether and how customer data is backed up.
High
true
State frequency, retention, restoration limits and whether backups are disaster recovery only.
Disaster Recovery And Business Continuity
Addresses continuity arrangements for major outages or incidents.
High
true
Define recovery objectives, testing, dependencies, exclusions and reporting obligations.
Legal compliance clause
Data Protection Roles
Identifies whether each party acts as controller, processor or joint controller.
High
true
Map processing activities and avoid assuming processor status where provider decides purposes.
Data Processing Agreement
Includes mandatory processor terms where the provider processes personal data for the customer.
High
true
Cover instructions, confidentiality, security, sub-processors, assistance, deletion, audits and records.
Processing Instructions
Sets the customer instructions governing personal data processing.
High
true
Identify documented instructions, lawful escalation of unlawful instructions and service-related processing.
Personal Data Security
Requires appropriate technical and organisational security for personal data.
High
true
Specify security schedule, encryption, access control, resilience, testing and risk-based standards.
Personal Data Breach Notification
Requires notice and assistance after a personal data breach.
High
true
Set prompt processor notice, information requirements, investigation cooperation and regulator deadlines.
Sub-Processors
Controls appointment of third parties that process personal data for the provider.
High
true
State general or specific authorisation, notice of changes, objections and flow-down terms.
International Data Transfers
Regulates transfers of personal data outside the UK or approved destinations.
High
true
Use UK IDTA, UK Addendum, adequacy regulations or other valid transfer mechanism.
Data Subject Rights Assistance
Requires processor help with access, deletion, objection and other rights requests.
Medium
true
Define support scope, timeframes, self-service tools and charges for exceptional assistance.
Deletion Or Return Of Personal Data
Sets what happens to personal data at the end of processing.
High
true
Define export period, deletion timetable, backup retention and legal retention exceptions.
Audit Rights For Data Protection
Allows verification of processor compliance with data protection obligations.
Medium
true
Use reports first, limit onsite audits, protect other customers and allocate audit costs.
Core commercial clause
Customer Data Ownership
Confirms the customer retains rights in data uploaded to the service.
High
true
Distinguish customer data, provider data, usage data, aggregated data and derived analytics.
Provider Intellectual Property
Confirms provider ownership of the platform, software and related IP.
High
true
Reserve all rights not expressly granted and include software, code, interfaces and know-how.
Customer Data Licence
Allows the provider to host, copy and process customer data to supply the service.
High
true
Limit licence to service provision, support, security, backups and agreed analytics.
Usage Data And Analytics
Permits use of operational, diagnostic or aggregated service usage data.
Medium
true
Address anonymisation, aggregation, personal data limits, product improvement and confidentiality.
Feedback
Allows the provider to use customer suggestions about the service.
Low
true
State feedback is voluntary and may be used without restriction or payment.
Risk allocation clause
Third-Party Software And Open Source
Addresses third-party components and open-source software used in the service.
Medium
false
Identify separate licence terms, attribution, exclusions and provider responsibility for embedded components.
Service operation clause
Third-Party Integrations
Allocates responsibility for integrations with external applications or services.
Medium
true
Clarify third-party terms, API changes, availability, data sharing and support boundaries.
APIs
Sets rules for use of application programming interfaces.
Medium
false
Specify rate limits, credentials, documentation, breaking changes, security and API misuse.
Risk allocation clause
Confidentiality
Protects non-public business, technical and commercial information.
High
true
Define confidential information, exclusions, permitted disclosures, duration and return or destruction.
Core commercial clause
Publicity And Customer Logo Use
Controls whether the provider may identify the customer publicly.
Low
false
Require consent for press releases and specify permitted logo, case study and client list use.
Risk allocation clause
Warranties
States the provider assurances about the SaaS service and performance.
High
true
Limit warranties to material conformity with documentation and reasonable skill and care.
Warranty Disclaimers
Excludes implied terms and limits unsupported service promises.
High
true
Check UCTA reasonableness for business contracts and avoid excluding non-excludable liability.
Limitation Of Liability
Caps and structures each party's financial exposure.
High
true
Use clear caps, super-caps and carve-outs
ensure business-to-business reasonableness under UCTA.
Excluded Losses
Excludes categories such as loss of profits, revenue, goodwill and indirect losses.
High
true
Draft specific exclusions and avoid inconsistency with indemnities, service credits and data loss terms.
Unlimited Liability Carve-Outs
Preserves liability that cannot or should not be limited.
High
true
Include death or personal injury from negligence, fraud and other non-excludable liabilities.
IP Indemnity
Protects the customer against third-party IP infringement claims caused by the service.
High
true
Include defence control, exclusions for customer modifications and remedies to replace or terminate.
Customer Indemnity
Protects the provider from claims caused by customer data, misuse or unlawful use.
Medium
true
Cover customer content, breach of acceptable use, unauthorised access and third-party rights claims.
Indemnity Procedure
Sets the process for handling indemnified third-party claims.
Medium
true
Require prompt notice, control of defence, cooperation and limits on settlement admissions.
Termination clause
Suspension For Non-Payment
Allows access to be suspended if fees are overdue.
High
true
Include notice, cure period, disputed sums protection and continued fee accrual.
Suspension For Security Or Misuse
Allows urgent suspension to protect the service, users or third parties.
High
true
Permit immediate targeted suspension for threats, unlawful use, malware or policy breaches.
Termination For Cause
Allows termination for material breach or other serious default.
High
true
State material breach, cure periods, repeated breaches and immediate termination triggers.
Termination For Insolvency
Allows termination when a party enters specified insolvency events.
Medium
true
Align events with UK insolvency law and consider restrictions on ipso facto clauses for suppliers.
Termination For Convenience
Allows termination without breach, usually on notice.
Medium
false
Decide whether available during committed terms and whether prepaid fees are refundable.
Effect Of Termination
Explains consequences when the subscription ends.
High
true
Address access cessation, unpaid fees, refunds, survival clauses, data export and deletion.
Data Export On Exit
Gives the customer a practical way to retrieve data after termination.
High
true
Specify export format, access period, charges, support and deletion after expiry.
Exit Assistance
Provides transition support when the customer leaves the service.
Medium
false
Define scope, duration, rates, cooperation with replacement suppliers and security limits.
Survival
Identifies clauses that continue after termination or expiry.
