Skip to main content
Book a call — £89
Menu

IT Contracts & Agreements UK: Practical Guide

We're not a law firm — we help you find the right legal support. For advice on your situation, speak to a legal adviser or find a solicitor.

Part ofBusiness Law Forms UK

Written by Brad Askew Solicitor (non-practising)
Brad is on the roll of solicitors of England & Wales but does not hold a practising certificate and does not provide legal advice.
Updated June 2026 · England & Wales
Technology contracts sit at the heart of nearly every modern business, and getting them right matters more than ever. Whether you're setting out how your team can use generative AI, signing up with an application service provider, or licensing software to third parties, the paperwork behind these arrangements shapes your commercial risk, your intellectual property position, and your data protection exposure. This page walks through the main categories of IT policies, contracts and agreements you're likely to encounter in the UK, from AI usage policies and ASP agreements through to software licences, development contracts, open source arrangements and database agreements. I've tried to keep the language practical rather than technical, so you can work out what applies to your situation and what questions to ask before signing anything. If you want to talk something through, you can book a call with an experienced legal adviser at the end.

What this document is

IT policies, contracts and agreements are the written arrangements that govern how technology is created, supplied, used and protected within a business. They cover a wide range of situations: internal rules about what staff can and cannot do with company systems, commercial contracts between a software supplier and its customers, licensing terms that set out how software can be used, and collaboration arrangements for open source projects or shared databases.

In the UK, these documents are shaped by a mix of contract law, intellectual property law, the Data Protection Act 2018, the UK GDPR, and consumer protection rules where relevant. A well-drafted IT agreement does several things at once. It sets out who owns what, who is responsible when things go wrong, how personal data is handled, what happens if either party wants to end the relationship, and how disputes are resolved. Getting the basics right at the outset usually saves a lot of time and cost later on.

How to use this document

  1. Identify the relationship you're documenting. Before you pick a contract type, work out what's actually happening. Are you buying software, licensing it out, hosting a customer's data, hiring a developer, or setting internal rules for staff? The answer shapes which agreement you need and which legal issues matter most.
  2. Map the data and IP flows. Write down what information, code, designs or datasets will pass between the parties, and who created what. This exercise exposes ownership questions, licensing needs and data protection obligations early, before they become arguments. It also helps you spot where third party rights may be involved.
  3. Draft or review the core commercial terms. These usually include scope of services, fees and payment terms, duration, termination rights, confidentiality, warranties, liability limits, and IP ownership. Each of these can be heavily negotiated in IT contracts, and small wording changes can shift significant risk between the parties.
  4. Address data protection properly. If personal data is involved, the contract needs the right controller or processor wording, security commitments, and provisions covering international transfers. The Information Commissioner's Office publishes guidance on what processor clauses should contain under UK GDPR, and this should not be treated as boilerplate.
  5. Plan for the end of the arrangement. Good IT contracts deal with what happens on exit just as carefully as what happens during the relationship. Think about data return or deletion, transition assistance, ongoing support obligations, surviving confidentiality duties, and any licence rights that need to continue after termination.

Common questions

If you're dealing with this kind of situation, speak to an experienced legal adviser who can walk you through it — from £89.

Common questions

Q What should a generative AI policy cover for a UK business?
A workable AI policy typically sets out which tools staff can use, what inputs are and are not allowed, how outputs should be checked before use, and how intellectual property and confidentiality risks are managed. It should also address data protection, because feeding personal or confidential information into third party AI tools can create real compliance problems. Training and monitoring arrangements usually sit alongside the policy itself.
Q What is an Application Service Provider (ASP) agreement?
An ASP agreement is a contract under which a provider hosts software and makes it available to a customer over the internet, rather than the customer installing it locally. It covers service scope, availability commitments, fees, support, data handling, confidentiality, intellectual property, and what happens on termination. Modern cloud and SaaS contracts are direct descendants of the ASP model and share most of the same building blocks.
Q How does a software licence differ from an assignment?
A licence gives the user permission to use software on agreed terms while the developer keeps ownership. An assignment transfers ownership itself from one party to another. Licences can be exclusive or non-exclusive, perpetual or time-limited, and can restrict things like the number of users, geography or field of use. Most commercial software is supplied under a licence rather than assigned outright.
Q Who owns bespoke software when a developer builds it for a client?
Under UK law, copyright in software generally belongs to the author who created it, unless it was made by an employee in the course of their employment or the contract says otherwise. For bespoke development, ownership and licensing should be dealt with expressly in the agreement. If the contract is silent, the client may end up with only an implied licence rather than full ownership.
Q Can a business safely use open source software in commercial products?
Open source software can be used commercially, but the licence terms must be read carefully. Some licences are permissive and allow almost any use, while others are 'copyleft' and can require you to release your own code under the same terms if you distribute a combined product. A short internal open source policy, plus a record of what's used where, helps manage this.
Q What is a database agreement and when is one needed?
A database agreement governs access to and use of a structured collection of data, covering things like permitted purposes, users, data quality, updates, confidentiality and termination. In the UK, databases can be protected by copyright and by database right, so the agreement also needs to deal with those intellectual property rights. They're common where one organisation supplies curated data to another.
Q Do IT contracts need to mention UK GDPR specifically?
If personal data is processed under the contract, then yes, the agreement needs data protection wording that reflects UK GDPR and the Data Protection Act 2018. This includes the required processor clauses where one party processes data on behalf of the other. Even where no personal data is involved, many IT contracts still include confidentiality and security provisions that operate in parallel.
If you're dealing with this kind of situation, speak to an experienced legal adviser who can walk you through it — from £89.

Sources

This guide is based on primary UK law and official guidance.

Brad Askew, Solicitor (non-practising)

Written & reviewed by

Brad Askew Solicitor (non-practising)

Brad is on the roll of solicitors of England & Wales but does not hold a practising certificate and does not provide legal advice. LegalDocuments.co.uk is not a law firm and does not provide regulated legal advice.

Full profile →SRA register ↗
Legal disclaimer
This article is for general information only. It is a tool to help you find your way — not legal advice, and not a substitute for speaking to a qualified adviser about your situation.