Use the Lexology Getting the Deal Through tool to compare the answers in this article with those from other jurisdictions.

Market overview

Kinds of transaction

What kinds of cloud computing transactions take place in your jurisdiction?

Poland was ranked 11th of 24 countries examined with regard to the regulatory and political framework for cloud computing in the 2018 Global Cloud Computing Scorecard, prepared by the BSA|The Software Alliance. The Polish government has adopted a programme on integrated implementation of IT solutions and expansion of usage of cloud computing solutions is one of its goals.

In Poland, public, hybrid and private cloud models are all in use. According to a survey commissioned by Aruba Cloud in 2017, 27 per cent of firms declared that they use cloud services. Among these, 50 per cent used private clouds, 26 per cent - public clouds, and 23 per cent - hybrid clouds. However, according to several reports and studies, hybrid cloud and public cloud models are expected to gain popularity. The reason behind the popularity of the private cloud computing model among Polish companies seems to be the direct control it gives each company over data security and tailor-made services.

As far as infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and software-as-as-service (SaaS) models are concerned, all of these have been adopted in Poland. Other services available are: data-as-a-service (DaaS), backup-as-a-service (BaaS), wired-communication-as-a-service (Ucaas), contact-centre-as-a-service (CcaaS), digital-signage-as-a-service (DSaaS) and disaster-recovery-as-a-service (DraaS).

Over the last few years, plenty of new Polish companies and startups are offering cloud computing services. The popularity of such services is expected to grow still further. Regarding specific publicly known transactions, in 2017 Asseco Bussiness Solutions acquired Macrologic SA, a provider of enterprise resource planning (ERP) systems, including cloud-based solutions, for approximately US$28.5 million (107.8 million zloty). The transaction was a share deal and the companies have subsequently merged.

Active global providers

Who are the global international cloud providers active in your jurisdiction?

International cloud providers active in Poland are:

  • Amazon;
  • Microsoft;
  • Google;
  • IBM;
  • Dropbox;
  • Apple; and
  • Oracle.

Active local providers

Name the local cloud providers established and active in your jurisdiction. What cloud services do they provide?

e24cloud and beyond.pl

E24cloud is the infrastructure on demand (IaaS), which enables rapid creation, flexible scaling and easy management of space and computing power for IT projects. Beyond.pl offers cloud computing services for businesses.

Oktawave

A platform of infrastructure on demand (IaaS), in which clients can run, process or store any resources - a website, business application or enterprise solution.

Atende Business Cloud - CloudiA

Offers application hosting (application hosting charged for real consumption of resources), DRC back-up data centre (ensuring business security and continuity of a company’s operations), platforms for www services (platforms for website or e-commerce for the smooth support of up to a million users), test and development environments (automated and flexible test and development environments available on request).

COIG

Offers SaaS (access to ERP system), PaaS (virtual desktop, licence and application availability), IaaS (hire of computing power) and DaaS.

Unicloud (Asseco)

Offers IaaS and PaaS models, autoscaling.

T-MobileCloud

Telecommunications operator offers cloud services (applications, programmes and IT services in cloud).

Onetcloud

Cloud solution designed by IBM for medium-sized and large enterprises that seek additional computing power, as well as a ‘disaster recovery’ model.

Comarch

One of Poland’s largest IT companies offers cloud computing services including ERP for all kinds of enterprises, e-commerce, bookkeeping services, hosting, backup and sync, business intelligence, medical services and timekeeping.

Ergonet

Microsoft Exchange, Office 365, Microsoft Sharepoint, Microsoft Lync, Ergonet Drivebox, Ergonet Backup, Ergonet Antispam (applications, office, servers in the cloud, hosting), offers private, hybrid, managed and ergonet cloud.

InfoCloud24

Data storage centre, a member of the VMware Service Provider Program and a Microsoft Services Provider. The data centre is based on VMware and Microsoft.

Intratel

Offers IaaS and SaaS for companies.

Opteam

All Optel’s solutions are offered in the cloud (ERP, IT security, business aplications, mobile solutions, IT infrastructure and data centre).

