Software Escrow Contracts: The Essentials you Need to Know

In today’s technology-first world, more companies are striving for a global presence but need to keep up with the everchanging demands of the digital world, whilst mitigating business risk. The growing reliance on software is evident, with organisations spending around $2,623 globally per employee per year on SaaS solutions alone. (1)

However, this need for global business growth brings a level of risk, especially when a business or product is dependent on one or two software providers. The internet blackout from last year that caused some of the world’s biggest websites to go down for hours and had a huge impact on business revenues, was caused by a bug from one single software infrastructure provider. (2)

With growing pressure to protect business continuity and avoid catastrophic tech failures that can impact an entire business, companies should consider software escrows as part of their overall risk management strategy.

Why are software escrows important?

There are many reasons why a business would want to prepare a software escrow agreement. In some industries, such as banking, software escrow agreements are usually mandatory for every supplier, given the compliance and sensitivities around finance.

So if any business in any industry is heavily reliant on a particular piece of software from a supplier, they should consider a software escrow agreement to protect them from tech failures and business disruption.

What is a software escrow?

A software escrow is a contract between a software supplier and their client that helps to ensure the client’s continuity of their business activity in the event of supplier failure. Much like an escrow agreement when a person buys a house, whereby a third party temporarily holds the funds until the purchase agreement is met, a software escrow involves a third party - the software escrow provider - holding a software supplier’s source code via a deposit system. This means that if a software supplier goes into liquidation, bankruptcy or experiences other disruption that could potentially affect its clients, the client will get access to source code to be able to continue using the software and avoid critical business disruption.

A software escrow contract involves three different parties:

1. The client, or licensee of the software supplier: he usually initiates the request for an escrow agreement with the supplier, often due to compliance reasons or as part of their risk mitigation strategy
2. The software supplier: he is responsible for depositing the software source code with a third party and ensuring the deposited assets are regularly updated
3. The escrow agent: the third party that holds the deposited material until the release conditions are met.

Having a software escrow in place between a software supplier and its client provides many great benefits.

For the client, it allows its organisation to limit supplier dependency and to implement effective business continuity plans that ensure compliance with internal and regulatory rules. Essentially, an escrow is an additional security blanket and guarantee for the client.

For the software supplier, having a software escrow agreement with a client, mandates them to deposit their source code with the trusted software escrow provider, as part of the agreement. In return, the escrow provider will deliver a certificate as proof of deposit, which in itself has great value for the software supplier. Indeed, by making this deposit, the software supplier is able to assert the ownership of its software and bring a recognized proof to a court in case of copyright litigation. This measure also adds value to the software supplier’s business, as clients or investors will be reassured to know that they have purchased an asset with a protected IP.

Types of software escrow contracts

There are different types of software escrows that clients can choose to form with their software supplier, all with different levels of access rights.

Access Clause

The most basic and simple escrow agreement is the Access Clause, a paragraph within a commercial contract between the software supplier and the client which summarises the conditions in which the client can access the source code. The access clause can then be shared among multiple different clients by the software supplier. It’s a quick and easy option. However, while an access clause provides some level of security, and ensures the software supplier makes a deposit of their software source code with a third party, the responsibility of managing the escrowed elements remains with the software supplier alone. This means that the client has no control over the way that the software supplier updates the escrowed assets, and no way of knowing if they are being kept up to date - therefore placing full trust in the software supplier.   

Bipartite software escrow

A Bipartite Software Escrow is a type of escrow contract between the software supplier and the client that is independent from the commercial contract. Unlike the access clause, both the software supplier and client have access to the escrow agent’s platform that holds the escrowed elements, meaning that the client is able to view the status of the deposit made by the software supplier in the context of the contract and react if the terms are not respected. For example, a client can detect if the supplier did not update the deposit as agreed to in their contract.

Tripartite software escrow

A Tripartite Software Escrow is considered the optimal and most common form of escrow. In this agreement the escrow agent’s role is to ensure that the supplier respects the terms agreed upon with the client and will hold the supplier accountable to these terms and furthermore duly inform the client should the terms be contravened. This is carried out through an escrow agent’s centralised management system for the suppliers, whereby suppliers can easily abide by their contract terms by, for example, keeping the source code up to date as well as renewing payments and fees.

 At Vaultinum, a software escrow agreement is possible no matter the delivery method of software, whether it is installed on client machines, SaaS or cloud based. Vaultinum offers 3 types of software escrows depending on the needs of the supplier and client.

Source code escrow for increased peace of mind

Software remains a core part of many organisations and without protection of outsourced software and digital assets, businesses could leave themselves vulnerable. Forming the right software escrows and incorporating them as part of the onboarding process with suppliers, adds an additional layer of protection for both software suppliers and clients, ultimately providing transparency and peace of mind for both parties.

Naturally, the software supplier does not want the client to have access before or unless certain conditions are met. Likewise, the client wants to make sure that if  pre-agreed conditions are met, they will have access to their source code.

Using an Independent Trusted Third Party such as Vaultinum as the Escrow Agent, not only gives a software supplier peace of mind that their sourcecode is safely encrypted and stored using the AES 256 encryption algorithm, but also creates a circle of trust between all parties involved.

Vaultinum ensures the enforcement of a strict access procedure, which means that if any of the release conditions agreed in the software escrow occur, Vaultinum will implement a strict and transparent verification process, before allowing the beneficiary to access the escrowed elements.

Since 1976, thousands of digital creators, businesses and investors have trusted Vaultinum to secure their innovations and protect their intellectual property while ensuring the continuity of their business activity. Find out more about how we can do the same for you.