A report released by the Queen Mary University of London’s Centre for Commercial Law Studies has raised concern about unfair terms, often non-negotiable, that can come with cloud contracts.

Research showed there are a number of off-the-shelf clauses commonly found in contracts that can exclude suppliers of liability for failure.

Many contacts can also come with service level agreements (SLAs) that aren’t compatible with EU data protection rules and end users can also find themselves locked into a contract that allows suppliers to change service features without notice.

Hogan Lovells International LLP Conor Ward, also Chair of the Cloud Industry Legal Forum, said legal issues surrounding the cloud may be long established but this does not mean end users should not be cautious when considering their legal implications with a move to a cloud environment.

To date, the relative immaturity of the market has resulted in contracts being used which are not particularly well suited to the services provided but the study anticipates that contracting models will mature as a combined result of pressure from regulatory bodies and experience from negotiations on the larger deals,” Ward said.

“Cloud computing is not going to be suitable for every circumstance and potential customers would, as this study demonstrates, be well advised to undertake a detailed risk analysis before committing new applications to the Cloud.”

Ward said customers need to remember cloud service providers not act as insurers of their business needs and that remedies under the contract may form part of, but should not be considered, to be an entire risk mitigation strategy.

“Agreed service levels with limited service credits will generally not provide an adequate remedy and where the loss of service is due to a force majeure event, the supplier may have no liability at all,” Ward said.

“A careful review of the contract and SLAs should highlight the extent to which the customer has any meaningful remedy if the service levels are not met and should enable the customer to take measures to minimise losses or disruption in the event that a disaster does occur.”

The research was funded by Microsoft as part of a group of projects looking at information ownership in the cloud, personal data in cloud and law enforcement.