What laws govern a SaaS agreement in England and Wales?

A SaaS agreement in England and Wales is governed by several overlapping legal frameworks. The primary legislation affecting SaaS contracts includes: the UK General Data Protection Regulation (UK GDPR) as incorporated by the Data Protection Act 2018, which governs how personal data is processed when the provider hosts customer data; the Supply of Goods and Services Act 1982, which implies terms of reasonable care and skill into service contracts unless expressly excluded (subject to the Unfair Contract Terms Act 1977); the Consumer Rights Act 2015, which applies where the customer is a consumer and imposes non-excludable digital content quality standards; the Computer Misuse Act 1990, which protects cloud infrastructure against unauthorised access; and the Electronic Commerce (EC Directive) Regulations 2002, which apply to online contracts formed electronically. For B2B SaaS contracts, English common law governs most aspects of contract formation, performance, and remedies.

What should a UK SaaS agreement say about data protection?

Data protection is one of the most critical aspects of any UK SaaS agreement. Where the SaaS provider processes personal data on behalf of the customer — which is almost always the case when customer employees or end users upload data to the platform — the provider acts as a data processor and the customer acts as a data controller. Article 28 of the UK GDPR requires the parties to enter into a written data processing agreement (DPA) setting out the subject matter, duration, nature, and purpose of the processing; the type of personal data and categories of data subjects; and the obligations and rights of both parties. The DPA must contain specific mandatory terms, including the processor's obligation to process data only on the controller's documented instructions, to maintain confidentiality, to implement appropriate security measures, to assist the controller with data subject rights requests, and to delete or return personal data on termination. Failure to comply with the UK GDPR can result in fines of up to £17.5 million or 4% of global annual turnover, whichever is higher.

What is an uptime SLA and how is it calculated?

A service level agreement (SLA) for uptime defines the percentage of time the SaaS service must be operational and available during a given measurement period (typically a calendar month). Uptime is calculated as: (Total Time - Downtime) / Total Time x 100. For example, a 99.9% uptime commitment in a 30-day month means the service may be unavailable for no more than approximately 43.8 minutes per month. A 99.5% uptime commitment allows up to approximately 3.65 hours of downtime per month. The SLA should specify: (1) what counts as downtime (total unavailability vs. degraded performance); (2) how downtime is measured (Provider's monitoring systems vs. Customer-reported); (3) the measurement period; and (4) what remedies are available if the SLA is breached, typically service credits. It should also specify what is excluded from the calculation — such as scheduled maintenance windows, outages caused by the Customer's own systems, or force majeure events.

Who owns the customer data on a SaaS platform under English law?

Under English law, the customer retains ownership of the data it uploads to or generates on a SaaS platform. There is no general principle of 'database rights' that would automatically vest in the provider by virtue of hosting the data, although the provider may have database rights in any databases it creates as part of the platform itself under the Copyright and Rights in Databases Regulations 1997. A well-drafted SaaS agreement should expressly confirm that Customer Data remains the property of the customer, that the provider is only granted a limited licence to use that data to provide the service, and that on termination the customer has the right to export or receive a copy of its data before it is deleted. This clarity is particularly important in the context of UK GDPR, where the customer (as data controller) must be able to demonstrate that it has control over its data and that data subjects' rights can be exercised.

Can a SaaS provider in England and Wales limit its liability for service outages?

Yes, a SaaS provider can limit its liability for service outages in a B2B contract, but only to the extent that the limitation is reasonable under the Unfair Contract Terms Act 1977 (UCTA 1977). A clause limiting or excluding liability for breach of contract must satisfy the reasonableness test in UCTA 1977, which considers factors such as the bargaining strength of the parties, whether the customer received any inducement to accept the limitation, whether the customer knew or ought to have known of the limitation, and whether it would have been practicable for the customer to obtain the goods or services elsewhere without the limitation. In practice, limiting liability to service credits for SLA failures is widely accepted in the B2B SaaS market and is generally considered reasonable, provided the credits represent a meaningful remedy for the customer. For consumer customers, the Consumer Rights Act 2015 imposes stricter rules and certain limitations of liability may be void.

What notice period should a SaaS agreement include for termination in England and Wales?

