Software development agreements are particularly complex because they must address not only commercial terms but also the legal regime applicable to software — which is both a service (the development work) and a product (the resulting software). Key issues include: the specification of requirements and acceptance criteria, the allocation of intellectual property rights in the developed software (particularly important for bespoke development), liability for defects (warranty), and the legal framework for changes and enhancements. A poorly drafted software development agreement is one of the most common sources of IT disputes.
SaaS and cloud service agreements require careful attention to: service level commitments and remedies for non-performance, data security and data protection obligations (including GDPR compliance and data processing agreements), data portability and exit rights (ensuring you can recover your data if you switch providers), and the applicable law and jurisdiction for disputes. Many SaaS providers present standard contracts that are heavily weighted in their favor — these can often be improved through negotiation, particularly for larger customers.
IT service and maintenance agreements govern the ongoing support, maintenance, and development of IT systems. Key provisions include: the scope of services (what is and is not covered), service levels and response times, change management procedures, liability limitations, and termination rights. Particularly important is the definition of 'maintenance' versus 'enhancement' — the boundary between included maintenance and billable development work is a frequent source of disputes in long-term IT service relationships.
Open source software is used in virtually every commercial software product and IT system, but its use carries compliance obligations that are often underestimated. Different open source licenses impose different conditions: some require only attribution, while copyleft licenses such as the GPL require that any software that incorporates the licensed code must itself be made available under the same license — potentially requiring the release of proprietary source code. Before releasing or selling software, a thorough open source compliance review is essential.
Under German copyright law, the copyright in software vests by default in the developer — not the client. To obtain full ownership of bespoke software, the client must contractually require the transfer of all copyright and usage rights. Without an explicit transfer clause, the client typically receives only a license to use the software, while the developer retains ownership and can reuse the code in other projects. This is one of the most important provisions to get right in a software development agreement.
A data processing agreement is a contract required by the GDPR between a data controller (the company) and a data processor (a service provider that processes personal data on the controller's behalf — such as a cloud provider or SaaS vendor). The DPA must meet the specific requirements of Article 28 GDPR and cover: the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects, and the obligations and rights of the controller. Failure to have a compliant DPA in place is a GDPR violation.
When reviewing a cloud services agreement, key provisions to scrutinize include: the service level agreement (SLAs) and the remedies for non-performance (are they adequate?), data security and breach notification obligations, data processing terms (GDPR compliance), data portability and exit provisions (can you get your data back?), the provider's right to modify the service, and the liability cap (is it sufficient to cover potential losses?). Many standard cloud contracts are very provider-friendly — legal review before signing is strongly recommended.
Software usage rights are contractually regulated through licensing agreements. A license can grant simple or exclusive usage rights and can be limited in terms of time, territory, or content. In practice, it is advisable to agree on differentiated licensing models – such as licenses for specific purposes, licenses for a certain number of users, or licenses for a specific period. The transfer of the license to third parties, the modification of the software, and its integration into other systems should also be regulated. In practice, problems often arise when licensing agreements are too vaguely formulated or when companies use open-source components without checking the license terms. Professional drafting of usage rights avoids conflicts and secures the economic use of the software.
SLAs (Service Level Agreements) are contractual agreements regarding the quality of services to be provided, particularly for IT services and SaaS offerings. SLAs define specific measurable criteria for performance – such as software availability, response times for support requests, or adherence to deadlines. In practice, SLAs are often agreed upon in conjunction with consequences for non-compliance – such as liquidated damages, price reductions, or termination rights. SLAs are particularly important in SaaS contracts, as software outages can severely impact customers' operational activities. In practice, it is advisable to define SLAs precisely and set realistic goals to avoid conflicts. Professional drafting of SLAs creates legal certainty and prevents disputes over service quality.
