Notes on the Main Issues of Cloud Computing Contracts (prepared by the UNCITRAL secretariat, 2019)

Part two. Drafting a contract

L. Term and termination of the contract

Effective start date of the contract

The effective start date of the contract may be different from the signature date, the date of acceptance of the offer or the date of acceptance of configuration and other actions required for the customer to migrate to the cloud. The date when the cloud computing services are made available to the customer by the provider, even if they are not actually used by the customer, may be considered the effective start date of the contract. The date of the first payment by the customer for the cloud computing services, even if they are not yet made available to the customer by the provider, may also be considered the effective start date of the contract. For those reasons and to avoid uncertainties, the parties may indicate in the contract its effective start date.

Duration of the contract

The duration of the contract could be short, medium or long. It is common in standardized commoditized multi-subscriber cloud solutions to provide for a fixed initial duration (short or medium), with automatic renewals unless terminated by either party. The provider may agree to serve the customer an advance notification of the upcoming expiration of the term of the contract. Various considerations, including risks of being lock-in and missing better deals, may impact a decision on renewal.

Earlier termination

Contracts usually address reasons for termination other than upon expiration of its fixed term, such as for convenience, breach or other reasons. The contract may provide modalities for earlier termination, including requirements for a sufficiently advance notice, reversibility and other end-of-service commitments.(Read more)

Termination for convenience

Providers' standard terms, especially for provision of standardized commoditized multi-subscriber cloud solutions, usually reserve the right of the provider to terminate the contract at any time without customer default. The parties may agree to limit the circumstances under which such a right could be exercised and oblige the provider to serve the customer with sufficiently advance notice of termination.

The customer's right to terminate the contract for convenience (i.e., without the default of the provider) is especially common in public contracts. The provider may demand payment of early termination fees in such cases. Payment of early termination fees by public entities may however be restricted by law. In contracts of indefinite duration, providers may be more inclined to accept termination by the customer for mere convenience without compensation, but that might also lead to a higher contract price.

Termination for breach

Fundamental breach usually justifies termination of the contract. To avoid ambiguities, the parties may define in the contract the events that constitute a fundamental breach of the contract. Fundamental breach of the contract by the provider may include data loss or misuse, personal data protection violations, recurrent security incidents (e.g., more than a certain number of times per any measured period), confidentiality leaks and non-availability of services at certain time points or for a certain period of time. Non-payment by the customer and violation of AUP by the customer or its end users are among the most common reasons for termination of the contract by the provider. The party's right to terminate the contract may be conditional on serving a prior notice, holding good faith consultations and providing a possibility to remedy the situation. The party may be obliged under the contract to restore contract performance within a certain number of days after remedial action has been taken.

The contract may address the provider's end-of-service commitments that would survive the customer's fundamental breach of the contract, including the reversibility of customer data and other content.(Read more)

Termination due to unacceptable modifications of the contract

Certain modifications to the contract by one party may not be acceptable to the other party and may justify termination of the contract. Those modifications might include modifications to data localization requirements or subcontracting terms. The contract may provide for the customer's right to terminate the entire contract if modifications to the contract due to the restructuring of the provider's service portfolio lead to termination or replacement of some services. (Read more)

Termination in case of insolvency

Risks of insolvency may be identified during the risk assessment (read more) and during the contract, for example, if periodic reporting about the financial condition of the parties is required under the contract. Clauses allowing termination of the contract in the event of insolvency of either party are common. Mandatory provisions of insolvency law may override those clauses.

An insolvent customer may need to continue using the cloud computing services while resolving its financial difficulty. The parties may restrict the right to invoke the insolvency as the sole ground for termination of the contract in the absence of, for example, the customer's default in payment under the contract.

The parties may specify in the contract, or the law may provide for, mechanisms for the retrieval of customer data in case of the provider's insolvency (e.g., an automatic release of the source code or key escrow allowing access to the customer data and other content). Otherwise, the customer may face difficulties and delays with retrieval of its data and other content from the insolvent provider's cloud infrastructure. Where a mass exit and withdrawal of content occurs due to a crisis of confidence in the provider's financial position, the insolvent provider or an insolvency representative may limit the amount of content (data and application code) that can be withdrawn in a given time period or decide that end-of-service commitments should proceed on a "first come, first served" basis.

Termination in case of change of control

The change of control may, for example, involve a change in the ownership or the capacity to determine, directly or indirectly, the operating and financial policies of the provider, which may lead to changes in the provider's service portfolio. The change of control may also involve the assignment or novation of the contract, with rights and obligations or only rights under the contract transferred to a third party. As a result, an original party to the contract may change, or certain aspects of the contract, for example payments, may need to be performed to a third party.

The applicable law may require termination of the contract if as a result of the change of control, mandatory requirements of law (e.g., data localization requirements or prohibition to deal with certain entities under international sanctions regime or because of national security concerns) cannot be fulfilled. Public contracts may, in particular, be affected by statutory restrictions on the change of control. In addition, the parties may agree about termination of the contract in case of change of control, in particular if, as a result of such change, the provider or the contract is taken over by the customer's competitor or if the takeover leads to discontinuation of, or significant changes in, the service portfolio. Requiring an advance notice of an upcoming change of control and its expected impact on the contract is common.

Inactive account clause

Customer inactivity for a certain time period specified in the contract may be a ground for unilateral termination of the contract by the provider. The inactive account clause is unusual in business-to-business cloud computing contracts provided for remuneration.

Relevant Glossary terms

Acceptable use policy (AUP): Part of the cloud computing contract between the provider and the customer that defines the limits of use by the customer and its end users of the cloud computing services covered by the contract.

Data localization requirements: Requirements relating to the location of data and other content or data centres or the provider. They may prohibit certain data (including metadata and backups) from residing in or transiting into or out of a certain area or jurisdictions or require that prior approval be obtained from a competent State body for that. They are often found in data protection law and regulations, which may in particular prohibit personal data from residing in or transiting into jurisdictions that do not adhere to certain standards of personal data protection.

Lock-in: Where the customer is dependent on a single provider because the costs of switching to another provider are substantial. Costs in this context are to be understood in the broadest sense as encompassing not only monetary expenses but also effort, time and relational aspects.

Insolvency representative: A person or body authorized in insolvency proceedings to administer the reorganization or the liquidation of the assets of the insolvent debtor that are subject to the insolvency proceedings.

Reversibility: The process for the customer to retrieve its data, applications and other related content from the cloud and for the provider to delete the customer data and other related content after an agreed period.

Security incident: An event that indicates that the system or data have been compromised or that measures put in place to protect them have failed. A security incident disrupts normal operations. Examples of security incidents include attempts from unauthorized sources to access systems or data, unplanned disruption to a service or denial of a service, unauthorized processing or storage of data and unauthorized changes to system infrastructure.

Standardized commoditized multi-subscriber cloud solutions: Cloud computing services provided to an unlimited number of customers as a mass product or commodity on non-negotiable standard terms of the provider. Broad disclaimers and waivers of the provider's liability are common in this type of solution. The customer may be in a position to compare different providers and their contracts and select among those available on the market the most suitable for its needs, but not to negotiate a contract.