Has a software provider ever handed you a EULA and you didn’t know what to make of it? And no, EULAs aren’t medical devices or quantum physics particles. While End User License Agreements (EULAs) can appear to be as inscrutable as quantum physics, they don’t have to be. At Synergy Law, we can help government agencies and their representatives make sense of them, as well as understanding and addressing the risks and challenges at play with these agreements.
What is an End User License Agreement (EULA)?
EULAs are legally binding contracts that specify the rights and restrictions that apply to a product between the licensor of a product (provider) and the licensee (purchaser). EULAs may also be known by a host of other acronyms: SLAs or Software License Agreements, LAEUAs or Licensed Application End-User Agreements, and the old stand-by – Ts&Cs or Terms and Conditions Agreements.
EULAs are typically used for software purchases – and potentially its associated hardware. The software seller or provider will generally present the EULA to clients during the installation or purchasing process. Most people would have some experience with EULAs when they sign-up for Adobe Acrobat – and must agree to the company’s Ts&Cs (Terms and Conditions). EULAs can apply to both an entity and its personnel. As such, it’s important to understand the terms prior to signing on – as it can affect your organisation and its staff in a personal capacity.
Can you actually change what’s in an EULA?
It is a common misconception that organisations – or individuals, have no scope to negotiate the terms and conditions of a product before purchasing it. This is not true. While individuals may have limited abilities to negotiate terms, organisations with larger budgets and specific legal or policy requirements certainly would have more scope – particularly if they are purchasing products in bulk. In fact, it is my common practice to mark-up and change EULAs – with agreement from the provider, before purchasing the given product.
What to look out for when reviewing EULAs?
When marking up and changing EULAs, it’s important that the agreement suits your organisation’s requirements. In the following is a list of provider clauses to ‘look out for,’ along with ways to change or potentially address the issues at play.
1. Unbalanced, Service Provider protective liability clauses – Most providers cap their liability to the fees paid for the services. If this is not appropriate (i.e. due to the nature of the services being critical and the fees being minimal), organisations can potentially negotiate the liability amount. However, the provider cannot exclude certain liabilities such as death and personal injury under Australian law.
2. No warranty or representation to issues with the product – While there are protections under the Australian Consumer Law (ACL) for product warranties, providers often try to limit warranties as much as possible. The ACL does not apply to Commonwealth entities. So as to mitigate this risk, the warranty should be negotiated to meet your organisation’s specific requirements.
3. Product will receive updates remotely – If you have specific security needs and your organisation do not permit remote updates, your agency will need to work with the provider to sort out a solution to meet operational needs. Otherwise, your organisation should consider whether it can accept this clause or should walk away from the proposed agreement.
4. No modification of products – Should your organisation need to modify the product, it should remove the ‘no modification provision’ or include a provision in the EULA, granting permission to modify the product. If the provider gives permission separately (in writing), this could be considered as a written agreement that amends or overrides the existing EULA.
5. No Confidentiality/No obligation to keep your information confidential – Organisations should be careful to review clauses relating to the handling, categorisation or definitions of confidential data and information. Otherwise, the provider could potentially have the right to distribute your organisation’s confidential information.
6. Provider right to audit your systems for licence compliance - In the first instance, organisations should request the removal of these types of clauses. If that is not possible, they should seek to retain standard audit provisions, but only as long as they are conducted in accordance with the organisation’s security policies and procedures.
7. Provider can change terms of the agreement at anytime – Look to have this clause removed, if possible. In the alternative, organisations should ensure that if the provider’s terms do change, they only can take effect as of the date of contract renewal. This mitigates the risk of a vendor changing its terms with immediate effect – and it gives your organisation security regarding service provision, deliverables, cost and so forth.
8. Termination of the EULA – Organisations should ensure that if the provider chooses to terminate the agreement for reasons of convenience, there are provisions for a refund. Similarly, the organisation should have similar rights, i.e. the ability to terminate for breach by the provider.
9. Privacy – Information Sharing of your data – Your organisation should ensure that the EULA does not give the provider permission to utilise or share its data, content or similar derivative information. If this feature is a core part of the service offering, the EULA will need to be amended to limit information sharing – and in ways that do not compromise individuals’ privacy or the confidentiality of the organisation’s data.
10. Intellectual Property (IP) ownership – Usually, the service provider will have rights over any IP of the product in the EULA. However, it is essential for organisations to ensure their use of a product or software does not give the provider ownership of any of the user’s IP.
11. Governing law – Often, providers will nominate their ‘home jurisdiction’ or another favourable forum as the EULA’s governing law – and under which any disputes should be litigated. It is common for American-based organisations to nominate the laws of Delaware as the governing law of the EULA contract. However, Commonwealth entities can seek to have the terms amended to reflect an Australian jurisdiction, considering that the provider is conducting business within Australia.
12. Warranties, Indemnities and Guarantees for Commonwealth Departments – As a first position, Commonwealth entities should reject any warranties, indemnities and guarantees requested by the provider. If they must be accepted, a PGPA Act section 60 brief will need to be provided. This is in accordance with Department of Finance guidelines – and outlines those warranties, indemnities and guarantees and the risks involved for your delegate to approve.
Reviewing EULAs can be a complex undertaking, but it’s important to get them right so that organisation are protected against losses or damages. At Synergy Law we are trusted experts with EULAs – and have worked for and with numerous Commonwealth and State agencies, large corporate and other organisations – across both small and large projects. If you have any further questions about EULAs or ICT contractual agreements, please reach out to Synergy Law.
