In this article, we have a look at some of the important aspects that must be kept in mind when drafting a Cloud Services Agreement
The Cloud Services Agreement determines the rights and obligations of the Provider and the Customer relating to the Cloud Services.
Cloud services fall into three primary categories: software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS).
A Software Licence is, in essence, a copyright licence.
Cloud Services are usually provided under a subscription-based model where access to the Software is provided to the Customer through an online login. No copy of the Software is provided to the Customer, and there is no need for a licence.
Order Forms will generally contain the variable information relating to the Cloud Services Agreement. In other words, the commercials to the Agreement, the Term of the Agreement and other information the Provider negotiates with the Customer.
The Order Form then incorporates various other terms and conditions by way of reference - For example, the Master Cloud Services Subscription Agreement hosted on its website. This Master Cloud Services Subscription Agreement may contain other terms and conditions that are generally more of a legal nature.
A Provider would want to use the Order Form approach to focus the negotiations on the Order Form and not negotiate a 30 to 50-pager contract.
Also, the Master Cloud Services Agreement is presented as the “standard Ts and Cs” the Provider contracts with its Customers creating the impression that the terms and conditions within the Master Cloud Services Agreement are not “negotiable”.
Another reason may be that the Master Cloud Services Agreement may be subject to amendment by the Provider from time to time. An amendment to the Master Cloud Services Agreement will then generally entail an email notifying Customers of the amendment and their right to object to it. The amendment will be deemed made to the Agreement if no objection is received.
The Order Form will generally contain:
The scope of the Cloud Services stipulates the access rights provided to the Customer and, if applicable, the Customer’s Affiliates. The scope of the Cloud Services may also refer to certain retained rights of the Provider and use limitations imposed on the Customer.
The Provider will generally provide support and training to the Customer’s Users, and the terms of the support and training must be detailed in this section.
Professional services can also be included as part of the Cloud Services Agreement or incorporated into a separate Professional Services Agreement. If professional services are included as part of the Cloud Services Agreement, ensure that the commercials relating to these services are unambiguously stipulated within the Agreement.
The Provider will generally retain all intellectual property relating to the Software, and no licence is provided in respect of the Software. For this reason, the intellectual property provisions within a Cloud Services Agreement are generally not overly complex.
An aspect that will, however, need to be addressed in the Cloud Services Agreement is feedback rights. In other words, if the Customer provides the Provider with feedback relating to the Cloud Services, will the Provider be able to use the feedback to improve the Cloud Services and make these improvements available to other Customers?
The default position is usually that the Provider may use all feedback freely without restriction or obligation.
Read more on building intellectual property clauses.
The payment provisions will detail payment terms, overdue amounts, method of payment, setoff, taxes, payment disputes etc.
The Provider may be required to take insurance against, for example, cyber crimes. The insurance provisions should detail the type of cover to be taken out, the amount of cover required, what happens if there is a failure to maintain cover and obligations to produce certificates confirming cover.
For a Customer, it may be difficult to determine whether or not the Provider is executing their obligations under the Agreement. Audit rights allow the Customer, or their authorised representative, to conduct certain audits.
With the audit clause, aspects often addressed include notices of audits, the number of allowed audits, confidentiality and what happens if there is an adverse finding.
Both Parties would generally want to protect such sensitive information, which, if disclosed to certain third parties, will be detrimental to their business. The confidentiality provisions provide which information must be regarded as confidential, obligations relating to handling confidential information, and what happens if there are unauthorised disclosures.
Unrecoverable losses and maximum liability are generally dealt with under the limitation of liability provisions. Unrecoverable losses may include, for example, consequential losses, and claims relating to breach of data protection provisions may be limited under the maximum liability amount to a fixed amount.
The Customer and Provider will usually provide certain mutual warranties. These may include, for example, that they have the legal capacity to enter into the Agreement and that they have not offered unlawful or prohibited inducements to the other Party or any other person in connection with the Agreement.
Then there will also be warranties related to the Cloud Services that will be provided.
Typical warranties will include that no viruses will be introduced into the Cloud Services, the Cloud Services does not and will not infringe on any third party intellectual property rights, the Cloud Services will be updated as necessary to comply with applicable laws etc.
Breach of the warranties will also need to be addressed, and the disclaimers that relate to the warranties.
An indemnity often found in a Cloud Services Agreement is an indemnity relating to Intellectual Property infringement claims.
The indemnity provisions need to identify what will be regarded as indemnified losses (what will be covered), what will trigger the indemnity and the claims procedure.
How will the Parties deal with disputes? Through a Court process or alternative dispute resolution? Are there different processes for different disputes – For example, expert determination for disputes relating to technical aspects of the Cloud Services?
The Parties may conclude the Cloud Services Agreement for a fixed term. There may also be auto-renewal of the Term, which must also be detailed within this section.
The termination provisions detail when a Party can terminate the Agreement before the Term ends and may also provide for termination assistance the Provider must provide if the Agreement is terminated.
The boilerplate clauses will include the provisions relating to public disclosure, third-party beneficiaries, how amendments will be dealt with, how notices under the Agreement must be provided, assignment etc.
Martin Kotze is a commercial lawyer with over 10 years of experience. He specialises in transactional work within the Tech, Financial Services and Property industries.
He is also one of the co-founders at DocNinja and regularly advises listed companies to small and medium enterprises on how to contract better with their customers.
This is a free 30min consultation to better understand your business and your needs.