The appropriate notice period for termination of a SaaS agreement in England and Wales depends on the nature of the service and the subscription term. For monthly rolling subscriptions, a notice period of 30 days before the renewal date is common. For annual subscriptions, a notice period of 60 to 90 days before the annual renewal is more typical, giving both parties sufficient time to plan for continuity or transition. The agreement should distinguish between: (1) termination for convenience, where the customer or provider simply chooses not to renew; (2) termination for cause, where one party may terminate immediately or with a short cure period in response to a material breach or insolvency; and (3) termination for failure to meet SLA commitments over an extended period. It is also important to include a data export period — the agreement should give the customer a reasonable period (at least 30 days) after termination to retrieve its data before the provider deletes it from its systems.

SaaS Agreement (UK)

SaaS Agreement

This Software as a Service Agreement (the “Agreement”) is entered into on [Effective Date] (the “Effective Date”) by and between:

[Provider Name], [Who Provider], with its registered or principal address at [Provider Address], [Provider City], [Provider County], [Provider Postcode], England (hereinafter referred to as the “Provider”); and

[Customer Name], [Who Customer], with its registered or principal address at [Customer Address], [Customer City], [Customer County], [Customer Postcode], England (hereinafter referred to as the “Customer”).

The Provider and the Customer are referred to collectively in this Agreement as the “Parties” and individually as a “Party”.

BACKGROUND

WHEREAS, the Provider operates a software as a service platform known as [Service Name] and wishes to grant the Customer access to that platform on a subscription basis; and

WHEREAS, the Customer wishes to subscribe to the Service on the terms and conditions set out in this Agreement;

NOW, THEREFORE, in consideration of the subscription fees paid and the mutual obligations set out herein, the Parties agree as follows:

1. DEFINITIONS

1.1 In this Agreement, the following terms shall have the meanings set out below:

“Service” means the [Service Name] platform, being [Service Description], made available to the Customer by the Provider via the internet on a software as a service basis.
“Authorised Users” means the employees, contractors, or agents of the Customer who are authorised to access and use the Service, up to the maximum number specified in clause 3.
“Customer Data” means all data, content, and information uploaded to or generated by the Customer on the Service.
“Subscription Plan” means the [Subscription Plan] subscription tier selected by the Customer.
“Subscription Fee” means the recurring fee payable by the Customer for access to the Service as set out in clause 5.
“Uptime” means the percentage of time the Service is operational and available to the Customer in any given calendar month, excluding scheduled maintenance.

2. GRANT OF ACCESS

2.1 Subject to the terms of this Agreement and payment of the Subscription Fee, the Provider hereby grants the Customer a non-exclusive, non-transferable right to access and use the Service during the Subscription Term solely for the Customer’s internal business purposes.

2.2 The Customer shall not: (a) sub-license, sell, resell, transfer, or commercially exploit the Service; (b) use the Service to provide services to third parties on a bureau or outsourcing basis; (c) use the Service to develop a competing product or service; or (d) attempt to gain unauthorised access to any systems or networks connected to the Service, which may constitute an offence under the Computer Misuse Act 1990.

2.3 The Customer shall ensure that Authorised Users comply with this Agreement and shall be responsible for any breach of this Agreement by any Authorised User.

3. AUTHORISED USERS

3.1 Under the [Subscription Plan], the Customer is permitted up to [Authorised Users] Authorised Users. The Customer shall not permit the Service to be accessed by more than this number of Authorised Users.

3.2 The Customer shall maintain accurate and current records of all Authorised Users and shall ensure that each Authorised User keeps their login credentials confidential and does not share access credentials.

3.3 If the Customer requires additional Authorised Users beyond the limit set out in clause 3.1, the Parties may agree in writing to upgrade the Customer’s subscription to a higher tier at the prevailing rates.

4. SUBSCRIPTION FEE AND PAYMENT

4.1 In consideration of the access granted under this Agreement, the Customer shall pay the Provider the Subscription Fee of £[Subscription Fee] per [Billing Cycle], payable in advance at the start of each billing period.

4.2 All Subscription Fees are exclusive of VAT, which the Customer shall pay at the applicable rate on receipt of a valid VAT invoice from the Provider.

4.3 The Provider may increase the Subscription Fee on renewal by giving the Customer not less than 30 days’ written notice prior to the renewal date.

4.4 If the Customer fails to pay any sum due by the due date, the Provider may: (a) suspend access to the Service until all outstanding amounts are paid; and (b) charge interest on the overdue sum at the rate of 8% per annum above the Bank of England base rate pursuant to the Late Payment of Commercial Debts (Interest) Act 1998, accruing daily from the due date until actual payment.