ATMAN Cloud

Offers Klaster compute and Klaster storage and highly efficient Ethernet 40 Gbe.

Talex

Offers data storage centre, data recovery and disaster recovery services.

Linx DataCenter

Offers IaaS, remote storage of data, virtual data centre, DRaaS (emergency recovering of data), BaaS (backup copy as a service).

EXEA

Data centre that offers data storage, using computer power provided by VMware, offers private cloud services in the ‘pay as you go’ model, designs tailor-made cloud environments for companies.

LST-NET

Offers IaaS, PaaS, SaaS and data centre.

Software Studio

Offers IT outsourcing.

BCC

Business-to-business (B2B) platform enabling creation, sharing and exchange of the documents and data of clients and providers (through the portal, network services).

OVH

Offers public, hybrid and private cloud services, hosting and data storage, backup copies and cloud desktop.

3S Cloud2B

Offers private and public cloud services, has a data centre to store data and provide backup copies.

RootBox

Servers in the cloud, so far the company has set up more than 3,000 servers in the cloud.

Integrated Solutions

This is another Polish company offering cloud services including UCaaS, CCaaS, BaaS, DSaaS and integrated computing.

Serwery.pl

Polish platform registering domains, offers cloud hosting - servers in the cloud.

Comtegra Enterprise Cloud

This company provides private, public and hybrid cloud services, has consolidated and virtualised servers in the only state-owned bank (BGK), and public cloud in Linxdatacenter.

Market size

How well established is cloud computing? What is the size of the cloud computing market in your jurisdiction?

According to an International Data Corporation (IDC) estimates at the end of 2017, the value of the Polish cloud computing market in 2017 was to exceed US$200 million and predicted to reach nearly US$300 million in 2019 and US$412 million by 2021.

Figures from the Polish Statistical Office for 2017 indicate that only 10 per cent of Polish companies used cloud computing technology. Among larger firms and corporations, however, usage - at 37.1 per cent - was far higher. In addition, in comparison with 2016 cloud usage increased among companies of all sizes.

Impact studies

Are data and studies on the impact of cloud computing in your jurisdiction publicly available?

Some of the studies are publicly available, but access to many is restricted. The following is a list of reports that cover cloud computing issues.

Information society in Poland. Results of statistical surveys in the years 2013-2017

This publication presents the results of annual public statistical surveys conducted by the Polish Statistical Office over 2013-2017 concerning the development of the information society in Poland.

Poland IT Services Market 2018-2022 Forecast and 2017 Analysis

According to description provided by IDC, this study presents a comprehensive view of the cloud services market in Poland and includes market sizing for public and private cloud delivery models. It contains quantitative data from 2017 as well as market forecasts for 2018-2022; it also summarises the major issues and impacts of cloud services on the IT industry as a whole and presents end-user views. The report is available for a fee.

Polish Cloud Computing Market in 2018. Market Analysis and Predictions for 2018-2013

According to description provided by PMR, this report covers trends, key data and predictions on cloud use by small, medium and large enterprises as well as in the public sector. Information about the Polish market is presented against the backdrop of global market. The report is available for a fee.

Study Comarch Cloud 2014

Comarch is one of the largest producers of software for companies in Poland. This report analyses the answers provided by respondents covering a variety of interests, such as popular knowledge about the cloud, reasons for using the cloud and types of entities using the cloud.

Report on cloud services providers market in Poland with particular emphasis on IaaS 2015

This report prepared by Audytel analyses cloud services providers in Poland, with an accent on IaaS. It contains details of service platforms, sharing of services, typical pricing and market growth forecasts.

Cloud computing in the financial sector - report prepared by the Association of Polish Banks 2013

A task force on technologies and cloud computing prepared this report to clarify some uncertainties relating to use of cloud computing in the financial sector. The publication has an educational character with the goal of preparing banks and workers for implementation of cloud computing services in banks.

2018 BSA Global Cloud Computing Scorecard

The 2018 BSA Global Cloud Computing Scorecard ranks the cloud computing readiness of 24 countries that account for 80 per cent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas. This edition highlights, among others, issues related to privacy and security laws.

