Executive Summary

Most SaaS teams need 12 documents, but only 6 unblock revenue:

  1. MSA with UAE-appropriate liability caps
  2. DPA that satisfies enterprise procurement
  3. SLA with realistic commitments
  4. IP assignments from everyone who touched the code
  5. Privacy Policy that covers PDPL (and GDPR if you have EU customers)
  6. Employment contracts with IP and confidentiality clauses

Everything else matters, but these are the ones that stall deals and funding rounds.

If you sell B2B software in the UAE, your legal documents are part of the product. Enterprise buyers, banks, semi-government entities, and regulated clients will block procurement unless your contract pack is clean.

This guide covers the documents you actually need, what goes wrong when they are missing or poorly drafted, and how to prioritise if you are building from scratch.

Common Mistakes in UAE SaaS Contracts

These are the issues we see regularly:

  1. Copying US/UK templates without UAE adaptation. Choice of law, dispute resolution, and liability provisions that work in California may not be enforceable here. This is especially true for non-compete clauses, which have specific enforceability rules in the UAE.
  2. Weak IP chain of title. Missing assignments from founders, early contractors, or that developer friend who helped with the MVP.
  3. No DPA or data clauses. Enterprise and regulated clients will not proceed without them.
  4. Liability caps that do not match enterprise expectations. Caps that are too low will be rejected; caps that are too high create unnecessary risk.
  5. Missing exit obligations. What happens to customer data when the contract ends? If your contract does not say, you will negotiate it under pressure.
  6. Unclear billing and renewal terms. Auto-renewal, price changes, and refund policies should be explicit.
  7. Unrealistic SLA commitments. Promising uptime you cannot deliver creates liability.

When Legal Documents Become Urgent

Most UAE SaaS teams only discover gaps when a deal stalls or an investor asks uncomfortable questions. Two situations make this real:

Closing enterprise deals

Enterprise procurement teams will redline your contracts. They will ask for:

  • Master Service Agreement with specific liability caps
  • Data Processing Agreement (especially if they have EU operations)
  • SLA with uptime commitments and service credits
  • Security questionnaire responses
  • Evidence of UAE data protection compliance

If you cannot provide these, the deal waits while you scramble to draft them. Or it goes to a competitor who can.

Fundraising and due diligence

Investors will request:

  • IP chain of title (proof the company owns its code)
  • Signed IP assignments from all founders, employees, and contractors
  • Shareholder agreements and cap table documentation
  • Key customer contracts
  • Employment agreements with confidentiality and IP clauses

Missing or incomplete documents slow down funding rounds and can affect valuation.

What UAE Enterprise Procurement Actually Asks For

If you sell to banks, semi-government entities, or regional corporates, expect these requests:

  • Executed MSA with their redlines (liability caps, indemnities, termination rights)
  • Data Processing Agreement with subprocessor list and breach notification timeline
  • SLA with uptime commitment, measurement methodology, and service credits
  • Security questionnaire (often 50–200 questions covering encryption, access controls, incident response, business continuity)
  • Evidence of data hosting location (many clients want UAE or GCC hosting; some will reject AWS regions outside the Middle East)
  • Audit rights clause (right to inspect your security controls, sometimes annually)
  • Subcontractor/subprocessor approval process (they want to know who else touches their data)
  • Insurance certificates (professional indemnity, cyber liability)
  • Invoice and tax compliance (VAT registration, proper invoicing format, sometimes withholding tax documentation)
  • Governing law and dispute resolution (UAE clients often push for UAE courts or DIFC; international clients may want arbitration)
  • Exit and transition obligations (data return, deletion certification, transition assistance period)
  • Background on your company (ownership structure, financial stability, key personnel)

Customer-Facing Documents

These are the documents every user of your platform agrees to. For B2B sales, these are not marketing pages. They are risk controls.

Terms of Service

Your Terms of Service govern how customers can use your product. Key provisions:

  • Acceptable use restrictions
  • IP ownership (you own the platform, they own their data)
  • Limitation of liability
  • Subscription, billing, and cancellation terms
  • Governing law and dispute resolution

UAE-specific note: Limitation of liability clauses are enforceable, but must be clearly drafted and brought to the customer's attention. Use clickwrap acceptance (checkbox + button) rather than browsewrap (continued use = acceptance).

Privacy Policy

If you collect any personal data (names, emails, IP addresses, payment details), you need a Privacy Policy under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021).

Your Privacy Policy must explain:

  • What data you collect and why
  • How you use, store, and protect it
  • Who you share it with (including subprocessors like AWS, Stripe, analytics tools)
  • Data retention periods
  • User rights (access, correction, deletion)

If you have EU customers, add GDPR provisions. If you have California customers above certain thresholds, add CCPA disclosures.

For a detailed breakdown of compliance requirements and cross-border transfer rules, see our guide to UAE data protection law.

Acceptable Use Policy

An AUP defines what users cannot do on your platform: illegal activity, spam, malware distribution, attempts to access other accounts, harassment, or fraud. This gives you clear grounds to terminate abusive accounts.

B2B Sales Documents

This is where deals are won or lost. Enterprise customers will not sign your standard Terms of Service. They will want to negotiate.

Master Service Agreement (MSA)

The MSA is the main contract governing your relationship with enterprise clients. Having your own template means you negotiate from your paper, not theirs.

