United Kingdom Software Licence Agreement Clause Library
Clause Name | Purpose | UK Drafting Considerations | Typical Importance | Typical Inclusion Frequency |
|---|---|---|---|---|
Licence grant | ||||
Licence grant | Grants the customer permission to use the software within agreed limits. | Define permitted users, territory, term, purpose, exclusivity and whether the licence is transferable or sublicensable. | High | Usually included |
Authorised users | Identifies who may access or use the software. | Specify employees, contractors, affiliates and named or concurrent user limits align with pricing and audit rights. | High | Usually included |
Licence term | States when licence rights start and end. | Distinguish fixed-term, perpetual and subscription licences coordinate with renewal, termination and payment provisions. | High | Usually included |
Territory | Limits where the software may be used or accessed. | Clarify remote access, cloud hosting locations and group use outside the UK. | Medium | Often included |
Permitted purpose | Restricts use to stated business, internal or project purposes. | Use clear objective limits to avoid uncertainty and support enforcement. | High | Usually included |
Installation and copies | Controls how many copies may be installed, stored or backed up. | Allow necessary backup copies where appropriate and avoid conflicting with statutory rights for lawful users. | Medium | Often included |
SaaS access rights | Grants access to hosted software rather than installed copies. | Define subscription scope, account security, availability, hosting, support and data processing responsibilities. | High | Often included |
Restrictions | ||||
No assignment or transfer of licence | Prevents the customer from transferring licence rights without consent. | Coordinate with general assignment provisions and corporate group restructuring exceptions. | Medium | Often included |
No sublicensing | Stops the customer granting software rights to third parties. | Carve out authorised contractors if needed and require customer responsibility for their acts. | High | Usually included |
Reverse engineering restriction | Prohibits decompilation, disassembly or reverse engineering except as legally permitted. | Preserve mandatory UK exceptions for lawful users, including limited decompilation for interoperability. | High | Usually included |
Modification restriction | Prevents unauthorised alteration, adaptation or derivative works. | Address configuration, APIs, permitted integrations and customer-owned customisations separately. | High | Usually included |
Benchmarking restriction | Restricts publication of performance tests or comparisons. | Ensure the restriction is proportionate and does not conflict with public procurement or regulatory transparency duties. | Low | Sometimes included |
Competitive use restriction | Stops use of the software to build or improve competing products. | Draft narrowly to reduce restraint of trade and competition law risk. | Medium | Often included |
Acceptable use | Prohibits unlawful, harmful, abusive or insecure use of the software. | For hosted services, cover malware, unlawful content, security testing, excessive load and account misuse. | High | Usually included |
Intellectual property | ||||
Open source components | Discloses and governs third-party open source software included in the product. | Identify components, applicable licences and any copyleft obligations affecting distribution or source code disclosure. | Medium | Often included |
Fees and payment | ||||
Licence fees | States fees payable for the licence or subscription. | Specify currency, VAT status, billing basis, usage metrics and whether fees are refundable. | High | Usually included |
Payment terms | Sets invoice timing, due dates and payment method. | State due dates clearly and consider statutory interest for late commercial payments. | High | Usually included |
Usage overage charges | Charges for use above agreed limits. | Define measurement method, reporting, notice and rate card to avoid pricing disputes. | Medium | Often included |
Price increases | Allows fees to change during renewals or ongoing subscriptions. | For consumers or small businesses, avoid unfair unilateral variation terms and give clear notice. | Medium | Often included |
Taxes and VAT | Allocates responsibility for VAT and other taxes. | State whether prices include or exclude VAT and address withholding tax for international customers. | Medium | Often included |
Licence audit rights | Allows checks on compliance with user, device or usage limits. | Set reasonable notice, business hours, confidentiality, frequency, underpayment thresholds and remote audit options. | Medium | Often included |
Intellectual property | ||||
Software ownership | Confirms the supplier retains ownership of software and related IP. | Separate ownership of standard software, documentation, updates, configurations and bespoke deliverables. | High | Usually included |
Customer materials ownership | Confirms the customer retains ownership of its data, content and materials. | Grant the supplier a limited licence to host, process and support the service. | High | Usually included |
Feedback and suggestions | Allows the supplier to use product feedback without owing compensation. | Clarify whether feedback creates any assignment, licence or confidentiality obligation. | Low | Sometimes included |
Support and maintenance | ||||
Updates and upgrades | Explains whether fixes, updates and new versions are included. | Define mandatory updates, version support periods, feature changes and compatibility obligations. | High | Usually included |
Support services | Sets the support provided for software issues. | Specify support hours, channels, severity levels, exclusions and customer cooperation duties. | High | Usually included |
