United Kingdom SaaS Subscription Agreement Clause Library
Clause name | Purpose | Importance level | Usually included | Drafting considerations |
|---|---|---|---|---|
Core commercial clause | ||||
Agreement Structure And Order Form | Links the main terms to the customer-specific order details. | High | true | State precedence between order form, main terms, schedules, policies and data processing addendum. |
Parties And Customer Details | Identifies the contracting parties and customer entity. | High | true | Use correct legal names, company numbers, registered addresses and authorised signatories. |
Definitions And Interpretation | Defines key terms and rules for interpreting the agreement. | High | true | Define service, users, data, fees, term, business day, confidential information and documentation consistently. |
Service Description | Describes the SaaS product and functionality supplied to the customer. | High | true | Avoid vague promises specify modules, environments, exclusions, documentation and dependencies. |
Subscription Grant | Grants the customer a limited right to access and use the SaaS service. | High | true | State non-exclusive, non-transferable, subscription-based access scope and permitted internal business use. |
Authorised Users | Controls who may access the SaaS service under the customer account. | High | true | Define employees, contractors, affiliates, named users, concurrent users and customer responsibility for user acts. |
Usage Limits | Sets limits on users, storage, transactions, API calls or other usage metrics. | High | true | Tie limits to billing metrics and explain monitoring, overages, throttling and upgrades. |
Service operation clause | ||||
Acceptable Use Policy | Prohibits misuse of the service and protects the provider platform. | High | true | Cover unlawful content, security testing, spam, scraping, reverse engineering, malware and excessive load. |
Customer Responsibilities | Sets the customer obligations needed for the service to work properly. | High | true | Address user management, internet access, configurations, lawful data, cooperation and account security. |
Core commercial clause | ||||
Fees And Charges | Sets subscription fees and other amounts payable by the customer. | High | true | Specify currency, billing basis, included features, professional services, overages and non-refundable charges. |
Payment Terms | Explains when and how subscription fees must be paid. | High | true | Include invoice timing, payment method, due date, disputed invoices and consequences of non-payment. |
VAT And Taxes | Allocates responsibility for VAT and other applicable taxes. | High | true | State whether prices are exclusive of VAT and address withholding tax and tax evidence. |
Late Payment Interest | Allows interest and recovery costs on overdue business debts. | Medium | true | Decide whether to rely on statutory interest or specify a contractual interest rate. |
Price Increases | Permits changes to subscription pricing during renewals or the term. | Medium | true | State notice period, cap, indexation, renewal timing and customer cancellation rights. |
Initial Term | Sets the first committed subscription period. | High | true | Specify start date, service commencement, minimum commitment and whether implementation time counts. |
Renewal | Explains whether and how the subscription renews after the initial term. | High | true | Choose auto-renewal or manual renewal and state cancellation notice requirements clearly. |
Legal compliance clause | ||||
Auto-Renewal Transparency | Reduces enforceability and consumer fairness risk for automatic renewal terms. | Medium | false | For consumer or small business-like users, make renewal timing, charges and cancellation prominent. |
Service operation clause | ||||
Service Availability | States the target uptime or availability of the SaaS service. | High | true | Define measurement period, excluded downtime, monitoring source and remedy for failure. |
Service Levels | Sets measurable operational commitments for the service. | High | true | Specify uptime, response times, incident severity, reporting and whether credits are exclusive remedy. |
Risk allocation clause | ||||
Service Credits | Provides a financial remedy for service level failures. | Medium | true | Set claim process, credit caps, exclusions and whether credits are sole remedy. |
Service operation clause | ||||
Support Services | Describes helpdesk and technical support provided to the customer. | High | true | State channels, hours, languages, severity levels, response targets and excluded support. |
Maintenance Windows | Allows scheduled downtime for updates, repairs and maintenance. | Medium | true | Define notice, timing, emergency maintenance and whether planned downtime affects availability metrics. |