5. SUBSCRIPTION TERM AND TERMINATION

5.1 This Agreement shall commence on the Effective Date and shall continue for [Initial Term] (the “Initial Term”). On expiry of the Initial Term, this Agreement shall automatically renew for successive periods equal to the Initial Term, unless either Party gives the other not less than [Renewal Notice Period] days’ written notice of non-renewal before the end of the then-current term.

5.2 Either Party may terminate this Agreement immediately on written notice if the other Party: (a) commits a material breach that is incapable of remedy or remains unremedied 30 days after receipt of written notice requiring remedy; (b) becomes insolvent, enters administration, or ceases to trade; or (c) is subject to a change of control without the other Party’s prior written consent.

5.3 The Customer may terminate this Agreement for convenience at any time by giving not less than [Renewal Notice Period] days’ written notice, but no refund of pre-paid Subscription Fees shall be due unless otherwise required by applicable law.

5.4 On termination or expiry of this Agreement, the Customer’s access to the Service shall cease. The Provider shall provide the Customer with a reasonable opportunity (not less than 30 days) to export Customer Data before permanently deleting it from the Provider’s systems.

6. SERVICE LEVELS

6.1 The Provider shall use commercially reasonable efforts to make the Service available with an uptime of [Uptime Commitment]% in any given calendar month, measured on a 24/7 basis, excluding scheduled maintenance windows.

6.2 The Provider shall give the Customer at least 48 hours’ advance notice of any planned maintenance that is likely to materially affect the availability of the Service.

6.3 The uptime commitment shall not apply to unavailability resulting from: (a) factors outside the Provider’s reasonable control, including internet outages or force majeure events; (b) the Customer’s acts or omissions; or (c) third-party services or infrastructure not under the Provider’s control.

7. DATA PROTECTION

7.1 Both Parties shall comply with the UK General Data Protection Regulation as incorporated into domestic law by the Data Protection Act 2018 (together, “UK GDPR”) and all other applicable data protection legislation in relation to any personal data processed under this Agreement.

7.2 To the extent the Provider processes personal data on behalf of the Customer in the course of providing the Service, the Provider acts as a data processor and the Customer acts as a data controller. The Parties shall enter into a separate Data Processing Agreement in accordance with Article 28 of the UK GDPR.

7.3 The Provider shall: (a) process personal data only on the Customer’s documented instructions; (b) ensure that persons authorised to process personal data have committed to confidentiality; (c) implement appropriate technical and organisational security measures; and (d) assist the Customer in complying with its obligations under applicable data protection legislation, including in relation to data subject rights.

8. INTELLECTUAL PROPERTY RIGHTS

8.1 All Intellectual Property Rights in the Service, including the underlying software, platform, and documentation, are and shall remain the exclusive property of the Provider. This Agreement does not transfer any Intellectual Property Rights to the Customer.

8.2 The Customer shall not reverse engineer, decompile, or disassemble any part of the Service, except to the extent permitted by sections 50A to 50C of the Copyright, Designs and Patents Act 1988.

8.3 If the Customer provides feedback, suggestions, or enhancement requests to the Provider in relation to the Service, the Customer grants the Provider a perpetual, royalty-free licence to use such feedback in any way, including incorporating it into the Service.

9. LIMITATION OF LIABILITY

9.1 Nothing in this Agreement excludes or limits either Party’s liability for: (a) death or personal injury caused by its negligence; (b) fraud or fraudulent misrepresentation; (c) any liability which cannot be excluded or limited under English law; or (d) any liability to the extent it arises under the Consumer Rights Act 2015.

9.2 Subject to clause 12.1, neither Party shall be liable for any loss of profits, loss of business, loss of data, loss of goodwill, or any indirect, special, or consequential loss or damage, whether arising in contract, tort, breach of statutory duty, or otherwise.

9.3 Subject to clauses 12.1 and 12.2, the Provider’s total aggregate liability under this Agreement shall not exceed the total Subscription Fees paid by the Customer in the 12 months immediately preceding the event giving rise to the claim.

10. CONFIDENTIALITY

10.1 Each Party shall keep confidential all information of a confidential nature disclosed by the other Party in connection with this Agreement and shall use such information only for the purposes of this Agreement.

10.2 The obligations in this clause shall survive termination or expiry of this Agreement for a period of five years.

11. GENERAL PROVISIONS

11.1 Entire Agreement. This Agreement constitutes the entire agreement between the Parties in relation to its subject matter and supersedes all prior representations and agreements.

