Unfair Contract Terms and Your SaaS: How the Penalty Regime Affects Startup Standard Forms

If you run a SaaS business in Australia and your customers sign up on standard terms — which most do — you are operating squarely within the scope of Australia’s unfair contract terms (UCT) regime. Since the reforms that took effect on 9 November 2023, proposing or relying on an unfair term in a standard form contract is not just voidable. It is a contravention that carries civil penalties of up to $50 million per term.

The ACCC has made UCT enforcement a stated priority for 2025–26. The first enforcement actions are already in, and the regulator has signalled that technology platforms and software providers are firmly on its radar. For SaaS founders, that means the terms you drafted in a weekend three years ago — or copied from a US competitor — deserve serious attention.

What Changed in November 2023

The Treasury Laws Amendment (More Competition, Better Prices) Act 2022 overhauled the UCT provisions in the Competition and Consumer Act 2010 (Cth) and the Australian Consumer Law (ACL) in three material ways.

Penalties became real. Previously, the only consequence of including an unfair term was that it could be declared void. Courts could not impose fines. From 9 November 2023, proposing, applying, or relying on an unfair term is a contravention. The maximum penalty for a body corporate is the greater of $50 million, three times the benefit obtained from the conduct, or 30% of adjusted turnover during the breach period. For individuals — including directors — the cap is $2.5 million. Each unfair term is a separate contravention, so a contract with five problematic clauses creates five separate exposures.

The small business threshold expanded. UCT protections for small business contracts previously applied only to businesses with fewer than 20 employees and contracts under $300,000 (or $1 million for multi-year deals). The threshold is now fewer than 100 employees or annual turnover under $10 million, with no contract value cap. That brings a very large proportion of Australian businesses within the protective scope — and a very large proportion of SaaS customer bases within the regime.

The standard form definition tightened. Allowing customers to negotiate minor or insubstantial terms no longer takes a contract outside the standard form classification. If your SaaS agreement is materially take-it-or-leave-it, it is a standard form contract regardless of whether you let customers choose a billing frequency or negotiate a small discount.

When Is a Term Unfair?

Under section 24 of the ACL, a term is unfair if it:

1. causes a significant imbalance in the parties’ rights and obligations;
2. is not reasonably necessary to protect the legitimate interests of the party who benefits from it; and
3. would cause detriment (financial or otherwise) if relied on.

Courts assess these criteria by looking at the contract as a whole, including the transparency of the term and the broader commercial context. A term buried in page 14 of dense legalese that nobody reads is more likely to be found unfair than one that is prominently disclosed and plainly worded.

Importantly, the onus falls on the party relying on the term to prove it is reasonably necessary. If you cannot articulate a legitimate business reason for a particular clause — beyond “it protects us” — that is a red flag.

The Clauses SaaS Founders Should Audit

Most SaaS agreements contain at least some provisions that attract UCT scrutiny. Here are the ones that come up most often.

Unilateral Variation Clauses

A clause that lets you change pricing, features, or terms at any time with no notice or a token notice period is a classic UCT risk. This is common in SaaS — “We may update these terms from time to time; continued use constitutes acceptance” — and it is exactly the kind of provision regulators target. The PayPal case in 2024, where the Federal Court found the company’s fee dispute term unfair, is illustrative of the direction enforcement is heading.

The fix: If you need the ability to vary terms, build in reasonable notice (at least 30 days), give customers the right to terminate without penalty if the change is materially adverse, and be specific about what you can and cannot change unilaterally.

Broad Limitation and Exclusion of Liability

Limiting your liability to the fees paid in the last 12 months is standard SaaS practice and generally defensible. Excluding all liability entirely, or capping it at a nominal amount that bears no relationship to the deal value, is a different story — particularly if the exclusion is one-sided and the customer has no equivalent protection.

The fix: Ensure your liability cap is proportionate to the contract value. Avoid blanket exclusions for your own negligence or wilful default. Make sure limitations run both ways where appropriate.