2018 BSA Country Report Poland (on cloud computing)

The summary and full report with detailed information on cloud computing in Poland.

Policy

Encouragement of cloud computing

Does government policy encourage the development of your jurisdiction as a cloud computing centre for the domestic market or to provide cloud services to foreign customers?

The government encourages the development of Poland as a cloud computing centre mostly for the domestic market. At the most general level, in early 2017, the government adopted the Strategy for Responsible Development for the period up to 2020 (including the perspective up to 2030), which recognises cloud computing as one of the important technologies that will shape the economy. The strategy underscores the importance of cloud solutions for the whole economy, with a particular emphasis on applications related to data processing as part of the Industry 4.0 trend. It also mentions the use of cloud solutions in public administration.

In order to specify some of the aims and tasks from the IT area mentioned in the more general, strategic documents, the Polish Ministry for Digitalisation has designed the National Integrated Informatisation Programme. Among other things, this programme aims to facilitate the use of cloud computing services by the administration. For example, the government began working on developing a universal system for electronic document management across the administration, which will be based on a private cloud solution.

Another example of cloud use in the public administration is the Polish Ministry of Finance, which relies on a public cloud solution supplied by Microsoft to receive and store large volumes of encrypted information supplied by taxpayers via a standard audit file-tax system. After receipt, the information is transmitted for processing to the ministry’s own IT systems. At the same time, the ministry is also developing a private cloud for other administrative purposes.

Another Polish government initiative that is likely to increase usage of cloud computing services is the National Broadband Plan. Under this plan, by 2020, 100 per cent of the Polish population should have access to speeds of at least 30Mbps, and by 2025, 50 per cent of households should have access at 100Mbps.

Finally, it is worth noting that Poland’s deputy prime minister (and Minister for Higher Education and Science), in conjunction with Microsoft and the National Center for Research and Development, introduced a pilot programme called ‘Cloud Computing Services’. This programme aims to facilitate usage of cloud computing services in research and development (R&D) projects, and to encourage research and development works with the usage of complex systems simulations. The programme should enable the study of massive datasets and implementation of AI methods and genetic research.

Incentives

Are there fiscal or customs incentives, development grants or other government incentives to promote cloud computing operations in your jurisdiction?

No such incentives have been identified. In respect of R&D tax breaks, see question 24.

Legislation and regulation

Recognition of concept

Is cloud computing specifically recognised and provided for in your legal system? If so, how?

Polish law expressly refers to the notion of cloud computing in the National Cybersecurity System Act of 5 July 2018, which is based on EU Network and Information Security Directive (2016/1148). Under the legislation, certain categories of businesses must apply specific cybersecurity measures, including incident reporting, and providers of cloud computing services are one such category. Cloud computing is defined as a service that enables access to a scalable and elastic pool of computing resources for the shared use by multiple users.

Governing legislation

Does legislation or regulation directly and specifically prohibit, restrict or otherwise govern cloud computing, in or outside your jurisdiction?

See above.

What legislation or regulation may indirectly prohibit, restrict or otherwise govern cloud computing, in or outside your jurisdiction?

The following legislation may indirectly prohibit, restrict or otherwise govern cloud computing:

  • the Civil Code of 23 April 1964;
  • the Electronic Services Act of 18 July 2002;
  • the Copyright and Related Rights Act of 4 February 1994;
  • the Consumer Rights Act of 30 May 2014;
  • the Personal Data Protection Act of 10 May 2018, which supplements the EU General Data Protection Regulation (2016/679);
  • the Classified Information Protection Act of 5 August 2010;
  • the Police Act of 6 April 1990 (and other similar acts governing the surveillance powers of various law enforcement agencies);
  • the Criminal Procedure Code of 6 June 1997;
  • the Foreign Trade in Goods, Technologies and Services of Strategic Importance to State Security and to Maintaining International Peace and Security Act of 29 November 2000;
  • the Council Regulation (EC) No 428/2009 of 5 May 2009 setting up a Community regime for the control of exports, transfer, brokering and transit of dual-use items;
  • the Informatising Activities of Bodies Performing Public Tasks Act of 17 February 2005; and
  • sector-specific legislation, for example:
  • Banking Law of 29 August 1997;
  • Payment Services Act of 19 August 2011;
  • Trade in Financial Instruments Act of 29 July 2005;
  • Insurance and Reinsurance Act of 11 September 2015; and
  • Telecommunications Law of 16 July 2004.

