Partnerblog
Mastering digital transformation contract discussions with cloud hyperscalers
Demystifying the hyperscaler concept and associated challenges
Most of you will already have heard about ‘cloud hyperscalers’ or just ‘hyperscalers’. Hyperscalers are companies offering expansive cloud computing services on a global scale, boasting vast data centres filled with servers, storage systems, and networking equipment. They typically provide a diverse but highly standardised array of public cloud services, including Infrastructure as a Service (IaaS), Storage as a Service, Software as a Service (SaaS), and Platform as a Service (PaaS).
In the past, most large IT or outsourcing projects typically relied on a single IT service provider to handle the entire spectrum of IT services. However, in today’s landscape, organisations are increasingly opting for hybrid solutions and delivery models. These models often include cloud services provided by hyperscalers, which play a crucial role in the overall puzzle.
Whereas the more traditional IT service providers or system integrators are typically more flexible in terms of the sourcing process and contract negotiations, our experience has taught us that a sourcing trajectory involving hyperscalers comes with a number of specific structural challenges, such as relative bargaining strengths, technical and organizational inflexibility on the side of the hyperscaler, low(er) cost models with limited bandwidth for negotiations, a high level of contract standardization with a low-level focus on 'the legals' and often limited to no access to the right people. The result is that, in many cases, there appears to be a lot less negotiation than you may be used to. That, however, does not mean that there would be no room for discussion at all and that there are no levers that can be used. Typical levers include for example a significant (committed) spend and new opportunities for the cloud vendor (e.g., a new market/country/sector).
In this blogpost we will highlight a selected (but non-exhaustive!) number of points of attention to be taken into consideration when engaging with hyperscalers.
Selected points of attention
Build your deal team
When sourcing IT solutions, companies often set up different work streams (e.g. commercial, operational/technical and legal), each operating in parallel within their respective domain of expertise.
Engaging with hyperscalers will, however, demand another, more holistic approach whereby the procurement, technical and legal teams will need to work closely together and in a more integrated way. To be successful, it will be critical to make sure to combine the different work streams and discuss the different elements in one go, given the strong interdependencies between the different deal components. For example, the committed spend will inevitably impact the number of legal concessions that can be obtained.
Understand the contract set-up
When reviewing a hyperscaler contract, one of the first challenges you may face is understanding the structure of the applicable contractual framework. A hyperscaler contract typically consists of a master services agreement (or one or more sets of overarching terms and conditions), one or more order forms and different sets of operational terms (e.g. relating to service levels, service descriptions, acceptable use policies and product terms) whereby the latter are often only available online.
In this respect, constructing a diagram can be a helpful guide to track the main documents and ensure that aspects which need to be amended are identified and captured during discussions. Do not shy away from asking clarifications from the hyperscaler in this respect, as the structure can be quite complex and may change over time.
Leverage the commercials
When discussing the commercials of a hyperscaler deal it is important to focus on key topics, such as for example the applicable usage metrics, discounts, price protection mechanisms, impact of over-usage, divestment provisions and minimum revenue commitments (e.g. what products and services are covered, what exclusions apply and what happens in case the agreed thresholds are exceeded).
Another point to consider in this respect is the impact of the commercials on the hyperscalers’ flexibility in relation to the discussion of the legal terms. In case the customer is willing to commit to larger volumes, this will be an important leverage for the legal discussions.
Ensure regulatory compliance
When your organisation is operating in a regulated sector, you will need to consider whether the proposed offering and contract terms allow you to comply with your regulatory obligations. The standard offering of hyperscalers often involves global teams and your organisation’s data potentially being processed or accessed from delivery locations anywhere in the world. Moreover, the standard terms of hyperscalers typically do not comply with sector-specific requirements but a number of them do have specific contract addenda to incorporate certain sector-specific requirements (e.g. applicable in the financial or public sector) that they share upon request.
In addition, it needs to be emphasised that the EU legislator is also increasingly regulating the offering of technology (such as cloud and AI) on the EU market, and that such legislation is likely to impact the terms and offerings of hyperscalers. For example in relation to the impact of the Data Act on cloud services, we refer to this blogpost for more details.
Pick your battles
The flexibility demonstrated by hyperscalers will be more limited compared to what you may be used to. This also implies that it is recommended focusing your efforts on the key topics that are of relevance to you. In this respect, we have selected some clauses that are often being scrutinised (but this is in no way to be considered as exhaustive!):
- Suspension rights – Hyperscalers typically have broad suspension rights. If a suspension of the service delivery could have a major impact on your organisation’s operations, it is recommended to limit and tweak the conditions for a suspension.
- Unilateral changes – Hyperscaler contracts often foresee in a broad right for the hyperscaler to unilaterally change both the modalities of the service delivery and the contract terms. In this respect, it is recommended to verify whether such rights are accompanied with the necessary safeguards such as for example in terms of the type of modifications that are (not) allowed and the notification terms that are to be respected.
- Data protection – Protection of personal and non-personal is becoming more and more important. Therefore, it is recommended to always thoroughly scrutinise the commitments proposed by the hyperscaler in this respect before migrating vast amounts of data to the public cloud.
- Warranties and liability – Warranties offered by hyperscaler are typically limited and often accompanied with remedies that are qualified as a customer’s sole and exclusive remedy. In addition, liability provisions are also often rather beneficial to the hyperscaler. Therefore, it is recommended to always map your risks in case of a hyperscaler failure and to analyse whether such risks are appropriately covered or whether those risks are acceptable and/or can be mitigated internally.
- Governing law – Another point to check is the governing law and the competent courts.
Although certain negotiation points that are typically addressed may not be open for discussion with hyperscalers, many organisations choose to create an audit trail. This practice enables senior management to make informed, risk-based decisions when entering into hyperscaler agreements, even considering the associated exposure. As a legal counsel, the last thing you would want is senior management in the framework of an incident challenging a provision that was accepted during negotiations due to inflexibility from the hyperscaler.
Conclusion
Contract discussions with cloud hyperscalers are simply set different than most other contract discussions you are used to. Considering the way of working of hyperscalers it is of the utmost importance to simultaneously leverage all commercial, technical, and legal resources to be able to secure a good outcome for your organisation. Therefore, it is recommended to not merely focus on the key legal requirements, but to also properly understand and cover the key commercial and operational aspects and to ensure that all stakeholders are at all times aligned.
Authors: Kristof De Vulder, Raf Schoefs (DLA Piper)
More Partner Blogs
Vendor due diligence obligations under the GDPR
Lessons learned from new EDPB guidance
Marketingacties binnen de onderneming: waarom bedrijfsjuristen best een oogje in het zeil houden
Technologische ontwikkelingen gaan razendsnel en marketeers doen er hun voordeel mee.
Een commercieel belang als gerechtvaardigd belang in de AVG?
Inzichten door het HvJEU in de KNLTB-zaak en de ontwerprichtsnoeren van de EDPB
Afschaffing van de quasi-immuniteit van de uitvoeringagent vanaf 1 januari 2025: quo vadis bestuurders?
Het nieuwe Boek 6 van het Burgerlijk Wetboek inzake buitencontractuele aansprakelijkheid hervormt...
5 key takeaways on the protection of software under EU copyright law
Software protection under EU copyright law: 5 things to know