March/April 2021

Tech From the Trenches: The Customer’s Guide to Master Service Agreements

Wade K. Sims

By choice or necessity, “Covidian”-era lawyers across all industries are becoming exposed to—and begrudgingly familiar with—technology contracts. A common but unique technology contract encountered is the master services agreement, or MSA. Unlike traditional service and license agreements, which are usually single-body contracts with occasional attachments and exhibits, MSAs are “master” documents that govern multiple agreements or transactions between entities.

An MSA will usually govern or incorporate additional contract documents, such as software license agreements, policies and procedures, terms and conditions, privacy policies, data protection agreements, end-user license agreements (EULAs) and statements of work (SOWs). The MSA will usually set forth the principal legal terms that govern the relationship of parties—the technical part only transactional lawyers care about—whereas the subsidiary agreements or SOWs contain the transactional details more important to the operations team. For example, a company might engage in a single MSA with a service provider but have separate subsidiary agreements for licensing the provider’s software suite, engaging the provider’s consultant services, and utilizing the provider’s cloud storage platform, all generally governed by the MSA terms.

MSAs are usually drafted by the service provider. As such, there are plenty of provider-centric guides and templates available on the internet, often identifying what is customary in the service provider’s industry. Instead, this Trenches column is for customers and their attorneys, both in-house and outside counsel, as well as lawyers advising their own law firms on MSAs for software and services. “Customary” does not mean customer friendly, and customers can mitigate significant risk by negotiating a few key sections.

General Considerations

Contract purpose.

Let’s start with the obvious: You must understand the purpose and context behind the agreement in order to provide your client with effective legal advice. This simple rule can be challenging to put into practice—especially with MSAs that may cover unrelated, disparate or future transactions. You may need to consider potential future contract arrangements that could fall under the MSA’s terms.

Moreover, clients can be laconic when they request a legal review, especially if they assume the contract must have all the legal details counsel needs. If your client’s request amounts to, “Please review. Thanks,” call them back and request a walkthrough of the services to be purchased, including what problems this engagement seeks to solve, what are the expected costs, what type of data is involved, key deadlines and any other background information that will be relevant.

Incorporated documents.

Depending on the complexity and sophistication of the MSA, other documents referenced or incorporated may not be attached to the body for review. These referenced documents can add or change customer obligations beyond what is listed in the MSA. For example, an MSA might incorporate a software EULA that states that the service provider may change the license terms at any time without notice. Or, the MSA may reference a global policy document that imposes a limitation of liability narrower than the one provided in the MSA.

Request that all referenced documents be attached as exhibits and review them for problematic terms. There should also be a “Conflict Between Documents” clause that specifies the order in which each document controls.

Key Provisions

Payment terms.

Payment terms might be specified in SOWs, may be listed in the MSA or both. Net 30 payment terms are standard and reasonable in most circumstances. Confirm whether the customer must preapprove expenses, and check that late fees comply with applicable statutory limits.

MSAs will frequently include the provider’s right to stop work and/or withhold deliverables in the event of customer nonpayment. Reciprocally, the customer should have the right to withhold prorated amounts in dispute without triggering a contract breach, stop-work order or late fees.

Term and termination.

The MSA term will usually span the term of any covered transactions thereunder. Customers should confirm that the term of the MSA makes sense and is compatible with any subsidiary agreement term.

MSAs usually won’t allow for voluntary termination, but there should be a right to terminate for cause. Take heed of any global notice-and-cure provision and how that might affect services. For example, if a provider has a standard 30 days to cure, the customer may be without software access for up to 30 days without recourse. If loss of services is a critical issue for the customer, consider demanding a service level agreement SLA that provides for refunds and/or termination right for extended downtime.

Intellectual property (IP).

IP sections are frequently treated as boilerplate, but they can represent millions of dollars in risk exposure to the customer. If the provider will be creating deliverables for the customer, the IP of those deliverables should be explicitly assigned to the customer. Specifically, this section should state that the provider and its employees or contractors “hereby assign” any and all intellectual property in and to the deliverables. “Assign” without “hereby” only conveys a promise of future assignment and is insufficient to convey IP rights to the customer. Don’t rely on a “Works Made for Hire” clause without assignment. Works Made for Hire is a statutorily defined term under the Copyright Act, 17 U.S.C. § 101 and frequently will not apply to deliverables created pursuant to a contract. Ideally, this section should specify what happens with new materials and pre-existing materials, including third-party materials that may be licensed by the provider.

Representations and warranties.

MSAs or subsidiary agreements will usually disclaim implied warranties. Express warranties might be provided depending on the services contemplated. The customer should confirm that the MSA includes a warranty that the provider’s products and services do not infringe on any third-party intellectual property right, including patents and trade secrets. If the provider adds the limitation “to Provider’s knowledge,” consider adding, “and after Provider’s reasonable and thorough inquiry.” Most salespersons won’t know whether their company is being sued for IP infringement.

Any express warranty that deliverables and services will comport to any specification documents should extend for the length of the term. This is especially true for software agreements, where “updates” could remove critical functionality, such as interoperability. This can be a challenging issue to negotiate if the service provider wants to reserve the right to discontinue or sunset services, especially over a long contract term.

Limitation of liability.

Standard limitations of liability are frequently the most customer-hostile provision of MSAs. Provider-drafted terms usually seek to limit the provider’s liability to the preceding 12 months’ fees paid under the applicable SOW.

These default terms are highly unfavorable to the customer. A customer’s loss risk is usually much greater than the fees paid under a SOW; there may be performance interruption, downstream compliance penalties, replacement costs, staffing issues and other effects to consider if a provider breached mid-contract. A provider who only must refund a partial term may be incentivized to breach a contract if it thinks the contract is underperforming, especially if the customer is otherwise locked into other agreements under the MSA.

Customers should seek to maximize liability caps to the extent they are able. Also, confirm that gross negligence, intentional malfeasance, misuse of confidential information and indemnification obligations are exempt from the liability cap. Expect the provider to resist any changes to their limitations of liability clauses. You may need to engage in aggressive negotiations—either with or without lightsabers.

Choice of Forum/Law

For U.S.-based services, choice of forum/law will usually be proposed as the provider’s county/state of operation, and in most cases this will be immutable. MSAs that govern international services are more complicated and may list jurisdictions using if/then matrices. Confirm that services and their listed jurisdictions reasonably match, and pay attention to any disclaimers to international treaties or laws that could apply, such as the EU General Data Protection Regulation and the U.N. Convention on Contracts for the International Sale of Goods. Finally, the customer may also want to seek adding a forum exception for obtaining an injunction in other jurisdictions, such as to prevent disclosure of the customer’s confidential information. 

Wade K. Sims

In-House Counsel

Wade K. Sims is in-house counsel for Wellpath, an international health-care provider serving patients in inpatient and residential treatment facilities, civil commitment centers and correctional facilities. He advises on corporate transactional matters including health-care services, intellectual property portfolio management and technology licensing.