Updates And Changes To Service | Permits the provider to improve or modify the SaaS service. | High | true | Reserve change rights but restrict material degradation of core functionality during committed terms. |
Risk allocation clause | ||||
Beta Features | Controls use of experimental or pre-release service features. | Medium | false | Exclude warranties, service levels and support allow withdrawal and protect feedback rights. |
Service operation clause | ||||
Implementation Services | Covers setup, configuration, onboarding or deployment work. | Medium | false | Define milestones, assumptions, dependencies, acceptance, charges and delay consequences. |
Training | Sets any training services included with the subscription. | Low | false | Specify format, number of sessions, attendees, materials, timing and extra fees. |
Documentation | Identifies user guides and technical documentation for the service. | Medium | true | Clarify whether documentation is contractual, changeable and subject to separate licence limits. |
Customer Account Security | Requires the customer to protect login credentials and account access. | High | true | Require strong passwords, MFA where available, prompt notice of compromise and user access reviews. |
Legal compliance clause | ||||
Information Security Measures | Sets the provider security commitments for the SaaS service. | High | true | Describe organisational and technical measures without promising unattainable absolute security. |
Security Certifications | Records any security standards or certifications maintained by the provider. | Medium | false | Specify certification scope, current status, audit reports, replacement standards and notice of lapse. |
Service operation clause | ||||
Backups | Explains whether and how customer data is backed up. | High | true | State frequency, retention, restoration limits and whether backups are disaster recovery only. |
Disaster Recovery And Business Continuity | Addresses continuity arrangements for major outages or incidents. | High | true | Define recovery objectives, testing, dependencies, exclusions and reporting obligations. |
Legal compliance clause | ||||
Data Protection Roles | Identifies whether each party acts as controller, processor or joint controller. | High | true | Map processing activities and avoid assuming processor status where provider decides purposes. |
Data Processing Agreement | Includes mandatory processor terms where the provider processes personal data for the customer. | High | true | Cover instructions, confidentiality, security, sub-processors, assistance, deletion, audits and records. |
Processing Instructions | Sets the customer instructions governing personal data processing. | High | true | Identify documented instructions, lawful escalation of unlawful instructions and service-related processing. |
Personal Data Security | Requires appropriate technical and organisational security for personal data. | High | true | Specify security schedule, encryption, access control, resilience, testing and risk-based standards. |
Personal Data Breach Notification | Requires notice and assistance after a personal data breach. | High | true | Set prompt processor notice, information requirements, investigation cooperation and regulator deadlines. |
Sub-Processors | Controls appointment of third parties that process personal data for the provider. | High | true | State general or specific authorisation, notice of changes, objections and flow-down terms. |
International Data Transfers | Regulates transfers of personal data outside the UK or approved destinations. | High | true | Use UK IDTA, UK Addendum, adequacy regulations or other valid transfer mechanism. |
Data Subject Rights Assistance | Requires processor help with access, deletion, objection and other rights requests. | Medium | true | Define support scope, timeframes, self-service tools and charges for exceptional assistance. |
Deletion Or Return Of Personal Data | Sets what happens to personal data at the end of processing. | High | true | Define export period, deletion timetable, backup retention and legal retention exceptions. |
Audit Rights For Data Protection | Allows verification of processor compliance with data protection obligations. | Medium | true | Use reports first, limit onsite audits, protect other customers and allocate audit costs. |
Core commercial clause | ||||
Customer Data Ownership | Confirms the customer retains rights in data uploaded to the service. | High | true | Distinguish customer data, provider data, usage data, aggregated data and derived analytics. |
Provider Intellectual Property | Confirms provider ownership of the platform, software and related IP. | High | true | Reserve all rights not expressly granted and include software, code, interfaces and know-how. |
Customer Data Licence | Allows the provider to host, copy and process customer data to supply the service. | High | true | Limit licence to service provision, support, security, backups and agreed analytics. |
