SaaS Agreements – Terms and Conditions – Subcontractors and Outsourcing

The terms of your SaaS agreement must include the right to use sub-contractors as 99% of SaaS suppliers use at least one sub-contractor – a third party data centre – to host their SaaS software. SaaS customers often try to prohibit the use of sub-contractors or place severe restrictions on their use by insisting that they must give prior consent to each sub-contractor. This is not acceptable for practical reasons as often numerous sub-contractors are used in providing the SaaS services and these sub-contractors will change over time.

Types of Sub-Contractors

The type, nature and number of sub-contractors that a SaaS supplier will use depends upon the SaaS software being used and the business sector in which you operate. However, generally the following sub-contractors are commonly used.

Hosting Centre

All SaaS suppliers will host data in a data centre which is in 99% of cases owned and operated by a third party. It is therefore essential that you specifically include the right to host customer data and process it in your third party data centre and you should reserve the right to be able to change the data centre without requiring prior consent from the SaaS customer.

Backups and Disaster Recovery

Many SaaS suppliers use online third party providers to backup data remotely and/or to provide disaster recovery services. If SaaS customers want to restrict your right to sub-contract, do not forget to include these sub-contractors in the list of approved sub-contractors, again reserving the right to change them without requiring the prior consent of the SaaS customer.


Many SaaS suppliers use third party software developers or offshore IT outsourcing centres to develop source code for their SaaS applications. If you do so, it is essential that you have the right to sub-contract included in the terms of your SaaS agreement. Also where professional services are provided to SaaS customers, third party consultants are often used and you will also need to have the right to use such sub-contractors. In such cases many SaaS customers will then require you to carry out security and background checks on such individuals (as if they were employees).


A SaaS customer’s main objection to the use of sub-contractors, is that they will have no recourse against the sub-contractor directly if there is a breach of contract caused by an act or omission of the sub-contractor i.e. the data centre is flooded and the SaaS service goes offline. It is common practice for SaaS suppliers to state in the SaaS agreement that any breach by a sub-contractor of the SaaS agreement will be treated as if the breach had been caused by the supplier itself. The customer should then agree to the use of sub-contractors as the aforementioned risk has been minimised.

Data Protection

In addition, SaaS customers often try to prevent the use of sub-contractors due to their obligations to comply with the provisions of the Data Protection Act 1998. SaaS customers often require the SaaS supplier to confirm that the data centre is bound by written obligations similar to those that the SaaS supplier gives to the customer in the SaaS agreement before it will agree to the sub-processing of data by the third party data centre. It is becoming increasingly common for SaaS customers to require SaaS suppliers to sign separate data processing agreements, particularly where the customer is a local authority.


By including appropriate provisions in your SaaS terms and conditions which cover the usual concerns raised by SaaS customers and address the risks of using sub-contractors, SaaS supplier’s should be able to avoid protracted discussions on their contractual right to use sub-contractors.


Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

To register for my newsletter click here


Other related articles: