Software escrow is a business continuity solution that helps to protect all parties involved in a software license agreement.
The neutral 3rd party escrow agent holds the source code, data & documentation and releases the material in case a mutually-agreed-upon event occurs.
Get the Escrow Agreement you need
Software escrow agreements are amongst the most frequently used escrow agreements and are mainly important to end-user licensees. The term licensee under an escrow agreement is broad. It might be an original equipment manufacturer, a reseller, a distributor or an integrator that has an interest in ensuring continuity of software maintenance and support, including updates to be able to fulfil its obligations. Increasingly, banks, venture capitalists, investors, and lenders utilize specific escrow agreements to protect and secure their investments or loans in software companies.
Deposit of software source code either in a physical deposit process or by uploading the code on a secure blockchain-enabled server environment.
1. Introduction - what is Software Escrow?
Software escrow contains both a formal legal and technical component. It serves as a safety net for investments in business critical software applications. When your company purchases a software, you usually only receive an executable application which functions within your runtime environment. In most cases the licensor is obliged to maintain and support the software according to service level terms.
What happens if the terms of the collaboration between you and the licensor change? Either the licensor may go out of business, sell its assets to a competitor of yours or simply can’t fulfill maintenance and support obligations anymore.
Without access to the software´s source code you can neither take over nor outsource the software maintenance rendering your investment worthless. You might be able to keep using the software for a while but very soon bug fixes, security updates or other adjustments are required. With the source code, full documentation, and build instructions you can fall back to your disaster recovery plan and ensure business continuity. This is what German Escrow does day in and day out.
Software escrow helps you to protect your investment, reduces financial and reputation risks and can ensure disaster recovery and business continuity.
2. How does Software Escrow work?
Once you assessed the risk associated with your applications -usually through a benchmark with industry standards- and want to start mitigating these risks German Escrow helps you to push through the full process. We offer agreement templates and will suggest service levels that are required.
Once we reach an agreement we start implementing the licensee, the licensor and the escrow agent, us. Following the execution of the agreement by all parties, German Escrow collects the material from the licensor and carries out the requested testing level. Following successful testing of the deposited material, we generate a testing report. If testing is successful and there is no corrupt data, the material is stored as a dual-deposit. We also manage the deposit of further material based on the agreed release cycles and escrow agreement terms. If a release event occurs, the licensee will inform the parties and the release process commences. If the release event is confirmed the material will be forwarded to the licensee.
Typical release events are:
- Insolvency of the licensor
- Licensor going out of business
- Licensor does not fulfill support or maintenance obligations
- Licensor sells IPRs to a competitor or merges with another software firm
- The software is no longer marketed
3. Why do you need Escrow?
Even though your industry might not be regulated, e.g. by BaFin requirements or the BSI, you want to protect your investments and operations.
Besides working with best practices, software escrow significantly limits management liability in case of business critical applications becoming dysfunctional for whatever reason.
The only legal and technically feasible way to make sure business is continued in case of dysfunctional software is to have the source code and documentation of the dysfunctional application. Except for cases where your company owns or purchases the source code and the user rights, you don’t have access to the code. Escrow hedges these risks.
This is a short checklist when escrow makes most sense:
You use business critical software
You don’t own the source code of the application
You are regulated / operate in a regulated industry
You are prone to liability claims from clients or partners if your application fails
If you check the boxes above, software escrow is the perfect hedge against your IT and business continuity risks.
When should Software Escrow be implemented?
Software escrow is implemented once the license agreement is negotiated. Terms of the license agreement and escrow agreement are matched and German Escrow kicks off the process by storing all information safely and requesting the deposit.
4. Software Escrow Details
Every escrow deposit is unique. However in order to ensure the deposited material can be used in case of a release event, this overview lists the minimum requirements:
A) Overview and stock keeping of deposit material (Deposit Road Map)
B) General information of the deposited material
– General software description
– Type of medium used for deposit
– List of third party applications required to build and run the software
– Parameters and settings required for a successful build
C) Media access information
– Encryption and password details
– Data extraction information and archive utilities
– Type of expected source code delivered (java, c++, etc.)
– If provided, developer’s contact information
D) Build information and documentation
– List of application build dependencies
– List of build environment setup and configuration
– Any in-house developed or not freely accessible compile and build applications
– Step by step build instructions
– Required design information, such as source code architecture and module interactions
– Interface / API documentation
E) Smoke test information
– Scripts and/or processes to diagnose the successful build
– Run the application
5. Required Verification Levels
Whilst a solid escrow agreement is essential – it is vital to ensure all required material is deposited and works as expected. German Escrow offers a broad range of standard verification levels.
Each verification is designed to ensure the material is complete and can be used in case a release event occurs.
We only recommend a specific verification level once our initial analysis of your specific situation and ecosystem is completed.
Here are the main motives for companies to verify software deposits:
You want to ensure the deposit contains the correct material, the material is complete, and it works in the developers environment
You want to ensure the application can be re-built independently outside the developers environment
You want to ensure the application can be build within the licensees environment
All of the above we can handle out-of-the box, however, in case our existing verification levels do not match your requirements we have always found a custom solution with our clients requisitions.
Types of Software Escrow Agreements
German Escrow offers different kinds of software escrow agreements. The most common software escrow agreements are
1. Single-License Software Escrow agreement
A single-license software escrow agreement, also referred to as “three party ” escrow agreement, is used for the deposit of software applications with only one party as licensee.
Software escrow for software
Dedicated for one licensee and one software application
Agreement terms can be agreed upon one by one
Agreement is reached by the licensee, the licensor and German Escrow
2. Multi-License Software Escrow agreement
A multi-license software escrow agreement, also referred to as “two party ” or “multiple party” Escrow agreement, is used for the deposit of standard “off the shelf” software applications with multiple licensees.
Software escrow for standard software
Set up for multiple licensees and one software application
Agreement terms cannot be agreed upon one by one
Agreement is reached by the licensor and German Escrow
Licensees can join the existing agreement with the licensors consent by signing a beneficiary agreement
All agreements are available in German and English.
3. Passive Software Escrow Agreement
Passive escrow agreements are similar to software escrow agreements and are available as single-license software escrow agreement or multi-license software escrow agreement.
The Passive Escrow agreement is set up between the licensor and German Escrow. The terms are therefore agreed upon by those parties. The licensor reports a new licensee to German Escrow and German Escrow sends a confirmation for the licensees registration to the agreement to all parties. The licensee is now covered based on the existing terms of the agreement.
The advantage of a passive escrow agreement is that the licensee does not become a party to the agreement and does not have to execute an agreement. The licensee only benefits from the agreement without having to fulfill any obligations until a release event occurs. This accelerates the implementation timeline significantly as the licensee does not require any legal resources to check agreements, however, agreement terms cannot be negotiated.
All agreements are available in German, English, Spanish and French.
Request a Discovery Call
If you are not sure which type of escrow agreement is the right one for you, talk to us and we navigate you to the right agreement for your project!