Many SMEs in the EU have shown reluctance to sign up to cloud services, despite their economic benefits, because of the confusion they face over the nature of cloud service contracts and in particular security and data protection concerns.

On 28 October 2013, the European Commission took a potential positive first step in clearing up such confusion by setting up an expert group to identify best practice for addressing these concerns. The expert group aims to produce model “cloud” clauses that would go some way towards simplifying and standardising contracts for lower value multi-tenanted cloud environments. The group’s first meeting is scheduled for 19-20 November 2013, and they are expected to file an initial report in spring 2014, after which public consultation will begin.


While this is an indication that the EU is serious about facilitating the cloud computing industry, we will need to wait and see whether or not this will ultimately be a step forward. The EU Commission has previously issued a paper titled “Unleashing the Potential of Cloud Computing” [1] which also refers to the potential for “cloud” clauses. The title and substance of the Commission paper would suggest that the clauses should be facilitative of cloud.

However, the timing of this iniatative as well as the timing of the planned reform of European Data Protection laws is far from ideal, especially in view of the on-going review of Safe Harbor and the EU-US SWIFT agreement directly arising from the US NSA’s PRISM scandal.  It is hoped that an EU – US political solution can be worked out without delay in relation to legitimate European security / surveillance concerns so that these potentially positive EU initiatives are not unduly affected.

It is also worth bearing in mind that while the Article 29 Group paper on Cloud Computing[2] is quite prescriptive in relation to cloud contracts, it is not legally binding, and any EU Commission cloud clauses are unlikely to be legally binding.