Technology Law

End-User Licence Agreements — SA Drafting

The licence between your software product and the person who installs it — enforceable under ECTA, drafted within CPA limits, and cross-referenced to a POPIA privacy notice that actually does its job.

Written by

Martin Kotze

Attorney, Conveyancer & Notary Public

Last reviewed:

About
Quick answer

An end-user licence agreement (EULA) is the licence between a software publisher and the person who actually installs and uses the product — distinct from the distribution or reseller agreements sitting upstream. It appears at install time, in the app-store listing, or embedded in the product itself. Under SA law, a click-wrap EULA is enforceable under ECTA section 22 provided the user has a meaningful opportunity to read it and accepts affirmatively. Where the user is a consumer, the CPA overlays plain-language requirements (section 22) and unfair-terms protections (section 48), and ECTA adds section 43 disclosures for online sales plus the section 44 cooling-off right — subject to the section 42(2) exclusions, which carve out software the consumer has unsealed. Where the app processes personal information, POPIA requires a separate privacy notice. Bespoke drafting from R8,500.

EULA vs software licence vs terms of service — what's the difference?

Three documents get conflated under "software licence", and using the wrong one leaves gaps. The EULA faces the end user; the commercial software licence faces businesses up the distribution chain (see our reseller and distribution agreements page); terms of service face the account holder of an ongoing online service. A product that is downloaded, installed and connected to a backend often needs more than one.

EULA

The licence between the software publisher and the end user — the person who installs and runs the product. It grants the right to use a copy of the software, sets the boundaries of that use, and protects the publisher's copyright. Sits at the bottom of the chain, facing the user.

Software licence (B2B)

Upstream commercial licences — reseller, distribution, OEM, enterprise volume licences — between the publisher and businesses that deploy or on-sell the software. Different audience, different bargaining position, no CPA consumer overlay in most cases. See our reseller and distribution agreements page.

Terms of service

Governs an ongoing service relationship — accounts, acceptable use, payment, suspension — typically for SaaS or online platforms. A downloadable app often needs both: a EULA for the installed software and terms of service for the connected account and backend.

The clauses every SA EULA needs

1

Licence grant + device/user scope

A non-exclusive, non-transferable licence to install and use the software — and exactly how far it stretches: how many devices, how many users or seats, personal or business use, and whether the licence moves with the user to a new device.

2

Restrictions

No copying beyond what running the software requires, no reverse engineering or decompilation beyond what the law permits, no sublicensing, rental or resale of the copy, no circumventing licence keys or activation, no removing proprietary notices.

3

Ownership statement

The software is licensed, not sold. The publisher retains copyright — computer programs are a separate category of protected work under section 2(1)(i) of the Copyright Act — and the user owns only their own data and content created with the product.

4

Updates + telemetry disclosure

The publisher's right to push updates and security patches, what happens if the user blocks them, and a transparent statement of what diagnostics and telemetry the app collects — cross-referencing the POPIA privacy policy rather than burying processing terms in the licence.

5

Warranties + disclaimers within CPA limits

What the publisher actually warrants (the software materially conforms to its documentation) and what it disclaims. Against consumers, the CPA's quality protections cannot be disclaimed wholesale — blanket "AS IS" boilerplate does not survive sections 48 and 51.

6

Liability caps within CPA limits

A cap keyed to the price paid plus exclusion of indirect loss is standard — but against consumers, sections 48 and 51 of the CPA limit how far exclusions can go, and liability for gross negligence cannot be excluded at all.

7

Termination

What ends the licence — breach, non-payment, end-of-life of the product — and what the user must then do: stop using the software, uninstall it, destroy copies. Pair with a reasonable window to export user-created data.

8

Governing law + disputes

South African law and a sensible forum. Against SA consumers, a foreign governing-law or exclusive foreign-jurisdiction clause invites unenforceability — the CPA's protections and forums cannot be contracted away.

App-store EULAs

If you publish to the App Store or Google Play without supplying your own licence, the store's default applies — Apple's standard Licensed Application End User License Agreement, or Google Play's terms. Those defaults exist to satisfy the store's minimum requirements: they confirm the licence is between you (the developer) and the user, not the store, and they disclaim the store's own liability. They were not drafted for your product, your data practices, or South African law.

The default stops being enough once real money or real data is involved: paid apps and in-app subscriptions (where refund and renewal mechanics need CPA-aware treatment), apps that collect meaningful personal information (where the EULA must cross-reference a POPIA privacy notice), apps with a business tier (where you want B2B licence terms the default cannot give you), and products whose code or content is the asset (where the restriction and ownership clauses do the protecting). A custom app-store EULA is drafted around the store's prescribed minimum terms — Apple in particular requires specific provisions to be incorporated — so it supplements the store framework rather than fighting it.

