- العربية
- 中文
- English
- Français
- Русский
- Español
DRAFT Notes on the Main Issues of Cloud Computing Contracts (prepared by the UNCITRAL secretariat, 2019): Acceptable use policy (AUP)
An acceptable use policy (AUP) is a part of the cloud computing contract between the provider and the customer that defines the limits of use by the customer and its end users of the cloud computing services covered by the contract. An acceptable use policy (AUP) sets out conditions for use by the customer and its end users of the cloud computing services covered by the contract. It aims at protecting the provider from liability arising out of the conduct of their customers and customers’ end users. Any potential customer is expected to accept such a policy, which will form part of the contract with the provider. The vast majority of standard AUPs prohibit a consistent set of activities that providers consider to be improper or illegal uses of cloud computing services. The AUP may restrict not only the type of content that may be placed on the cloud but also the customer’s right to give access to data and other content placed on the cloud to third parties (e.g., nationals of certain countries or persons included in sanctions lists). The parties may agree to remove some prohibitions to accommodate specific business needs of the customer to the extent that such removal would be permissible under law.
It is usual for provider’s standards terms to require that customer’s end users also comply with the AUP and to oblige the customer to use its best efforts or commercially reasonable efforts to ensure such compliance. Some providers may require customers to affirmatively prevent any unauthorized or inappropriate use by third parties of the cloud computing services offered under the contract. The parties may agree on limited obligations, for example, that the customer will communicate the AUP to known end users, not authorize or knowingly allow such uses, and notify the provider of all unauthorized or inappropriate uses of which it becomes aware.
In a few jurisdictions, the law could impose duties on the provider as regards the content hosted on its cloud computing infrastructure, e.g., the duty to report illegal material to public authorities. Those duties may be non-transferrable to the customer or to end users by the AUP or otherwise. They might have privacy and other ramifications and would be among factors considered in choosing a suitable provider.