On 26 June 2014, the European Commission released the Cloud Service Level Agreement Standardisation Guidelines. The guidelines are designed to give EU businesses more certainty around what cloud service providers and cloud services consumers are responsible for when entering into contractual agreements.
These guidelines are a key part of the European Commission’s strategy regarding cloud computing, Unleashing the Potential of Cloud Computing in Europe, which was published on 27 September 2012.
The guidelines set out a number of principles aimed at assisting organisations with the development of SLA standards for cloud computing, including but not limited to:
- technology and business model neutrality – cloud services may be built using any number of technologies, so use of a particular technology should not be assumed and a particular business model for cloud services should also not be assumed;
- worldwide applicability – cloud agreements must comply with regional, national and local laws, regulations and policies, and also enable users to benefit from globally common concepts and globally accessible technology;
- unambiguous definitions – in respect of service level objectives, to ensure the effective standardisation of cloud SLAs and enable clear communication between cloud service providers and cloud service customers; and
- comparable service level objectives – to enable cloud service customers to make informed decisions when choosing cloud services through the provision of sufficient information about service level objectives offered by cloud service providers.
The guidelines have been received with some scepticism. The biggest concern for customers is that these guidelines will have limited impact since cloud deals are often global rather than European-based. This issue has been acknowledged by the Commission in the guidelines themselves. The Commission admits that the initiative to standardise SLAs will only have maximum impact if standardisation of SLAs is done at an international level, rather than at a national or regional level. In this regard, the Commission confirmed that it is already in liaison with the ISO Cloud Computing Working Group to provide concrete input and present the European position at the international level.
These guidelines are only recommendations so it will be interesting to see what impact they will have. We anticipate that they may be helpful to businesses with more limited procurement or legal budgets transitioning to the cloud but will likely have limited benefit to sophisticated businesses procuring cloud who will have already developed their own internal guidelines on what good looks like from a service and SLA viewpoint and/or have their own strong views on what they need from their cloud providers and/or are able to be guided by their lawyers as to what is fit for purpose from a legal viewpoint. There remains an ongoing friction between the potential benefits of the cloud model and how guidelines and regulation might change that. Save in relation to true individual “consumers”, we are left with an ongoing query in our minds as to why “cloud” is being scrutinised so heavily in a way that previous technologies in the IT space have not.