High
true
Preserve payment, confidentiality, IP, liability, indemnities, audit and dispute clauses as needed.
Legal compliance clause
Compliance With Laws
Requires each party to comply with applicable laws relating to its obligations.
High
true
Avoid broad provider responsibility for customer-specific regulated use unless expressly agreed.
Anti-Bribery And Corruption
Requires compliance with anti-bribery laws and ethical conduct obligations.
Medium
true
Include Bribery Act compliance, policies, reporting, audit and termination rights for breach.
Sanctions And Export Controls
Prevents use or supply of the service in breach of sanctions or export controls.
Medium
true
Include restricted parties, territories, export-controlled technology and suspension or termination rights.
Modern Slavery
Supports compliance with modern slavery and human trafficking obligations.
Low
false
Consider for larger organisations and public procurement
require policies and supply chain compliance.
Consumer SaaS Compliance
Adds protections required where SaaS is supplied to consumers.
High
false
Address digital content rights, fairness, cancellation information and non-excludable consumer remedies.
Accessibility
Addresses accessibility duties or standards for users with disabilities.
Medium
false
State any WCAG target, customer configuration role and limits on bespoke accessibility commitments.
Core commercial clause
Audit Rights For Fees And Usage
Allows verification of subscription usage and underpayment.
Medium
false
Prefer system usage reports
limit frequency, notice, scope and customer disruption.
Service operation clause
Records And Reporting
Requires operational, security or compliance reports to be provided.
Medium
false
Specify report type, frequency, format, confidentiality and whether reports are standard or bespoke.
Change Control
Provides a process for agreeing changes to services, scope or charges.
Medium
false
Use written change orders for custom work, integrations, service levels or pricing changes.
Risk allocation clause
Force Majeure
Excuses non-performance caused by events outside reasonable control.
Medium
true
Cover cloud outages, cyber incidents, strikes and public internet failures carefully
exclude payment obligations if desired.
Core commercial clause
Notices
Sets how formal contractual notices must be given.
Medium
true
Specify email, portal, post, deemed receipt and addresses for legal notices.
Assignment And Transfer
Controls transfer of rights or obligations to another party.
Medium
true
Permit transfers to affiliates or on business sale
restrict customer assignment without consent.
Service operation clause
Subcontracting
Allows the provider to use subcontractors to deliver the service.
Medium
true
Preserve provider responsibility and align with sub-processor restrictions for personal data.
Risk allocation clause
Entire Agreement
Confirms the contract supersedes prior statements and negotiations.
Medium
true
Do not exclude fraud
decide how sales materials, proposals and order forms are treated.
Core commercial clause
Variation
Sets how contractual amendments become effective.
Medium
true
Require written agreement or define unilateral update rights for online policies and service terms.
Risk allocation clause
Waiver
Prevents delay or inaction from automatically waiving contractual rights.
Low
true
State waiver must be express and does not affect future rights.
Severance
Keeps the contract effective if one provision is invalid or unenforceable.
Low
true
Allow deletion or modification of invalid wording while preserving the commercial bargain.
No Partnership Or Agency
Confirms the parties remain independent contractors.
Low
true
State neither party may bind the other or act as agent unless expressly authorised.
Third Party Rights
Controls whether non-parties can enforce contract terms.
Low
true
Exclude third-party rights or expressly grant rights to affiliates, users or group companies.
Legal compliance clause
Governing Law
Selects the law governing the agreement.
High
true
For UK use, specify England and Wales, Scotland or Northern Ireland as appropriate.
Jurisdiction
Identifies which courts can hear disputes under the agreement.
High
true
Choose exclusive or non-exclusive courts and align with governing law and customer location.
Risk allocation clause
Dispute Resolution Escalation
Requires business-level escalation before formal proceedings.
Medium
false
Set escalation contacts, timetable and exceptions for urgent injunctions or unpaid fees.
Injunctive Relief
Preserves urgent court remedies for IP, confidentiality or security breaches.
Medium
false
Carve urgent relief out of escalation or mediation procedures where delay would cause harm.
Core commercial clause
Online Terms Incorporation
Incorporates hosted policies, addenda or product-specific terms into the agreement.
Medium
true
Provide stable URLs, version control, notice of changes and precedence rules.
Electronic Signature And Acceptance
Allows the agreement to be accepted electronically or through clickwrap processes.
Medium
true
Keep acceptance records, show terms before acceptance and record user authority.
Affiliate Use
Allows customer group companies to use the service under the subscription.
Medium
false
Define affiliates, contracting responsibility, user limits, data protection roles and territory.
Service operation clause
Multi-Tenant Hosting
Explains shared cloud infrastructure and logical data separation.
Medium
false
Describe tenant isolation, security controls and limits on customer infrastructure demands.
Hosting Location
Identifies where the SaaS service or data is hosted.
Medium
false
State region commitments carefully and align with international transfer and resilience terms.
Legal compliance clause
Regulated Customer Use
Allocates responsibility where the customer operates in a regulated sector.
Medium
false
Avoid assuming sector-specific compliance unless included in scope, service levels or compliance schedules.
Risk allocation clause
AI Features
Allocates risk and responsibilities for AI-enabled SaaS functionality.
Medium
false
Address input rights, output use, accuracy, human review, training data and prohibited uses.
Legal compliance clause
Customer Content Moderation
Allows action against unlawful or harmful customer content hosted in the service.
Medium
false
Reserve removal, restriction and reporting rights while preserving confidentiality and evidence needs.
Service operation clause
Vulnerability Disclosure
Sets how security vulnerabilities are reported and handled.
Medium
false
Provide reporting channel, safe harbour limits, remediation process and confidentiality rules.
Penetration Testing By Customer
Controls customer security testing of the SaaS service.
Medium
false
Require prior approval, scope, timing, tester credentials, no disruption and vulnerability disclosure.
Risk allocation clause
Escrow
Provides access to source code or continuity materials in exceptional circumstances.
Low
false
SaaS escrow needs data, deployment scripts, documentation, release triggers and hosting dependencies.
Core commercial clause
Benchmarking
Allows comparison of service quality or pricing against market standards.
Low
false
Define benchmarker, comparators, frequency, confidentiality and consequences of variance.
Most Favoured Customer Pricing
Gives the customer protection against less favourable pricing than comparable customers.
Low
false
Define comparable customers, package differences, promotions, evidence and remedy precisely.
Risk allocation clause
Service Roadmap Disclaimer
Prevents future product plans becoming binding commitments.
Low
false
State roadmap information is non-binding and subject to change unless in the order form.

