5 key issues in negotiating cloud contracts

Current site :    AU   |   EN
China Hong Kong SAR
United Kingdom
United States

With the promise of cost savings, greater flexibility and ability to scale, it is not surprising that companies are continuing to move their key business applications and data to the cloud.  However it is important to consider potential concerns.  In this article we look at 5 key issues you should consider when negotiating cloud contracts.


While the cloud is hardly a new phenomenon, we have seen the transition to the cloud accelerate in recent years as the continued growth in the digital economy puts older business models under pressure, with particular challenges for companies who are unable to respond in an agile manner.

Having acted for many clients on strategic cloud transactions, there are a number of issues that we have seen cropping up with increasing regularity.  In this article we look at a number of these issues and share some insights into how negotiations on these issues typically play out.

In particular, customers should ensure that the cloud vendor’s right to access and use data is limited to:

  • use for the vendor’s internal business purposes, ideally for the sole purpose of improving the vendor’s service offerings (and not for any commercialisation or other external use); and
  • data about the customer’s interaction with the vendor’s service (and does not extend to the customer’s own data) in a form that is anonymised and aggregated and not capable of identifying the customer or its clients.

Of course, a customer may not relish the prospect of additional compliance-related costs above the vendor’s ordinary service charges.  In order to strike a fair balance, the customer should consider:

  • applying a materiality threshold so that niggling or incidental costs are not passed through;
  • requiring that the vendor substantiate any costs for which they are seeking recovery along with an express commitment to mitigate those costs where possible; and
  • imposing a limitation on recovery of costs for changes that should be considered an ordinary cost of business for the vendor.  The customer should not be subsidising costs that the vendor would have had to incur even if they weren’t providing services to the customer.  For example, if there are changes that are necessary for the vendor to comply with a new law, or with a new industry standard or regulation, or simply in order to maintain alignment with industry practice, then the cost of those changes should be absorbed by the vendor rather than passed through to the customer.

Often the compromise is for the parties to agree on a separate ‘super cap’ or ‘sub cap’ where specific categories of liability are dealt with separately from other liabilities under the cloud contract.  These separate caps may be either set by reference to a fixed dollar amount or to a proportionate measure, such as a multiple of fees paid or payable under the agreement or an applicable SOW, either over the life of the engagement or over a specific time period.  The drafting of these liability arrangements, including the interaction with general liability caps, can be complex and will need to be carefully reviewed.  As well as being wary of drafting traps, the customer will need to take care to ensure that:

  • the caps that are specified are sufficient to provide meaningful protection for the customer in a ‘worst case’ breach scenario and if not, whether the customer’s own insurance can make up for the shortfall; and
  • any exclusions in the contract do not present a bar to the customer recovering the most common types of loss that are likely to arise from a privacy or data-related breach, such as regulatory fines, customer claims, and costs of notifying end users and undertaking remedial works (e.g. restoring lost or corrupted data).

More mature vendors may even have their own pre-prepared contractual addenda that are designed to address regulatory concerns in specific sectors that they are targeting.  In other cases, the customer may have a greater role to play in educating the vendor about the particular regulatory challenges they face.  Either way, regulated customers need to take care that by engaging with a cloud vendor they will not be creating an insurmountable compliance gap. 

The Housing Statement ambition is up to 800,000 new homes in the next decade, increasing to 2.2 million by 2051.

21 September 2023

On 6 September 2023, Australia’s Minister for Environment and Water, the Hon. Tanya Plibersek MP, introduced the Water Amendment (Restoring Our Rivers) Bill 2023 (Cth) (Bill) to Parliament.

21 September 2023

On 23 August 2023, the Land Valuation Amendment Bill 2023 (Qld) (the Bill) was introduced to Queensland Parliament, proposing various amendments to the Land Valuation Act 2010 (Qld) (Land Valuation Act), aiming to enhance the administration and operation of the statutory land valuation framework in the state.

21 September 2023