Techlaw Blog: SOURCE CODE ESCROW FOR SAAS: FRIEND OR FOE?

Source code escrows have always been a bit of a strange beast. Though, the idea is simple enough: if there is a vendor meltdown for mission critical software, then the licensee gets a delivery of the source code in order to continue to maintain the software in a usable condition. However, while escrows for on-prem software seem simple, in actuality they will rarely fulfill their purpose when needed, as explained below.

An escrow for a SaaS application may be more complex than for on-prem software, it also may be more likely to actually be useful if properly implemented. Also, for a mission critical application, an escrow for a SaaS application is more essential, because if a SaaS vendor goes under, everything stops, and data may be lost as well. Whereas, if a vendor for on-prem software goes under, then the software will still work on the licensee’s system until major maintenance is required.

On-Prem Software – The Old Way

For on-prem software, there are so many “ifs” that the likelihood of a happy ending upon release of source code is at best remote:

1. Upon the occurrence of a trigger event (like bankruptcy, failure of the vendor to maintain the software, etc.), the escrow would have to have been actually established. After protracted negotiations on escrow agreement terms, the parties often forget to ever set it up.
2. The source code delivery would have to occur in a timely fashion. For instance, if the vendor were to challenge the release, then the resolution of the dispute would normally be so protracted that the usefulness of the release would be lost.
3. The source code delivery would have to be complete and up to date. Often source code deposits are not verified and when the licensee opens the box it’s not a pretty sight. The licensee needs to be able to actually use the source code.
4. Source code documentation can be, well, complicated. So, the source code needs to be understandable by an available programmer. However, even if it is understandable, the amount of time and effort that may need to be invested by the available programmer may make the exercise commercially and technically impractical.

The above realities never seem to deter the persistent customer from demanding a negotiated escrow agreement for on-prem software.

SaaS Applications – The New Way

SaaS escrow arrangements are necessarily more complicated:

1. Under a SaaS arrangement, the components that need to be available, in addition to the source code are (a) object code, (b) third party products and connectors that are needed for the operation of the SaaS application, (c) proper hardware configuration, and (d) all licensee data that is residing on the SaaS servers
2. There are several types of escrows available for SaaS systems:

• • Standard source code only escrow. For some reason, SaaS licensees are still requesting these maybe it’s because bad habits die hard. This has all the pitfalls of the escrow for installed software, but it’s worse, because with SaaS you also need all of the above components to make it work.
  • Mid-Range SaaS escrow. Escrow of source code, object code, data and detailed information on the needed hardware configuration, and all 3rd party products and connectors. This arrangement can work, but must be diligently implemented to avoid all of the pitfalls listed above for the installed software escrow arrangement.
  • Robust SaaS Escrow. In this arrangement, the licensee sets up what is equivalent to a business continuity environment, where a copy of the SaaS software and data reside on a third-party platform, and the SaaS software and data are regularly and automatically updated. The source code for the SaaS application is also escrowed. The benefits of this option should be obvious. The components are being regularly updated, and can be tested in a production environment. If properly implemented, the activation of the escrowed system could be quick and seamless. Of course, full SaaS escrows are going to be more expensive to negotiate, set up and maintain, but might actually be useful when needed.

Bottom Line: As mentioned, escrows for on-prem software have very questionable value. However, SaaS escrows, which are more of a business continuity plan, can be a valuable failsafe arrangement. In either case, the escrow agreement needs to be properly negotiated to address the specific needs of the licensee. In order to evaluate the need and expense for a SaaS escrow, the following issues need to be considered:

• Is the application mission critical?
• What are the costs of going down?
• Are there available substitute applications?
• How long would be the transition to a substitute?
• How stable/established/reliable is the SaaS vendor?

Wise SaaS vendors will establish a master escrow arrangement, and make it available, at the licensee’s expense. By establishing this up front, the vendor can build goodwill and also set the terms and avoid negotiation on the issues.