‘Wandering Clouds’ Emerging Trends in Cloud Services Contracts

August 15, 2013

With offerings provided ‘as a Service’ becoming increasingly prevalent, more lawyers in both private practice and in-house will be seeing Cloud related contract terms, and wondering what to do with them; are they really negotiable, and to what extent? Are supplier positions reasonable? Certainly in the initial ‘launch’ phase of Cloud offerings (ie those offered on a one-to-many basis, utilising shared facilities rather than a bespoke hosted service being extended to a single customer), the contract terms which a user could expect to be asked to sign up to would be very restrictive in terms of the level of contract risk that the supplier would accept (and this has been reflected in wider market studies conducted by the likes of QMUL and Stanford University).  However, in recent months, there have been demonstrable signs that this position is changing, and that the scope for genuine negotiation has grown. 

Before going on to look at the nature of the changes and some of the potential reasons for them, it is perhaps worth recapping the reasons why Cloud contracts developed in the way that they did in the first place.  At the risk therefore of some significant generalisations, for the SaaS model at least there was a tendency for the relevant software suppliers to take their standard licence terms for the underlying software products and to then seek to adapt them for access/use remotely (see for example Microsoft’s approach to its ‘Azure’ suite of service offerings).  Such licence terms would generally already have been drafted in a way that was broadly protective of the supplier’s interests, but would often also have been based on a relatively high initial ‘reward’ for the supplier, in the form of the (usual) up-front licence payment.  In contrast, the Cloud-based offering would typically be ‘sold’ to the customer on the basis of a significantly reduced subscription based fee.  As many contract provisions can be said to relate in some way to the risk-reward balance, so it was argued that the level of risk that the supplier would/should take on under the related Cloud services contract should likewise diminish. 

Other shifts in contract drafting arose by virtue of the change in the manner in which the Cloud services were provided.  For example, when a platform is used in common to provide services to multiple clients, it would not be desirable for the supplier to have to seek proactive consents from all its clients prior to making any changes to the underlying systems or software.  As a result, it has become common for Cloud suppliers to retain what are often wide-ranging rights to make changes to the Cloud service offering, and often also the right to change the policies and even contract terms applicable to it.  In an endeavour to keep administration/client handling costs to a minimum, such changes may not even be directly communicated to clients, but instead promulgated via changes to terms accessible via hypertext links.  

Still on the topic of costs, we had a conversation with a UK-based General Counsel (GC) of a well-known Cloud services provider, around 10 months ago; in discussing their approach to contract negotiations, they remarked that, with an average deal value of around £250,000 and no in-house legal capacity beyond the GC, there was (quite literally) no budget or bandwidth for entering into legal negotiations with customers, and hence the GC’s role had become an exercise in finding polite ways to say ‘no’, when faced with any proposed variations to their standard terms.  One can readily sympathise with such an approach; when the margins are so low, it does not make much sense to impact them still further by expending a lot of time and effort in contract negotiations. 

All of the above factors (and more, including a level of immaturity/ignorance on the customer side) gave rise to a common scenario where Cloud contract terms became set on the basis of what often amounts to a ‘take it as it is’ offer, whereby there was little if anything by way of a contractual remedy should things go wrong, or should third-party claims be made.  A typical Cloud services contract might therefore contain some or all of the following provisions:

  • the ability for the supplier to unilaterally vary the scope of services and associated policies;
  • a right for the supplier to terminate or suspend the provision of the Services on short notice, especially (but not exclusively) if other customers might be being impacted by the issues (if any) at hand;
  • limited (if any) warranties, with the sole remedy for any breach being for the supplier to use ‘reasonable endeavours’ to fix the issue but with no fixed timeframe for doing so (and often a disclaimer of any loss suffered by the customer, even if the supplier delays in fixing the problem);
  • similarly, little (if any) coverage for potential IP infringement claims, with any indemnity provided being restricted to final awards/settlements in favour of the third-party claimant, and not covering any elements of the customer’s own associated costs or business impacts;
  • very low limits of liability allied with comprehensive exclusions of some of the very categories of loss which might, in fact, be considered most likely to result from problems with the services (eg loss/corruption of data, and loss of profit/revenue);
  • limited service levels, subject to extensive caveats and with no (or very limited) associated service credits, and no associated termination or step-in rights. 

The story, however, has not ended there.  As heralded at the beginning of this article, we have in recent months seen a significant increase in both the numbers of Cloud services contracts which are being subjected to more intensive negotiation, and also a tangible increase in the scope and nature of the clauses then being amended by agreement between the parties.  In a very real sense, the sands are beginning to shift, and the momentum for the resulting changes seems to be ever increasing. 

One might therefore query why this should be so.  In reality, there is no single overriding cause, but rather a combination of a number of factors, as follows:

  • Customer knowledge When Cloud service offerings first began to make inroads into the procurement patterns and spending in the IT market, many customer/buyer-side entities had a low level of appreciation of what contracting for cloud-based services actually entailed.  In many cases, therefore, they were excessively quick to accept at first instance the assertion by their relevant service providers as to why certain provisions ‘had’ to be drafted in a particular way, simply by reason of the fact that what was now being offered was something ‘as a service’, rather than by way of a more traditional licence model, for example.  Now, however, many customers (and their advisors) have become more familiar with what Cloud services entail and are therefore better placed to argue their case as to what should – or should not – be changing just because the relevant service is being provided remotely. 
  • Customer Identity Early adopters of Cloud services (as was previously the case with open source software, for example) tended not to be the larger, more highly regulated buyers such as those in the public, financial services and pharmaceutical sectors.  Inevitably, however, the interest of such ‘big players’ in what is achievable via the Cloud has grown and they have become increasingly enthusiastic adopters of Cloud-based solutions.  However, such organisations have significant bargaining power and firm expectations as to the kind of contract terms which they expect their suppliers to offer, and these will usually be considerably at odds with what standard form Cloud service contract terms may have offered! 
  • Deal Size/Complexity Linked to the preceding point, Cloud services have rapidly evolved beyond some of the lower value, more ‘commodity style’ offerings which were often the basis of early Cloud service offerings, and can now encompass quite complex, and indeed business critical, functions, also involving substantial outlay by the customer in terms of on-going services fees.  This has inevitably placed the customer focus back on the risk/reward balance, and the related contractual provisions to reflect this. 
  • Competition There are increasing numbers of providers now active in the Cloud services arena, not just in relation to the promotion of new types of services or offerings, but also competing with some of the longer established players.  As competition increases, service providers are inevitably compelled to try to find ways in which to differentiate themselves, and ‘flexibility’ in relation to contract provisions is certainly one of the options to be considered in this regard.  In one recent negotiation we were involved with, one of the bidders for a large Cloud deal was substantively undermined in its initial argument that its terms were ‘absolutely standard’ and could not be bettered elsewhere by the fact that the other bidder involved in the bidding process had already indicated root and branch acceptance of the customer’s requested amendments!

Conclusions

What conclusions can we therefore take from this?  The reality appears to be that the contracting side of Cloud services continues to mature, just as the service offerings themselves continue to do.  There are valid reasons why many of the relevant contract provisions need to be drafted in a manner which may appear odd or even objectionable to someone not familiar with the underlying technical model, but it is equally true that many sets of Cloud contract terms have gone further than necessary in terms of passing risk back to the customer.  We believe that the market will ‘self adjust’ in this regard, and reach a more developed appreciation of new market norms in the course of the next 12-18 months. 

Very much, therefore, a case of ‘watch this space’. 

Kit Burden is a Partner and Head of Technology Sector at DLA Piper