In this blog post, Miller & Martin attorney David Spiller discusses what to do when a major customer drops a 100-page Master Agreement on a technology provider.
When a major company sends its technology provider a 100-page Master Agreement, the document lands with a thud – either real or electronic. There's excitement on the provider side – "let's redline this puppy and get it signed!" – because the deal is getting closer to actually happening. But the excitement can turn to consternation once the document is opened, and 100 pages of single-spaced, 10-point font legalese stare back at the reader.
To move forward the provider has to do two things simultaneously – on the one hand, settle in for what can be a new slog with the customer's legal counsel (after the slog with its business principals getting a green light for the deal), but, on the other hand, keep momentum going by jumping into the document, understanding it and figuring out what works and doesn't work for the provider. It would be great if the provider could simply hand the customer the provider's standard terms of sale or service (or better yet, have the customer click to agree to those online); but when the customer is "the Goliath" and the provider is "the David," the customer may want the terms upon which it purchases products or services to be on its own "standard paper."
Step one, if you are the provider, whether you provide SaaS services or a software license, or other consulting services, or technology-oriented products or deliverables, is to realize that the legalese is worth reviewing well and understanding, as it will create legal obligations and set the expectations of the customer, perhaps for a long time. An MSA or MA is designed to work for the deal that's been approved and for other deals that the parties may agree to in the future – hence the word "Master."
Step two is to realize an MSA or MA is designed by major companies to work in a variety of vendor situations so that the company has similar agreements with all its vendors, making it easier for the company to manage all those relationships. This can be jarring - you might sell products, not services, but the agreement covers both, or in delivering services you have no contact with the customer's own customers but the agreement contains 10 pages on how you can contact the customer's own customers.
Often what the provider receives is a MSA or MA with attached lots of order addenda, riders, exhibits, schedules, statements of work, etc. The MSA or MA contains generic terms that apply to lots of engagements while the attachments are more specific; in facts, sometimes you might see only the attachments the customers thinks are applicable for your services or products, and other times the customer might send you all of its standard form attachments, from which the parties are to choose those that apply. At its worst, the document set is a Frankenstein of different parts created by different teams at different times for different reasons.
Understanding how these documents work together is critical and non-obvious. First, there is often a definitions section in the MSA or MA that defines a lot of terms used throughout the document set, and the definitions can contain hidden traps. For example, "Applicable Law" could be defined as laws applicable to the provider or to the customer, meaning that a provision that says the provider will be responsible for complying with "Applicable Law" sounds OK at first but requires the provider to comply with laws applicable not to it but to the customer, of which there could be many that are totally unknown to the provider. And, by the way, the definitions section is 25 pages away from that compliance provision.
Second, the MSA and MA and their attachments are all interdependent and really do have to be read together to understand what responsibilities and obligations the provider is taking on, as related obligations can be disconnected and scattered about the document set.
For example, there might be three different levels of confidentiality requirements in the document set – one generic level of requirements in the MSA or MA that each party protect the other's confidential information, another in an exhibit to the MSA or MA discussing heightened standards concerning the handling of the customer's data on its own employees and customers and still another in yet another exhibit concerning even more heightened standards if the data has not been de-personalized and contains names, addresses and social security numbers, or health information. Another example is testing of a SaaS system – one provision in the document set may require the provider to test its system for vulnerabilities on a monthly basis, while another might require the provider engage a third party perform to an annual penetration test. These provisions are related but different, and quite possibly 50 pages apart.
Third, sometimes the generic provisions of the MSA or MA contradict the more specific provisions of the various attachments. For example, the former may say that anything you create as part of or at all related to delivery of the services or products belongs to the customer (as if your development team were employees of the customer), while the attachments more specifically (and correctly) say that the customer merely receives ownership of the output from its use of the services (e.g., data sets and reports generated by use of SaaS services) or of the specific products or deliverables agreed to be delivered. Which document controls over the issue, the master agreement or the attachments? Often there is an expressed order of priority or precedence among the MSA or MA and its various attachments, which needs close attention.
Dear reader, have no fear. The customer's legal counsel may at first take the "play dumb" approach of acting as if he or she can't possibly understand why you wouldn't sign the "very fair and well-written" document set as is, indicating that he or she has no authority to change the terms and further indicating that the path to getting internal approval to change the terms is so winding and time-consuming that the deal will crater – in other words, the counsel plays dumb but is really hoping you will make the dumb move of throwing your hands up and just signing.
But give that counsel a few examples of terms that don't fit or apply to how you will provide products or services and you will see some movement. At its best, what emerges is a document set that looks enough like the customer's other provider agreements that it is satisfied, but that puts on the provider appropriate responsibilities and obligations that fit its products or services.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.