Automatic Renewal with Narrow Cancellation Windows

Annual contracts that auto-renew unless the customer provides written notice during a 14-day window six weeks before expiry are increasingly risky. The narrower the window and the more obscure the cancellation method, the stronger the UCT argument.

The fix: Provide clear advance notice before renewal (email reminders are good practice and good customer relations). Allow cancellation via the same channel the customer used to sign up — if they subscribed online, they should be able to cancel online.

One-Sided Termination Rights

If you can terminate for convenience on 30 days’ notice but the customer is locked in for 12 months with an early termination fee, that asymmetry is a textbook example of significant imbalance.

The fix: Either give both parties equivalent termination rights, or ensure there is a legitimate commercial justification for the asymmetry (such as upfront implementation costs that are amortised over the term).

Broad Indemnities

Requiring customers to indemnify you against “any and all losses” arising from their use of the platform — including losses caused by your own system failures — shifts risk in a way that is difficult to justify as reasonably necessary.

The fix: Scope indemnities to the customer’s actual conduct (breach of acceptable use policies, infringement of third-party IP through content they upload) rather than drafting them as catch-all risk transfers.

Deemed Acceptance and Short Dispute Windows

Clauses requiring customers to raise billing disputes within a short window (say 14 or 30 days) after which charges are deemed accepted are exactly the type of provision found unfair in the PayPal case. The Federal Court held that such terms disadvantage small businesses that may not have the resources to audit invoices on a tight timeline.

The fix: Extend dispute windows to a reasonable period (90 days is common) and do not impose a hard waiver for missed deadlines.

Why This Matters More for Startups Than You Think

You might assume that UCT enforcement is aimed at large enterprises — the PayPals and the telcos. But the regime does not distinguish based on the size of the business imposing the terms. It applies whenever a standard form contract is used with a consumer or qualifying small business.

Most SaaS startups contract exclusively on standard terms. Many of those customers are small businesses with fewer than 100 employees. The maths is straightforward: if your template agreement contains unfair terms and you have 500 customers who signed it since November 2023, that is potentially 500 separate contraventions — per unfair term.

The practical likelihood of the ACCC pursuing an early-stage startup is lower than for a multinational platform. But there are other risks. A customer in a commercial dispute can raise UCT as a defence or counterclaim. Investors conducting due diligence will flag non-compliant standard terms as a legal risk. And if you are selling to enterprise customers, their legal teams will increasingly push back on clauses that would be unfair if applied to a small business counterparty.

What to Do Now

If you have not reviewed your standard customer agreements since November 2023, the time to do so is now. Here is a practical starting point:

1. Audit your existing terms against the examples above. Flag any clause where the rights and obligations are materially asymmetric.
2. Assess your customer base. How many of your customers are consumers or small businesses under the expanded threshold? If the answer is “most of them,” your entire template is within scope.
3. Redraft problem clauses. The goal is not to remove all protections — it is to ensure each protective clause is proportionate, transparent, and genuinely necessary.
4. Consider grandfathering. The reforms apply to contracts entered into, renewed, or varied after 9 November 2023. If you have legacy customers on older terms, a renewal or variation may bring those contracts within scope.
5. Get legal advice. UCT analysis is contextual — what is unfair in one contract may be reasonable in another depending on the commercial circumstances. A lawyer experienced in technology contracts can help you find the right balance.

The Bottom Line

The UCT penalty regime is not a theoretical risk for Australian SaaS businesses — it is an active enforcement priority with real financial consequences. The good news is that compliance does not require you to give away all contractual protection. It requires you to draft terms that are fair, transparent, and proportionate. For most startups, that means fixing a handful of clauses rather than rewriting the entire agreement.

The worst approach is to do nothing and hope nobody notices. The ACCC has made clear that it intends to test the boundaries of the new regime, and technology platforms that contract on standard terms with large numbers of small business customers are a natural starting point.

If your SaaS terms have not been reviewed since the reforms commenced, treat this as a priority. The cost of a contract review is negligible compared to the cost of getting it wrong.