Skip to contentdotlaw

IT Industry

Your code scales. So can the law.

B2B contracts, copyright, the AI Act. We design legal foundations that don't slow you down but scale alongside you.

Let's begin. 20 minutes is enoughAbout us
IT Industry

Trusted by

Tooploox
justjoin.it
CodeTwo
Toggl
Spyrosoft
Angry Nerds
Tooploox
justjoin.it
CodeTwo
Toggl
Spyrosoft
Angry Nerds
Tooploox
justjoin.it
CodeTwo
Toggl
Spyrosoft
Angry Nerds

We know your business model

Every IT model has its own legal challenges. We know them all.

There is no single key that fits every IT company. Software house, product house, SaaS, IT outsourcing, or technology consulting. Each of these models raises entirely different legal questions. A lawyer who doesn't understand the difference will slow you down instead of speeding you up.

Software house

Your greatest asset is talent. A good B2B contract builds trust while protecting against ZUS risk: a B2B contract that effectively works like employment can be challenged, with full tax liability on your side. Then there's intellectual property: a single carelessly drafted clause can mean your client owns the code your team wrote. We also design dedicated implementation contracts with clients that precisely govern scope, SLAs, and IP ownership, protecting the code on which you build your next projects.

SaaS / Product house

You're building a product that scales without a proportional rise in costs, but your terms of service, privacy policies, and subscription agreements have to keep pace with every new feature. You process user data from many countries at once. Your ToS must protect you against user claims while not scaring off enterprise clients, who have their own legal teams and read every clause.

IT outsourcing / Body leasing

You send your people to clients. The contracts must precisely define who is responsible for errors: you, or the client who manages your developer day to day. The key challenge is structuring the contract so that the PIP doesn't classify the relationship between your developer and the client as an employment contract, which is the biggest risk in this model. You need to protect your people from being poached by clients while offering the flexibility that makes clients choose you over building an in-house team.

Technology consulting

You advise, but how far does your liability extend for recommendations the client implements? Your contracts must precisely define the scope of the service, limit liability for the consequences of the client's business decisions, and protect your know-how from being copied by clients who, once the project ends, do the same thing themselves or with a cheaper provider.

Problems we know

Legal challenges that slow IT companies down.

Personal data protection (GDPR)

Are you processing data from users of your product? A client's employee data accessible to your contractors? Data in the cloud on servers outside the EU? Each of these cases calls for the right data processing agreement, the right clauses in subcontractor agreements, and a retention policy.

Copyright in software

Who owns the code? Copyright law's default answer often comes as a surprise. You have to decide what you transfer to the client, what you license, and what you keep as your own IP. This gets especially complicated with open source, reusable components, and AI-generated code.

SaaS terms of service and subscription agreements

Your ToS is the only shield between you and client claims when something goes wrong. Limitation of liability, the definition of the SLA, termination conditions, refund rules. Each of these can cost you hundreds of thousands of PLN if it's poorly drafted. Another challenge is keeping pace with regulations affecting cloud services, such as the Data Act and the Digital Services Act.

AI Act, NIS2, and the Cyber Resilience Act

Three regulations that take effect in stages and affect most IT companies. The AI Act classifies AI systems by level of risk. NIS2 extends cybersecurity obligations to new sectors and increases penalties. The Cyber Resilience Act (CRA) imposes new requirements on makers of software and digital devices. If you build AI products or manage infrastructure, you need to know where you fall in this classification before the regulator decides it for you.

Certifications (ISO 27001, SOC 2)

Enterprise clients increasingly require certifications before they sign a contract. ISO 27001 is not just a technical audit but a process that demands the right security policies, supplier agreements, and legal documentation. At dotlaw we work with ISO auditors and support IT companies in preparing the full documentation required for certification. An IT company that holds the certificate wins tenders it couldn't even enter without it.

B2B contracts with developers

ZUS is increasingly active in scrutinizing B2B contracts in the IT sector. If a developer works exclusively for you, performs tasks under your direction and during your hours, ZUS may treat this as an employment relationship. The consequence: back-due contributions, interest, and liability on your side. A well-structured B2B contract eliminates this risk before an inspection challenges it.

