Today, companies often depend on software they neither develop themselves nor fully control. What happens if the provider becomes insolvent or discontinues support? Software escrow protects against this risk: by securely depositing the source code, access to the code remains possible even if the provider fails.
Why Software Escrow Is Becoming Increasingly Important for Companies
Software is now the backbone of almost every business. ERP systems, industry-specific applications, platform solutions, and AI systems manage core business processes.
Many of these solutions come from external providers, often in the form of:
- SaaS applications
- licensed custom software
- industry-specific platform software
This creates a structural dependency on the software provider. As long as the provider operates reliably, this dependency often goes unnoticed. It becomes problematic, however, when the provider fails or discontinues its services.
Without software escrow, this leads to typical risks such as:
- loss of maintenance and support
- no access to the source code
- security vulnerabilities without updates
- technical failures of critical systems
- high costs for short-term replacement solutions
Especially in the case of business-critical software, this can cause significant financial damage.
This is exactly where software escrow comes in.
What Is Software Escrow?
Software escrow refers to the fiduciary deposit of a software’s source code with a neutral third party — the so-called escrow agent.
This model is also commonly referred to as source code escrow or source code deposit.
The basic principle is simple:
The source code is stored securely and is only released if certain contractually defined events occur (so-called release criteria).
This ensures that a company can continue operating the software even if the original provider is no longer available.
The typical software escrow model includes three parties:
- software provider (licensor) – develops the software
- licensee (customer) – uses the software
- escrow agent – holds the source code in trust
on:mint combines this classic escrow logic not only with a legal contractual structure, but also with a digital infrastructure for deposit, versioning, and controlled access.
Access to the deposited code is granted exclusively under clearly defined conditions, known as release triggers.
Typical Release Events in Software Escrow
A source code deposit is not released without cause. The escrow agreement defines specific events that can trigger disclosure.
Importantly, in practice the release clauses must be drafted with legal care. Instead of tying release solely to a “hard” insolvency event, contracts typically define release scenarios that also cover “softer” situations close to insolvency. This aligns with high court case law and helps avoid disadvantaging creditors.
Typical release events in source code escrow include, for example:
- discontinuation of business operations
- breach of maintenance or support obligations
- announced end-of-life of the software
- acquisition of the provider by a competitor
- loss of key development teams
- other contractually defined escalation or failure scenarios
If such an event occurs, the escrow agent may release the deposited source code in accordance with the contractual requirements.
For the licensee, this can mean the ability to:
- operate the software independently
- carry out maintenance and bug fixes
- involve external developers
- continue developing the software
A professional source code deposit ensures that companies remain capable of acting even in a crisis.
Why Software Escrow Must Be Legally Structured with Care
Exclusion from the Insolvency Estate
A central aspect is that, in the event of insolvency, the deposited source code must not become part of the insolvency estate.
This is achieved by depositing the code in trust with the escrow agent before any potential insolvency occurs.
Insolvency-Proof Usage Rights After Release
In addition to the mere deposit of source code, it must also be ensured that the licensee is actually entitled to use the code if it is released.
For this reason, escrow agreements often include what is known as a conditional grant of usage rights.
The licensee does not receive these rights across the board, but only upon the occurrence of the contractually defined conditions for release.
Third-Party Beneficiary Structure as a Key Component
In practice, escrow agreements are often structured so that the licensee, as the beneficiary, receives its own enforceable claim to release once the agreed release conditions are met.
This is an important distinction from purely technical custody models: a robust escrow structure must not only organize the deposit itself, but also secure legal access in an emergency.
Synchronizing the License Agreement and the Escrow Agreement
A common mistake is that the license agreement and the software escrow agreement are not properly aligned.
This can lead to a paradoxical scenario:
The source code is released — but the licensee does not have the necessary rights to use or further develop it.
That is why contract design must pay special attention to the alignment and synchronization of the deposit obligation (what is deposited and when?), release criteria (what is released under which conditions?), and the license or usage rights relating to the source code.
From Software Escrow to Digital Escrow
For many companies, the topic begins with a classic source code deposit. In practice, however, it quickly becomes clear that source code alone is often not enough to truly protect business-critical systems.
Today, many digital applications consist of a wide range of technical and organizational components that are just as important for operation, maintenance, and further development as the code itself.
These may include, for example:
- AI training data
- large data sets
- technical configuration information
- cloud access credentials
- development documentation
Modern escrow solutions therefore expand classic source code escrow into a broader concept: digital escrow.
This allows different types of digital assets to be deposited.
IP Escrow
Protection of technical know-how and trade secrets such as:
- design data
- technical specifications
- manufacturing information
Key Escrow
Secure deposit of sensitive access data such as:
- passwords
- cryptographic keys
- cloud access credentials
Data Escrow
Long-term protection of large data sets, for example:
- production data
- analytics and statistical data
- IoT data
AI Escrow
Protection of key components of AI systems, such as:
- model architectures
- training data sets
- vector databases
Digital escrow therefore protects not only software, but the entire digital value creation base of a company.