Breach of laws

What are the consequences for breach of the laws directly or indirectly prohibiting, restricting or otherwise governing cloud computing?

The consequences, which vary between the laws and depend on the type of breach, may include:

  • partial or complete invalidity of a contract;
  • replacement of contractual terms by statutory terms;
  • contractual liability;
  • administrative sanctions, for example:
  • monetary fines;
  • orders to cease and remedy any violations; and
  • revocation of regulatory licence;
  • criminal sanctions, for example:
  • monetary fines;
  • restriction of freedom; and
  • imprisonment.

Consumer protection measures

What consumer protection measures apply to cloud computing in your jurisdiction?

The primary source of consumer protection measures that could apply to cloud computing in Poland is the Consumer Rights Act of 30 May 2014, which implements the Consumer Rights Directive (2011/83/EU). Notable protections envisioned by the Act are the following:

  • mandatory information that must be provided when entering into a distance contract (eg, concerning service parameters and remuneration);
  • an obligation to include information on delivery and payment methods on the provider’s website;
  • a 30-day time limit for responding to consumer complaints; and
  • a customer’s right to withdraw from contract within 14 days.

Consumers are granted further protection in other acts, for example:

  • protection from abusive contract clauses under Civil Code of 23 April 1964; in general clauses deemed abusive do not bind the consumer (implementation of Directive 93/13/EEC). The following clauses in particular could be regarded as abusive:
  • any limitations of liability towards a consumer for personal damage;
  • significant limitations of liability towards a consumer for non-performance;
  • right to assign the contract to a third party without consumer consent;
  • right to unilaterally change the contract without an important reason specified in contract;
  • renewal clauses where the time to object is disproportionately short; and
  • certain jurisdiction clauses;
  • the Counteracting Unfair Commercial Practices Act of 23 August 2007, which implements Directive 2005/29/EC, forbids eponymous practices and grants affected consumers a right of action against the perpetrator (a consumer can, in particular, file for abandonment of the practice, for remedying its effects, and for damages);
  • contract terms for Polish consumers must generally be available in Polish (under the Polish Language Act of 7 October 1999); and
  • alternative dispute resolution measures described in the Out-of-court Consumer Dispute Resolution Act of 23 September 2016 and the EU Online Dispute Resolution Regulation (524/2013).

Sector-specific legislation

Describe any sector-specific legislation or regulation that applies to cloud computing transactions in your jurisdiction.

In the public sector, minimal technical requirements for ICT systems and electronic data exchange determined under the Informatising Activities of Bodies Performing Public Tasks Act of 17 February 2005 may apply to cloud computing transactions involving public sector bodies. These requirements aim to ensure the interoperability of systems used by the public administration.

In the private sector, financial service providers are subject to additional outsourcing requirements that may affect cloud computing transactions. These requirements do not apply to outsourcing in general, but rather to outsourcing of specific functions or services indicated in the legislation.

For example, under the Banking Law, an outsourcing contract must always be in writing, it cannot restrict a provider’s liability for damage caused to the bank’s customers, it must provide for the protection of bank’s professional secrets, and it must grant audit rights to the bank and its regulator. A bank must also keep records indicating the location where the entrusted functions are performed, as well as identifying all contractors and subcontractors.

Furthermore, a contractor cannot cooperate with subcontractors without the bank’s written permission. If an outsourcing contract involves performing certain actions outside the EU or cooperating with a provider that is not established in the EU, a bank must obtain regulatory approval before entering into such contract. Besides the Banking Law, a contract between a bank and a cloud provider must also follow the requirements specified in the regulator’s recommendation on managing the IT technology area and IT environment security in banks.

