The standardisation of cloud computing SLA and contractual terms: the SLALOM project

08 February 2016

Gian Marco Rinaldi, Debora Stella, Leonidas Kanellos

Read more on our SLALOM series
  1. Introduction - Subject-Matter - Main Obligations of the Parties
  2. Service levels-Service credits - Variation of the services
  3. Intellectual Property - Liability
  4. Consequences of expiration or termination of the agreement - Data Protection - Conclusion

SLALOM is a project funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 644270.

The project aims at realizing a standardisation of the service level agreement both on technical and legal grounds.

The consortium working on the SLALOM project includes different entities coming from industrial and research environments such as ATOS (leader of the consortium), the international legal firm Bird&Bird (responsible for the legal track), the National Technical University of Athens (responsible for the technical track), the Cloud Industry Forum (responsible for the cloud service provider liaison track) and the University of Piraeus (responsible for the cloud adopter liaison track).

Bird&Bird's role in this project was to examine the main legal issues connected with the provisions of cloud services and draft the main legal and the contractual provisions of the proposed Cloud Service Agreement model ("SLALOM CSA"), taking into consideration the legislations and regulations applicable to the relevant provisions in Italy, Germany, the UK, France, and Greece.

Before drafting the SLALOM CSA standard model, we conducted a survey on the clauses used in the market. In this respect, we examined several standard CSAs used by leading cloud service providers which are available on the internet or which we have dealt with in the course of our professional activities.

We then contributed to preparing a questionnaire in an effort to understand the needs on both sides of the table and used the feedback we received when we drafted the SLALOM model.

As the nature of the services involved may affect the application of legislation and regulations, it was not possible to comprehensively review the legislation and regulations that are specific to certain industry sectors (e.g. financial services) in the above-mentioned countries. However, an effort was made to focus on the main terms and conditions usually governing the relationship between the providers (hereinafter, "Providers") and the adopters of the services (hereinafter, "Adopters") regardless of the specific market sector.

The above SLALOM CSA has been circulated among Providers and Adopters to obtain their feedback. The SLALOM CSA and the technical model are available on the SLALOM website.

The CSA includes, among others, clauses relating to

  1. Service Levels;
  2. Variation of the Services;
  3. Obligations of the Adopter;
  4. Charges;
  5. Service Credits;
  6. Intellectual Property;
  7. Termination and Consequences of Termination;
  8. Confidentiality Obligations;
  9. Liability;
  10. Subcontracting;
  11. Data Protection;
  12. Governing Law and Jurisdiction.

The scope of this article is to describe some of the main contractual provisions of the SLALOM CSA in order to achieve, ideally, a better balance between the needs of Adopters and Providers, each with their own set of priorities.

Subject-Matter – Main Obligations of the Parties

Following the "Definitions" provided under Section 1 of the SLALOM CSA, Section 2 of the SLALOM CSA describes the subject-matter of the CSA and the main obligations of the parties as then detailed in other Sections and Attachments of the CSA.

It is worth stressing that some CSA standards proposed in the market do not provide a clear obligation for the Providers to supply services to the Adopter.

The subject-matter clause of these CSAs establishes instead an obligation for the Adopter to use the services in accordance with specific rules and policies provided under the acceptance use policy, which includes, among others, the Adopter’s obligation to respect the law and third parties' rights.

In other words, in the clause dedicated to the subject-matter of the CSA, some Providers prefer to focus on the Adopters' obligations instead of on the Providers' obligations. This is also due to possible liability that may arise in the hands of the Provider if there is a breach of the law or breach of third-party rights by the Adopters while using the Providers' services (see Directive 2000/31, Sections 12, 13, 14 and 15).

The position proposed by the SLALOM CSA is that the main obligations of both the parties relating what they can or cannot do should be provided in the subject-matter clause.

We therefore provided that:

  • "2.1 The Provider shall make available the Services to the Adopter from the Effective Date, in accordance with the Service Level Agreement in Attachment 2 and the other terms and conditions of the Cloud Service Agreement.
  • 2.2 The Adopter shall have the right to use the Services in accordance with the Acceptable Use Policy under Attachment 3 and the other terms and conditions of the Cloud Service Agreement."

The Services shall be then defined in more detail in an attachment of the SLALOM CSA (Attachment 1). Such attachment shall provide all technical details and specifications relating to the Services that the Provider undertakes to provide except for the Service Levels. The Services described in Attachment 1 shall be then linked to the Service Level Agreement provided in Attachment 2 of the SLALOM CSA (see below).

The same clause however will also provide that the Adopter may use the Services in accordance with the terms and conditions of the CSA. Such terms and conditions include Section 5 of the CSA providing that the Adopter shall use the Services in accordance with the Acceptable Use Policy under Attachment 3 to the Cloud Service Agreement.

The Acceptance Use Policy under Attachment 3 of the SLALOM CSA provides, among others, that the Adopter may not:

  1. engage in illegal activities;
  2. commit security violations, whether in the network, computer or electronic systems of the Provider and/or third party;
  3. violate the rights of third parties;
  4. distribute viruses, Trojan horses, worms, malware or similar applications; or
  5. distribute or publish unsolicited emails, advertising or promotions.