Why dotlaw

Law that understands how your company works.

Practicality

We're your partner. We don't describe legal risk in the abstract and we don't leave you with "on the one hand… on the other hand." We close every matter with a concrete recommendation. Our legal solutions are meant to grow your business.

Flexibility

We support IT companies in a model that fits their stage of growth: from project-based support on a specific contract, through ongoing retainer service, to a fractional in-house arrangement that works like an internal legal department. The form of collaboration is tailored to you.

AI-native

We've backed our services with GenAI from the very beginning. In line with the European guidelines we helped author, we shift efficiency into high gear. That lets us work effectively even on the most complex matters.

Legal design

We design contracts, manuals, and guidelines so that your team can read and understand them without trouble. Legal documents no one understands are never effective.

How we start

From the first conversation to the first result.

A 20-minute conversation.

No briefs, no forms. You tell us what you do and what hurts. We tell you straight whether and how we can help.

An action plan in 48 hours.

Whatever the scale, within 48 hours you'll know how we'll define the scope of work, how we'll approach the problem, and when you'll receive a quote. No dragging things out. No "we'll get back to you."

Full onboarding in a week.

All it takes is a week from the date the contract is signed. Our lawyers are fully onboarded into your business and we start working. There's no warm-up period.

Case study

Toggl - Toggl earned ISO 27001 without pausing operations.

Toggl serves thousands of clients worldwide. Its biggest customers started requiring security certifications. The challenge: a remote team, no physical infrastructure, and the fear that certification would stall the product roadmap. dotlaw ran the full implementation. We prepared the documentation in Notion, eliminating extra processes and delivering the certificate on time.

With dotlaw, we not only passed the audit successfully, but above all approached it confident that every detail had been taken care of during the implementation.

Alari Aho · CEO, Toggl OÜ

ISO 27001 · SaaS · Estonia

Read the full case study

FAQ

Questions we hear
most often.

A software house needs a lawyer who understands three areas at once: employment law and B2B contracts with developers, intellectual property and copyright in software, and client contracts, including implementation, maintenance, and SLA agreements. The ideal lawyer for a software house doesn't ask what a sprint is or what "agile delivery" means, because they understand it before they start drafting the contract.

A solid B2B contract with a developer should include, among other things: a precise description of the scope of services (not just "programming services"), a clause clarifying that the developer provides services to multiple clients, provisions confirming the absence of operational supervision, the transfer of copyright in the code, a non-solicitation clause covering both clients and employees, and rules on liability for errors and delays. Missing any of these elements can mean that ZUS challenges the B2B arrangement as an employment relationship, which carries tax liability on your side.

In Poland, copyright in software arises automatically the moment the code is created, but who owns it depends on the contract. A developer employed on a contract of employment transfers the rights to the employer automatically. A contractor working on a B2B basis does not do so automatically, unless the contract expressly provides for it. With software created by AI, the situation is even more complex and requires precise provisions. Careful drafting is also needed to properly structure contracts and documentation for developers covered by the IP Box relief or the 50% tax-deductible cost allowance.

Yes, and these are two different documents with different functions. The Terms of Service govern how the product may be used: the scope of the service, the SLA, limitation of liability, and termination conditions. The privacy policy governs the processing of users' personal data in line with the GDPR. If a SaaS offers services to business clients who process their own users' data through your product, you also need a data processing agreement (DPA).

The AI Act takes a risk-based approach: some AI uses are prohibited, high-risk systems carry the broadest obligations, and other cases face fewer requirements. Your obligations depend on where you sit in the value chain: as a provider of the AI system, an importer, or a user. NIS2 extends cybersecurity obligations to new sectors and increases penalties. Preparing for both regulations starts with an audit that establishes your status before you begin implementing any procedures.

Let's get started. 20 minutes is enough.

You tell us what you're building and what's blocking you. You get a clear answer. Go or No-Go.

Get in touch