Usage Data And Analytics | Permits use of operational, diagnostic or aggregated service usage data. | Medium | true | Address anonymisation, aggregation, personal data limits, product improvement and confidentiality. |
Feedback | Allows the provider to use customer suggestions about the service. | Low | true | State feedback is voluntary and may be used without restriction or payment. |
Risk allocation clause | ||||
Third-Party Software And Open Source | Addresses third-party components and open-source software used in the service. | Medium | false | Identify separate licence terms, attribution, exclusions and provider responsibility for embedded components. |
Service operation clause | ||||
Third-Party Integrations | Allocates responsibility for integrations with external applications or services. | Medium | true | Clarify third-party terms, API changes, availability, data sharing and support boundaries. |
APIs | Sets rules for use of application programming interfaces. | Medium | false | Specify rate limits, credentials, documentation, breaking changes, security and API misuse. |
Risk allocation clause | ||||
Confidentiality | Protects non-public business, technical and commercial information. | High | true | Define confidential information, exclusions, permitted disclosures, duration and return or destruction. |
Core commercial clause | ||||
Publicity And Customer Logo Use | Controls whether the provider may identify the customer publicly. | Low | false | Require consent for press releases and specify permitted logo, case study and client list use. |
Risk allocation clause | ||||
Warranties | States the provider assurances about the SaaS service and performance. | High | true | Limit warranties to material conformity with documentation and reasonable skill and care. |
Warranty Disclaimers | Excludes implied terms and limits unsupported service promises. | High | true | Check UCTA reasonableness for business contracts and avoid excluding non-excludable liability. |
Limitation Of Liability | Caps and structures each party's financial exposure. | High | true | Use clear caps, super-caps and carve-outs ensure business-to-business reasonableness under UCTA. |
Excluded Losses | Excludes categories such as loss of profits, revenue, goodwill and indirect losses. | High | true | Draft specific exclusions and avoid inconsistency with indemnities, service credits and data loss terms. |
Unlimited Liability Carve-Outs | Preserves liability that cannot or should not be limited. | High | true | Include death or personal injury from negligence, fraud and other non-excludable liabilities. |
IP Indemnity | Protects the customer against third-party IP infringement claims caused by the service. | High | true | Include defence control, exclusions for customer modifications and remedies to replace or terminate. |
Customer Indemnity | Protects the provider from claims caused by customer data, misuse or unlawful use. | Medium | true | Cover customer content, breach of acceptable use, unauthorised access and third-party rights claims. |
Indemnity Procedure | Sets the process for handling indemnified third-party claims. | Medium | true | Require prompt notice, control of defence, cooperation and limits on settlement admissions. |
Termination clause | ||||
Suspension For Non-Payment | Allows access to be suspended if fees are overdue. | High | true | Include notice, cure period, disputed sums protection and continued fee accrual. |
Suspension For Security Or Misuse | Allows urgent suspension to protect the service, users or third parties. | High | true | Permit immediate targeted suspension for threats, unlawful use, malware or policy breaches. |
Termination For Cause | Allows termination for material breach or other serious default. | High | true | State material breach, cure periods, repeated breaches and immediate termination triggers. |
Termination For Insolvency | Allows termination when a party enters specified insolvency events. | Medium | true | Align events with UK insolvency law and consider restrictions on ipso facto clauses for suppliers. |
Termination For Convenience | Allows termination without breach, usually on notice. | Medium | false | Decide whether available during committed terms and whether prepaid fees are refundable. |
Effect Of Termination | Explains consequences when the subscription ends. | High | true | Address access cessation, unpaid fees, refunds, survival clauses, data export and deletion. |
Data Export On Exit | Gives the customer a practical way to retrieve data after termination. | High | true | Specify export format, access period, charges, support and deletion after expiry. |
Exit Assistance | Provides transition support when the customer leaves the service. | Medium | false | Define scope, duration, rates, cooperation with replacement suppliers and security limits. |
