Every Contract a SaaS Business Needs in the UK (2025)
Last updated: February 2025
Legal Requirements for a SaaS Business
UK SaaS businesses must comply with the Computer Misuse Act 1990 for security obligations, UK GDPR and Data Protection Act 2018 for personal data processing, and the Consumer Rights Act 2015 for B2C subscriptions (including the right to a remedy for digital content not of satisfactory quality). The Digital Markets, Competition and Consumers Act 2024 introduces new requirements for subscription contracts including reminder notices before renewal. PECR governs electronic marketing. SaaS businesses processing financial data may need FCA authorisation.
Essential Contracts
The core contract governing software access, subscription terms, acceptable use, SLA commitments, and limitation of liability
Required under UK GDPR — must detail what data is collected, processing purposes, legal bases, retention periods, and data subject rights
Legally required under Article 28 UK GDPR when you process personal data on behalf of your customers — must include specific mandatory clauses
Defines prohibited uses of the platform, essential for managing abuse, protecting other users, and supporting account termination decisions
Recommended Contracts
Defines uptime commitments, support response times, and remedies for service failures — critical for enterprise B2B SaaS customers
Tailored terms for large customers who will not accept standard click-through terms, covering bespoke SLAs, data residency, and audit rights
Governs channel partnerships, covering pricing, territory, support obligations, and revenue sharing
Ensures all software IP developed by employees is assigned to the company under the Patents Act 1977 and Copyright, Designs and Patents Act 1988
Common Legal Risks for a SaaS Business
- Data breach liability without proper DPAs and security obligations documented
- Subscription trap complaints under the new Digital Markets, Competition and Consumers Act 2024 without proper renewal notices
- Enterprise customers claiming losses for downtime without agreed SLA caps and remedies
- Open source licence contamination of proprietary code without proper developer agreements and auditing
- IP ownership disputes if contractor-developed code is not properly assigned
Industry-Specific Notes
SaaS businesses should implement sub-processor management under UK GDPR, maintaining a list of sub-processors and notifying customers of changes. The Digital Markets, Competition and Consumers Act 2024 requires subscription businesses to send reminder notices before auto-renewal and provide easy cancellation. International SaaS businesses should consider data residency requirements for UK and EU customers.
FAQ
Does a UK SaaS business need a data processing agreement with every customer?
If your SaaS platform processes personal data on behalf of customers (which most do), then yes — Article 28 of UK GDPR requires a written DPA between the data controller (your customer) and data processor (you). The DPA must include specific mandatory clauses covering processing instructions, security measures, sub-processors, data breach notification, and deletion obligations. Most SaaS businesses include a standard DPA as part of their terms of service.
What are the new UK subscription contract rules SaaS businesses need to know?
The Digital Markets, Competition and Consumers Act 2024 introduces requirements for subscription contracts: you must send reminder notices before each renewal period, provide clear information about how to cancel, and not make cancellation unreasonably difficult. 'Dark patterns' that make it hard to cancel are specifically prohibited. SaaS businesses should review their subscription flows and cancellation processes to ensure compliance.
How should a SaaS business handle service level commitments?
Service level agreements should define: uptime percentage targets (e.g., 99.9%), how uptime is measured and calculated, scheduled maintenance windows, support response time tiers, escalation procedures, and remedies for failure (typically service credits). Avoid promising 100% uptime. Cap service credits at a percentage of monthly fees (typically 10-30%). Enterprise customers will negotiate bespoke SLAs, so have a framework that allows customisation without exposing the business to uncapped liability.
Related Business Types
All the contracts a saas business needs
AccountsOS generates UK-compliant contracts tailored to your business. From £10/month.
Get Started FreeThis is guidance, not legal advice. Consult a solicitor for complex matters.
View all business types