Service levels | Sets measurable uptime, response or resolution commitments. | Define measurement windows, exclusions, service credits and whether credits are the sole remedy. | Medium | Often included |
Maintenance windows | Permits planned downtime for maintenance or upgrades. | Set notice periods, emergency maintenance rights and whether downtime counts against uptime targets. | Medium | Often included |
End-of-life and version retirement | Allows old versions or services to be retired after notice. | Give adequate notice, migration options and continued security patching commitments where appropriate. | Medium | Sometimes included |
Data and security | ||||
Data protection | Allocates UK GDPR roles and obligations for personal data. | Include controller and processor roles, Article 28 terms, sub-processors, security, audits and international transfers. | High | Usually included |
Information security measures | Requires technical and organisational measures to protect systems and data. | Reference appropriate standards, encryption, access controls, logging, vulnerability management and incident response. | High | Usually included |
Security incident notification | Requires notice and cooperation after a security breach or incident. | Align timing with UK GDPR personal data breach notification duties and customer regulatory needs. | High | Usually included |
Data backup | Sets responsibility for backing up hosted or customer data. | Define backup frequency, retention, restoration limits and customer export rights. | Medium | Often included |
International data transfers | Controls transfers of personal data outside the UK. | Use UK adequacy regulations, IDTA or UK Addendum where required. | High | Often included |
General legal terms | ||||
Confidentiality | Protects non-public software, business, technical and commercial information. | Define exceptions, permitted disclosures, duration and treatment of source code and security information. | High | Usually included |
Warranties | ||||
Performance warranty | Promises the software will materially perform as documented. | State warranty period, documentation standard, exclusions and remedy such as repair, replacement or refund. | High | Usually included |
No malware warranty | Promises reasonable efforts to prevent viruses or malicious code. | Avoid absolute guarantees link to reasonable scanning, secure development and known malware at delivery. | Medium | Often included |
Compliance with laws | Requires each party to comply with applicable laws when performing the agreement. | Specify relevant laws, including data protection, export controls, anti-bribery and sanctions where applicable. | Medium | Often included |
Warranty disclaimer | Excludes implied or unstated promises to the extent permitted by law. | Check reasonableness under UCTA for business contracts and fairness rules for consumer terms. | High | Usually included |
Consumer digital content rights | Addresses mandatory consumer rights for digital software content. | Do not exclude statutory quality, fitness, description, repair, replacement or refund rights for consumers. | High | Sometimes included |
Liability | ||||
IP infringement indemnity | Protects the customer if software infringes third-party IP rights. | Define covered claims, exclusions, control of defence, mitigation and remedies such as replacement or refund. | High | Often included |
Customer indemnity | Protects the supplier from claims caused by customer data, misuse or breach. | Tie indemnity to specific risks and align with liability caps and conduct of claims. | Medium | Often included |
Liability cap | Limits the maximum financial liability under the agreement. | Ensure exclusions and caps satisfy UCTA reasonableness where applicable carve out non-excludable liability. | High | Usually included |
Excluded losses | Excludes categories such as lost profits, revenue, goodwill or indirect losses. | Use precise categories and avoid excluding liability that cannot legally be excluded. | High | Usually included |
Unlimited liability carve-outs | Lists liabilities not subject to the cap. | Always carve out death or personal injury caused by negligence and fraud consider IP, confidentiality and data breaches. | High | Usually included |
Termination | ||||
Termination for breach | Allows termination for material breach, usually after a cure period. | Define material breach, cure periods and breaches that justify immediate termination. | High | Usually included |
Termination for insolvency | Allows termination if a party becomes insolvent or enters formal insolvency procedures. | Account for restrictions on terminating supply contracts during insolvency under the Corporate Insolvency and Governance Act 2020. | Medium | Often included |
Termination for convenience | Allows one or both parties to end the agreement without breach. | State notice period, refund position, minimum commitment and effect on prepaid fees. | Medium | Sometimes included |
Suspension rights | Allows temporary suspension for non-payment, security risk or misuse. | Include notice where practicable and avoid disproportionate suspension for minor disputes. | High | Often included |
Effect of termination | Explains what happens when the agreement ends. | Cover cessation of use, deletion or return of copies, payment, data export and surviving clauses. | High | Usually included |
Data return and deletion | Gives the customer access to export data and requires deletion after exit. | Align retention, deletion certification and processor obligations under UK GDPR Article 28. | High | Usually included |
Support and maintenance | ||||
Source code escrow | Provides access to source code if specified supplier failure events occur. | Define deposit materials, verification, release events, licence after release and escrow agent terms. | Low | Specialist use only |
Data and security | ||||
