This point raises various legal and commercial issues. The relevant clause provided by cloud service agreements concerns:
- the intellectual property rights of the Provider used to provide the services,
- the intellectual property rights of the Adopter uploaded or used in receiving the services (and possible risks for the Provider in case of infringement of third parties' rights),
- the intellectual property rights of third parties providing applications on the platform of the Provider and any related development activities (i.e., application management).
Cloud computing agreements proposed in the market typically provide that the Adopter retain all the intellectual property rights related to content (database, software, texts, video, music, photographs, pictures, etc.) uploaded or created by the Adopter while using the services. The Provider, however, shall be entitled to use such content to provide the services or, in some cases, even to comply with the requests of competent authorities or bodies.
Some cloud computing agreements also provide a licence to the Provider for the content of the Adopter to improve the services or to guarantee their security.
On the other hand, these agreements clarify that the Provider reserves all intellectual property rights relating to the services it provides in relation to its software or equipment.
Cloud computing agreements often state that the Adopter must guarantee or warrant that it has the right to upload, post, create the content.
In some cases, the Provider provides a kind of "service use licence " to the Adopter.
These agreements also usually state that, if the Provider has reason to believe that the services may infringe a third party's intellectual property rights, the Provider may, at its discretion and expenses:
- procure the right for the Adopter to continue using the services;
- modify the services to make them non-infringing (without reducing their functionality); or
- replace the services with a non-infringing, functionally-equivalent alternative. Such remedies are provided as the only remedies in case of infringement of third party's intellectual property rights by the Provider.
The clause proposed in the SLALOM CSA model distinguishes amongst the competing interests of the parties, with the aim of protecting all of the different entities involved.
In particular, our aim was to identify and protect through contractually-biding terms:
- the intellectual property rights of the Provider;
- the intellectual property rights of the Adopter;
- the intellectual property rights of third parties providing applications on the platform of the Provider and any related development activities;
- the intellectual property rights of third parties owning rights on the Adopter’s data.
We provided that the parties acknowledge that all intellectual property rights belonging to a party prior to the execution of this Agreement or created by the parties regardless of the execution of this Agreement shall remain vested in that party.
We established that the Provider shall own, or shall have the legitimate right of disposal, all intellectual property rights in the service, the Provider's content, the electronic system and the documentation. We clarified that nothing in the CSA model term shall operate so as to transfer or assign any such intellectual property rights to the Adopter.
We provided that the Provider shall grant to the Adopter a non-exclusive, worldwide, royalty-free, non-transferable and not sub-licensable licence allowing the Adopter to access the system and use the Provider's content as well as any of the Provider's software needed to use the services for the term of the CSA.
We set forth that the Adopter shall own all intellectual property rights on its data uploaded onto the cloud and that nothing in the CSA shall operate so as to transfer or assign any such intellectual property rights on such content to the Provider.
The only exception to the above principle is that the Adopter shall grant the Provider with a licence to use the Adopter data solely and to the extent necessary to provide the services, to the extent such access is required, without prejudice to the intellectual property rights of the Adopter or any third party with respect to such content.
With reference to third-party content, if the Provider installs on its cloud system third-party content upon request of the Adopter, the Provider warrants and represents that it owns valid licenses on such third-party content and shall maintain the same licences in full force for the entire term, unless otherwise agreed with the Adopter.
All intellectual property rights related to third-party content installed on the cloud system and used by the Adopter shall remain vested in the third party. The Adopter shall not be licenced or transferred any right on such third-party content, unless agreed by the Adopter with the third party.
The SLALOM CSA clearly establishes that the Adopter may upload on the system third-party content only with the prior authorisation of the third party.
The liability of the Provider (and the possible limitation to liability) is one of the main topics of cloud computing agreements . Limitation of liability can be both quantitative (a cap on the amount due) and qualitative (for some areas of contractual and extra-contractual responsibility).
