The Ultimate Legal Guide to Exporting IT & SaaS Services from India (2026) | M S Sulthan

Mon - Sat: 09:00 - 19:00

M S Sulthan Legal Associates

Disclaimer: As per the rules of the Bar Council of India, this content is for educational and informational purposes only. It does not constitute legal advice or solicitation.

The Ultimate Legal Guide to Exporting IT & SaaS Services from India (2026)

Q: How do we protect against lawsuits in foreign courts?

Your contract must contain a strict 'Governing Law and Dispute Resolution' clause. You should mandate that any disputes be resolved through International Commercial Arbitration (e.g., at the SIAC or LCIA) rather than through the domestic court system of your client's home country.

By M S Sulthan Legal Associates, Kozhikode | April 5, 2026 | International Trade / Corporate Law

The Indian IT and SaaS sector is a global powerhouse, rapidly scaling beyond domestic borders to capture markets in North America, Europe, and the Middle East. However, the legal architecture required to safely export intangible services is vastly more complex than shipping physical goods.

While most founders fixate on the Reserve Bank of India's (RBI) compliance mechanisms, the true legal battlegrounds lie in cross-border contracting, intellectual property transfer, data privacy, and navigating international tax treaties. A poorly drafted contract or a non-compliant data flow can result in frozen payments, devastating foreign litigation, or the complete loss of core intellectual property.

This comprehensive guide details the five absolute pillars of legal compliance for exporting IT and software services from India in 2026.

1. Structuring the Cross-Border Master Services Agreement (MSA)

Your Master Services Agreement (MSA) is your primary commercial shield. When dealing with foreign clients, relying on domestic contract templates is a recipe for disaster.

Jurisdiction & Choice of Law

Never agree to litigate in a foreign court if you can avoid it. Insist on International Commercial Arbitration (e.g., SIAC in Singapore or LCIA in London) seated in a neutral territory. Arbitral awards are easily enforceable across borders under the New York Convention, unlike traditional court judgments.

Limitation of Liability

Software inevitably has bugs. Your contract must explicitly cap your liability to the total amount paid by the client under the specific Statement of Work (SOW). Exclude "consequential" and "indirect" damages entirely to protect your company from astronomical international lawsuits.

Currency Fluctuation Clauses

Ensure the contract dictates which party bears the risk of foreign exchange fluctuations and bank intermediary fees. The invoice amount in USD must reflect the exact value realized in your Indian bank account.

2. Intellectual Property (IP) Protection & Assignment

In software development exports, defining exactly who owns the code is the most heavily negotiated aspect of any deal.

Background vs. Foreground IP: You must legally distinguish between Background IP (the proprietary frameworks, algorithms, and libraries you bring to the project) and Foreground IP (the specific custom code built for the client). The client only receives ownership of the Foreground IP. If you fail to carve out your Background IP, you effectively transfer the rights to your core technology.

Section 19 of the Copyright Act, 1957: Under Indian law, an assignment of copyright (source code) is only valid if it is in writing, signed by the assignor, and explicitly specifies the territory and duration. Ensure your MSA explicitly assigns the IP "worldwide and in perpetuity."

3. Global Data Privacy Compliance (DPDP Act & GDPR)

If your IT service involves processing the personal data of foreign citizens, you are navigating an absolute legal minefield.

Acting as a Data Processor: In most IT export scenarios, the Indian company acts as a "Data Processor" while the foreign client is the "Data Controller/Fiduciary." Your contract must strictly state that you will process data solely on the client's documented instructions.
EU GDPR & Schrems II: If processing data of European residents, you cannot simply sign a contract. You must execute standard Standard Contractual Clauses (SCCs) and implement heavy technical safeguards (encryption, data masking) because the EU does not consider India to have an "adequate" data protection regime.
India's DPDP Act 2023: Even as an exporter, you must comply with India's domestic data privacy laws regarding the data of your own employees and any Indian data subjects stored on your servers.

4. Tax Compliances: GST (LUT) and Transfer Pricing

Export of services is heavily incentivized by the Indian government, provided the structural paperwork is impeccable.

Zero-Rated Supply & The LUT: The export of IT services is considered a "zero-rated supply" under GST law. To legally export without paying Integrated GST (IGST) upfront, the company must file a Letter of Undertaking (LUT) on the GST portal at the beginning of every financial year. Failure to file an LUT means you must pay IGST and later claim a complex refund.

Transfer Pricing: If your Indian entity is providing IT services to its own foreign parent company or a subsidiary (e.g., a US holding company), the transaction must be conducted at an "Arm's Length Price." The Income Tax Department heavily scrutinizes these transactions to ensure profits are not being artificially shifted out of India to low-tax jurisdictions.

5. FEMA & The New EDF Regime (October 2026)

To prevent money laundering and preserve foreign exchange reserves, the RBI strictly monitors all exports.

The End of SOFTEX: For decades, IT exporters had to file complex SOFTEX forms through the Software Technology Parks of India (STPI) to prove their exports. In a massive regulatory overhaul effective October 2026, the RBI is permanently phasing out the SOFTEX form. It is being replaced by the unified Export Declaration Form (EDF).

The 9-Month Realization Rule: Once the EDF is filed, it creates an entry in the RBI's Export Data Processing and Monitoring System (EDPMS). Under FEMA, the exporter is legally mandated to realize and repatriate the foreign exchange back to India within 9 months. Upon receiving the payment, the Authorized Dealer (AD) Bank issues an e-FIRC to close the EDPMS loop. Failure to realize the payment places the exporter on the RBI Caution List, blocking future trade.

Conclusion

Exporting IT services is a highly lucrative endeavor, but treating it like a standard domestic transaction exposes the company to severe international and domestic liabilities. Prior to signing any foreign client, IT exporters must secure their intellectual property, execute robust cross-border MSAs, file their GST LUTs, and align their banking pipelines with the new EDF framework.

Frequently Asked Questions (FAQ)

1. Do I need to charge GST to a foreign client?

No. The export of IT services is considered a zero-rated supply. If you have successfully filed a Letter of Undertaking (LUT) for the current financial year on the GST portal, you can issue an invoice without charging IGST.

2. What happens to the SOFTEX form in 2026?

Effective October 2026, the RBI is officially replacing the legacy SOFTEX form with the unified Export Declaration Form (EDF) for all software, IT, and service exports, streamlining the digital filing process and bypassing the need for tedious STPI certifications.

3. Who owns the source code developed for a foreign client?

Ownership depends entirely on the Intellectual Property assignment clause in your Master Services Agreement (MSA). By default, the creator owns the copyright. To transfer it to the client, a written assignment specifying the exact scope of "Foreground IP" is legally required.

4. What is a Foreign Inward Remittance Certificate (e-FIRC)?

An e-FIRC is a digital certificate issued by your Authorized Dealer (AD) Bank confirming that foreign funds have legally entered India. It is critical for closing the export transaction loop in the RBI's EDPMS system and for claiming any relevant tax benefits.

5. How do we protect against lawsuits in foreign courts?

Your contract must contain a strict "Governing Law and Dispute Resolution" clause. You should mandate that any disputes be resolved through International Commercial Arbitration (e.g., at the SIAC or LCIA) rather than through the domestic court system of your client's home country.

Loading latest insights...