SaaS Agreements – SLA – Proposed EU Model Terms

The European Commission has recently released a paper on cloud computing stating that it will develop model terms for SaaS agreements which should be available for use in service level agreements (SLAs) by the end of 2013.

Need for Model Terms

An SLA determines the relationship between a cloud provider (SaaS supplier) and a cloud user (SaaS customer). During the negotiation process the terms of the SLA often form, or destroy, the basis of trust that SaaS customers have in a SaaS supplier’s ability to deliver the SaaS services. SaaS customers often complain that SLAs:

  • are too complex;
  • contain extensive disclaimers;
  • impose a choice of applicable law; and
  • exclude liability for data integrity, confidentiality and service continuity.

The Commission claims that SaaS agreements will be made fairer and safer by using model clauses. It argues that SaaS customers are currently “locked in” to agreements with SaaS suppliers making it difficult for customers to change their supplier due to non-interoperability and data portability issues.

Common European Sales Law and Model Terms

Within the context of the Commission’s on-going work on developing a common European sales law, it is now also preparing model terms specifically designed for cloud computing. These will cover issues such as:

  • subcontracting;
  • data preservation after termination of the SaaS agreement;
  • data disclosure and integrity;
  • data location and transfer;
  • direct and indirect liability; and
  • ownership of the data.

The proposed new model terms are being designed for use by SaaS suppliers in SaaS agreements with consumers and small businesses.

Voluntary Certification and Audit

In addition to developing model terms, the Commission wants to develop new EU-wide voluntary certification schemes and independent compliance mechanisms to promote trust in cloud computing. Such schemes would include independent certification:

  • of a SaaS supplier’s IT systems’ compliance with legal and audit requirements;
  • that a SaaS supplier’s applications and systems are interoperable and secure; and
  • that data is reversible and portable.

Changes to Current Model Clauses

As part of the above process, the Commission will also review the existing model contract clauses. These can be used in SaaS agreements where personal data is transferred from the EU to non-EU countries to ensure compliance with EU data protection laws. The Commission intends to adapt these model contract clauses to “fit” with cloud services.


Currently the Commission is working with stakeholders to prepare the new model terms and to develop systems for the voluntary certification and audit of SaaS suppliers. In late 2013 when the drafts are available, SaaS suppliers should review their SaaS agreements and SLAs to check their compliance with/divergence from the proposals.


Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

To register for my newsletter click here


Other related articles: