Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cloud contracts: Five key legal considerations for businesses

Sue McLean | June 24, 2016
Sue McLean, Of Counsel lawyer at Morrison & Foerster, provides tips for businesses negotiating cloud computing contracts with providers.

The cloud computing market has evolved in recent years. The commercial offerings of service providers have become more flexible, and we have also seen changes in providers' traditional 'take it or leave it' approach to cloud contract terms.


However, although there's now more negotiation of cloud contracts, the key for organisations evaluating cloud solutions is to know which elements of contracts can be negotiated, and by how much. Here are some of the key issues to consider.

Cloud contracts: Understand provider's terms

Cloud computing services are generally implemented on the provider's terms - although it can often be a struggle to figure out exactly what those terms are.

Watch out for some cloud providers' complex, multi-document contract structures that may be poorly updated and oddly worded. In particular, don't assume that you know what's in a provision based on its heading. For example, in some terms, 'force majeure' seems to be elastic-sided enough to capture "changes in the taxation basis of services delivered via the Internet" as a force majeure event!

Understandably, contracts for private cloud solutions and with system integrators/resellers allow more scope for negotiation than contracts with public cloud providers. However, even in public cloud deals, terms are increasingly negotiable - although the degree of negotiability certainly pales in comparison with traditional outsourcing contracts.

Some of the key issues that tend to recur in cloud contract negotiations include:

  • customer control and visibility over subcontracting, with a general reluctance from providers to allow approval over, or even to identify, subcontractors;
    limitations on the provider's ability to change the nature of the services. (Here it's generally advisable for customers to focus on the commercial implications of such changes, rather than the right itself);
    privacy and data security commitments;
    rights of the provider to suspend services, e.g., for non-payment or violation of an acceptable use policy;
    limitations of liability; and
  • exit provisions allowing the customer to extend service for a period after termination or expiry to allow migration to the replacement solution.
    Technical areas don't tend to lend themselves to negotiation given the commoditised nature of cloud solutions - and you can show your naivety by asking for changes that directly contradict the services model.

Cloud contracts: 2. Due diligence

Because of the constraints on your ability to negotiate the provider's cloud terms, it's essential to carry out appropriate due diligence on the provider. Areas of focus should include:

  • Location of services
  • Service performance and usability
  • Existing customers (references)
  • Data location, processing, portability and recovery
  • Security
  • Interoperability
  • Business continuity
  • Exit

Cloud contracts: 3 - Data privacy remains centre stage

It's also vital to understand how responsibility for data privacy obligations will be allocated between you and the provider, including who is responsible for data security.


1  2  Next Page 

Sign up for Computerworld eNewsletters.