Similar requirements apply to payment institutions under the Payment Services Act of 19 August 2011, to insurers under the Insurance and Reinsurance Act of 11 September 2015, and to investment firms under the Trade in Financial Instruments Act of 29 July 2005.

Besides the above, sector-specific legislation for certain industries, such as the Telecommunications Law of 16 July 2004, sometimes impose professional secrecy obligations on service providers. These obligations must be observed when entering into contracts with cloud providers.

Insolvency laws

Outline the insolvency laws that apply generally or specifically in relation to cloud computing.

In relation to cloud computing, the general provisions of the Bankruptcy Law of 28 February 2003 and provisions of the Restructuring Law of 15 May 2015 apply. The restructuring opportunity under the Restructuring Act is available also to debtors who are only threatened with insolvency.

If a cloud provider is declared bankrupt, among other things:

  • On the day of declaring bankruptcy, the bankrupt’s property forms the bankruptcy estate. The bankrupt is obliged to indicate and release to the official receiver all of its assets and documentation. The official receiver immediately takes over the assets, manages them, protects them from destruction, damage or removal by strangers, and proceeds with their liquidation. The bankrupt’s business may continue to be operated after the bankruptcy is declared only if it is possible to reach an arrangement with creditors, or the bankrupt’s business may be sold in its entirety or in its organised parts.
  • It is presumed that assets in possession of the bankrupt on the date of bankruptcy announcement are part of the bankrupt’s estate. However, the official receiver should make sure that all components of the bankrupt’s estate that do not belong to the bankrupt are returned to their owners. Nonetheless, should a dispute arise in this relation between the official receiver and the owner of the asset, the latter may apply for the asset to be exempted from the bankruptcy estate.
  • Service contracts concluded by the bankrupt, in which it accepted the commission, can be waived at the date of bankruptcy declaration without compensation.
  • A provision of a contract to which the bankrupt is party, which prevents or hinders the purpose of insolvency proceedings, is ineffective in relation to the bankruptcy estate.
  • The official receiver may, with the consent of the judge-commissioner, obtain the right to withdraw from an arbitration clause, subject to certain conditions set forth in the Bankruptcy Act (this does not apply to proceedings in progress prior to the commencement of the bankruptcy).

In addition, regardless of whether or not bankruptcy is declared, according to the Bankruptcy Act, the provisions of a contract, to which the bankrupt is party, stipulating a modification or termination of the legal relationship in the event of the filing of a bankruptcy petition or a declaration of bankruptcy are invalid.

The opening of court restructuring affects the debtor also in several ways. For example:

  • If a court supervisor is appointed for the debtor, the debtor exercises the management of its assets in the ordinary course of business. The court supervisor oversees the debtor’s enterprise and activities that affect its assets. The court supervisor’s consent is required for the debtor to engage in activities exceeding the ordinary course of business (unless the law requires consent of the creditors’ council). Lack of required consent invalidates the action.
  • If an administrator is appointed for the debtor, the debtor loses the right to manage its assets and the administrator takes over their management. Legal acts performed by the debtor are invalid.
  • The provisions of a contract to which the debtor is party, which prevent or impede the achievement of the purpose of restructuring proceedings, are ineffective in relation to debtor’s estate.

Moreover, the opening of remedial proceedings (a type of court restructuring) is the source of the administrator’s right to withdraw - under the terms specified in the Restructuring Act and with the consent of the judge-commissioner - from mutual agreements to which the debtor is party (e.g. service contracts).

In addition, contractual provisions stipulating a modification to or termination of legal relationships to which the debtor is a party in the event of a request for opening restructuring proceedings or in the event of their opening are invalid. In relation to proceedings for approval of the arrangement such effect cannot be associated with submission of an application for approval of the arrangement or the approval of the arrangement.

Data protection/privacy legislation and regulation

Principal applicable legislation

Identify the principal data protection or privacy legislation applicable to cloud computing in your jurisdiction.

