Category: Security

New EU and UK Data Security Laws

Below is a summary of the following data security laws, the EU Network and Information Systems Directive 2, the EU Digital Operational Resilience Act, the EU Cyber Resilience Act, the EU Critical Entities Resilience Directive and the UK Product Security and Telecommunications Infrastructure Act that will impact SaaS suppliers and SaaS customers in 2025. Some of these laws apply extra-territorially, meaning the laws apply even when a SaaS supplier is not located in the UK or the EU (respectively).

It is important to be aware of these new laws in order to assess whether or not they apply to your particular SaaS business, products and services.

Continue reading

SaaS Agreements – DORA – ICT Supplier Obligations

SaaS suppliers obligations under the Digital Operational Resilience Act,(“DORA”), (Regulation (EU) 2022/2554 on digital operational resilience for the EU financial sector), are effective from the 17th of January 2025. From this date DORA provisions must be included in contracts entered into between financial services entities subject to DORA and their third party providers of ICT Services. As SaaS suppliers are third party providers of digital and data services on an ongoing basis they will be third party providers of ICT services if their SaaS customers are regulated by DORA. Both

Continue reading

SaaS, ASP Agreements – FAQs – Security

What data security provisions need to be included in a SaaS agreement? Customer’s Security Obligations – These should be set out in the software licence. Access to the software and services should not be permitted to third parties without prior authorisation from the supplier. The customer should provide the following warranties:
– existence of adequate security measure to ensure access to the software and services does not breach the terms of the SaaS agreement

Continue reading