What Clauses Matter Most In A UK SaaS Subscription Agreement?

A strong UK SaaS subscription agreement should prioritise service scope, fees, renewal, service levels, data protection, security, liability, intellectual property, suspension and termination. These clauses control the main commercial bargain and the areas most likely to create disputes.

How Should UK SaaS Agreements Deal With Data Protection?

If the SaaS provider processes personal data for the customer, the agreement will usually need UK GDPR and Data Protection Act 2018 compliant processor terms. These should cover processing instructions, security, sub-processors, international transfers, audit rights, breach notification and deletion or return of data.

What Should Customers Check Before Signing?

  • Usage limits and pricing: check user numbers, storage, API calls, overage fees and price increases.
  • Service commitments: confirm uptime, support hours, maintenance windows, remedies and exclusions.
  • Exit rights: ensure data export, transition support and post-termination access are workable.
  • Risk allocation: review liability caps, exclusions, indemnities and whether data loss, confidentiality and IP claims are carved out.

What Should SaaS Providers Draft Carefully?

Providers should align the agreement with their actual product, infrastructure and support model. Over-promising on uptime, backup, security, integrations or compliance can create avoidable liability, especially where the agreement includes service credits, audit rights or regulatory commitments.

SaaS Subscription Agreement Clause Library
Want to Generate Your own Software as a Service (SaaS) Subscription Agreement?
Docaro AI can help you write your own Software as a Service (SaaS) Subscription Agreement for use in the United Kingdom in minutes.
Generate Your Document Now

FAQs

A United Kingdom SaaS subscription agreement clause library is a structured collection of contract clauses commonly used in SaaS agreements governed by UK law, such as subscription terms, user rights, data protection, service levels, payment, termination, and liability clauses.
Show All FAQs

You Might Also Be Interested In

SaaS Agreement Negotiation Positions
UK SaaS agreement negotiation positions covering key risks, clauses and fallback options for buyers and suppliers.
SaaS Pricing and Billing Models
Explore United Kingdom SaaS pricing and billing models to compare costs, reduce risk, and plan better subscription agreements.

References and Information Sources