Enterprise License Agreements for Software-As-A-Service – An Overview:
Pursuant to my previous article on End User License Agreements, I will now delve into the dynamics of Enterprise License Agreements.Enterprise License Agreements (or ELAs) are commonly drafted in order to license a software or SAAS product to an enterprise organization with multiple employees. In such cases it is assumed that the employees of the enterprise will be the likely users of the software.
An Enterprise is an organization of people. Therefore it is quite possible that the Employees of the Licensee rather than the Licensee itself will use the product. The licensee is just a company – a juristic personality. Thus, since the Licensee and the User will be two different entities, several issues may arise which have to be taken into account:
- Collection of user data;
- Authorized Users – Defining them;
- Prevention of Misuse and Safeguarding Confidential Information;
It is also worth noting that unlike individual consumers, enterprise licensee’s have legal departments to examine each and every contract their company enters into. They can be very tough negotiators – especially with startups. Therefore it is of extreme importance one adopts a sound negotiating strategy when dealing with them.
Right to Collect User Data:
This issue is often a major cause of concern for a Company’s legal department as they endlessly worry over keeping confidentiality and individual privacy. Most agreements contain a clause stating that the Licensor reserves the right to store User Data of the Licensee and use it for internal purposes for improving the product, including marketing. Many licensees fear that such a clause will compromise the confidentiality of their data. At the same time, user data is critical for further product improvement.
If any user data is generated during usage, it will also have to be decided who can access the data. Therefore, the ideal way forward in such cases may even be to draft two agreements – one to be signed by the authorized signatory of the Enterprise during the grant of license and the second to be ‘clicked and accepted’ by the employee when he logs in to access. The second agreement can contain the clauses as to the relevant persons who can access the data logs. By clicking it the employee will agree to permit any person authorized by the Enterprise licensee to access and review his user data.
It would be a wise decision to include the term ’Authorized Users’ in the ‘Definitions’ section of the agreement. When dealing with an enterprise client, it must be remembered that if a fixed number of licenses is given, say 100, then there will be persons other than the 100 users who will also require access for the purpose of administration. These persons may be the System Administrators of the licensee company. In addition, if the product is for educational or training purposes, then HR and managerial personnel may also require access in order to find out how their employees are faring on the software. Therefore, it is possible that this part of the Agreement will have to be negotiated individually with each client.
Prevention of Misuse:
This is a significant problem with the Software As A Service Industry. Since the product is usually a cloud-based solution accessed through the Internet, it requires that a username and password be given to the users so that they can gain access. Special precautions need to be taken before granting a username and password because they are prone to misuse.
The most common misuse of usernames and passwords is when they are given to an unauthorized person – anyone who does not fall within the meaning of authorized person- obtains the login details of any licensee and logs in. If such practices increase, the Licensor runs the risk of revenue losses.
Protection is obtained through multiple steps. Firstly, there must be a warranty clause by which the Enterprise Licensee warrants that none of the authorized users shall act in violation of the license agreement. Second, the confidentiality clauses must declare the usernames and passwords given to the licensee must be classified as ‘confidential’. The third advisable step would be to obtain the Licensor’s IP Address from him and only permit him to access it from that designated IP Address. This way, in case any access request comes from an IP Address not belonging to the Licensee but utilizes the login details of the Licensee, then the Licensor will have the option of terminating the contract.
Thus it is highly recommended to expressly mention that the agreement does not amount to a partnership, joint venture, special purpose vehicle or any business relationship of any sort other than that of Licensor-Licensee. This protects the Licensor from getting involved with the liabilities of the licensee.
Authorized Users other than Employees:
It may happen that an Enterprise may want one of its contractors to access the software. In that case, since the contract is an entity different from the Enterprise, we have two alternatives. One way is to put an absolute ban on this and make it mandatory for the Enterprise to seek permission from the Licensor for any third party wanting to access the software. Another way possible is for the Licensee to notify the Licensor when it gives any user ID and password to a contractor. What must be definitely done is to obtain a warranty from the Licensee, which provides that the Licensee shall be responsible for all acts of the contractor that are in breach of the agreement. Again, it must be reiterated that the ideal way forward depends on the exact ground situation and varies on a case-to-case basis.
It is regrettable to say that one article is totally insufficient to cover all aspects of enterprise licensing. Indeed, the legal strategy to be adopted in preparing a good enterprise licensing agreement depends a lot on the factual scenario – the nature of the product, the jurisdiction, the prevailing data privacy laws and a lot of other factors. Therefore, while I may not have touched upon all the aspects of enterprise licensing in this article, questions can be emailed to me at email@example.com.
About the Author:
Aditya Pratap is a lawyer practising at the Bombay High Court. Questions can be addressed to him by email at firstname.lastname@example.org. For further information one may visit his website adityapratap.in. and his YouTube Channel.