Survival | Identifies clauses that continue after termination or expiry. | High | true | Preserve payment, confidentiality, IP, liability, indemnities, audit and dispute clauses as needed. |
Legal compliance clause | ||||
Compliance With Laws | Requires each party to comply with applicable laws relating to its obligations. | High | true | Avoid broad provider responsibility for customer-specific regulated use unless expressly agreed. |
Anti-Bribery And Corruption | Requires compliance with anti-bribery laws and ethical conduct obligations. | Medium | true | Include Bribery Act compliance, policies, reporting, audit and termination rights for breach. |
Sanctions And Export Controls | Prevents use or supply of the service in breach of sanctions or export controls. | Medium | true | Include restricted parties, territories, export-controlled technology and suspension or termination rights. |
Modern Slavery | Supports compliance with modern slavery and human trafficking obligations. | Low | false | Consider for larger organisations and public procurement require policies and supply chain compliance. |
Consumer SaaS Compliance | Adds protections required where SaaS is supplied to consumers. | High | false | Address digital content rights, fairness, cancellation information and non-excludable consumer remedies. |
Accessibility | Addresses accessibility duties or standards for users with disabilities. | Medium | false | State any WCAG target, customer configuration role and limits on bespoke accessibility commitments. |
Core commercial clause | ||||
Audit Rights For Fees And Usage | Allows verification of subscription usage and underpayment. | Medium | false | Prefer system usage reports limit frequency, notice, scope and customer disruption. |
Service operation clause | ||||
Records And Reporting | Requires operational, security or compliance reports to be provided. | Medium | false | Specify report type, frequency, format, confidentiality and whether reports are standard or bespoke. |
Change Control | Provides a process for agreeing changes to services, scope or charges. | Medium | false | Use written change orders for custom work, integrations, service levels or pricing changes. |
Risk allocation clause | ||||
Force Majeure | Excuses non-performance caused by events outside reasonable control. | Medium | true | Cover cloud outages, cyber incidents, strikes and public internet failures carefully exclude payment obligations if desired. |
Core commercial clause | ||||
Notices | Sets how formal contractual notices must be given. | Medium | true | Specify email, portal, post, deemed receipt and addresses for legal notices. |
Assignment And Transfer | Controls transfer of rights or obligations to another party. | Medium | true | Permit transfers to affiliates or on business sale restrict customer assignment without consent. |
Service operation clause | ||||
Subcontracting | Allows the provider to use subcontractors to deliver the service. | Medium | true | Preserve provider responsibility and align with sub-processor restrictions for personal data. |
Risk allocation clause | ||||
Entire Agreement | Confirms the contract supersedes prior statements and negotiations. | Medium | true | Do not exclude fraud decide how sales materials, proposals and order forms are treated. |
Core commercial clause | ||||
Variation | Sets how contractual amendments become effective. | Medium | true | Require written agreement or define unilateral update rights for online policies and service terms. |
Risk allocation clause | ||||
Waiver | Prevents delay or inaction from automatically waiving contractual rights. | Low | true | State waiver must be express and does not affect future rights. |
Severance | Keeps the contract effective if one provision is invalid or unenforceable. | Low | true | Allow deletion or modification of invalid wording while preserving the commercial bargain. |
No Partnership Or Agency | Confirms the parties remain independent contractors. | Low | true | State neither party may bind the other or act as agent unless expressly authorised. |
Third Party Rights | Controls whether non-parties can enforce contract terms. | Low | true | Exclude third-party rights or expressly grant rights to affiliates, users or group companies. |
Legal compliance clause | ||||
Governing Law | Selects the law governing the agreement. | High | true | For UK use, specify England and Wales, Scotland or Northern Ireland as appropriate. |
Jurisdiction | Identifies which courts can hear disputes under the agreement. | High | true | Choose exclusive or non-exclusive courts and align with governing law and customer location. |
Risk allocation clause | ||||
Dispute Resolution Escalation | Requires business-level escalation before formal proceedings. | Medium | false | Set escalation contacts, timetable and exceptions for urgent injunctions or unpaid fees. |
