This blog develops the themes of our February piece on cloud availability risks from software patent claims. It shows how the patent cloudscape is changing; how PAEs are increasingly active in Europe as well as in the USA; and how CSPs are starting to respond in their contract terms.

With increasingly recognised benefits of security, flexibility and reliability, cloud computing continues to carry all before it. Its aggregation of massive processing power also heralds deep, connected and transformative innovation in our daily lives. Intellectual property (IP) is at the centre of this wave of innovation, and an increasingly fierce battleground as the current high profile dispute between Alphabet’s Waymo and Uber over core autonomous vehicle technology shows.[1]

You might think that the cloud, built and running on shared environments and public standards, would be a ‘safe space’ from intrusive IP disputes. But the evidence is mounting that the cloud is proving attractive for PAEs (Patent Assertion Entities, businesses who litigate their patents but generally don’t otherwise use their patented technology). And whilst cloud users are increasingly aware of the importance of security and privacy, cloud IP risks are now equally important but still somewhat overlooked: many enterprises don’t yet have complete clarity on their IP litigation strategy or IP innovation strategy, especially in a global context.

There are persuasive reasons for cloud customers to focus more on patent risks. PwC, in its most recent (May 2017) Patent Litigation Study[2] notes that damages awards for PAEs are almost four times greater than for other patent claimants and that damages awards at trial in patent disputes continue to rise.

Europe is quickly becoming a key jurisdiction for patent enforcement: the European Patent Office granted 96,000 patents in 2016, [3] up 40% from 2015, and the Unitary Patent – along with EU-wide injunctions – will soon be a reality.[4]

The cloud computing patent landscape is also developing rapidly. Cloud patent families are well-known in areas such file-storage and protocols but other areas like Fintech[5] are also growing quickly.

PAEs are acquiring cloud computing patents at a rapid pace according to IPlytics, an IP intelligence provider,[6] who note that:

PAEs often acquire patents in technological areas that will likely become strategically important for future markets”.

This is borne out in a European Commission report on PAEs in Europe[7] which (on page 26) cites findings that:[8]

PAEs are overwhelmingly involved in the litigation of German and UK patents … related to computer and telecommunications technology [and that] these findings are consistent with existing evidence on the activity of US PAEs, which also tend to enforce high-tech patents at a disproportionately high frequency, especially software patents”.

Part of the attraction for PAEs is that patent infringement is increasingly easy to detect in the cloud: detailed documentation, APIs and the code for open source (the software that powers much of the cloud) are readily available, and can be read and analysed by anyone, making the cloud a soft target.

As the economic importance of the cloud rises, cloud customers make increasingly interesting targets for PAEs: customers generally don’t have the same level of expertise in cloud tech as cloud service providers (CSPs), have a greater incentive to settle, are less prepared to fight an IP battle, and have little incentive to solve an IP Issue for others. Contrast this with the position of the CSP, who will want to avoid an IP threat becoming an issue across its customer base.

A measure of this growing cloud patent claim risk is the evolving approach of the largest global CSPs to this issue in their cloud service agreements.

Microsoft has taken an early lead through its recently announced Azure IP Advantage[9] programme with uncapped indemnification for its Azure cloud services, including open source incorporated in its services, and 10,000 (7,500 currently, 2,500 to come) patents that Microsoft is sharing with its consuming customers.

Google in its Cloud Platform Terms of Service[10] seeks (at section 14.2) to exclude open source software entirely from its IP infringement indemnification – a big carve-out given the importance of open source in the cloud environment.

In Amazon Web Services’ (AWS) Customer Agreement,[11] the effect of section 10 is that AWS does not offer in its standard terms any IP protection at all for its services. Section 8.5 is an unusual IP non-assert term that requires the customer not itself or through others to assert any IP claim regarding the AWS services it has used. The clause continues without limit in time after the agreement has ended; and to the extent it could be said to amount to a patent no-challenge clause, could be problematic in Europe under EU competition law, for example.

The fact that all the largest CSPs are starting to address cloud patent risk expressly in their contract terms is perhaps the most compelling evidence that this PAE-fuelled risk is becoming increasingly relevant and material. Cloud customers, and their regulators in regulated sectors, should take note as well.