What enterprise buyers typically negotiate:

  • Limitation of liability (they want higher caps or carve-outs)
  • Indemnities (IP infringement, data breaches, third-party claims)
  • Warranty scope and disclaimers
  • Termination rights and transition/exit obligations
  • Audit rights
  • Subcontractor and cloud provider approvals

Order Form and Statement of Work

The Order Form sits under the MSA and specifies: services purchased, pricing, billing cycle, contract term, and renewal terms. For implementation or customisation projects, a Statement of Work (SOW) defines scope, deliverables, timeline, and fees.

This structure lets you sign one MSA and execute multiple orders without renegotiating the whole agreement.

Service Level Agreement (SLA)

Enterprise clients expect uptime commitments. A typical SLA includes:

  • Uptime target (99.9% is common)
  • How downtime is measured and reported
  • Exclusions (scheduled maintenance, force majeure, customer-caused issues)
  • Remedies for missed targets (service credits, not unlimited damages)
  • Support response times by severity level

Practical advice: Do not promise 99.99% uptime unless you can actually deliver it. Overpromising creates liability.

Data Processing Agreement (DPA)

If you process personal data on behalf of customers, you are a data processor under the UAE PDPL. Enterprise customers, especially those with EU operations or in regulated industries, will require a DPA.

Minimum clauses enterprise clients expect:

  • Scope and purpose of processing
  • Security measures
  • Subprocessor list and approval process
  • Data breach notification timeline
  • Data deletion or return on termination
  • Cross-border transfer mechanisms (if applicable)

Having a standard DPA ready removes friction from sales cycles.

Security Questionnaire

Enterprise procurement teams will send security questionnaires even when no law requires it. Prepare standard responses covering: data encryption, access controls, incident response, business continuity, and compliance certifications (SOC 2, ISO 27001 if you have them).

Internal Documents

This is where founders and investors pay the most attention. Messy IP ownership or missing agreements can delay funding or reduce valuation.

IP Assignment Agreements

Critical question: Does your company actually own its code?

If founders built the product before incorporation, or contractors developed features without proper agreements, the company may not own its core IP. Every person who contributed to your product needs to sign an IP assignment:

  • Technology Assignment Agreement: Transfers IP created before the company was founded
  • Invention Assignment Agreement: Transfers IP created during employment or engagement

This includes: founders, employees, contractors, freelancers, and anyone who wrote code, designed interfaces, or created content for your product.

Employment Contracts

UAE law requires written employment contracts registered with the Ministry of Human Resources and Emiratisation (MOHRE). For tech companies, your contracts should include additional clauses beyond the MOHRE template:

  • IP assignment (all work product belongs to the company)
  • Confidentiality obligations
  • Non-compete and non-solicitation (enforceable in UAE if reasonable)
  • Device and data return on termination

For more on drafting compliant employment agreements, see our guide to employment contract requirements in UAE.

Contractor Agreements

Many tech companies rely on contractors for development. Without explicit IP assignment, contractors may retain rights to the code they write. Your contractor agreement must include:

  • Work-for-hire / IP assignment clause
  • Confidentiality obligations
  • Clear scope and deliverables
  • Acceptance criteria

Shareholder Agreement

Before fundraising, founders should have a shareholder agreement covering: equity splits and vesting schedules, decision-making and reserved matters, what happens if a founder leaves, drag-along and tag-along rights, and pre-emption on share transfers.

Note: Do not copy-paste UK or US templates. UAE corporate law (and DIFC/ADGM law if you are in a financial free zone) has different requirements. We cover the key clauses and enforcement considerations in Shareholder Agreements in UAE: Key Clauses and Enforcement.

Document Priority by Stage

Not every document is equally urgent. Here is how to prioritise based on your stage:

DIFC vs ADGM vs Mainland: Which Jurisdiction?

Where you incorporate affects which legal framework governs your contracts. Here is a quick comparison for tech companies:

Quick Checklist

If you sell B2B SaaS in the UAE, confirm you have:

  • Terms of Service (clickwrap, UAE-enforceable)
  • Privacy Policy (PDPL-compliant)
  • Signed IP assignments from all founders, employees, and contractors
  • Employment contracts with IP and confidentiality clauses
  • Contractor agreements with work-for-hire provisions
  • MSA template (for enterprise deals)
  • Order Form / SOW template
  • SLA with realistic commitments
  • DPA (if you process customer data)
  • Shareholder agreement (if multiple founders/investors)
  • Standard NDA
  • Security questionnaire responses ready

Legal Document Audit for UAE SaaS Companies

What it is: A fixed-scope review of your contract pack, focused on enterprise readiness and UAE enforceability.

What you send us:

  • MSA (or Terms of Service if you do not have an MSA yet)
  • Order Form / SOW template
  • SLA
  • Privacy Policy
  • DPA (if you have one)
  • Contractor agreement template

What you get back:

  • Annotated review with specific issues flagged
  • Risk assessment (what will procurement reject, what will investors question)
  • Prioritised fix list
  • Redline-ready clause language for critical gaps

Timeline: 5 business days from document receipt.

Investment: Fixed fee starting from AED 15,000, depending on document volume and complexity.

Who this is for: SaaS companies preparing for enterprise sales, fundraising, or both. We do not provide generic templates. We review and adapt documents to your business model, customer profile, and risk tolerance.

If you are also preparing for a fundraising round, you may want to review our due diligence checklist for UAE M&A transactions.

Next step: Email your current contract pack or book a call to discuss.

Let’s talk

Your success starts with the right guidance.

Whether it’s business or personal, our team provides the insight and guidance you need to succeed.

contact us