For our clients acquiring or investing in a "Software as a Service" (or "SaaS") company, the business model operated is a key focus point of the purchase or investment mandate. Why is the target successful today? What are its plans for the future? What objective is driving the transaction?
In the case of investment in, or acquisition of, SaaS companies, reviewing the business structure, and considering the third party relationships within it, is of paramount concern. Some of the most common material legal risks arising in relation to SaaS companies include:
Licensing Arrangements - SaaS contracts typically combine software licences, arrangements for the hosting of data and service level commitments. Sometimes SaaS product offerings have bespoke elements for clients, or facilitate integration with third party platforms. Generally SaaS providers avail of third party hosting resources in order to deliver services to clients.
Common issues that arise in these licensing arrangements include:
- failure of customer-facing contracts to contain terms which the SaaS provider has committed to include in third party software licences; or
- a disproportionate amount of risk being assumed in the customer contracts, which are not appropriately backed off into the hosting or other third party contracts upon which the SaaS service ultimately depends.
Failure by a target SaaS enterprise to properly model its products could significantly impact the value of the target's existing business and pose a potential threat to revenue generation.
Intellectual Property (''IP'') - Understanding ownership of a target's brand and key products is a principal concern for any investor or acquirer, and is an essential aspect of legal due diligence of an SaaS company's assets. Assessing what IP the target claims to own and whether it has been appropriately protected or maintained is important in due diligence. IP ownership issues can often arise with early stage to mid-cap companies, where it is not uncommon for IP developed by founders or third parties to have failed to be properly assigned to the company.
Where a target relies on the IP of others to perform its SaaS obligations, a review of third party contracts should be carried out to determine if there is any weakness in the chain of intellectual property. Where risks are identified, how easily those weaknesses can be rectified and key IP secured becomes the next factor to consider, as such risks do not necessarily mean that there is no value that can be realised.
Open Source Software - Software is developed using a variety of third party tools and often incorporates third party IP in the software accessed by the SaaS customer. Open source software ("OSS") or freeware is often part of software developers' toolkits for good reason. The use of OSS products can often create greater efficiencies as part of the software development and licensing process.
However sometimes the licensing terms attaching to this type of software are misunderstood. It can be important to verify that the use of OSS or freeware complies with the terms of the licence to use the program, and is appropriate to the target's business model. Where OSS or freeware is used improperly by a target, this can significantly increase the target's risk in offering and performing its SaaS customer contracts.
Reseller or White Agreements - Understanding a target's sales and distribution model is key to understanding its business and profit generating potential. Resellers, white label partners and consortium partners can be an important revenue generating business source. Whether the agreements used to capture terms with principal introducers of customers to the target are suitable is an important consideration when assessing a target, and SaaS companies are no exception.
Data as an Asset (and a responsibility) - Data is generated by customer traffic flowing through the SaaS solution, through the customers' use of the solution in return for fees. Increasingly SaaS providers also leverage the data generated by the primary SaaS business to develop further products, services or "value adds" for clients.
The data generated is itself an asset, and creates business dependencies, so understanding that asset, how it is currently being leveraged and how it could be leveraged is often key to realising the value of a target and the latent risks in such use.
A number of responsibilities can attach to the use of such data. Customer contracts will generally deal with use of customer uploaded or generated data. However use of customer data by the target can also be regulated, for example, under data protection laws. Understanding mandatory laws that regulate a target's activities should also be a primary concern of any investor or acquirer. These regulatory requirements can impact on arrangements with customers, employees and suppliers. There can be significant regulatory risk if these laws are not properly complied with and taken account of in the operation of the SaaS business.
Artificial Intelligence ("AI") - Many SaaS based businesses use AI or apply machine learning to a customer dataset to enhance their SaaS products. Use of such technology, in turn, can create new data about a customer's activity and is an asset.
Where use of such technology is a driver of a target's business, it is important to look behind the marketing claims the target makes regarding AI, and to assess legal risk and what level of protection is available and secured for the target's AI asset, including how it impacts on use of this software.
Matheson has significant experience in the technology sector in Ireland and, in particular, we work with a number of market leading companies providing SaaS software solutions to their customers. We have assisted a number of our clients assess and purchase or invest in SaaS based targets. Our experience gives us an understanding of the key legal and operational issues. If you are considering acquiring or investing in a SaaS provider, we would be happy to assist with any queries that you might have.
Originally published 08/02/2021 .
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.