The global market of the software as a service (SaaS) according to various estimates is going to reach about 1 trillion US dollars in 2025, which is almost three times more than this year. Alongside SaaS, the related cloud technology markets are constantly evolving as well. They include developers-oriented platforms providing ready-for-service tools for development (Platform as a Service or PaaS), cloud infrastructures for owners of IT systems, which provide an infrastructure (in the form of servers) for creating platforms and applications (Infrastructure as a Service or IaaS), etc. More and more "cloud" solutions optimizing almost all business processes quickly with relative financial benefit will appear on the market. It goes without saying that technological innovations are significantly ahead of their legal regulation. Thus the relationships between users and providers of cloud technologies are currently governed by contracts. In this article we are going to explore some peculiarities of concluding SaaS agreements under Ukrainian law.
What is SaaS?
SaaS is a software distribution model in which software is hosted on a developer's or provider's server, and the user can access it remotely via the Internet. The service in this case is provision by a developer or a provider of its own server, which has software installed and services of technical support for server and software.
Such model does not require installation of licensed software on client's computer, so significant initial investments will not be required as well. Access to this cloud service is available through web browser or via application on any device, for example, Gmail for emails or Zoom for videoconferences. It usually operates on subscriptions (prepayment) for the particular term that allows to pay for services only when the service is actually used.
Cooperation of a SaaS provider and its client is usually governed by the complex agreement that comprises provisions of several contacts pertinent to IT industry at once, in particular license agreement and contract for services. Such an agreement usually is concluded between resident users and foreign providers under a foreign law and has conditions that are common for IT industry. If such an agreement is concluded between residents then Ukrainian law shall apply and, correspondingly, typical conditions of the contract under a foreign law may not work in practice.
Uptime and Warranties
SaaS agreements shall have service level, for example, an uptime that is the time SaaS has been working and available without disruptions. Warranties may differ depending on the size of a system and of a provider's company. Generally, big providers don’t grant any warranties at all and may change measures of system's operations at their own discretion. Meanwhile, for big clients providers usually warrant commercially reasonable service level or up to 99,99% of system's uptime.
Service level conditions in foreign law may be addressed in legislation or in case law, which interprets such legal notions as "commercially reasonable". Thus a client can protect his rights in court, even if SaaS agreement does not set service levels therein.
Ukrainian legislation does not determine standards for service level. At the same time, service level is important for SaaS agreement under Ukrainian law, because operation of the system is the major part of the contract performed by a provider. Ukrainian law prescribes special conditions for settlement of payments in case of non-performance of a contract for services. The amount of consideration may depend on whose fault has caused inability to perform the contract.
In SaaS arrangements parties' actions towards software may affect the service level and therefore may have an impact on performance of the agreement itself. Judicial practice indicates that the agreement should envisage what actions would be deemed the cause for inability to perform the agreement due to client's fault and which are contingent on the provider's actions. Such actions may involve, for example, downtime that is the time when the system has not been working due to use of incompatible software or devices by the end user, due to cyber attacks, malware or lost Internet connection.
Transfer of intellectual property rights
Generally, under SaaS agreement the provider does not transfer to the client any intellectual property. Meanwhile, the client may assign to the provider the rights to such property. It can be content and data, which can be uploaded and be published while using SaaS, database of users, original visual and textual content. The provider may in fact infringe on the intellectual property rights of the client or end users, if the agreement does not have proper license provisions. Therefore, to avoid such situations, the agreement should specify what exactly the provider can do with the client's content, and shall provide for a license with the right to copy, to publish client's content and to produce derivative works with the right to transfer such content to third parties.
Non-disclosure and confidentiality clause
Confidentiality is a crucial condition for SaaS providers working in the electronic document management, accounting, corporate email, etc. Data breach in those areas poses the risk of great liability for the provider and of losses for the client.
Typical situation for SaaS agreements concluded either under foreign or Ukrainian law is where non disclosure clauses do not define what specific information or data will be confidential. In addition, actions, which constitute the disclosure and methods of recording confidentiality breaches, frequently are not specified. Contractual penalties for the breach of non-disclosure clause are set usually in unreasonable amounts. These are the reasons why such non-disclosure clauses do not work in Ukraine and the rights afforded by such clauses cannot be upheld by court. The approach to the contractual penalties shall be extremely cautious, because in case of a dispute it shall be proved that the party's disclosure of the confidential information entails the liability in the amount defined in the agreement.
Continuous uninterrupted provision of services is extremely important for the client within the SaaS framework of cooperation. Client has the access only to an object code, does not have access to a source code at all and, on top of that, SaaS provider stores all client's data. Such framework works properly until provider, who keeps the source code, renders technical support of the system, and fixes software errors and malfunction.
Should unforeseen circumstances occur, for example: flood, fire or suspension of provider's activity - software may stop functioning at clients' end that may have various consequences, from insignificant damages to complete loss of business by the client. Therefore, SaaS arrangements should envisage escrow mechanism where third party (escrow agent) renders provider's services to the client, if adverse circumstances will occur as determined by the contract.
Escrow implies that a third party will regularly receive updated object code and source code together with the data received from the client during the performance of SaaS agreement. If the provider will not be able to perform the contract, a third party will provide the client with the access to the object code, source code and client's data. Escrow in foreign jurisdiction usually has its special regulation and is secured with various agreements. Mechanics of escrow can be implemented in Ukraine via tripartite agreement, where all parties may agree on their rights and obligations in details.
Indemnity, recovery of damages and limitation of liability
Ukrainian law does not directly provide for a mechanism similar to the indemnity. Indemnity is the compensation for losses, which are incurred when unforeseen circumstances determined by the agreement will occur without a fault of a party to the contract. In Ukraine, there is only the possibility to recover damages caused by the breach of contract due to party's fault. Absence of indemnity in Ukrainian law is a significant risk for providers. For instance, the issue may arise when end users will upload content that infringes on copyrights of third parties or violates laws. In doing so, they may cause losses to the provider, whereas the client cannot be held liable for such actions.
Interests of the parties to SaaS contract under Ukrainian law can be balanced otherwise, for example, by stipulating the obligation of the client to verify users' content, by affording to a provider the right to block users and to stop provision of services unilaterally.
Also, SaaS contract often prescribes provisions on limitation of liability and waiver of claim. With regards to the latter, in Ukraine everything is clear: the waiver of claim will be void. The conditions on limitation of liability of the parties can be enforced under Ukrainian law.
Limitation of liability in SaaS contracts usually concerns providers. Pursuant to Ukrainian law parties can limit the amount of damages, for example, by contract's consideration or to reduce liability to payment of only contractual penalty. Limitation of liability may be applied to a part of the contract, whereas for the breach of certain rights, for instance, regarding intellectual property and confidential information, full liability can be stipulated in the contact.
Food for thought
Ukrainian legislature indeed has recognized that cloud services will gain even more traction. The bill on cloud services, which is going through the second reading in the parliament, is the evidence to that. The bill is aimed at implementation of state policy on giving the priority to cloud services (also called as "cloud first") in public administration, education, science and in other areas of life of Ukrainian public. Moreover, the bill envisages development and approval of Model contract for cloud services for public users. Will the rules for cloud services change after enacting the bill? The time will show, but well considered and drafted SaaS contract will remain the keystone of reliable cooperation of the parties.