Choose Site
TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

The use of aggregated data by technology service providers is quite common in today’s landscape, and something that even traditionally cautious customers have become amenable to in the right circumstances and subject to proper limitations. As widespread adoption of artificial intelligence (AI) technology continues, providers and customers of AI solutions should carefully consider the proper scope of aggregated data use in the design and implementation of the AI solutions.

An annual survey found that the coronavirus (COVID-19) pandemic has influenced decisions made by state chief information officers (CIOs) in 2020 in all areas addressed by the survey. The 2020 State CIO Survey (the Survey) released by the National Association of State Chief Information Officers, Grant Thornton Public Sector LLC and CompTIA (Sponsoring Organizations) was conducted several weeks after the start of COVID-19 and includes the responses from 47 state and territory CIOs.

Peter Watt-Morse and Ben Klaber, members of our technology, outsourcing, and commercial transactions practice, will be presenting a one-hour session on cloud computing as part of the Pennsylvania Bar Institute’s (PBI’s) virtual Cyberlaw Update 2020. The session will take place Tuesday, September 29, 2020 at 10:10 am ET.

Peter and Ben will discuss the impact of cloud computing with our current remote work environment; data issues regarding ownership, access, and security; and specific cloud-impacted contract provisions such as service levels, transitions, and force majeure.

To register for the Cyberlaw Update (which includes CLE credits), please visit the PBI’s website.

As companies adjusted to the “new normal” of coronavirus (COVID-19) restrictions, spending on cloud services has seen a boom. Spending by companies on cloud services exploded in the second quarter to a record $34.6 billion, up approximately 11% from the first quarter of 2020 and 30% from the same period last year, according to research firm Canalys, as reported by the Wall Street Journal.

Adding corporate flexibility to IT-related commercial contracts can make seemingly unrelated mergers and acquisitions (M&A) transactions a bit less complex. Although many contracting parties already consider assignment rights and restrictions in relation to certain successor scenarios, the divestiture scenario—where contractual rights are not simply transferred in whole—deserves a closer look.

The UK Financial Conduct Authority (FCA) announced on July 8 that the guidelines issued by the European Insurance and Occupational Pension Authority (EIOPA) on outsourcing to cloud service providers are not applicable to regulated activities (in this instance, insurance and reinsurance undertakings) within the UK jurisdiction.

In its statement, the FCA noted that this is due to the fact that the EIOPA guidelines will enter into force on January 1, 2021, which is after the end of the EU withdrawal transition period.

The Business Software Alliance (BSA) recently endorsed principles for building trust in the Internet of Things (IoT), highlighting the need for a risk-based approach that (1) accounts for the various components, capabilities, users, environments, life cycles, and complexities of the IoT ecosystem, and (2) engages the corresponding stakeholders. Given the near boundless opportunities—and risks—deriving from its connectivity, a connected device should not be designed and managed in isolation.

The following key themes emerged throughout the BSA policy principles:

The European Securities and Markets Authority (ESMA) published its draft guidelines on outsourcing to cloud service providers on June 3. Steven Maijoor, the chair of ESMA, indicated that the purpose of the guidelines is to “help firms understand and mitigate the risks that they are exposed to when outsourcing to cloud service providers.”

In April, we shared a LawFlash Outsourcing and Managed Services Agreements During COVID-19: Our Perspective. With the continued and unprecedented impact of the coronavirus (COVID-19) pandemic on business operations, we thought it would be timely to provide a brief update on five top-of-mind issues that we are addressing with outsourcing and managed services clients.

Remote Working

  • Many outsourcing and managed services agreements include strict requirements on the location of personnel, including the location of certain personnel onsite at a customer site and/or the location of offshore personnel at secure delivery centers with no permitted remote working. These physical location restrictions often are coupled with requirements with respect to the type of technology that can be used when connecting to or accessing the customer’s systems or interacting with end users (such as hardened desktops only, no personal devices), security requirements and detailed connectivity and bandwidth requirements (particularly if there are end user facing activities such as call centers).

In cloud services, whether it is infrastructure as a service (IaaS), platform as a service (PaaS), or software as a service (SaaS), service availability is often a significant customer concern because the customer is relying on the vendor to provide and manage the infrastructure and related components that are necessary to provide the services. To address this concern, vendors will often provide a Service Level Agreement (SLA) containing a commitment that the service will be available for a percentage of time (e.g., 99.9%) during a certain period (e.g., week, month, or quarter). This is often referred to as an uptime or availability commitment. When reviewing and negotiating an SLA with an uptime commitment, it is important to consider the following issues.

Uptime Percentage

Given the different types of cloud services and how those services are used, there is no standard uptime commitment provided by vendors. Rather, uptime commitments can range from 99.999% to 97% or even lower. It is also not uncommon for vendors to provide different uptime commitments for different parts of the service. Ultimately, a vendor’s uptime commitment will depend on a variety of factors, including the type of service, how a customer will use the service, negotiating leverage, and vendor’s business model.