Disaster recovery and business continuity | Sets resilience and recovery arrangements for major outages. | Specify recovery time objectives, recovery point objectives, testing and customer notification. | Medium | Sometimes included |
General legal terms | ||||
Export controls and sanctions | Restricts use, export or access where sanctions or export laws apply. | Address controlled software, encryption, sanctioned territories, restricted users and customer screening duties. | Medium | Sometimes included |
Anti-bribery and corruption | Requires compliance with anti-bribery laws and ethical conduct standards. | Refer to the Bribery Act 2010 and include audit, training or reporting duties for higher-risk deals. | Medium | Often included |
Freedom of information | Addresses disclosure requests for public sector customers. | Acknowledge statutory disclosure duties under FOIA and manage confidential information marking and consultation. | Low | Specialist use only |
Warranties | ||||
Accessibility | Sets accessibility standards for software interfaces or digital services. | Public sector and consumer-facing services may need WCAG-based commitments and Equality Act awareness. | Medium | Sometimes included |
Support and maintenance | ||||
Third-party services and dependencies | Explains reliance on third-party platforms, APIs or hosting providers. | Identify dependencies, flow-down terms, change risks and responsibility for outages outside supplier control. | Medium | Often included |
Data and security | ||||
AI functionality | Allocates risk for AI outputs, training data and automated features. | Define input use, output ownership, human review, accuracy limits, model training and sensitive data restrictions. | Medium | Specialist use only |
General legal terms | ||||
Change control | Sets a process for changing scope, features, fees or services. | Require written approval and address whether online terms, order forms or policies can change unilaterally. | Medium | Often included |
Order of precedence | Resolves conflicts between the agreement, order forms, schedules and policies. | List documents clearly and prioritise data processing and security terms where appropriate. | Medium | Often included |
Notices | Sets how formal contractual notices must be given. | Specify email validity, deemed receipt, registered office use and Companies Act service issues for UK companies. | Medium | Usually included |
Force majeure | Excuses delay or non-performance caused by events beyond reasonable control. | Define events, notice, mitigation, payment exclusions and termination after prolonged disruption. | Medium | Usually included |
Assignment | Controls transfer of rights or obligations under the agreement. | Allow supplier transfer on sale of business if commercially needed consider data transfer and confidentiality impacts. | Medium | Usually included |
Subcontracting | Allows or restricts use of subcontractors to provide software services. | Keep supplier responsible for subcontractors and coordinate with UK GDPR sub-processor terms. | Medium | Often included |
Entire agreement | Prevents reliance on pre-contract statements not included in the agreement. | Do not attempt to exclude liability for fraud or fraudulent misrepresentation. | Medium | Usually included |
Severance | Keeps the agreement effective if one provision is invalid or unenforceable. | Use wording allowing invalid wording to be removed or modified only where legally effective. | Low | Usually included |
Waiver | Prevents delay or inaction from automatically waiving rights. | Require waivers to be written and specific to the relevant breach or right. | Low | Usually included |
Third party rights | States whether non-parties can enforce the agreement. | Exclude or expressly identify rights under the Contracts Rights of Third Parties Act 1999. | Low | Usually included |
Governing law | States which legal system governs the agreement. | Use England and Wales, Scotland or Northern Ireland deliberately UK is not a single contract law jurisdiction. | High | Usually included |
Jurisdiction | Chooses the courts or forum for disputes. | Specify exclusive or non-exclusive jurisdiction and match the chosen governing law where possible. | High | Usually included |
What Clauses Matter Most In A UK Software Licence Agreement?
Licence scope, restrictions, IP ownership, payment, data protection, warranties, liability and termination are the core clauses most UK software licence agreements need. These provisions define who may use the software, how it may be used, what is paid, what happens to data, and how risk is allocated.
How Should UK Law Affect Software Licence Drafting?
UK agreements should be drafted with specific attention to the Copyright, Designs and Patents Act 1988, the Data Protection Act 2018, UK GDPR, the Unfair Contract Terms Act 1977 and the Consumer Rights Act 2015 where relevant. In particular, liability exclusions, reverse engineering restrictions, personal data clauses and consumer-facing software terms need careful UK-specific wording.
Which Clauses Are Most Often Negotiated?
- Liability caps, especially whether caps apply to data breaches, IP claims, confidentiality breaches and unpaid fees.
- Support and service levels, especially response times, uptime and remedies for failure.
- Audit rights, particularly for enterprise or seat-based licences.
- Termination and exit provisions, including data return, deletion and post-termination access.
- IP indemnities, especially where the licensee relies on the software for business-critical operations.
When Is Specialist Drafting Needed?
Specialist drafting is usually needed for SaaS platforms, escrow arrangements, open source components, regulated-sector users, public sector customers, AI-enabled software, export-controlled software and international data transfers. These clauses can materially affect compliance, operational continuity and commercial risk.

FAQs
You Might Also Be Interested In

