Tech & Sourcing @ Morgan Lewis


In the rapidly evolving world of software licensing and distribution, many vendors (and therefore customers) are considering a shift from traditional customer-hosted software solutions to Software as a Service (SaaS) platforms, which are hosted by the vendor and then accessed by the customer’s users remotely. This transition is not merely an infrastructure change, and may also involve significant modifications to business operations and legal agreements. Here are some key considerations for businesses planning to make this shift.

Understanding the Underlying Differences

Traditional software licensing typically involves a one-time purchase through which the customer buys the perpetual right to use the software, which is then installed on infrastructure controlled or provided by the customer. SaaS, on the other hand, is generally subscription- or term-based, with the software hosted by the provider and accessed by the customer via the internet or other remote means.

These differences impact not only how the software is accessed and used but also the associated legal terms of use. Transitioning to a SaaS model means shifting from a product- to a service-based approach, requiring adjustments in the legal framework that governs the use and access to the software.

Contractual Adjustments

  • Access Rights: In most SaaS models, a customer’s users will access the software through remote means. Access rights and mechanisms, including passwords and security protocols, will have to be addressed in the contracts. Depending on whether the solution is a single or multitenant environment, in some instances there may be specific access restrictions and circumstances that will result in termination/suspension of access rights.
  • Service Level Agreements (SLAs): Unlike traditional licensing arrangements, SaaS solutions require a vendor to maintain the application and infrastructure stack and in many cases commit to SLAs for availability, system response, and incident response and resolution. Customers should understand these terms and negotiate them carefully to ensure they meet their needs, taking into account the criticality of the underlying applications and business functions they support and the potential remedies.
  • Data Security and Privacy: In traditional software models, the vendor would hand over a copy of the software to the customer for the customer to run in its environments. The vendor did not generally host or store the customer’s data. SaaS models, however, by their nature require the vendor to host and process customer data, thereby implicating data security and privacy protocols and requirements. These protocols and requirements require heightened levels of attention when personal information and/or business-sensitive or regulated data is involved. Applicable terms include information security programs for data at rest and in transit, security breach procedures and incident notification and remediation requirements, and data handling procedures that comply with application regulations such as HIPAA, the Gramm-Leach-Bliley Act, California Consumer Privacy Act, and General Data Protection Regulation, as applicable.
  • Intellectual Property (IP) Considerations: In a SaaS model, customers generally do not make changes to the software code itself, relying instead on the vendor to apply patches and make changes. The contract will need to cover IP issues from a different lens, with ownership and use rights often dependent upon who pays for the change and whether the change is bespoke to the customer or provides a competitive advantage. Other IP considerations may include ownership and use rights with respect to configurations, interfaces, documentation, and performance data.

Financial Implications

The cost structure of SaaS solutions is fundamentally different from traditional software licensing. SaaS solutions usually involve ongoing monthly or annual payments for “services” that cover the use of the software as well as the hosting and support. These payments often may be categorized as operational expenditures rather than capital expenditures. This can be advantageous for cash flow management but also may result in higher long-term costs. Businesses should analyze the total cost of ownership of SaaS compared to traditional models to make an informed decision.

Technical and Operational Challenges

  • Migration: Moving data and processes from customer-hosted software platforms to a SaaS platform can be complex, with additional operational risk. Migrations requires careful planning to minimize downtime and data damage or loss. Companies should consider the risks (and risk mitigation strategies), the methods by which migration support is provided, and how the costs for such support are borne.
  • Integration: Integrating SaaS solutions with existing customer-hosted systems can also be a challenge. It is crucial to assess the integration capabilities of the SaaS platform, which may result in investment in middleware or integration services to enable compatibility and interoperability.
  • Vendor Lock-in: Dependence on a single SaaS provider for a particular software solution could lead to “vendor lock-in,” making it more difficult—and costly—to switch providers in the future. Businesses should consider this factor in their vendor selection and map out a business continuity plan. As part of the contractual negotiations, flexibility in terms of transition assistance, access to data at all times, data export capabilities, and contract termination clauses will be important.


Transitioning from traditional software licensing to a SaaS model involves careful consideration of legal, financial, and operational factors. By understanding these aspects and negotiating thoughtful, detailed contracts, businesses can ensure that they make the most of the benefits offered by SaaS while minimizing potential drawbacks. As this transition also marks a shift toward more dynamic and scalable software solutions, it represents not only a change in technology but also a strategic business evolution.