Choose Site


Tech & Sourcing @ Morgan Lewis


Are you about to sign a service agreement with a third-party service provider under which it will access and use technology of your company? Have you checked your applicable third-party contracts to see if you need any consents? The contracts under which your company uses technology every day, from the mundane to the critical, may contain hidden restrictions on the third party’s access and use for your benefit under the services contract.

There is an endless number of arrangements a customer could have with its third-party service providers, but this Contract Corner will discuss the case where the customer authorizes a service provider to access and use licensed software either while remaining at the customer site, or by moving it to the service provider’s site. More specifically, it explores just some of the issues and language in the customer’s license agreements with those third-party software providers to be checked during pre-signing due diligence.



The first place to check is the definitions in the license agreement. Generally, how the agreement defines “Authorized User,” “Use,” or “Affiliate” is a good indicator as to where the analysis might come out. In best-case scenarios, “Users” will include employees, consultants, clients, external users, contractors and agents. However, be aware that the company may also be subject to increased fees in order to increase the number of users or allow the use by the service provider. Additionally, the “User” definition may limit permitted users (including contractors) to use the software on a particular piece of hardware or at location or in connection with a certain function. Other relevant definitions need to be read to see if they present any issues based on the structure of your deal.


This is one of the key provisions to review. If the required access and use rights are not included in the license grant, or are specifically excluded, you may need a consent from the licensor. If the license grant states that the customer’s rights are “non-transferable” or “non-sublicensable,” you will need to consider whether the structure of your deal poses an issue or risk. In the case where the service provider comes on site to use the software and the definition of Authorized User includes contractors or third-party users, for instance, then your risk assessment and analysis may be that the license right has not been “transferred.” However, you may well conclude that there may be a transfer under the same circumstances where the definition of Authorized User is limited to Company “Personnel” or “Customers.” License grants can also restrict access and use by Authorized Users to a specified piece of hardware, a specified location, or be subject to another type of restriction. If the license grant restricts the required access and use by the service provider, or alternatively does not clearly authorize it, then consent will most likely be required if the risk of being wrong is too great, depending on the applicable technology.


Where the agreement allows the company’s service providers, vendors, and contractors to access and use the software for the purposes of providing services to your company, or where there is explicit permission for the company to enter into technology outsourcing arrangements, then there should be no need to obtain any consent from the licensor. It is important to note that the company is responsible for any breach of the license agreement by the service provider, so the service provider’s obligations under the services agreement with the company (including those relating to confidentiality and data security) should be structured to mirror or cover the company’s corresponding obligations under the license agreement.

In short, a proper due diligence analysis must take a look at all of the controlling documents between licensor and licensee in order to accurately determine whether consent, notice, or something in between is required. The key point is to get out in front of the analysis by focusing on what is occurring in your technology solution, what software and other technology is involved, and what third-party agreements are in play. Your due diligence team should not only be looking for anticipated issues, but should be on alert for any unexpected issues as well.