Competition Law Issues in Cloud Computing

February 10, 2013

Customer dependency on a cloud supplier

One aspect that has been troubling many in the market, beyond data protection and security, is the issue of customer dependency on cloud suppliers and what is known as the issue of ‘lock-in’. The fear of customers is that they will lose their ability to shop around and will gradually pay more and more to a cloud supplier over time. To some extent this is based on the history of customers’ outsourcing of technology and in particular the outsourcing of ‘technology risk’. In this model of contracting, customers traded low prices in the short term for agreements with suppliers that allow suppliers to upgrade and modify systems and services as technology progresses. The risk of keeping up with technology changes is being outsourced to the supplier. This looks like a reduction in complexity and hassle. One difficulty for the customer is that it may become increasingly dependent on a particular supplier or its systems and processes may become ‘locked in’ to that supplier. This may happen as technology progresses and new features and services are developed and upgraded and added to the basic services under the contract. Lock-in is beneficial for suppliers and a well known commercial practice in computing.  

The competition law issue arises where the supplier monopolises customers. If a competition law breach can be shown, customers may be able to argue that the contracts, or certain provisions in them, are unenforceable. Customers may then be free to shop around in spite of clauses in the contract to the contrary.  For this issue to arise, much depends on evidence for the claim being made that customers’ ability to switch suppliers is being restrained and on the presence or absence of alternatives. Where dependence can be shown to arise because of the dominance of a supplier, it can be addressed under competition law. Indeed, this has been the subject of repeated investigations into IBM’s and other computer companies’ practices over many years, the latest ending with unbundling of IBM’s hardware and maintenance services in undertakings provided to the European Commission during 2011.

The shift from IT services to cloud services means that it may be in customers’ interests to shop around. As cloud services are often both more flexible and more cost effective than traditional IT in systems that have been integrated between customer and supplier, the customer may be interested in buying from a third party. Much will depend on the definition of scope in the existing contracts, and whether any restrictive provisions require new technology to be supplied by an existing supplier.

Current market research

We know from market research that this issue of dependency is a major issue for customers. Indeed it has been among the top issues that International Data Corporation has noted over the past five years. IDC presented its research to the European Commission as part of the consultation and hearings which helped the Commission formulate its cloud strategy in 2012. The research notes that customers are afraid of becoming dependent on their cloud supplier. This fear is at such a high level that, despite the huge savings available in the short run, customers are not adopting cloud computing for fear of being locked in over time.

Practical solutions and the problems with them

There are a number of practical ways through which such dependency may be avoided, and trust can be created, that are worth mentioning such as:

·       maintaining dual supply,

·       retaining data portability,

·       including break clauses in existing systems integration contracts, and/or

·       including a more tightly defined scope of service, enabling new services to be bought from third parties.

In practice these solutions are often difficult to achieve. For example, outsourcing to one supplier may mean that a policy of dual sourcing cuts across existing contractual obligations. Another difficulty in putting dual sourcing in place can arise because each supplier may seek to differentiate themselves over time. Each supplier may reap efficiencies from specialisation, so dual supply does not mean competitive supply and may lead to separate supply of different services over time. More fundamentally, dual supply may be more expensive in the short term with a single supplier being a much cheaper option than multiple suppliers because a single service provider can drive economies of scale. Also a single supplier of a particular offering may facilitate services such as e-mail working better with a group of identifiable users within a secure closed user group: the security and software systems may increase the security of the system and increase switching costs, increasing dependency. This may be a particular issue in tailored software offerings and it may in fact be easier to use standardised or portable solutions from a major supplier to maintain peace of mind. Furthermore, major cloud computing suppliers will not negotiate except with the very biggest customers. This may in fact be a blessing in disguise since the major suppliers may drive a degree of standardisation. For example, Microsoft Word is available as a well known word processing software package that works with almost every underlying technology platform from PC equipment suppliers through to Apple Macs.

Interoperability between dual sourced services may also be a practical issue. Different suppliers may naturally want their services to be supplied on proprietary software or using their own proprietary intellectual property rights to meet the entire user community that an enterprise customer wants to connect together.  Different suppliers’ systems may expand their user bases and come into conflict over time. To the enterprise customer there may be an increased value in each additional person or data centre being connected to a single supplier’s system; the conflict may be resolved either through interoperability between systems or through buying a single system from one supplier.  Services may work better if they are connected using a single technology or software and interoperability may be a second best solution. This reinforces ‘network effects’, where the value of each addition makes it economically attractive to ensure increased connections to the same system.  For the customer buying such a system, the issue is that he may become dependent on the supplier and the terms of the contract need to address any increasing dependency so that the total costs of ownership, including switching and the costs of exit, are understood when the contract is entered into.   

Data portability may in theory be an attractive idea. However, unlike number portability in telephony, which is imposed by regulation and does reduce switching costs, one issue with data portability is that in this context data may be processed and then changed. As such, parts of the data, such as its presentation and manipulation, may be integrated with the supplier’s intellectual property rights so that the supplier acquires rights. The processed data is not the same thing as the raw material. Raw data is always under the control of the customer, but one will face the issue that what is being retrieved is not the same as what was given to the supplier. The supplier can rightly comment that the raw material is in the hands of the customer and nothing needs to be ‘portable’.

