Below is a summary of the following online platform laws, the EU Digital Services Act, the European Accessibility Directive and the UK Online Safety Act, the UK Digital Markets Competition and Consumers Act and the EU Revised Product Liability Directive, that will impact SaaS suppliers and SaaS customers in 2025. Some of these laws apply extra-territorially, meaning the laws apply even when a SaaS supplier is not located in the UK or the EU (respectively). It is important to be aware of these new laws in order to assess whether
Continue readingTag: SaaS expert
SaaS Agreements – New EU and UK Data Laws
Below is a summary of the EU Artificial Intelligence Act, the EU Data Act and the UK Data Use and Access Act that will impact SaaS suppliers and SaaS customers in 2025. These laws will apply extra-territorially, meaning the laws apply even when a SaaS supplier is not located in the UK or the EU (respectively). It is important to be aware of these new laws in order to assess whether or not they apply to your particular SaaS business, products and services. The EU AI Act applies to AI systems and AI models and categorises AI systems into different risk categories.
Continue readingSaaS Agreements – GDPR – US Companies
From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing UK data protection laws. The GDPR does not just apply to SaaS suppliers and SaaS customers located in the EU. The GDPR also applies extraterritorially, i.e. to SaaS suppliers and SaaS customers located outside of the EU, for example in the USA, as set out below.
GDPR Applies to US SaaS Customers and SaaS Suppliers
The GDPR will apply to SaaS suppliers and SaaS customers located in the USA if:
They offer goods or services to SaaS customers located within the EU; or
They monitor the behaviour of EU data subjects;
Even though the SaaS supplier or SaaS Customer is not located within the EU.
Continue readingSaaS Agreements – GDPR – The General Data Protection Regulation
The General Data Protection Regulation (“GDPR”) will replace the existing EU Data Protection Directive and harmonise European data protection law from the 25th of May 2018. In the UK the GDPR will replace the Data Protection Act 1998 from the 25th of May 2018, regardless of “Brexit”. This will have a significant effect on both SaaS suppliers and SaaS customers who will need to comply with the terms of the GDPR. SaaS suppliers and SaaS customers must update all contractual documents that involve data processing, such as SaaS agreements, privacy policies and hosting and support agreements to comply with the new rules under the GDPR before the 25th of May deadline.
Continue readingSaaS Agreements – GDPR – New German Data Protection Law (BDSG)
The General Data Protection Regulation (GDPR) will replace the existing EU Data Protection Directive and aims to harmonise European data protection law from the 25th of May 2018. In Germany, the Government has already amended the existing German Data Protection Act (BDSG) and from the 25th of May 2018 the New German Data Protection Act (New BDSG) and the GDPR will apply together.
Compliance with the New BDSG
Both SaaS suppliers and SaaS customers who provide services to German clients or who collect or process personal data of German data subjects on behalf of international SaaS clients, will need to comply with the terms of the New BDSG in addition to the terms of the GDPR. The New BDSG sets out derogations from certain parts of the GDPR and additional obligations.
Continue readingSaaS Agreement – FAQs -What is a SLA and Essential Terms to include in a SLA
A SLA forms part of a SaaS agreement. The SLA can be contained in a separate schedule to the SaaS agreement, or included in the main terms and conditions of the SaaS agreement. An SLA sets out:
Details about the availability of the software and services;
Technical details about hosting; and
Details about support and maintenance services for the software.
SaaS Agreements – FAQs – What is SaaS and Essential Terms to include in a SaaS Agreement
SaaS is the abbreviation for “software as a service”. You may know this under another name, for example subscription agreement, software on demand, software subscription agreement, cloud computing or ASP services (application service provider). These names all refer to the same thing – software being made available via the Internet to users.
Continue readingSaaS Agreements – Data Protection – What SaaS Suppliers need to know about the GDPR
From the 25th of May 2018 the EU General Data Protection Regulation (GDPR) will come into force and change existing data protection laws in all 28 EU member states. The GDPR will place direct obligations on SaaS suppliers (data processors) in relation to data processing activities. In addition customers (data controllers), their clients (data subjects) and local data protection authorities will be able to enforce breaches of the new rules directly against SaaS suppliers.
Continue readingSaaS Agreements – Reseller Agreements – Price Fixing
SaaS suppliers and SaaS resellers should be aware that price fixing is illegal under UK and EU competition law. Often SaaS resellers are not aware that the terms of their SaaS reseller agreement include price fixing clauses. For example: If the SaaS reseller agreement includes clause on resale price maintenance (RPM). This will usually be deemed to be price fixing by the Competition and Markets Authority (CMA) who investigates breaches of competition law in the UK.
Continue readingSaaS Agreements – Terms and Conditions – Data Processing Agreement
Under the Data Protection Act 1998 (DPA) UK SaaS suppliers currently have limited obligations to SaaS customers when processing personal data as part of their SaaS services. However, from the 25th of May 2018 the General Data Protection Regulation (GDPR) will impose numerous new data processing obligations on SaaS suppliers. In particular, the obligation for SaaS suppliers to enter into a written data processing agreement with SaaS customers and sub-contractors.
Continue reading