The laws applicable in Germany, UK, France, Italy and Greece envisage several cases under their legislations (deriving from European directives or from the respective contractual law systems) in which it is not possible to limit or exclude liability of the Providers.
It is worth noting that limitations of liability in contracts with consumers can be considered unfair clauses under Directive 93/13/EEC and therefore, in most cases, are deemed void.
Under French law, damages arising from gross negligence (faute lourde) or willful misconduct (dol) cannot be limited. Furthermore, according to French law, in line with European legislation, it is not possible to limit or exclude liability in consumer contracts.
From a German legal perspective, limitations or exclusions of liability must be individually negotiated and the German Courts are generally strict in relation to limitations of liability, even in business-to-business contracts.
Under English law, the parties cannot exclude liability for fraudulent misrepresentation or death/personal injury caused by negligence. However, if carefully addressed, it is possible to exclude liability for wilful default and there is no defined concept of “gross negligence.”
Italian law (Article 1229 of the Italian Civil Code) sets out that the parties cannot limit or exclude liability in case of wilful misconduct orgross negligence. Furthermore, according to Article 33, paragraph 2 of the Italian Consumer Code (Legislative Decree no. 206/2005) implementing the above-mentioned Directive 93/13, in case of contracts with consumers, the limitation of liability in the event of total or partial non-performance or inadequate performance by the seller or supplier of any of the contractual obligations will be considered as void (even if specifically negotiated).
With reference to terms and conditions proposed in the market, it is worth noting that certain cloud computing agreements provide that the services shall be provided "as is" without any particular representation or warranties. The Provider disclaims all implied warranties, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement, to the maximum extent permitted by applicable law.
In some cases, these agreements state that the Provider need not warrant that the operation of the software or the services will be error-free or will be performed without interruption.
In other cases, the Provider warrants that it will perform the services in accordance with the SLA and no other warranty is given.
Some cloud computing agreements set forth that the Provider will not be responsible if the Adopters cannot use the services as a result of total or partial unscheduled downtime of the services; termination or suspension of the agreement; the Provider’s interruption of any or all of the services; and for any kind of expenses the Adopter has to bear for the Provider’s failure to provide the services.
Under some cloud computing agreements the Provider shall not be held responsible for unauthorised access to the Adopter’s content or in case of loss, deletion or alteration of the content or other data uploaded by the Adopter. In other cases, cloud computing agreements establish that the Adopter is obligated to copy or back up its data or content.
Most cloud computing agreements specify that certain kinds of damages are excluded, such as direct, indirect, incidental, special or consequential damage (e.g., loss of profits or goodwill) or punitive damages.
It is common for the maximum liability of the Provider to be limited to the consideration paid by the Adopter in the 12 months (or less) prior to the event giving rise to liability.
Sometimes, this cap on liability is excluded for the breach of some kinds of obligations, such as confidentiality obligations, violations of a party’s intellectual property rights by the other party, or indemnification obligations.
The SLALOM CSA proposes that neither party shall limit or exclude its liability:
- for acts or omissions due to wilful misconduct of either party;
- in respect of any deceit, theft, fraud or fraudulent misrepresentation by its employees, consultants or subcontractors;
- for death or personal injury caused by its negligence or that of its employees, consultants or subcontractors, as applicable;
- concerning intellectual property rights;
- for breach of confidentiality obligations;
- to the extent that such limitation or exclusion is not permitted by law.
Except for the above cases, the maximum aggregate liability of either party arising out of or in connection with the SLALOM CSA (whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation (innocent or negligent), restitution or otherwise) shall be limited to an amount to be determined by the parties.
The above limitation of liability shall not apply in the event the Adopter is a consumer (i.e., natural person acting for purposes which are outside his/her trade, business, craft or profession).
The accountability of the service credits paid by the Provider into the above cap to liability shall be taken into account or, alternatively, shall not be taken into account when assessing whether the above liability caps have been met or exceeded.