Fixing SaaS/Cloud Contracting

A Bonterms Standard Agreements Manifesto

The deals are clogged up.

Peer inside the legal queue of a typical enterprise and you’re likely to find someone from finance, two data scientists and half a dozen engineers all waiting for access to a SaaS/cloud service. While every user of a cloud service sits in the same virtual theater, many enterprise customers will insist on negotiating bespoke legal terms for their particular seat. The result is all too frequently drawn out negotiations that frustrate customer and provider alike.

The customers have a point.

It’s tempting to blame the enterprise customer, but customers are uploading their data to these services. They need to know how their data will be used, what will happen if there’s a breach and how they and the provider will achieve compliance with GDPR, CCPA and the rest. And they need remedies if the provider fails to perform.

But the providers have a point, too.

The provider has concerns as well, like making sure the legal terms reflect how they and their cloud service actually operate. Remember, the provider is operating a cloud service – they can’t change how they run, secure or, in most cases, even support their product from customer to customer. To operate their service, achieve regulatory compliance and recognize revenue, a provider needs consistent legal terms across their entire customer base.    

The form fight – a battle nobody ever wins.

The product trial was a success, the budget is identified, and the security review is done. Queue the moment in a cloud deal when customer and provider plunge their deal over a cliff – the discussion of whose form to use. Many customer forms read like a history book of every bad thing done by any provider ever. Many provider forms read as if they simply had no idea that customers need clear data usage terms, recourse in the event of foreseeable problems and reasonably scoped liability provisions. No matter who “wins” this battle over forms, one side is left to draft an exhaustive (and exhausting) redline and the other side to react to it. The ensuing back and forth may take months, blithely passing through end of quarters and burning goodwill along the way.

The solution is obvious, but not easy.    

What if instead the customer and provider could start from a neutral form that neither drafted but both are familiar with? One that was balanced between the parties and reviewed by a committee to reflect industry best practices? What if that form was designed to be easily customized through a cover page and attachments instead of redlining? Wouldn’t deals close faster and with better substantive results if the parties didn’t have to re-write the core mechanics of the contract every time? What if they could focus instead on the data definitions, liability provisions and compliance provisions that really matter to them? But, how do we get there?

The solution is open source Standard Agreements.

Look inside the stack of nearly any major cloud application and you’ll find open source code, and lots of it. Developers leverage any existing package they can find before writing a line of code on their own. And they spend hours happily contributing back improvements to the projects they use. Open source has fundamentally transformed software development for the benefit of the entire ecosystem. But, could lawyers do the same? Could you possibly get law firm and in-house lawyers with the relevant domain experience to come together to articulate best practices, collaborate on drafting and then give their work product away for free? Yes, it turns out, you can. You just have to ask and provide a forum for working together and engaging in friendly, detailed debate.   

How long does it take 35 lawyers to draft a form?

As a proof of concept, we assembled a Committee to draft an open source NDA. It went through four drafts in a series of meetings and surveys across three months. We then moved on to a bigger fish, a SaaS/cloud services agreement. Our Cloud Terms went through six major drafts, three sub-committees (Data, Risk and General Terms) and multiple meetings, surveys and discussions across seven months. You can see the result of all this good work here and use these “Standard Agreements” for free under CC BY 4.0.

Come on in, the water’s fine.

Our Mutual NDA, Cloud Terms, PSA, SLA and DPA let legal teams focus on what really matters and restore goodwill back to the process for everyone. Give them a try and let me know how they work for you. I look forward to hearing from you.


Todd Smithline has nearly 30 years of experience designing, negotiating and teaching contracts. He is the former General Counsel of Marimba, a publicly-traded enterprise software company. After Marimba Todd founded Smithline PC, a boutique technology transactions firm that pioneered fixed-fee subscription billing while representing a list of the best tech companies in the world. Todd is currently CEO of Bonterms and a lecturer at UC Berkeley School of Law.