Skip to main content
BusinessHong Kong

SaaS Agreements Under Hong Kong Law: The Clauses That Decide Disputes

Reviewed by the Forms Legal Editorial Team·Last updated
Key takeaways

Hong Kong is a common-law jurisdiction, so a SaaS agreement is enforced much as an English-law contract would be: the words on the page control. That makes the drafting of a handful of clauses — service levels, data protection, liability, termination and governing law — the whole game. This guide walks through the clauses that actually decide SaaS disputes in Hong Kong, for vendors and customers alike.

Legal basis: Personal Data (Privacy) Ordinance (Cap. 486); Electronic Transactions Ordinance (Cap. 553)

saas agreement hong kong — free, fillable template; download as PDF or Word.

Service description and service levels

The single most litigated gap in SaaS deals is the space between what the sales deck promised and what the agreement defines. Define the service by reference to documentation, list the included modules, and put uptime commitments into a measurable SLA: the percentage target, the measurement window, the exclusions (planned maintenance, force majeure, customer-side failures) and the remedy — usually service credits. Under Hong Kong contract law, if the SLA states credits as the sole remedy for downtime, courts will generally hold the parties to that allocation.

Personal data: the PDPO applies to the customer AND the vendor

The Personal Data (Privacy) Ordinance (Cap. 486) governs personal data in Hong Kong through its Data Protection Principles. In the classic SaaS setup the customer is the data user and the vendor processes data on its behalf — and the PDPO requires a data user who engages a processor to adopt contractual or other means to prevent unauthorised access, loss or misuse of the data, and to prevent it being kept longer than necessary. In practice the agreement should specify:

  • what personal data the vendor will handle, and for what purposes;
  • security measures and breach-notification duties;
  • where the data is hosted, and rules for engaging sub-processors;
  • deletion or return of data on termination.

Customers subject to overseas regimes (for example, EU customers under the GDPR) typically layer their own data-processing addendum on top — vendors should expect and accommodate this.

Electronic signing

The Electronic Transactions Ordinance (Cap. 553) recognises electronic records and electronic signatures for most commercial contracts, so a SaaS agreement can be validly signed online. Keep evidence of who clicked and when — an audit trail turns a signature dispute into a non-issue.

Liability caps and the clauses that survive them

Hong Kong law lets sophisticated parties allocate risk, and the Control of Exemption Clauses Ordinance (Cap. 71) subjects certain exclusions to a reasonableness test. A market-standard SaaS liability clause typically:

  • caps aggregate liability at fees paid over a defined trailing period;
  • excludes indirect and consequential loss;
  • carves out from the cap what should never be capped — breaches of confidentiality, data-protection obligations, IP infringement indemnities and liability that cannot lawfully be excluded.

Term, suspension and exit

Spell out suspension rights (non-payment, security threats), termination for material breach with a cure period, and — most importantly for customers — the exit assistance: data export format, a post-termination retrieval window, and deletion certification after it closes. Data hostage situations are a drafting failure, not a legal inevitability.

Governing law and disputes

Hong Kong law with the Hong Kong courts, or arbitration seated in Hong Kong (commonly HKIAC rules), are the natural choices when either party is Hong Kong-based; arbitration adds confidentiality and easier cross-border enforcement under the New York Convention. Whatever the choice, make it explicit — silence invites a jurisdiction fight before the merits are ever reached.

Start from a Hong Kong-specific base

A Hong Kong SaaS agreement template drafted around the PDPO, Cap. 553 e-signing and Cap. 71 reasonableness rules gives both sides a structure that matches local law instead of a recycled US form. Adjust the SLA, data schedule and liability numbers to the deal, and have both parties sign electronically with an audit trail.

Need the document itself? Download the free template →

This article is general information, not legal advice — see our accuracy & editorial policy. Confirm the cited law is current before relying on it.

More legal guides