A Legal Guide to Kicking SaaS

It has been an exciting time for the New Zealand software-as-a-service (SaaS) industry of late. The Government’s recent promise of $11.2 million over 3 years to boost the SaaS sector was a welcome acknowledgement of the sector’s role in driving a more productive, high-wage and low-emission economy. Not to be outdone, Microsoft then announced an initiative to partner with, and provide a marketing and sales channel for, New Zealand SaaS companies – enabling them to promote their products in overseas markets through Microsoft’s digital Azure marketplace. This follows the spate of recent large-scale data centre projects announced by global players entering the New Zealand market.

We are fortunate to work with outstanding New Zealand SaaS companies (and their customers) every day – and it feels like a good time to share some insights on what we’re seeing in terms of legal issues and market practice in the SaaS sector.

If you’re trying to take a Kiwi SaaS company to the world, here are some things to think about:

1. Will your corporate structure scale with your product?

Technology businesses set up to address a local market often start with a fairly simple corporate structure. This can work perfectly in the short term, but growth plans often require some more thought:

• Do you have a shareholders agreement that allows for growth and will be palatable for prospective investors?
• Do you want the ability to reward key staff and contractors with equity?
• Where is your intellectual property sitting and does your corporate structure need to change to protect and extract value from it?
• Will you need to establish international subsidiaries or register international branches to operate in new markets? Sometimes regulatory requirements in your target markets make this a necessity, and the decision can often be driven by tax considerations.

None of these are simple questions and the answers are different for each business. You can also make changes too early or in a way that adds undue complexity. This is where your legal, tax and accounting advice needs to be in sync to drive the best result.

2. Your legal terms need to scale too

Just like the business itself, your core subscriber terms and other contractual arrangements may need a spruce-up for the global market. While SaaS contracts are relatively portable, it’s unlikely you’ll be able to rely on terms drafted solely for use in New Zealand when you move into overseas markets. Not only are there specific overseas regulatory regimes to consider (in areas like data privacy, consumer protection and financial regulation) but each country has its own market practice, which should to some extent be reflected in your contracts.

That second point is often overlooked, but in SaaS contracts it’s critical to strike the right balance between protecting your interests and getting the deal done. Constant protracted negotiations with customers are not good for business, especially if you’re operating in a high-volume, low margin environment. This is just as relevant for your NZ customers too – particularly with increased regulatory attention on unfair contract terms (including in B2B agreements).

Also, bear in mind that even if you’ve decided to stay put in New Zealand and contract with overseas customers on a cross-border basis, many foreign laws have extra-territorial effect – meaning you may still need to comply with them if you have customers in that market (GDPR is probably the best-known example).

3. You can’t escape data privacy

On that note, data privacy continues to be the key compliance obligation for most SaaS companies. For any company processing data and operating across borders, the modern regulatory landscape is a massive challenge. As well as the fact that all countries have different (and increasingly onerous) data protection regimes to contend with, there is also an increased regulatory focus on cross-border transfers of data. Some specific things to think about:

• Do your standard form privacy policy and back-end processes reflect the legal requirements and regulator expectations in all of your key markets?
• Do you find yourself having to sign multiple onerous, customer-specified data processing agreements? If so, would it be better to draft your own, reflecting your standard processes and risk appetite?
• Who are your data sub-processors? And – as you are often legally responsible for their actions – do they have the right contractual obligations to protect the data they process on your behalf?  
• What are the cross-border data flows inherent in your SaaS solution and do they comply with regulatory requirements around data transfers and data localisation?

4. Who else are you relying on (and do their promises match yours)?

The “supply chain” in the SaaS world is getting more and more complex. Most SaaS businesses rely on a range of other SaaS vendors – either in their core tech stack or otherwise behind the scenes – to deliver their solution. There is also increasing demand from customers for seamless integrations with a range of other tools.

It’s important to have a clear view of the contractual arrangements that apply to this supply chain. If other vendors (whether they’re data sub-processors, software component providers or integration partners) play a role in your solution, then you need to make sure their terms are consistent with whatever you are promising to your customers. If this isn’t achievable (and let’s face it, many players in the supply chain operate on a ‘take it or leave it’ basis) – then you at least need to identify the gaps, understand where your risk lies and consider ways to mitigate it.

5. Positive vibes

Despite global economic challenges and the widely-touted war for talent, we are generally seeing positive sentiment in the New Zealand SaaS industry and some great success stories continuing to come through. Now’s a great time for ambitious SaaS companies to take things to the next level – good luck out there!