11.2 Amendment. No amendment to this Agreement shall be effective unless made in writing and signed by duly authorised representatives of both Parties.

11.3 Assignment. The Customer may not assign or transfer this Agreement without the Provider’s prior written consent. The Provider may assign this Agreement to any successor entity.

11.4 Third Party Rights. A person who is not a Party to this Agreement has no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any of its terms.

11.5 Notices. Notices under this Agreement shall be sent in writing by email to: Provider: [Provider Email]; Customer: [Customer Email].

11.6 Severability. If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.

12. GOVERNING LAW AND JURISDICTION

12.1 This Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the laws of England and Wales.

12.2 Each Party irrevocably submits to the exclusive jurisdiction of the courts of England and Wales to settle any dispute or claim arising out of or in connection with this Agreement.

IN WITNESS WHEREOF, the Parties have executed this SaaS Agreement as of the Effective Date first written above.

THE PROVIDER

Full name: [Provider Name]

Address: [Provider Address], [Provider City], [Provider County], [Provider Postcode], England

THE CUSTOMER

Full name: [Customer Name]

Address: [Customer Address], [Customer City], [Customer County], [Customer Postcode], England

Provider

________________

Signature

Date: ________________

Customer

________________

Signature

Date: ________________

Maintained by Vladislav Sergienko, Founder·Template last modified: 2026-06-23·Report an error

What Is a SaaS Agreement (UK)?

A SaaS Agreement in the United Kingdom sets the service levels, data-handling duties, fees, and liability terms under which the technology or platform is supplied, and takes its legal force from the Data Protection Act 2018.

In England and Wales, SaaS agreements are widely used across every sector of the economy. Cloud-based software for accounting, HR management, customer relationship management (CRM), project management, e-commerce, and data analytics are all typically delivered on a SaaS basis. The SaaS model has become the dominant framework for enterprise software procurement in the United Kingdom, and a well-drafted SaaS agreement is an essential commercial and legal foundation for any SaaS business or subscription-based technology arrangement.

The legal framework governing SaaS agreements in England and Wales is multifaceted. The UK General Data Protection Regulation (UK GDPR) as incorporated by the Data Protection Act 2018 is particularly significant, because virtually every SaaS platform processes some personal data on behalf of the customer, creating specific legal obligations on both the provider and the customer. The Consumer Rights Act 2015 applies where the customer is a consumer and imposes non-excludable statutory rights in relation to digital content quality. The Supply of Goods and Services Act 1982 implies obligations of reasonable care and skill into the provision of services. The Computer Misuse Act 1990 provides criminal law protection for cloud infrastructure.

A SaaS Agreement differs from a software licence agreement in that it addresses the ongoing nature of the service relationship — including uptime commitments, support and maintenance obligations, data protection compliance, subscription fee escalation, and the mechanics of termination and data return — rather than simply defining the scope of a static licence to use software.

The legal framework governing the SaaS Agreement (UK) in United Kingdom draws on several key statutes and regulatory bodies. Under the Companies Act 2006, Companies House maintains the register of UK companies. Section 386 of the Companies Act 2006 sets accounting record obligations. The Competition and Markets Authority (CMA) enforces the Consumer Rights Act 2015. The Financial Conduct Authority (FCA) regulates financial services under the Financial Services and Markets Act 2000. The High Court of Justice has jurisdiction under the Senior Courts Act 1981. Parties executing a SaaS Agreement (UK) in United Kingdom should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Companies Act 2006 sets the foundational requirements.

When Do You Need a SaaS Agreement (UK)?

A SaaS Agreement is needed whenever a business or individual subscribes to or provides access to software delivered over the internet on a subscription basis. The agreement is relevant to a very wide range of commercial situations in England and Wales.

From the provider's perspective, a SaaS agreement is essential before any paying customer is granted access to the platform. Without a written agreement, the provider has no legal basis for charging subscription fees, no contractual right to restrict the customer's use of the platform, and no limitation on its liability if the service is unavailable or performs poorly. A properly drafted SaaS agreement also establishes the legal framework for data protection compliance, which is critical given the UK GDPR's requirements for a written data processing agreement between controller and processor.

From the customer's perspective, a SaaS agreement is important because it defines the service level the provider is committed to delivering, what happens to the customer's data if the provider becomes insolvent or the contract is terminated, whether the subscription auto-renews and on what terms, and how liability is allocated if the platform suffers an outage or data breach. Customers who access SaaS platforms without a written agreement have no contractual recourse if the service is unavailable or their data is lost.

