This is the third installment in a 3 part series on some of the most important contractual differences in a Software as a Service (SaaS) Agreement. You should be aware, some SaaS providers do not provide customers (subscribers) with an IP Indemnity against 3rd party infringement claims. The rationale is that they offer a Service, the use of the software is temporary so all you receive is a short term right to use, versus the perpetual term for use of the software, where an IP protection against future 3rd party infringement might make more sense.  The rationale is the SaaS offering is a much more fluid and dynamic offering, hence the service designation, as opposed to a software classification. It is interesting to note the actual license rights granted within some SaaS Agreements are relatively narrow, or in some cases just implied license rights to use the Service rather than expressly stated.  If this was just a service that position would not be so unreasonable, but a large part of the SaaS fee is for the (annual) term license, however  you may need to request an IP Indemnity from the SaaS vendor during the contract negotiation in order to secure this important contractual protection.

The SaaS Service includes the use of the SaaS vendor’s hosting cloud platform, typically most SaaS Providers contract with large host providers like Amazon Web Services (AWS), or Microsoft for the hosting element of their SaaS offering. The large host providers like Amazon include an IP Indemnity for the hosting service, so your SaaS vendor should be able to provide an IP indemnity on the hosting.  With regard to the software application  that they are running in the cloud, typically they have developed that software and therefore should be in an ideal position to provide an IP Indemnity on the work. This request can become contentious, however even if they do not provide an IP Indemnity they should at least include  representations: (i) that there are no known or suspected basis for any third party infringement claims; and (ii) that the SaaS provider will promptly advise the customer in the event of future claims. While that solution may be far less than ideal, it is much better to know about the infringement claims as they occur so that you can attempt to manage that exposure.

The biggest challenge for many SaaS vendors comes  from infringement exposure as a result of using the SaaS Service with the data that comes from the Subscriber themselves and/or from third party data sources; these are elements the SaaS vendor cannot control. As a result even where a SaaS provider will provide IP indemnity you should expect that they will exclude indemnity liability that arises from use of the SaaS Service with Subscriber data or third party data. It is somewhat unreasonable to expect that the SaaS Vendor would, or should, provide the end user with an IP indemnity against infringement exposure where that claim is based upon the data provided by that customer or from third party data that the customer may use with the SaaS Service. Many SaaS Agreements actually require an indemnity from you the SaaS Customer’s for infringement claims that arise from the Customer Data you load on their system,( do you have the appropriate consents, has that data been legally transferred in accordance with applicable data privacy laws etc.); this is a common and not unreasonable requirement from many SaaS vendors.

With regard to SaaS insurance concerns,  the challenge presented with many SaaS vendors is that they try to address insurance more like a software licensor as opposed to a service provider. Typically there is a greater level of personal interface with a SaaS vendor than the relationship you have with a Software provider. With a Software provider you may download the software and they may provide you with occasional updates, or perhaps you call a support hotline for support issues. With a SaaS Vendor there tends to be more interfacing sandbox sessions, on-site training, and related services in implementing the SaaS Solution, despite the fact that once running it is generally a remote delivery, there is generally a more significant personal service delivery component to the SaaS solution. As a result most Customer corporate risk departments will expect the same sort of insurance coverage they expect from consultants, rather than the general lack of insurance coverage common among  pure software providers. Therefore, they will likely request General Liability, Workers Comp,  Error and Omissions, Cyber Crime and Auto Insurance. It is important to note, that the insurance itself obviously does not create the liability, it just assures both the SaaS Vendor and the SaaS Customer that the financial resources are available to address that risk if it should arise; i.e. if the SaaS Vendor does not offer this coverage their company still remains liable for the claim.  It is best for all parties if the SaaS vendor offers adequate insurance coverage for reasonably foreseeable risks.