On 26 June 2014, the European Commission ("Commission") published standardised guidelines ("Guidelines") on cloud computing service level agreements ("SLAs"). The Guidelines outline essential terms that should be included in SLA's concluded in the European Union ("EU"). An SLA details the nature and level of services provided by cloud service providers to customers.
The Guidelines were developed by a sub-group of the Cloud Select Industry Group ("CSIG") which comprised of representatives from expert groups such as the European Union Agency for Network and Information Security ("ENISA") and industry experts such as Amazon, Google, IBM, Microsoft, SAP and Salesforce.
The Commission will now trial the Guidelines with cloud service users, specifically targeting Small and Medium Enterprises ("SMEs"), to see if amendments are necessary. If successful the Guidelines could enhance the popularity of cloud computing in Europe, as well as contribute to the formulation of international standards for SLAs. In parallel, the International Organisation for Standardisation ("ISO") is currently developing such standards. In October 2014, the Guidelines were passed to the ISO Working Group on Cloud Computing for comment and amendments. The Commission is currently considering any amendments and feedback from the trials with the CSIG.
We are seeing the beginnings of national attempts at standard setting. For example, in Ireland the National Standard Authority of Ireland ("NSAI") has issued a SWiFT document (a form of document being a "rapidly developed recommendatory document based on the consensus of the participants of an NSAI workshop"), dealing with enterprise adoption of the cloud. Currently, both industry and national initiatives are largely uncoordinated and of varying degrees of thoroughness, with some way to go before truly international norms are likely to apply. The EU is taking its first tentative steps with the Guidelines.
This Briefing Note highlights the background to the introduction of the Guidelines and provides a summary of some of its key provisions.
Read the EU Guidelines on Cloud Computing Service Agreements December 2014
This article contains a general summary of developments and is not a complete or definitive statement of the law. Specific legal advice should be obtained where appropriate.