Apart from the upcoming cybersecurity rules mentioned earlier, cloud computing does not have dedicated data protection legislation and it is governed by the general rules of the General Data Protection Regulation (GDPR), supplemented by the Personal Data Protection Act of 10 May 2018. The government is also working on legislation that adapts sector-specific rules to the GDPR.

The GDPR outlines extensive requirements for data-processing contracts. Notably in the context of cloud computing, such contracts should provide audit rights for the controller or an external auditor authorised by the controller , require his or her approval for engaging subcontractors (sub-processors) and oblige the provider to assist the controller in, among other things, reporting data breaches and exercising data subject rights. Under the Act, local data controllers must notify their data protection officer (if appointed) with the local regulator. One should mention that cloud providers established outside the EU may still fall under the scope of the GDPR in certain circumstances (basically in cases where the processing relates to data of persons in the EU), in which case they must comply with all the obligations and designate a representative in the EU.

The GDPR imposes general obligations with regard to protecting and securing personal data that must be observed by both controller and processor (eg, a cloud provider), but they are, in principle, free to choose specific measures through which to achieve this aim. Transfers of data outside the European Economic Area (EEA) are permitted only in circumstances listed in the GDPR, such as transfers based on EU standard contractual clauses, adequacy decisions or binding corporate rules. In addition, the GDPR grants data subjects several rights to control processing of their data and establishes procedures for exercising them. In the context of cloud computing, the rights related to data access, erasure and portability are especially worth highlighting.

Cloud computing contracts

Types of contract

What forms of cloud computing contract are usually adopted in your jurisdiction, including cloud provider supply chains (if applicable)?

The following forms of cloud computing contracts are usually adopted in Poland:

  • terms and conditions (T&Cs) (eg, applicable use, terms of service);
  • service level agreements; and
  • data-processing agreements (where personal data is involved).

Typical terms for governing law

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering governing law, jurisdiction, enforceability and cross-border issues, and dispute resolution?

In typical cloud computing contracts, there is usually a clause stating that the agreement will be governed by Polish law.

Regarding the seat of the court, in the majority of cloud computing contracts concluded in Poland, the parties decide that the Polish common courts are exclusively competent to settle disputes or claims arising from the contracts or related non-contractual disputes and claims. Typically, cloud computing service providers will stipulate that the relevant court for settling disputes will be the court local to their registered office.

Typical terms of service

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering material terms, such as commercial terms of service and acceptable use, and variation?

Commercial terms

As far as payment regulations are concerned, the typical B2B public cloud computing contract is designed so that the customer pays for exact usage (scaling). There is a usually a trial period, typically one month, during which customers are not charged. After this free period, customers have three basic options:

  • pay every time the service is used (usually the minimum time unit is one hour);
  • pay on a monthly basis depending on usage - usually the amount is set out in an invoice; or
  • pay on an annual basis - with the amount estimated in advance, based on 12 times the minimum monthly fee. If actual use exceeds the minimum monthly amount, the excess is then charged monthly in arrears based on the then-current pricing.

VAT is payable on cloud computing services. Interest at statutory rates is charged on late payments.

Acceptable use

With reference to the second issue - the typical acceptable use terms, under Polish law, there is an obligation that customers must be informed in the T&Cs of any technical requirements for services rendered electronically.

Another requirement is that commercial and marketing communications can only be sent after the customer gives explicit consent for these.

Use of a cloud computing service to conduct unlawful activities is forbidden. Customers must abide by cloud computing terms encapsulated in contracts. They cannot disseminate illegal content or use the service to send viruses or malicious software. Also, customers must take care proper care to secure their accounts (create adequate passwords, not allow third parties to use their accounts).

Customers are required to cooperate with service providers, keep contact information up to date and inform providers of any unauthorised access to their account.

Service providers usually undertake to provide undisturbed access to customers. Services are available 24/7 with some exceptions (eg, planned downtime at non-peak hours, unavailability caused by circumstances beyond the provider’s reasonable control, including failure of or delay to the internet connection).

