When escrow is genuinely needed
- Mission-critical platforms where the customer's business depends on the software (banking, healthcare, manufacturing ERP, energy management).
- Large enterprise SaaS deployments where switching vendors mid-contract is operationally infeasible.
- Government and regulated-industry procurement where continuity-of-service requirements mandate fall-back access.
- Custom-developed software where the customer has invested significantly in customisation and integration.
- Long-term licensing arrangements (5+ years) with smaller or earlier-stage developers carrying execution risk.
The eight clauses that matter
Tripartite structure
Three parties — developer (depositor), customer (beneficiary), and an independent escrow agent. The agent holds deposited materials and releases them only on agreed triggers.
Deposit materials
Source code, build instructions, documentation, third-party-licence inventory, encryption keys, and any other materials required to operate the platform independently.
Release triggers
Specific events that activate release: developer insolvency, business rescue or liquidation; abandonment of the product; material unremedied breach of support obligations; cessation of trading.
Verification of deposits
Customer's right (often through the escrow agent) to verify that deposited materials are complete, current, and capable of building a working version of the platform.
Update frequency
How often the depositor must lodge updated materials — quarterly is common for active development; semi-annual for mature platforms.
Licence on release
The terms on which the customer may use the released materials — usually a perpetual, royalty-free, non-exclusive licence for the customer's internal use only, with restrictions on redistribution or competitive use.
Confidentiality
Customer's confidentiality obligations regarding released source code — surviving termination and binding all customer personnel with access.
Fees + escrow agent terms
Setup fees, annual escrow fees, verification fees, release-administration fees. Typically split between depositor and beneficiary in pre-agreed proportions.
Frequently asked
What is software source-code escrow?
A tripartite contractual arrangement under which a developer (depositor) lodges source code and related materials with an independent escrow agent (typically an attorney or specialist escrow company), to be released to the customer (beneficiary) on the occurrence of defined trigger events — most commonly the developer's insolvency, abandonment of the product, or unremedied material breach of support obligations. The customer then receives a licence to use the released materials for its own internal continuity.
Is source-code escrow legally required under SA law?
No statute requires it. But for mission-critical platforms (banking core systems, healthcare records, energy management, regulated financial infrastructure) it is commercially essential and frequently required by procurement teams as a precondition of vendor selection. Regulators in financial services have increasingly suggested escrow arrangements as a continuity-of-service safeguard, though without binding mandates.
Who pays for the escrow arrangement?
Practice varies. Common splits: developer pays setup and annual maintenance fees as part of the cost of doing business (treating escrow as a sales-enablement cost); customer pays verification fees if they elect to verify deposits; release-administration fees split equally on actual release. Larger customers sometimes insist the developer bear all costs as a selection-criterion concession.
How often must deposits be updated?
For active SaaS or actively-developed enterprise software: quarterly is standard. For mature, stable platforms with infrequent updates: semi-annual or annual. The agreement should specify a deposit-frequency obligation, the consequences of late deposit (typically a cure period followed by either escrow agent intervention or customer remedy), and a customer right to demand interim deposits for material releases.
What is verification, and is it worth paying for?
Verification is a process (usually conducted by the escrow agent or a specialist verification firm) confirming that the deposited materials are complete and capable of building a working version of the platform. Without verification, customers find at release that the deposit is incomplete, the build environment cannot be reproduced, or the documentation is inadequate — defeating the purpose of escrow. For mission-critical platforms, verification is essential; for marginal use cases, the cost-benefit is questionable.
What does the released licence allow the customer to do?
Standard release-licence terms: perpetual, royalty-free, non-exclusive licence to use the released materials for the customer's internal business continuity only. Prohibited: redistribution, competitive use, sub-licensing, exploitation against the developer's remaining customers. The licence usually requires the customer to maintain confidentiality of the source code and to engage qualified personnel (subject to confidentiality undertakings) to operate it.
What is the typical cost of escrow setup in SA?
For the escrow agreement drafting itself: R8,000–R15,000 depending on complexity. The escrow agent's own fees vary: setup R3,000–R8,000; annual maintenance R3,000–R6,000; verification R10,000–R25,000 per verification cycle; release administration billed on actuals. Specialist international escrow agents (NCC Group, Iron Mountain) are more expensive than domestic alternatives.