Legal issues

This is where the legal issues really start.

Interoperability

For example, in general, computer software is protected by copyright. There are, however, exceptions to the scope of this protection. There is an exception in many jurisdictions for ‘fair use’. As such, it may not be possible for a cloud supplier to say that processed data is protected by copyright if the information relates to interface information. Interface information may be unprotected by copyright and this may allow applications to be ported across platforms between cloud service providers. This will, of course, only be practically possible if the interfaces are not only portable but also conform to cross-platform standards which enable interoperability.  

The European Commission has been considering whether to legislate to regulate and address this interoperability issue, and the issue remains one of the action points under Pillar II of the EU’s Digital Agenda (Pillar II: Interoperability & Standards: see in particular Action Point 25). To address dependency and seek a level playing field between customers and suppliers, the European Commission  has also, in its recently published Cloud Strategy (Digital Agenda: New strategy to drive European business), proposed that a group of EU ‘Cloud Partners’ should be formed, who may be able to jointly purchase and, through their combined buying power, exert added leverage on cloud computing suppliers. The ‘Cloud Partners’ are likely to be drawn from government departments across different member states in the EU. This approach may allow customer departments to insist on greater ability to switch and change suppliers, but it remains to be seen whether the issue is one that arises on new cloud computing contracts or because customers have not made a good bargain in the past.

Bundling

Bundling is illegal where the supplier can be shown to be dominant. So the next legal issue is the extent to which a contract may seek to over-protect the cloud supplier and to bundle or lock-in services that the customer does not want. For example, technology agreements can be constructed in a way that provides the customer with no choice over maintenance or supplementary and complimentary services. The costs of such add-ons and maintenance may be very high by comparison with the costs of the basic cloud service.  This is one issue that the Commission has addressed in its undertakings in the recent IBM case. In that case it found that IBM is dominant in the market for legacy mainframe computers and required IBM to unbundle maintenance. An earlier case against Compaq established that maintenance bundling is unlikely to be acceptable. There have been cases on bundling of hardware and peripherals brought against IBM some years ago and many cases on the unlawfulness of software bundling, such as in the Microsoft case. Another example of unacceptable bundling related to nails and nail guns in the Hilti case.

Dominance depends on an analysis of markets and the extent to which there truly are alternatives to meet customer needs. Because of the wide variety of different alternatives, many technology markets are open and competitive. There are some where the differentiation of the offering or the type of service is such that substitutability is limited. Understanding where to draw the line can be difficult. Lack of customer choice is always a good indication that a particular offering may be unique, and dominance can be found in narrow markets where there are no substitutes. Tailored software may be a particular issue. A clear example is the UK Competition Commission finding in the proposed merger in the IBS/Capita case where software used in benefits systems by the UK’s Departments for Works and Pensions was potentially dominated by a single supplier, and the Competition Commission prevented that situation from occurring by accepting undertakings from the parties to the transaction.

In its investigation of the acquisition of IBS OPENsystems by Capita Group, the Competition Commission found that a UK market existed for a single software system and its related services, the Revenue & Benefits (R&B) software system. A substantial lessening of competition in this market was found to result from the merger, the remedy of which required Capita to divest IBS’ Revenue & Benefits software system and to assign to any approved purchaser the intellectual property rights of software codes necessary to operate the IBS R&B business.

The case is of interest for its high quality analysis of a market and for its finding of a narrow and relatively small market, namely for a legacy software or software and related services market. If this type of approach is followed in future cases, and there is every reason to think that it will be, it stands as a precedent for defining the market as comprising a particular type of software application.  (Download the report here.)

Technology transfer agreements and EU Regulation

EU law operates a regime of regulation of technology contracts. Restrictive provisions in contracts between customers and suppliers may not be within the Regulation and may be unenforceable. The Commission is currently reviewing the existing regime and thinking through how it will apply in the future. These issues may well be addressed in its next draft which is rumoured to be on the point of release.

Migration

The process of migrating from existing computer and IT services may reveal dependency and competition law issues. It has been said that current contracts that have been entered into by many with major suppliers make switching difficult or impossible. This may be a canary in a coal mine; the lack of ability to switch supplier may be the basis for an enquiry into whether the contracts are anti-competitive and unduly or unreasonably restrict the customer’s choice of supplier.  

Summary

The difference between success and failure may depend on the details. This is merely a short outline of some of the issues that may arise in cloud computing. Overall the benefits of cloud computing may only be manifest – and may be all the greater – if these issues are addressed. The difference between achieving the enormous savings available from cloud computing together with the flexibility inherent in the technology accessible at a distance as well as the ability to change suppliers and maintain choice may depend on slight and small differences to contracts. Customers need to take special care over contractual provisions. With the right precautions and safeguards in place, it may possible to take a number of practical steps and to secure trust and flexibility at the same time. 

Tim Cowen is a Partner, Sidley Austin LLP. The views expressed in this article are exclusively those of the author and do not necessarily reflect those of Sidley Austin LLP and its partners.  This article has been prepared for informational purposes only and does not constitute legal advice.