Variations

Any amendments to T&Cs must be posted online or notified to customers by email. If after receiving such notifications customers continue to use the service, it is assumed that they agree to be bound by the modified terms. Alternatively, in these circumstances, they are also able to chose to terminate the contract.

Typical terms covering data protection

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering data and confidentiality considerations?

Typically, parties to the contract will sign a data-processing agreement where the cloud processing involves personal data. Personal data processing agreements are subject to detailed requirements under the GDPR, which have already been described elsewhere.

The T&Cs will also normally contain provisions on data and data confidentiality. Usually service providers undertake to use reasonable care to prevent other parties from obtaining customers’ data and trade secrets. They agree to treat the personal data as confidential and keep it secret both during the term of the agreement and after its end. Service providers must ensure that only properly authorised staff have access to data and that it must not be made available to third parties without the customer’s consent unless applicable law obliges the provider to disclose it. Service providers must also inform customers of their privacy and security policies.

There are often exemptions from the above confidentiality obligations. For example, data can be made known if information:

  • is or becomes generally known or available;
  • is required to be disclosed by law; and
  • when the customer gives his or her consent to disclose the data.

Customers are responsible for the legal sufficiency of data and its content. Service providers are not owners of the customers’ data.

Typical terms covering liability

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering liability, warranties and provision of service?

Service providers will try to exclude their liability as broadly as they are able. Usually they include provisions under which their total liability for any loss, cost, claim or damages will not exceed the fees paid or payable in the agreed period of time. This rule does not apply to damages that cannot be limited or that are excluded by law. The terms of the service providers’ liability are often set down in the service level agreement.

Providers typically include provisions specifying that in no event will either party be liable for any indirect, special, incidental, punitive or consequential damages (including damages for loss of goodwill, work stoppage, computer failure or malfunction, lost or corrupted data, lost profits, lost business or opportunity), cover damages or any other similar damages under any theory of liability, even if they were informed of that possibility.

If an unauthorised person gains access to a customer’s account, he or she will be held liable.

In their T&Cs, service providers usually specify a complaints procedure.

With reference to warranties: contracts typically include a clause stating that the cloud computing service, equipment and other services are made available ‘as is’. Service providers will disclaim all other warranties, express, implied or statutory, including the implied warranties of merchantability, satisfactory quality, title, fitness for a particular purpose, non-infringement, compatibility, security, timeliness, completeness or accuracy. They also add the proviso that they do not warrant that access to cloud computing service will be uninterrupted or error-free.

Typical terms covering IP rights

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering intellectual property rights (IPR) ownership in content and the consequences of infringement of third-party rights?

The typical terms of a B2B public cloud computing contract covering IPR include the rules that rights to use services are non-exclusive, limited to the T&Cs, non-transferrable and for business use. Service providers make the reservation that they own all rights, titles, and interests in and to cloud computing services.

Customers are not permitted to license, sell, lease or otherwise make the services available to non-customers or take any action that might disclose confidential or proprietary information or acquire any right in the cloud computing service.

Often, contracts contain a clause prohibiting use of the cloud computing services for reproducing or disseminating unlawful content and content infringing or likely to infringe third-party intellectual rights.

The typical contract usually contains two sections on IPR: one concerning the service provider’s IPR and the other relating to the customer’s IPR.

Typical terms covering termination

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering termination?

The typical terms covering termination in the contract relate to non-payment or material reasons for termination if customers are using cloud computing services for unlawful or improper purposes. They must, however, give written notice of immediate termination or it will be null and void.

Either party may terminate a contract for a justified reason upon providing written notice and allowing an agreed number of days for the breaching party to remedy the problem. In this case, the termination is normally effective at the end of the calendar month.

Customers may end the contract at any time but usually must wait out the agreed notice period.

Other reasons for termination include breach of acceptable use policies, or receiving third-party complaints regarding breach of their intellectual property rights.

After termination of an agreement the customer’s right to access the service will normally expire immediately. The service provider will retain the customer’s data for a set period, during which time the customer may request a full copy of its data.