Injunctive Relief | Preserves urgent court remedies for IP, confidentiality or security breaches. | Medium | false | Carve urgent relief out of escalation or mediation procedures where delay would cause harm. |
Core commercial clause | ||||
Online Terms Incorporation | Incorporates hosted policies, addenda or product-specific terms into the agreement. | Medium | true | Provide stable URLs, version control, notice of changes and precedence rules. |
Electronic Signature And Acceptance | Allows the agreement to be accepted electronically or through clickwrap processes. | Medium | true | Keep acceptance records, show terms before acceptance and record user authority. |
Affiliate Use | Allows customer group companies to use the service under the subscription. | Medium | false | Define affiliates, contracting responsibility, user limits, data protection roles and territory. |
Service operation clause | ||||
Multi-Tenant Hosting | Explains shared cloud infrastructure and logical data separation. | Medium | false | Describe tenant isolation, security controls and limits on customer infrastructure demands. |
Hosting Location | Identifies where the SaaS service or data is hosted. | Medium | false | State region commitments carefully and align with international transfer and resilience terms. |
Legal compliance clause | ||||
Regulated Customer Use | Allocates responsibility where the customer operates in a regulated sector. | Medium | false | Avoid assuming sector-specific compliance unless included in scope, service levels or compliance schedules. |
Risk allocation clause | ||||
AI Features | Allocates risk and responsibilities for AI-enabled SaaS functionality. | Medium | false | Address input rights, output use, accuracy, human review, training data and prohibited uses. |
Legal compliance clause | ||||
Customer Content Moderation | Allows action against unlawful or harmful customer content hosted in the service. | Medium | false | Reserve removal, restriction and reporting rights while preserving confidentiality and evidence needs. |
Service operation clause | ||||
Vulnerability Disclosure | Sets how security vulnerabilities are reported and handled. | Medium | false | Provide reporting channel, safe harbour limits, remediation process and confidentiality rules. |
Penetration Testing By Customer | Controls customer security testing of the SaaS service. | Medium | false | Require prior approval, scope, timing, tester credentials, no disruption and vulnerability disclosure. |
Risk allocation clause | ||||
Escrow | Provides access to source code or continuity materials in exceptional circumstances. | Low | false | SaaS escrow needs data, deployment scripts, documentation, release triggers and hosting dependencies. |
Core commercial clause | ||||
Benchmarking | Allows comparison of service quality or pricing against market standards. | Low | false | Define benchmarker, comparators, frequency, confidentiality and consequences of variance. |
Most Favoured Customer Pricing | Gives the customer protection against less favourable pricing than comparable customers. | Low | false | Define comparable customers, package differences, promotions, evidence and remedy precisely. |
Risk allocation clause | ||||
Service Roadmap Disclaimer | Prevents future product plans becoming binding commitments. | Low | false | State roadmap information is non-binding and subject to change unless in the order form. |
What Clauses Matter Most In A UK SaaS Subscription Agreement?
A strong UK SaaS subscription agreement should prioritise service scope, fees, renewal, service levels, data protection, security, liability, intellectual property, suspension and termination. These clauses control the main commercial bargain and the areas most likely to create disputes.
How Should UK SaaS Agreements Deal With Data Protection?
If the SaaS provider processes personal data for the customer, the agreement will usually need UK GDPR and Data Protection Act 2018 compliant processor terms. These should cover processing instructions, security, sub-processors, international transfers, audit rights, breach notification and deletion or return of data.
What Should Customers Check Before Signing?
- Usage limits and pricing: check user numbers, storage, API calls, overage fees and price increases.
- Service commitments: confirm uptime, support hours, maintenance windows, remedies and exclusions.
- Exit rights: ensure data export, transition support and post-termination access are workable.
- Risk allocation: review liability caps, exclusions, indemnities and whether data loss, confidentiality and IP claims are carved out.
What Should SaaS Providers Draft Carefully?
Providers should align the agreement with their actual product, infrastructure and support model. Over-promising on uptime, backup, security, integrations or compliance can create avoidable liability, especially where the agreement includes service credits, audit rights or regulatory commitments.

FAQs
You Might Also Be Interested In

