Source Code Escrow For SAAS – Friend Or Foe?

Source code escrows have always been a bit of a strange beast. Though, the idea is simple enough: if there is a vendor meltdown for mission critical software, then the licensee gets a delivery of the source code in order to continue to maintain the software in a usable condition.

However, while escrows for installed software seem simple, in actuality they will rarely fulfill their purpose when needed, as explained below. Whereas, an escrow for a SaaS application may be more complex, it also may be more likely to actually be useful – if properly implemented.

Also, for a mission critical application, an escrow for a SaaS application is more essential, because if a SaaS vendor goes under, everything stops, and data may be lost as well. Whereas, if a vendor for installed software goes under, then the software will still work on the licensee’s system until major maintenance is required.

Installed software – The old way

For installed software, there are so many “ifs” that the likelihood of a happy ending upon release of source code is at best remote. Upon the occurrence of a trigger event (like bankruptcy, failure of the vendor to maintain the software, etc.),

  • The escrow would have to have been actually established. After protracted negotiations on escrow agreement terms, the parties often forget to ever set it up.
  • The source code delivery would have to occur in a timely fashion. For instance, if the vendor were to challenge the release, then the resolution of the dispute would  normally be so protracted that the usefulness of the release would be lost.
  • The source code delivery would have to be complete and up to date. Often source code deposits are not verified and when the licensee opens the box – it’s not a pretty sight.
  • The licensee needs be able to actually use the source code. Source code documentation can be, well, complicated. So, the source code needs to be understandable by an available programmer. However, even if it is understandable, the amount of time and effort that may need to be invested by the available programmer may make the exercise commercially and technically impractical.

The above realities never seem to deter the persistent customer from demanding a negotiated escrow agreement for installed software.

SaaS applications – The new way

SaaS escrow arrangements are necessarily more complicated. Under a SaaS arrangement, the components that need to be available, in addition to the source code are (1) object code, (2) third party products and connectors that are needed for the operation of the SaaS application, (3) proper hardware configuration, and (4) all licensee data that is residing on the SaaS servers.

There are several types of escrows available for SaaS systems:

  1. Standard source code only escrow. For some reason, SaaS licensees are still requesting these – maybe it’s because bad habits die hard. This has all the pitfalls of the escrow for installed software, but it’s worse, because with SaaS you also need all of the above components to make it work.
  1. Mid-Range SaaS escrow. Escrow of source code, object code, data and detailed information on the needed hardware configuration, and all 3rd party products and connectors. This arrangement can work, but must be diligently implemented to avoid all of the pitfalls listed above for the installed software escrow arrangement.
  1. Robust SaaS Escrow. In this arrangement, the licensee sets up what is equivalent to a business continuity environment, where a copy of the SaaS software and data reside on a third-party platform, and the SaaS software and data are regularly and automatically updated. The source code for the SaaS application is also escrowed.

The benefits of option 3 should be obvious. The components are being regularly updated, and can be tested in a production environment.  If properly implemented, the activation of the escrowed system could be quick and seamless. Of course, full SaaS escrows are going to be more expensive to negotiate, set up and maintain, but might actually be useful when needed.

Bottom Line:

As mentioned, escrows for installed software have very questionable value. However, SaaS escrows, which are more of a business continuity plan, can be a valuable failsafe arrangement. In either case, the escrow agreement needs to be properly negotiated to address the specific needs of the licensee.

In order to evaluate the need and expense for a SaaS escrow, the following issues need to be considered:

  1. Is the application mission critical?
  2. What are the costs of going down?
  3. Are there available substitute applications?
  4. How long would be the transition to a substitute?
  5. How stable/established/reliable is the SaaS vendor? 

Wise SaaS vendors will establish a master escrow arrangement similar to option 3, and make it available, at the licensee’s expense. By establishing this up front, the vendor can build goodwill and also set the terms and avoid negotiation on the issue.


William S. Galkin
William S. Galkin
Mr. Galkin has dedicated his legal practice to representing Internet, e-commerce, computer technology and new media businesses across the U.S. and around the world. He serves as a trusted adviser to both startup and multinational corporations on their core commercial transactions including corporate formation and transitions, intellectual property, technology licensing and transfer, regulatory compliance, and agreements for online businesses. His broad experience gained during more than 20 years in practice allows him to provide cutting-edge, creative and efficient solutions to complex problems. Mr. Galkin has been an Adjunct Professor of Computer Law at the University of Maryland School of Law and Adjunct Professor of Business Law at the Merrick School of Business at the University of Baltimore, as well as the Chairperson of a panel on Crimes in Cyberspace for the 19th National Information Systems Security Conference (Sponsored by the National Security Agency). Mr. Galkin also authored the Maryland Intellectual Property and Technology Transactions Forms and Practice Manual, published by Data Trace Publishing. Mr. Galkin is also a member of Schwell Wimpfheimer & Associates LLP, with responsibility for technology transactions, which affiliation allows Mr. Galkin to provide a broad array of legal services to his clients. Additionally, he serves as Of Counsel to the Information Technology Group of one of the largest Israeli law firms, managing many U.S. transactions for the firm’s clients.

DO YOU HAVE THE "WRITE" STUFF? If you’re ready to share your wisdom of experience, we’re ready to share it with our massive global audience – by giving you the opportunity to become a published Contributor on our award-winning Site with (your own byline). And who knows? – it may be your first step in discovering your “hidden Hemmingway”. LEARN MORE HERE