What is source code escrow / software escrow

Source code escrow (software escrow) is a way to ensure that critical software can continue to operate even if its vendor ceases operations, changes ownership, terminates support, or breaches the contract.

Source code, documentation, and other materials necessary for the operation of the information system are stored in a secure repository.

Under a concluded tripartite or bipartite escrow agreement, the escrow holder (software escrow agent), acting as an independent entity, takes custody of the escrow materials and releases them in predefined cases or situations.

If the escrow is not released, the stored data are permanently deleted.

Why are source codes so important?

Source code is the foundation of the entire information system.

Without it, it is not possible to:

  • fix errors,
  • add new functionality,
  • migrate the system to a new server,
  • keep the system technically operational.

Vendors usually provide customers only with compiled code , which is insufficient for long-term operation.

Why a developer may not want to hand over the source code

A developer may not want to provide the source code to the customer because it represents their trade secret, know-how, and competitive advantage.

By handing it over, the developer would lose control over the security and further development of the system.

By depositing it into escrow, the developer can store it securely — the customer gains access only if clearly defined conditions are met, ensuring protection for both parties.

Security and trustworthiness

  • We have been providing our services since 2009.
  • All data entrusted to us for escrow are always encrypted and password-protected to the highest standard.
  • We use state-of-the-art technologies and processes for data archiving.
  • We apply tools and procedures in accordance with the European eIDAS regulation.
  • Our processes are fully auditable and verifiable.

What is included in the escrow

  • application source code, libraries, and modules
  • build scripts, configuration files, CI/CD pipelines
  • database schema, migration scripts
  • installation and deployment documentation
  • list of external dependencies

Technical verification / content audit

  • Intake and identification of escrow contents

  • Integrity and completeness checks of the data

  • Analysis of project structure and dependencies

  • Verification of build or deployment reproducibility

  • Technical validation of application runtime

  • Functional testing of selected features

Escrow agreement

The agreement includes the following elements:

  • Contracting parties
  • Scope and content of the escrow
  • Definition of the deposited materials, the method of their update, and the responsibilities of the individual parties.
  • Conditions for release of the escrowed materials
    Clearly defined triggering events (e.g. termination of the vendor’s business, breach of contract, unavailability of support).
  • Linkage to other contractual documentation

  •  

Scroll to Top