Common situations requiring a SaaS agreement include: a technology startup that has built a cloud-based application and is onboarding its first paying customers; an enterprise business procuring a cloud-based HR, accounting, or CRM system from a vendor; a financial services firm accessing a cloud-based data analytics platform; a healthcare organisation using a cloud-based patient management system (where additional data protection requirements apply); and any business that relies on cloud-hosted software for critical business operations.

If the SaaS platform will process special category personal data (such as health data, financial data, or biometric data), additional legal requirements apply under the UK GDPR, and the SaaS agreement should be supplemented by a detailed data processing agreement and, where appropriate, a data protection impact assessment.

What to Include in Your SaaS Agreement (UK)

A well-drafted SaaS Agreement for use in England and Wales should contain several key provisions that reflect both the ongoing service nature of the relationship and the UK legal framework.

The grant of access clause must clearly define the scope of the customer's right to access and use the service — whether it is non-exclusive, non-transferable, and limited to specified purposes; the number of authorised users permitted; and any restrictions on use (such as prohibitions on sub-licensing or using the service to provide bureau services to third parties).

The service level agreement (SLA) is one of the most commercially important provisions in a SaaS contract. It should specify the uptime commitment (expressed as a percentage availability per calendar month), how downtime is measured and what is excluded from the calculation, scheduled maintenance windows, and what remedies are available if the SLA is not met. Service credits are the standard remedy for SLA failures in the UK market, and the agreement should specify the credit calculation methodology and the process for claiming credits.

The data protection provisions are legally mandatory under Article 28 of the UK GDPR. The agreement must identify the roles of the parties (controller and processor), set out the subject matter, duration, nature, and purpose of the processing, and include all the mandatory processor obligations required by the UK GDPR. A failure to include adequate data protection provisions is not just commercially risky — it can result in regulatory enforcement action by the Information Commissioner's Office (ICO).

The subscription fee and payment clause should specify the subscription fee, the billing cycle, the VAT treatment, the consequences of late payment (including interest under the Late Payment of Commercial Debts (Interest) Act 1998 for B2B contracts), and any rights to increase fees on renewal.

The customer data clause should confirm that the customer retains ownership of its data, that the provider will only use it to provide the service, and that on termination the customer will be given a reasonable period to export its data. The limitation of liability clause should comply with the Unfair Contract Terms Act 1977 (for B2B contracts) or the Consumer Rights Act 2015 (for B2C contracts).

Additional compliance elements for a SaaS Agreement (UK) used in United Kingdom include: Under the Companies Act 2006, Companies House maintains the register of UK companies. Section 386 of the Companies Act 2006 sets accounting record obligations. The Competition and Markets Authority (CMA) enforces the Consumer Rights Act 2015. The Financial Conduct Authority (FCA) regulates financial services under the Financial Services and Markets Act 2000. The High Court of Justice has jurisdiction under the Senior Courts Act 1981. Forms-legal.com provides this template as a starting point for United Kingdom-compliant documentation.

Cite this page

Reference this free template in an article, syllabus, or research note:

APA

Forms Legal. (2026). SaaS Agreement (UK) (United Kingdom) [Legal document template]. Forms Legal. https://forms-legal.com/uk/business/contracts/saas-agreement-uk

MLA

"SaaS Agreement (UK) (United Kingdom)." Forms Legal, 2026, https://forms-legal.com/uk/business/contracts/saas-agreement-uk.

BibTeX

@misc{formslegal-saas-agreement-uk,
  author       = {{Forms Legal}},
  title        = {SaaS Agreement (UK) (United Kingdom)},
  year         = {2026},
  howpublished = {\url{https://forms-legal.com/uk/business/contracts/saas-agreement-uk}},
  note         = {Free legal document template. Based on Companies Act 2006}
}

Also available for these jurisdictions:

Frequently Asked Questions

Based on Companies Act 2006 — Template last modified June 2026Verify the source →

This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer

Found an error? Let us know

SaaS Agreement (UK)

What Is a SaaS Agreement (UK)?

When Do You Need a SaaS Agreement (UK)?

What to Include in Your SaaS Agreement (UK)

Cite this page

Also available for these jurisdictions:

Frequently Asked Questions

Related Documents

Software Licence Agreement (UK)

IP Assignment Agreement (UK) (Contracts)

Non-Disclosure Agreement (NDA) (UK)

Privacy Policy (UK)

Website Development Agreement (UK)