How Software Escrow Works at on:mint
The on:mint platform combines legal escrow structures with a modern infrastructure for secure digital deposit.
The goal: a source code deposit that is both legally sound and technically traceable.
For companies, this means more than just having a contract in place. It creates a robust setup in which legal release rules, technical deposit, and continuous updates work together.
The process includes several steps.
1. Setting Up the Escrow Structure
First, an individual software escrow agreement is created.
This defines, in particular:
- what material is to be deposited
- when the deposit takes place
- which release criteria apply
- which usage rights arise in the event of release
2. Depositing the Source Code
The software provider then deposits the complete code base along with the necessary development artifacts.
Typically, a professional source code deposit includes far more than just the code itself. In particular, the following should be deposited:
- complete source code
- build environments
- dependencies and configuration files
- technical documentation
- installation and setup instructions
- database schemas and migration information
- infrastructure information
- overviews of third-party components used
This information is crucial to ensure that the software can actually be reproduced, maintained, and further developed in an emergency.
This is precisely where the difference between a simple code copy and a robust escrow solution becomes clear: only when all relevant technical and organizational supporting information is available in full can the deposited version be used in practice when it matters most.
3. Automated Updates via Repository Integration
on:mint enables direct integration with GitHub or GitLab.
This allows new versions to be transferred to the escrow system automatically.
Unlike traditional Git repositories, the escrow context stores complete versions — not just changes.
This means each version remains independently reconstructable.
4. Verification of the Deposited Material
Another key issue is whether the deposited material is actually complete and usable.
A deposit is only truly reliable if, in an emergency, it contains not just files, but a usable and comprehensible software state.
For this reason, on:mint can supplement the deposit with full verification procedures.
This increases security for all parties involved and reduces the risk that, while data is technically available in a release event, it is not actually useful in practice.
The Technical Infrastructure Behind Source Code Deposit
on:mint combines modern technologies to implement software escrow in a particularly secure way.
Blockchain as Proof of Integrity
A cryptographic hash is generated for every deposited version.
This hash acts as a digital fingerprint of the code and is stored on a public blockchain.
This creates immutable proof of:
- when a version existed
- that it has not been altered since
The source code itself remains confidential.
Decentralized Storage via IPFS
The code itself is not stored on the blockchain, but in a decentralized storage system.
For this purpose, on:mint uses an access-controlled IPFS infrastructure.
IPFS addresses files by their content rather than by their storage location. Each file receives a so-called Content Identifier (CID).
This architecture offers several advantages, including:
- greater resilience
- protection against tampering
- no central point of failure
- traceable integrity of individual versions
Distribution across multiple storage nodes increases system resilience and reduces the risk of single points of failure.
The Data Vault: The Digital Safe for Software Escrow
A central component of the platform is the Data Vault.
It functions as a digital safe for all deposited assets within the software escrow system.
Access is managed through token-based access systems and role-based permissions.
This makes it possible to control exactly:
- who receives access
- which actions are permitted
- under which conditions data may be released
Within a vault, multiple data spaces — known as streams — can be created.
These enable the separate storage of:
- source code
- documentation
- technical assets
This makes it possible to map complex escrow structures between provider, customer, and escrow agent.
Unlike traditional escrow models, on:mint therefore combines legal custody logic with a digital infrastructure that brings together versioning, controlled access, and traceable documentation in one system.
What Companies Should Look for in Software Escrow
Not every software solution automatically requires an escrow structure. Software escrow becomes particularly valuable, however, whenever a company is highly dependent on a specific software solution.
Typical situations in which a source code deposit is especially relevant include:
- use of business-critical software in core operations
- use of custom software or proprietary platforms
- long-term dependency on a single software provider
- use of specialized industry solutions
- integration of the software into production or data processes
Especially in the case of custom software or specialized SaaS solutions, switching providers is often not possible at short notice. Without source code escrow, such situations create a significant operational risk.
Companies should therefore not only ask whether a deposit exists, but also how robust it actually is. Important questions include:
- Is only the code deposited, or also the necessary documentation?
- Are the build environment and dependencies fully documented?
- Are there clear and legally reliable release rules?
- Is the deposited version current and properly versioned?
- Has the completeness of the material been verified?
A professional source code deposit only reduces risk effectively if the legal structure and the technical implementation are properly aligned.
Conclusion: Software Escrow as a Safeguard for Digital Business Models
The digital economy increasingly relies on software, data, and platform technologies.
As this development continues, dependency on external software providers also increases.
Software escrow — particularly in the form of a professional source code deposit — offers companies structured protection against exactly these risks.
Solutions such as on:mint combine legal escrow structures with a modern infrastructure for source code escrow.
The result:
Companies retain control over business-critical software — even if providers fail or are no longer able to meet their obligations.
This makes software escrow an important building block in modern digital risk strategies
