If you are a SaaS company, you may come across a customer or prospective business partner who insists on the inclusion of a source code escrow agreement as part of the deal terms. If this scenario arises, you may be inclined to immediately agree to the prospective customer or business partner’s terms in order to close the deal you are negotiating. However, what do you need to know as a SaaS company about source code escrow before you agree to include source code escrow in the terms of a transaction?
First of all, you should know that the standard source code escrow product was not designed for SaaS and is probably not going to be very effective for a customer or business partner if they ever need to rely on it. The traditional source code escrow offering was intended for a traditional software product, which is downloaded to hardware and is updated or upgraded on a periodic basis. In the traditional source code escrow agreement, the deposit materials are generally only updated a few times a year. However, in the SaaS product scenario, the product is often updated on a continuous basis, so updating the deposit materials only a few times a year is unlikely to be sufficient. Similarly, in a traditional source code escrow agreement, the backup and storage of the data is unlikely to be addressed. However, in the SaaS agreement scenario, the customer or business partner is unlikely to have access to the data in the cloud, so the party receiving access to the deposit materials is more likely to expect the backup and storage of SaaS data to be a key component of the escrow relationship.
For this reason, many technology escrow companies are offering a special escrow products intended for SaaS only, which provide for the continuous update of deposit materials and include data as part of the deposit materials. The SaaS version of the escrow product is more likely to provide uninterrupted access to the full set of materials that the customer or business partner previously had access to in the cloud, so it is likely to be the better fit for the customer or partner seeking source code escrow as part of the deal terms.
Secondly, you should know that the SaaS version of the source code escrow product will likely be more expensive than the traditional product since it is going to be a more labor-intensive solution. A source code escrow company can expect in a SaaS product scenario to perform significantly more services to ensure that the escrow works if needed than it would have had to perform in a traditional software scenario, given the ongoing nature of the updates and upgrades. As a result, the costs of SaaS escrow are likely to be significantly higher than traditional software escrow, which should certainly be contemplated in the allocation of escrow costs between the parties.
Third, you should know that you may not be able to obtain the rights you are seeking to use the escrowed code in a release scenario. In SaaS, users typically receive access rights rather than license rights to the use of the intellectual property. As a result, a SaaS provider can build products that incorporate open source code and offer access rights to the end product, even though the provider is prohibited from distributing the software otherwise. The SaaS provider can also incorporate third party code into the product that cannot be sublicensed to third parties, even in an escrow scenario. So, it is certainly possible that the SaaS provider will not have the necessary rights in the SaaS product to be able to authorize the license grant to the escrowed materials, which could potentially result in the customer or business partner receiving physical copies of the source code and data but not having the rights necessary to use the copies procured.
Fourth, you should consider that mere possession of a functional copy of the source code and data may not be sufficient for a customer or business partner to continue using the software and applicable data in the event of a release condition. In fact, the customer or business partner may require transitioning services or access to the SaaS provider’s know-how before it is able to resume use of the software. Consequently, transitioning services and know-how transfer may be important considerations that need to be addressed in any escrow terms.
Fifth, you should consider that the very nature of SaaS escrow may result in the escrow provider having control over any collected data uploaded to the SaaS product and that the escrow provider could be vulnerable to a data breach arising from the acts or omissions of an employee or third party. Thus, the deal terms should contemplate the responsibilities and liabilities of the respective parties regarding the data and the potential for a data breach, as well as any available insurance coverage to protect against this risk.
All in all, while escrow products are now available and on the market, which may meet the needs of a prospective customer or business partner seeking source code escrow to a SaaS product, a SaaS provider will have a variety of considerations to contemplate before acquiescing to such demands in a negotiation. In the end, the decision of whether or not to agree to escrow terms should be based on a careful evaluation of all of the above considerations.