Common SA mistakes

  • Pasting a US EULA template wholesale. Blanket "AS IS" disclaimers, total liability exclusions and Delaware governing-law clauses are unenforceable against SA consumers under sections 48 and 51 of the CPA — and signal to a court that the publisher never considered SA law at all.
  • Burying data collection in the EULA instead of a POPIA privacy notice. Telemetry, crash reports, analytics and account data are personal-information processing — POPIA requires a transparent, standalone privacy notice, not a paragraph on page nine of a licence.
  • Excluding liability the CPA prohibits. Section 51 voids terms that purport to exclude liability for gross negligence against consumers, and section 48 strikes terms that are unfair, unreasonable or unjust. Drafting the exclusion anyway just makes the whole clause vulnerable.
  • Relying on browse-wrap acceptance — "by using this software you agree". ECTA section 22 supports enforcement where the user had a meaningful opportunity to read and affirmatively accepted; passive acceptance is far weaker and routinely challenged.
  • Ignoring ECTA section 43 when selling online. Disclosure failures give the consumer a 14-day cancellation right under section 43(3) — a refund risk built into every non-compliant checkout.
  • Assuming the app-store default EULA is enough. Apple and Google defaults are generic, foreign-law instruments that protect the store more than the publisher — paid apps, subscription apps and data-heavy apps need their own SA-aligned licence.

Frequently asked

Are EULAs enforceable in South Africa?

Yes — properly presented. ECTA section 22 confirms that agreements concluded electronically are valid and enforceable, and SA practice supports click-wrap acceptance where the user has a meaningful opportunity to read the terms and performs an unambiguous, affirmative act of acceptance (ticking a box, clicking "I agree") that the system records. Browse-wrap terms — where mere installation or continued use is said to imply acceptance — are much weaker and may fail for lack of intentional consent. Present the EULA before installation completes, force the acceptance step, and log it.

What is the difference between a EULA and terms and conditions?

A EULA licenses the use of a copy of software — it is fundamentally a copyright licence between the publisher and the end user, governing installation, use, restrictions and ownership. Terms and conditions (or terms of service) govern a broader service relationship: accounts, payments, acceptable use, suspension, support. An installed app with a connected backend typically needs both, and a website selling the software needs website T&Cs on top. The documents should cross-reference each other but stay separate — each does a different legal job.

Can a EULA exclude all liability against consumers?

No. Where the end user is a consumer under the CPA, section 48 prohibits terms that are unfair, unreasonable or unjust, and section 51 voids certain terms outright — including any attempt to exclude liability for gross negligence. A blanket "publisher is liable for nothing whatsoever" clause does not survive. What works: a fair, prominent cap keyed to the price paid, exclusion of indirect and consequential loss, and carve-outs for what cannot lawfully be excluded. B2B licences have far more freedom.

Does the 7-day cooling-off right apply to software?

Sometimes. ECTA section 44 gives consumers in electronic transactions a 7-day cooling-off right — but it is subject to the section 42(2) exclusions. Relevantly, the cooling-off right does not apply where audio or video recordings or computer software were unsealed by the consumer, or where services began with the consumer's consent before the period ended. Practical effect: sealed boxed software returned unopened can be cooled off; software the consumer has unsealed — and, by extension, most downloads and activations the consumer consented to start — generally cannot.

Do I need a separate privacy policy if my EULA mentions data?

Yes. POPIA requires the responsible party to take reasonably practicable steps to make the data subject aware of what personal information is collected, why, and who it is shared with — a transparency notice that must actually be accessible and understandable. A clause buried in a licence agreement does not do that job. The EULA should disclose that the software collects telemetry or account data and point to the standalone privacy policy, which carries the POPIA detail. Two documents, cross-referenced.

My app is on the App Store / Google Play — do I still need my own EULA?

If you do nothing, Apple's standard Licensed Application End User License Agreement and Google Play's default terms apply to your app. Both are generic, drafted under foreign law, and built around the store's minimum terms — they say nothing about your IP, your data practices, your subscription mechanics or SA consumer law. A custom EULA is worth it once the app is paid, processes meaningful personal information, sells subscriptions, serves business customers, or embodies IP worth protecting. It must still incorporate the store's required minimum terms (Apple in particular prescribes these), so the custom EULA is drafted around them, not instead of them.

What does bespoke EULA drafting cost in South Africa?

From R8,500 for a standalone EULA tailored to your product, distribution channel (direct download, app store, embedded) and customer base (consumer, business, or both). Most software businesses bundle it: EULA + POPIA privacy policy + website terms typically runs R15,000–R20,000 as a package, which is usually the right move since the three documents must cross-reference each other cleanly.

Why you can trust this: Martin Kotze has been an admitted Attorney of the High Court of South Africa, registered Conveyancer, and Notary Public since 2014, practising from Pretoria. The firm is regulated by the Legal Practice Council under firm registration F17333.

This guide is general information, not legal advice for your specific matter.