Certain sections of the contract remain valid even after termination, typically: confidentiality clause, conditions of use, customer data, payments, warranty disclaimer, indemnification obligations and limitation of liability.

Employment law considerations

Identify any labour and employment law considerations that apply specifically to cloud computing in your jurisdiction.

There are no labour or employment laws specifically dedicated to cloud computing. Therefore, generally binding labour and employment laws will apply to any employment matters pertaining to the cloud computing business. This also concerns Polish laws reflecting the notion of transfer of employment undertaking (or its part) under the Acquired Right Directive. Although recently reported Polish Supreme Court cases do not entirely exclude that a transfer of services may result in transfer of an employing undertaking (or its part), a cloud computing contract purely structured as a services agreement most likely will not result in the transfer of an employing undertaking (or its part) as not meeting ‘forming separate part of business’ and ‘identity retention’ tests.

Taxation

Applicable tax rules

Outline the taxation rules that apply to the establishment and operation of cloud computing companies in your jurisdiction.

Polish tax law does not provide specific rules for the establishment and operation of cloud computing enterprises.

The rules of taxation depend on the legal form of the cloud computing business and, for example, partnerships (except for joint-stock limited partnerships) are transparent entities, which means that no income tax is charged at the level of the partnership and instead is payable by the individual partners.

Companies (ie, limited liability companies, joint-stock companies and joint-stock limited partnerships) are subject to corporate income tax (CIT). CIT, at a rate of 19 per cent, is charged on income calculated as the difference between revenue and tax deductible costs. Newly established companies in the first tax year and small companies (whose revenue does not exceed the zloty equivalent of €1.2 million including VAT) are subject to CIT at a reduced rate of 15 per cent. Losses can be carried forward for five consecutive tax years, although no more than 50 per cent of the loss can be deducted in any single year.

Cloud computing companies may qualify for R&D tax breaks in the form of an additional set-off of costs against taxable income from business (ie, excluding capital gains), if carry out R&D activity. Costs that qualify for this tax break include salaries of employees engaged in R&D activities, and depreciation and amortisation of tangible and intangible assets used in R&D activity (except for cars and buildings). If the value of the allowed relief exceeds taxable income, it may be deducted in the consecutive six years. Taxpayers starting their activity may apply for the refund in cash for the first year of activity. Cash refund is also available for small and medium-sized enterprises for the second year of their activity.

Polish transfer pricing regulations generally implement the OECD guidelines. Transactions between related entities should therefore generally be in line with market prices. Under certain conditions, transfer pricing documentation needs to be prepared.

Cloud computing services rendered by foreign service providers may be subject to the Polish 20 per cent withholding tax, unless relevant double taxation avoidance agreement states otherwise.

Indirect taxes

Outline the indirect taxes imposed in your jurisdiction that apply to the provision from within, or importing of cloud computing services from outside, your jurisdiction.

Cloud computing services are subject to VAT at the standard rate of 23 per cent. Cloud computing services are classed as electronic services within the meaning of the Polish VAT Act (in general, coherent with the VAT Directive). If such services are supplied to a consumer (in a business-to-consumer transaction) the transaction is subject to VAT in the country in which the consumer resides (the VAT rate of that country will apply). Export of cloud computing services in a B2B transaction is not subject to VAT in Poland (the VAT is settled under the domestic laws of the country in which their recipient has its registered seat). Import of cloud computing services in a B2B transaction is subject to Polish VAT at the 23 per cent rate (to be settled by the Polish recipient of the service being VAT payer seated or having a fixed place of business in Poland).

A cloud computing company acquiring cloud computing services has a right to deduct input VAT under general rules.

Recent cases

Notable cases

Identify and give details of any notable cases, or commercial, private, administrative or regulatory determinations within the past three years in your jurisdiction that have directly involved cloud computing as a business model.

No significant cases have been identified.

Update and trends

Update and trends

What are the main challenges facing cloud computing within, from or to your jurisdiction? Are there any draft laws or legislative initiatives specific to cloud computing that are being developed or are contemplated?

No updates at this time.