Technology
Technology
Commercialising internally developed digital products: an opportunity or risk?
- Companies looking to diversify income by commercialising their existing digital assets need to actively manage associated risks
- Vendors should understand their customers' expectations in order to develop and market a product that satisfies commercial requirements
- Key design strategies should be implemented to comply with and stay ahead of regulatory requirements, including those governing the use of personal data and AI
One of the best ways a company looking for new revenue streams can diversify its service offering is by commercialising internally developed digital products such as software. Taking the jump from software customer to software vendor may appear straightforward. However, the contractual issues and fast-evolving regulatory landscape present a complex interplay of opportunities and risks.
Due Diligence
Internally developed solutions often comprise multiple components, including proprietary third-party material and open-source elements. Vendors should carry out critical due diligence on their own product to ensure they have the right ownership and licence rights with third parties to offer the intended solution to customers. If the terms do not allow onward licensing to customers, the licence to the vendor will need to be expanded to cater for that, usually at additional expense. If these issues are not suitably identified and remedied at the outset, vendors could be exposed to claims (such as intellectual property infringement claims) from their upstream suppliers which could lead to significant difficulties to offer certain features.
Customer service
Customers will expect a minimum level of service, with commitments to providing technical support and troubleshooting or a minimum availability of software. These typically form part of the contract and may lead to contractual penalties in the event of a breach. These are standard commitments that make up an experienced IT provider's services. But they can be particularly onerous for companies whose core business is not IT-related and may need to be outsourced if the relevant capability to offer them is not available in-house.
Term and subscription/payment model
Digital products typically utilise subscription models which lock in customers for a specified period, with a recurring payment. The vendor should ensure any payment structure aligns with the parties' commercial objectives and allows for scalability and flexibility. For example, if a customer opens a company branch in a new jurisdiction, or needs to support more users, vendors should have payment provisions that allow them to capitalise on this increased demand.
Liability exclusions and warranties
A vendor should not solely rely on its insurance to offer protection if things go wrong. Vendors should also take steps to limit their liability within their third-party customer contracts. Alongside this, vendors will need to think carefully about any warranties it is willing to give about the performance of its solution. Customer will have minimum expectations which may not align with what the vendor is prepared to offer (for example, assurances that the service will be uninterrupted, virus free or fit for a particular purpose are often excluded entirely).
Regulatory concerns
Technology advances often outpace existing regulations, requiring a more agile approach to legal compliance. New regulations such as the EU's Network and Information Systems Directive, or NIS2, for cybersecurity, demand robust security measures for digital products, which has the effect of turning compliance into a market differentiator.
Companies can align their product strategies with future legal standards by staying ahead of regulatory developments and taking note of upcoming legislation, such as the EU's pending AI Act. Understanding and anticipating existing and forthcoming regulations – from general data protection to specific AI governance – is a strategic imperative for the successful commercialisation of digital products.
Companies should also be integrating regulatory issues and concerns at the software design stage. For example, customers are likely to find the implementation of data deletion or extraction capabilities within the software – to assist customers in meeting their data subject right obligations under privacy laws – as a real market differentiator.
Vendor opportunities
Companies seeking to develop their own in-house technology should be alive to the potential opportunity of selling their products to third parties. If risks are properly mitigated, vendors can reap the benefits of digital product commercialisation.
Further Osborne Clarke Insights
Artificial intelligence: how can businesses seize AI opportunities while managing the legal risks?
Selling digital content to consumers: what's on the radar?
SaaS agreements: what to look out for in the UK and EU
The EU's AI Act: what do we know so far about the agreed text?
What EU businesses need to know about NIS2 and cybersecurity compliance
Authors
Jon Round Associate Director, UK jon.round@osborneclarke.com
Coen Barneveld Binkhuysen Partner, The Netherlands coen.barneveld@osborneclarke.com
Łukasz Węgrzyn Partner, Poland lukasz.wegrzyn@osborneclarke.com
Joanne Zaaijer Partner, The Netherlands joanne.zaaijer@osborneclarke.com
Laurène Zaggia Counsel, France laurene.zaggia@osborneclarke.com