Service
ICT commercial contracting counsel.
SaaS, cloud, IoT and ICT-services businesses run on a constant flow of commercial contracts. The firm acts as outsourced commercial legal, reviewing and negotiating inbound and outbound master service agreements, data-processing agreements, non-disclosure agreements, statements of work and subscriptions on a volume-based retainer with a fair-use cap. Cyber and digital-resilience compliance is a separate service.
Who this is for
- Swiss SaaS scale-ups handling a steady volume of customer and supplier contracts without in-house legal.
- Mid-cap industrial companies digitalising: IoT, connected products and ICT-services agreements.
- ICT and SaaS providers to financial institutions that face DORA ICT third-party terms in their contracts.
What's included
- Master service agreements and SaaS subscriptions: review and negotiation of inbound and outbound terms covering scope, service levels, liability caps, indemnities and termination, drawing on the freedom of contract that the OR gives commercial parties over the content of their agreements (Art. 19).
- Data-processing agreements: processor and controller terms aligned with the DSG processor provision (Art. 9) and, for EU-facing data flows, the processor terms required under GDPR (Art. 28).
- Non-disclosure agreements and statements of work: mutual and one-way NDAs, plus SOWs that pin down deliverables, acceptance and change control against the parent master service agreement.
- Customer and supplier paper: both the contracts a provider issues and the third-party terms it is asked to sign, including DORA ICT third-party clauses pushed down by financial-sector customers.
- Playbooks and fallback positions: an agreed set of standard positions and fallbacks so routine negotiations move quickly and consistently across the contract base.
- Volume retainer with a fair-use cap: a predictable monthly fee against an agreed contract throughput, with matters beyond the cap scoped separately.
How it works
- Intake. The firm reviews the client's existing contract base, recurring counterparties and the typical inbound and outbound paper.
- Calibration. The firm agrees standard positions, fallbacks and the fair-use cap, fixed in the engagement letter.
- Run. The firm reviews and negotiates contracts as they arise, working to the agreed playbook and turnaround.
- Escalation. The firm flags any matter beyond the cap or outside the playbook before work proceeds, so cost stays predictable.
- Review. The firm revisits the playbook and throughput periodically as the contract base and counterparties change.
Indicative pricing
Monthly subscription
from CHF 5,000 / month
A volume-based subscription with a fair-use cap; beyond-scope advisory at CHF 700 to 950 / hour.
Indicative starting prices, net and exclusive of Swiss MWST (VAT) where applicable; final fee per written engagement letter.
Frequently asked questions
- What does a contracting retainer cover, and how does the fair-use cap work?
- The retainer covers review and negotiation of the everyday commercial contracts an ICT business runs on: master service agreements, SaaS subscriptions, data-processing agreements, non-disclosure agreements and statements of work, both inbound and outbound. A volume-based fee is set against an agreed monthly throughput; the fair-use cap defines the contract volume and complexity included before additional matters are scoped separately. The cap is fixed in the engagement letter so the monthly cost is predictable, and the firm flags early when a high-volume month or an unusually complex negotiation falls outside it.
- Does a data-processing agreement require both Swiss and EU terms?
- Often, yes. Where a SaaS or cloud provider acts as a processor, Swiss law governs the engagement through the processor provision of the DSG (Art. 9), which permits processing to be assigned to a processor by contract under defined conditions and limits sub-processing to cases with prior controller approval. Where the same data flows touch EU-resident individuals, the data-processing agreement must also carry the processor terms required under GDPR (Art. 28). A workable DPA usually addresses both regimes in one instrument, and the firm drafts and negotiates the clause set accordingly.
- Does this service include NIS2, DORA or Cyber Resilience Act compliance?
- No. Those are handled under a separate service. Cyber and digital-resilience compliance (NIS2, DORA and the EU Cyber Resilience Act) is its own engagement, covering applicability scoping, governance and incident-reporting frameworks and product-cybersecurity obligations. The contracting retainer handles the commercial-contract layer: where a financial customer pushes DORA ICT third-party terms into a provider's master service agreement, the retainer reviews and negotiates those contractual terms, while the underlying resilience-compliance build sits with the Cyber & Digital Resilience service.
- Which law governs these contracts, and is party choice respected?
- Most engagements run on Swiss contract law under the OR, where a contract forms on the parties' mutual assent (Art. 1) and the parties may set the content of their agreement freely within the limits of the law (Art. 19), which gives commercial parties wide latitude over allocation of risk, liability caps, service levels and termination. Where a counterparty insists on a foreign governing law, the firm advises on the practical consequences and negotiates the terms accordingly; the choice-of-law analysis for any specific contract is confirmed at engagement.