Developing Trends for Cloud Services

Cloud related services seem to be ever present in the business context; from IaaS and PaaS through to both niche and "ERP in the cloud" sized SaaS offerings, contract negotiations are either predicated upon a cloud based delivery or will be significantly dependent upon cloud based infra or apps in the underlying supply chain. With such deals also increasing in both size and business criticality, the amount of time spent in contractual negotiation in respect of such services is also increasing....but is this resulting in much change in terms of the types of contract provisions being finally put in place?

The first thing to note in this regard is that this is not a "one size fits all" matter; there will be very different considerations when negotiating with one of the "Hyperscale" IaaS providers as opposed to a smaller SaaS solution provider, even though many of the underlying issues and principles will be the same or similar.

At a high level, however, the key cloud specific challenges (and what we see developing in relation to them) can perhaps be summarised as follows:

The Right to Amend or Withdraw Services

It can be problematic for a customer to make a decision to go with a particular cloud provider on the basis of a particular scope of service, only to find that this can be unilaterally changed by the provider post contract signature (on the basis that this is "necessary" either to comply with law and regulation, or to maintain competitiveness in the wider market, given the "one to many" nature of the cloud services).

Most cloud providers will not give up on this right, but qualifications and amendments we have seen include:

• a commitment that any changes must be "additive" only (ie there must be an improvement rather than a removal without replacement)
• Extended notice requirements
• Rights for the Customer to exit the cloud services if it doesn't agree to the changes (irrespective of whether there was otherwise a minimum volume commitment)
• Compensation for Customer migration costs, if the changes require it to implement alternative arrangements

Suspension Rights

Many cloud providers will reserve rights to suspend service provision, on the basis of a need to protect other users of their cloud platform (e.g in the event of a security breach which might impact upon such other users). This is understandable, but Customers will be concerned about their own business continuity, and so are seeking to control or limit the operation of such suspension rights. The movements we have observed in terms of the negotiation of such provisions include:

• Express limitations of the suspension rights to where there is a reasonable suspicion of a material impact upon third parties (i.e as opposed to just on the cloud service provider and/or the Customer themselves)
• Limitation to "material" issues, rather than a wider category of more minor infractions, such as any breach of Acceptable Use Policy (AUP) provisions
• An obligation to limit the suspension as much as is possible, both in terms of the extent of the suspended services and the duration of the suspension
• Rights for the Customer itself to terminate, if the suspension continues beyond a certain period of time

Service Levels

Many of the cloud services SLA regimes we have seen are limited in scope to just the availability of the services, and fail to address issues associated with response and resolution of individual issues, or circumstances where the services are technically "available", but are functioning in a way which is materially impaired. They are often also set out on the basis that any service credits accruing are a "sole and exclusive" remedy....which would leave the Customer with a very limited means of recourse in relation to what would arguably be the most significant service failure that might occur.

Negotiation of such provisions still tends to be quite intensive, but we have observed the following:

• Agreement to additional service levels tied to responses to individual issues/incidents
• New Service Levels tied to "material outages", which go beyond pure availability to instead also consider material loss of functionality etc

Liability Provisions

An enduring complaint for Customers is that standard form cloud services contracts tend to have very restrictive liability provisions; aside from the "service credits as a sole remedy" issue as stated above, the limits of liability are often set at a low level (ie tied to a limited time duration of fees related to the specific aspect of the services which are said to have been defective, rather than the total amounts being paid) and married with extensive sets of exclusions.

This is however an area where we have seen perhaps most movement in terms of market trends, possibly because it is also where many Customer side advisors will devote the most effort in terms of their contract negotiations. We accordingly tend to now see caps which are linked to percentages of annual contract value rather than just to charges related to individual elements of the services, and for that percentage value to be pushed upwards beyond 100%; the scope of the exclusions is also coming under the spotlight and being paired back (e.g an exclusion regarding losses arising from "service unavailability" will now routinely be removed)

Overall, I think it would be fair to say that we are in the "adolescent" phase of contracting for what I might call Enterprise Cloud services (e.g cloud based delivery of services which are high in value and business criticality)....we have come out of the initial phase when both suppliers and customers were feeling their way in terms of what kind of contract terms would need to be formulated, and have marked out the battlefield in terms of the key areas for contractual debate. However, we still have some way to go before we can talk about having developed understandings of "market norms" in the way that could be said to exist for ITO and BPO deals, for example.