The form and structure of software licenses and use agreements have changed substantially over the past ten years. From the advent of estate or enterprise-based licensing models to software-as-a-service (SaaS), licenses and agreements come in a variety of forms to address a wide range of circumstances. Although the terms and forms change for these agreements, the following key provisions remain more-or-less consistent across all types:
- Use Rights Use-rights provisions define and restrict how customers can access and use software. The key here is to fully understand the intersection between what the publisher allows under the license and what the customer intends to do with the software. There will always be problems where the two are not in alignment.
- Audit Rights Publishers generally ask for the right to audit at any time and the right to transfer the costs of the audit to the customer. The best agreements, from a purchaser perspective, allow for only periodic audits (once per-term) and permit the customer to choose to self-audit and self-report.
- Deployments Counting Especially for those agreements that come with true-up requirements (e.g., enterprise licenses, service provider licenses, etc.), understanding how to count deployments is critical. Customers that do not have processes in place to assess deployments against the precise license metrics required by publishers often find themselves spending more money in soft costs to generate the counts than they save by being in enterprise agreements in the first place.
- Intellectual Property Indemnification A publisher ideally should be willing to indemnify its customers against claims by a third party that the publisher’s software infringes on the third party’s IP rights. In practice, however, publishers are almost universally resistant to such terms, at least in their standard forms. In better deals the publisher will indemnify the customer for infringement of not only copyrights and patents, but also trade secrets and trademarks.
- Data privacy and security insurance coverage For engagements where the customer’s data is stored on servers controlled by the vendor, data privacy and security insurance, sometimes called “cyber coverage,” often is very important. Such policies pay for, among other things, costs associated with breach-notification requirements under various state and federal data privacy laws.
This list is by no means exhaustive, nor does it fully account for other provisions that may be more important for a particular agreement type or circumstance, but it does highlight some of the most important provisions to understand and negotiate when considering new software licenses or service agreement.