Thrashing out the details when negotiating SaaS contracts can elicit a range of emotions.
Members of our High Growth community group share some of the initial responses when tackling the process, questions that come up when negotiating contract terms and some handy tips.
A special thanks to Xavier Langlois, General Counsel of Beamery, Harj Gill, Group General Counsel at LiiV and Max Garth, Senior Counsel, Director Legal EMEA, at Databricks for their collaboration on this.
Tips if you are the provider
If you are the provider it is important that you know that the buyer wants to assume little to no risk at all: they want you to put the cap on your liability somewhere near the moon. And while you are at it, will you please use their paper?
- Work on and leverage your brand name: the better you are known, the easier the negotiation maybe.
- Before diving into contractual negotiations, take the time to explain (either through a legal kick-off call or by putting together a 2 pager) your product, what data you process, and risk profile (together with all the work you do to mitigate risks, such as ISO certifications or the like). Make sure that ALL relevant people on the buy-side have been included in these explanations (legal, procurement, ops… has anyone been left out and dumped with a context-free contract to review?). Often high caps are reflective of fear, discomfort, or a general assumption that “anything to do with the cloud is risky”. Demonstrating privacy and security by design at an IT infrastructure architecture level will also appeal to the information and security and technical personnel on the buyer’s side.
- Often “use our paper” arguments are about not understanding your product in the first place. Explain that using customer paper may not reflect the nature and the risks of the services that you provide, and that as a result, much time and effort will be expended in turning their paper into a “Frankenstein’s monster” (that nobody can love). Another tactic is to base your pricing quote on use of the provider’s contract.
- Remind your buyer of the value of the contract: is their request proportionate? Super caps for breach of Privacy/Security tend to be at the 3-5 x the value of the contract. Explaining the actual risk exposure (see above point) should help to bring down the value of the cap discussions.
- Try to dilute possible power games or personality clashes. For example, enlist the help of non-lawyer colleagues by asking a senior colleague to explain to the buyer why your position is what it is, from a commercial or technical architecture point of view, before you even get involved. You’ll need to train your colleagues on that first… Make this a joint responsibility with them – sales enablement within your organisation is key.
- Explain to the buyer that everything has a price: the higher the cap, the higher the price. Get your sales team on side with this tactic. Ultimately, if your client is willing to pay for that risk then they are probably serious about it.
- Don’t believe “All of our vendors have agreed to this”. They probably haven’t. Use your networks to find out if those vendors DO in fact “agree to this”, and call the buyer’s bluff. Similarly, ask your client if they would take on that risk/liability if the roles were reversed… the answer is always no!
- If negotiating with a buyer that won’t bring in their lawyer, where you think a lawyer may be useful, be aware your buyer may be struggling with incentive structures that would effectively punish them from bringing in legal (e.g. internal chargebacks for services). It is worth, gently and empathetically, finding out the pressures they are under? If the contract is worth enough to your business, perhaps offer to pay/contribute to any internal cross charges they might have of bringing on a lawyer.
- Get an insurance quote and explain how the price will be impacted if you have to buy that to cover the risk the buyer is asking you to take. If they are willing to pay… consider whether you could be charging more for your product! Your sales team may be interested in this insight.
Tips if you are the buyer
If you are the buyer it is important that you know the provider wants to stick at a really low cap on their liability.
- Is limitation on liability a side show to the operational risk… in reality does the provider have their ship in order (security systems etc)?
- Consider: is it worth squeezing out a high cap from the provider: could they actually pay out if you had to rely on the contract?
- The more you are buying, the more demanding you can be… if it’s worth it.
- Is there anything unique about your purchase or use of the service that might shift the cap up a little (although unlikely for a multi-tenanted SaaS solution)?
To the provider-side colleagues… our community warmly recommends preparing a fancy, nicely designed information security pack with which to dazzle and delight your buyers: so much easier to press “send” than to spend several days answering those 300+ infosec questionnaires… It’s a giddy moment when you feel your brand is strong enough to stand by its security pack, instead of bending over backwards to each questionnaire.
Watch Max and Harj in discussion on deconstructing SaaS: