Cloud service reseller agreements

01 Oct 2012
Alasdair Taylor

Cloud services reseller agreements seem to be in vogue. Enquiries about agreements for the resale of software-as-a-service systems keep cropping up in my inbox, and I’ve taken on several instructions in the past few weeks.

Software vendors have long relied upon resellers to market and sell traditional software licences. Quite naturally, the reseller model is being extended to cloud services. But the legal issues – and the contract models – can be quite different.

There are three different approaches that I have come across, and another one that I haven’t seen in the wild, but that should work in the right circumstances. I call these:

  • the subcontracting model
  • the assignment model
  • the agency model
  • the referral model

In this post, I outline the main features of the different models, and highlight some of the advantages and disadvantages of each.

The subcontractor model

On this model, the cloud service provider enters into a contract for services with the reseller, and the reseller enters into a separate contract for services with the customer. The contracts are said to be “back-to-back” (although “back-to-front” might be more apt).

In some cases, there may be a single contract between the vendor and the reseller for the provision of services in relation to multiple customers; in other cases, each reseller-customer contract will be matched by a corresponding vendor-reseller contract, with the reseller agreement itself operating as a framework.

The advantages, disadvantages and features of the subcontractor model include the following:

  • It is highly flexible.
  • It can be messy, with multiple legal relationships between vendors, resellers and customers.
  • Competition law prevents the the vendor from fixing resale prices or imposing a price floor – hence payments to vendors shouldn’t be calculated as a percentage of payments to resellers.  (They can however be calculated as a percentage of a price list issued by the vendor.)
  • The ultimate service provider can be legally hidden, and the model can accommodates white-labelling of the service.
  • It can accommodate sub-resellers.
  • Depending upon the terms of the reseller agreement, the vendor may have limited influence over customers/end-users and contracts between resellers and customers.

The subcontractor model is particularly suitable where the reseller wants to bundle the resold service with its own services, under a single customer contract.

It is the only one of the four models allowing for the identity of the ultimate provider of services to be obscured.

The assignment model

This model is analogous to that used in classic software resale contracts. Here the reseller buys quantities of contracts from the vendor, and sells those contracts to its customers. In legal terms, the reseller assigns its rights and obligations under the contracts to customers – hence the “assignment model”.

This model does not fit easily with most cloud services. The assignment of rights and obligations is a one-off transaction, whereas cloud services are ongoing, and usually accompanied by ongoing payment obligations. If the reseller is stepping out of the picture once the contract has been assigned, that’s fine; but usually there will be ongoing customer-reseller rights and obligations. Ancillary contract arrangements can be put in place to deal with specific issues raised by this distinction. For example, a customer may be obliged by a side contract to make periodic payments to the reseller. However, in these circumstances the subcontractor model will usually work better.

As with the subcontractor model, the assignment model can accommodate sub-resellers.

This is the model I haven’t yet come across in the wild. Although it can “work” from a legal perspective, the agency model (below) will in many cases be a better fit. I can however imagine circumstances where the parties don’t want all the legal baggage of a principal-agent relationship, and may opt for the assignment model instead.

The agency model

The law of agency enables agents to enter into contracts on behalf of their principals. A reseller appointed as an agent may therefore enter into cloud services agreements on behalf of a vendor. The reseller’s rights to enter into contracts can be suitably circumscribed by contract, to provide some protection to the principal.

So, under the agency model, the customer contracts with the vendor. If the reseller is also providing software or services to the customer, then that should usually be dealt with through a separate contract.

One issue with the agency model is the fiduciary nature of the agent-principal relationship. In a fiduciary relationship, various rights and obligations are placed on each party. For instance, agents should always act in the best interests of their principles, and should not make any secret profits.

Quite often, vendors won’t want to carry the risks of allowing another to contract on their behalf. Resellers, on the other hand, won’t want to be subject to fiduciary duties to vendors.

Where the parties have a close relationship, however, the agency model can work really well.

(In case you’re wondering, the commercial agents regulations shouldn’t apply to agents for the resale of cloud services, as they’re expressly limited to agencies involving “products”.)

The referral model

The referral model is perhaps the simplest. The reseller refers customers to the vendor. The vendor tracks referrals, and grants some benefit to the reseller in relation to each contract entered into with a referred customer. Typically, the benefit will take the form of commission.

I have included this model because it may be used as a substitute or supplement to the above models, although strictly referrals aren’t sales, let alone re-sales.

In one agreement I looked at recently, the vendor’s partner organisations were free to choose whether to resell the vendor’s services under the subcontracting model or to simply refer customers to the vendor in exchange for commission payments.

Which model?

The choice of model isn’t a legal nicety. It fundamentally affects the relationships between vendors, resellers and customers. For this reason, you should speak to your lawyers early in the process of developing a SaaS or other cloud service reseller network.

If you have any questions about these different models, or would like a quote for the preparation of a cloud services reseller agreement, please do get in touch.


Hi there, thanks very much for the great post. 

I have come across a scenario where a platform providor would like to include my product as part of their “offering” to their end customers. There is no financial interest (e.g., rev-share / margin are not important).

It’s strictly to allow their customers to work through a single vendor (them) to get multiple prouducts + services in order to avoid additional procurement & vendor onboarding overhead. 

Does this fit cleanly into the sub-contractor model? It feels like the solution would be more of a pass-through model where I could enforce EULA & AUP and not obscure our identity. 

Thanks for your comment.

It’s not uncommon to see hybrid models, where the reseller takes the primary contracting role but the vendor has some direct rights against the end customer.  However, this can get complicated, depending upon how the rights and obligations are sliced and diced.

If there is any licensed software, that will be installed on end customer machines, then a EULA won’t usually be controversial; similarly, if you are just wanting direct rights in relation to a breach of an AUP then that wouldn’t usually create too many difficulties.  If however you plan to relieve the reseller of some of its obligations, that can be problematic, because it leads to some separation of payment and service obligations.

I don’t think the use of a hybrid structure is necessary to ensure that your identity is open – this can be dealt with in the contract with the reseller.

Hi Alasdair, I appreciate this article was written many years ago,  but this seems to be the only source I can find that really understands these complex relationships. I have a question in relation to the liability aspect of an agreement between the Reseller and Cloud User (Customer). The reseller is providing value-added services and the cloud service is subject to the Vendor’s EULA which is annexed to the agreement. What is the best way to separate the liability of the Reseller (support and account management) and Vendor for any breaches? For example, Resellers contract with customer is limited up to 2 x contract value for any direct loss, whereas EULA provides for up to 5 x contract value for direct loss. How do you ensure the Reseller is only liable for claims related to the support and account side and Vendor liable for claims related to the software? 

Sorry – I don’t think I can provide any useful guidance here without seeing the documents and discussing the relationships.

Thank you for your honest answer. Is it possible to arrange a discussion with yourself through your legal services?


I am working with a value added reseller who’s License Agreement includes obligations on behalf of the manufacturer, but the manufacturer is not a party to the Agreement nor does the reseller provide indemnification/warranties for nonperformance of the manufacturer. What kinds of agreement would the reseller and manufacturer have that would enable them to do this?

Thanks for your question, which I’ll assume concerns English law documentation.

Strictly, you cannot usually use a contract to place obligations on a person who is not a party to that contract. This is the doctrine of “privity”. However, there could be obligations contained in the manufacturer-reseller contract that are expressed to come into effect only when a reseller-customer is entered into. Those obligations would however not be enforceable by the customer against the manufacturer, unless the Contracts (Rights of Third Parties) Act 1999 was used to create third party rights under the manufacturer-reseller contract.

I’d need to review the documents to comment any further.

Resale channels cannot ignore the disruptive element of cloud. It will change what customers buy, how they engage, their expectations and who they may buy it from.  both Tier 1 and Tier 2 channel partners need to redefine their value upwardly to the cloud provider and to the actual customer in order to survive in the world that is coming or risk becoming the Blockbuster video or Kodak of their worlds (these two being totally disrupted by the change of form factor delivery).

In anticipation of a court order against a reseller of an encryption based cloud service, is it compulsory to have included in the user agreement that user keys are stored with the cloud provider and not us (reseller)? We currently don’t mention the cloud provider anywhere on our site, since we are marketing the service as ours. Is there a chance law enforcement might believe we have the keys?

… I checked the point (which would have been a year or two ago) English law didn’t specifically require that a service provider stores user encryption keys, although there may be an obligation to deliver them to the relevant authorities if you do have them. A reseller will be in a similar position to a service provider on this point.

Any of the models can in principle used with traditional software licence resale, although they each look a little different in that context.

Hi Alasdair – 

Regarding reseller agreements, specifically in an agency or referral model, can the agreement protect the vendor of a 401K advisory services application from fiduciary liability?  For example, if the software mandates the load of specific plan documents but the customer fails to comply, can the vendor (vs. customer) be held liable?

Thanks for all your great information!


Hi Eric. Thanks for your question. However, i’m afraid that I’m not familiar with US law on this issue.

Alasdair,  Very much like your article and explanation of variety of “agreements” that could support a reseller relationship.  Did have one question:  based on your experience what is the commission percentage ‘range’ for each of the four models you outlined?

I’m looking to potentially engage some resellers (software solution integration houses) and want to be sure I’m approaching cost and expectation of what’s fair and normal.

Thanks,  Gary

The sharing of revenue or profits between vendor and reseller depends more upon the relative values of their contributions than it does upon the legal model used to structure the relationship. If the acquitision of a client represents a significant project and a correspondingly significant risk, then the reseller will expect a greater share. If the cloud application represents a significant investment with a strong defensible USP, then the vendor will be in a stronger position.

Of course, if the reseller is a true reseller, the vendor cannot impose selling prices, so the vendor’s “percentage” is really an anticipated percentage rather than an actual percentage.

I’ve seen reseller share figures ranging from 15% of revenue at the low end, to 40% of revenue or 50% of profit at the high end.

If there are any associated professional services, the reseller will often receive a share from these – although this may be lower than the licence/usage fee share.

Hi Alasdair

That is very clear. We are dealing with a Vendor that is very commercially led and I think they will not be seeking too many assurances direct from our end users. All parties will be committed to complying with an AUP on the system. A breach of this would lead to suspension rights etc.

From our perspective we are keen to keep control and keep the Vendor separated from end user wherever possible.

Thanks for all the advice.

On another note, I am looking to do an LLM in telco/computing law.

Can you recommend any good courses?

Kind regards


I’m not familiar with any of the LLMs offered in this field. Queen Mary (at the University of London) seem to publish quite a lot of interesting research, so they may be worth investigating.   

Thanks Alasdair those links look very useful.

I am adamant that we pass on to our customers those obligations which we will, in turn, have to make to Cloud Supplier.

In the supply chain we have – Cloud Supplier – Reseller (Us)  – Cloud User

In the contract between Cloud Supplier and Reseller, would Reseller take on all obligations of the Cloud User in the contract and then simply pass them on in the SaaS?

Eg. Reseller will ‘not copy software’, will not ‘use services fraudulently,’ ‘will not breach Acceptable Use Policy’

Or would the contract actually mention the third party Cloud User eg.

Reseller will use reasonable endeavours to ensure Client ‘will not copy software’.

The latter more accurately reflects the reality but might be too much liability for the reseller to say it will do things on behalf of Cloud User or try to get them to behave in a certain way.

Contractually it is better for Reseller that we only need to ensure WE don’t copy etc. However in practice, service will pass straight through to Cloud User. Just wandering whether better to keep it two parties or should Cloud User be mentioned at all in Cloud Supplier to Reseller contract?




There are three main approaches in vendor-reseller agreements to the issues around the reseller-customer relationship:

  • first, some reseller contracts don’t concern themselves at all with the relationship between resellers and end customers / users;
  • second, some require that the reseller put in place specific contractual terms between the resellers and end customers / users; and
  • third, some require that the reseller contract with end customers / users on pre-defined terms.

The second approach is the most common in my experience.

In some cases, however, the vendor will want to have direct rights against misbehaving end customers / users, usually in addition to rights against the reseller in relation to the same issue.

There are two ways of achieving this. Supplementing the second or third approach above, the vendor might require that the contractual terms (or some of them) be enforceable by the vendor under third party rights legislation. Alternatively, the vendor may put in place collateral documentation (e.g. an AUP) that creates direct rights against customers.

From your (reseller) perspective, I guess the best options are:

  • no interference from the vendor in your contractual terms, although you will almost certainly have to accept some liability for customer misbehaviour; and
  • direct rights enforceable by the vendor against customers, enabling you (hopefully) to drop out of the picture in the event of a dispute. 
Whether this approach is realistic depends upon the particulars of the software, whether/how you want to white label, your bargaining power, and so on.

Hi Alisdair

Thanks for your reply and I appreciate the nod towards a pratical solution as well as a legal one. I will not be able to attend as Oxfordshire is a bit out of the way but thank you for the invite.

I see you have various template precedents on your web site. Do you have a Cloud Contract template available relevant to my case?



Hi Rob

I don’t at present have a template cloud service reseller agreement.  I do have a couple of templates that may be a good starting point for the customer T&Cs – although this depends a little upon the content of the reseller agreement!  See;


The “standard” document is a simplified version of the “premium” one.



An excellent and most informative article. I work at a large telco and we are looking at getting into the Cloud Services market. After researching for some time on the internet your article really hit the nail on the head.

We want to purchase cloud services from a niche supplier and resell them as our own white label brand of cloud to our extensive customer base. We bring sales opportunities and they bring cloud services/technology/capability off the shelf.

My key concern is reducing our exposure to our customers in the event of problems/breach by the cloud supplier.

There is the added complexity that the cloud supplier will be using our data centre to house their equipment and obtain the connectivity to supply the cloud service to us. Our DC hosting and connectivity will be supplied separately under our co-location data centre terms. (However these have additional clauses which i. restrict the supplier to only using DC service for the cloud project and ii. Supply of our DC services cease immediately on termination of the main cloud supply contract.)

The two biggest risks are:

  • Issues over payment to cloud supplier will cause them to suspend the cloud service which will put us in breach with our customers.
  • Cloud supplier breaches our Data Centre terms. Normally we would suspend a Data Centre customer immediately but of course we cannot do this so readily as that would affect delivery of service to all our cloud service customers.

Any thoughts at this stage welcome as we may need a bespoke agreement at some point.

Many thanks

Hi Rob. Thanks very much for your comment.

The model that best fits this arrangements you describe is clearly the subcontractor model.

This has implications for legal exposure. Because your company would be contracting directly with customers to provide the service, then standard legal limits on liability exclusions relating to the supply of services will apply. E.g. many such exclusions will be subject to a “reasonableness” test under the Unfair Contract Terms Act 1977.

You should get appropriate warranties and indemnities from the cloud service providers to cover potential liabilities to customers. If there is a question over the pocket-depth of a provider or a possibility of very large liabilities, you may want to ask for the service to be covered by an appropriate insurance policy and/or parent company guarantee.

The problem with all these liability-related contractual protections, however, is that they only come into play after things have gone wrong. Careful due diligence and proper service specification are therefore more important.

As regards data centre T&Cs breaches, technological rather than legal measures might work better here – although it depends upon the nature of the breach. You could introduce a penalties regime for breaches of the data centre T&Cs, although there are enforceability problems with those types of scheme.

More fundamentally, one of the best defences against supplier default is having an alternative supplier easily to hand – and a clear transition path. Whether this is feasible will depend upon the nature of the services.

ps I’m considering running a free seminar on cloud services / legal issues with a couple of Oxfordshire firms at some point over the next few months. If you’d like an invite, please send me your details via this contact form:

Alasdair: Have you come across instances where the reseller under an assignment model was held liable to the customer when the vendor dropped the ball? Do you see this as a significant risk under that arrangement?

Thanks for your comment Brian.

I haven’t come across any instances, but there may be a risk. For sales governed by English law, one way you might analyse the reseller’s legal obligations is as follows:

  • The service provided by the reseller is retailing.
  • A warranty that the retailing services will be provided with “reasonable care and skill” will be implied into the contract between the reseller and the customer by Section 13 of the Supply of Goods and Services Act 1982. (Under the Unfair Contract Terms Act 1977, you can only exclude this obligation to the extent that the exclusion is reasonable – in effect, you have to show that not being reasonable was reasonable in all the circumstances!)
  • In the case of the resale of cloud services, reasonable care and skill requires the reseller to undertake (ongoing?) due diligence on vendors.

If there was no due diligence, or it was inadequate then, arguably, there are potential liabilities for the reseller.

I’m assuming here that the contract between the reseller and the customer doesn’t expressly or impliedly place any responsibilty the performance of the vendor/customer contract on to the reseller.

TBH I don’t find the above argument entirely persuasive – and I’m not aware of any case in which the argument, or something analaguous, has been considered

Other possibilities, depending upon the facts, would be liability for misrepresentation, or in negligence.


Add a new comment

Your email address will not be published. Required fields are marked *

SEQ Legal
Copyright © 2024 Docular Limited | All rights reserved