Legal Frameworks and Market Dynamics of Cloud Computing Contracts: Analyzing Obligations, Liabilities, and Regulatory Challenges
KHRAISHA, Wasim
Cloud Computing Contracts, Data Protection (GDPR), Service Level Agreements (SLAs), Liability and Risk Management, NIS2 Directive, Smart Contracts, and AI in Cloud Services
- Szerző / Author
- Idézés / How to cite
- Absztrakt / Abstract
- Teljes szöveg (magyar) / Full text (Hungarian)
- Hivatkozások / References
- Copyright
Megjelenés / Publication
| Benyújtva / Submitted | Elfogadva / Accepted | Publikálva / Publicated | Lapszám / Issue |
|---|---|---|---|
| 2025. április 15. | 2025. június 1. | 2025. július 31. | Ember és Jog, 2025/1-2. |
Szerző / Author
Wasim Khraisha
PhD Student
Karoli Gaspar University of The Reformed Church, Budapest
Idézés / How to cite
KHRAISHA, Wasim: Legal Frameworks and Market Dynamics of Cloud Computing Contracts: Analyzing Obligations, Liabilities, and Regulatory Challenges. Ember és Jog, 2025/1-2. 79–101.
Abstract
This article explores the evolving legal and contractual landscape of cloud computing, focusing on the complexities of cloud service agreements and the legal responsibilities of various stakeholders. It provides a comprehensive analysis of cloud contracts, including Service Level Agreements (SLAs) and Data Processing Agreements (DPAs), and their role in allocating liability, managing risks, and ensuring compliance with key regulations such as the General Data Protection Regulation (GDPR) and the NIS2 Directive. The paper examines the implications of different deployment (public, private, hybrid, community) and service models (SaaS, PaaS, IaaS) on the content and enforceability of cloud contracts. It also considers emerging challenges posed by AI-generated and smart contracts and addresses dispute resolution, enforcement, and regulatory intervention, particularly within the European Union. Ultimately, it highlights the need for adaptable legal frameworks and robust contractual practices to ensure legal certainty, fairness, and data protection in a rapidly changing technological environment.
Teljes szöveg / Full text
Hivatkozások / References
Balboni, Paolo – Fontana, Francesca: Cloud Computing: A Guide to Evaluate and Negotiate Cloud Service Agreements in the Light of the Actual European Legal Framework. ICT Law Review, 2013/1.
Bradshaw, Simon – Millard, Christopher – Walden, Ian: Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services. Queen Mary School of Law Legal Studies Research Paper, No. 63/2010.
Bradshaw, Simon – Millard, Christopher – Walden, Ian: Standard Contracts for Cloud Services. In Millard, Christopher (ed.): Cloud Computing Law. 1st edition. New York, Oxford University Press, 2013.
Chang, Henry: Data Protection Regulation and Cloud Computing. In Cheung, Anne S Y – Weber, Rolf H (eds.): Privacy and Legal Issues in Cloud Computing. Cheltenham – Northampton, Edward Elgar Publishing, 2015.
Dash, S. B. et al.: Service Level Agreement Assurance in Cloud Computing: A Trust Issue. International Journal of Computer Science and Information Technologies, 2014/3.
Eustice, John C.: Understanding Cloud Data Protection and Data Privacy. Thomson Reuters, 2024. https://legal.thomsonreuters.com/en/insights/articles/understanding-data-privacy-and-cloud-computing
Geyer, Andrew – McLellan, Melinda: Strategies for Evaluating Cloud Computing Agreements. Bloomberg Law Reports – Technology Law, 2011/13.
Gryffroy, Pieter: Legal Aspects of Multi-Cloud: More Clouds, More Problems? C.T.L.R., 2018/5.
Hon, W. Kuan et. al.: Negotiated Contracts for Cloud Services. In Millard, Christopher (ed.): Cloud Computing Law. 2nd edition. New York, Oxford University Press, 2021.
Hon, W. Kuan – Hörnle, Julia – Millard, Christopher: Which Law(s) Apply to Personal Data in Clouds? In Millard, Christopher (ed.): Cloud Computing Law. 1st edition. New York, Oxford University Press, 2013.
Hon, W. Kuan – Millard, Christopher: How Do Restrictions on International Data Transfers Work in Clouds? In Millard, Christopher (ed.): Cloud Computing Law. 1st edition. New York, Oxford University Press, 2013.
Hon, W. Kuan – Millard, Christopher – Walden, Ian: Negotiating Cloud Contracts – Looking at Clouds from Both Sides Now. Queen Mary School of Law Legal Studies Research Paper, No. 117/2012.
Hon, W. Kuan – Millard, Christopher – Walden, Ian: UK G-Cloud v1 and the Impact on Cloud Contracts. Queen Mary School of Law Legal and Studies Research Paper, No. 115/2012.
Hon, W. Kuan – Millard, Christopher – Walden, Ian: Negotiated Contracts for Cloud Services. In Millard, Christopher (ed.): Cloud Computing Law. 1st edition. New York, Oxford University Press, 2013.
Hon, W. Kuan – Millard, Christopher – Walden, Ian: Public Sector Cloud Contracts. In Millard, Christopher (ed.): Cloud Computing Law. 1st edition. New York, Oxford University Press, 2013.
Hoofnagle, Chris Jay: Consumer Protection in Cloud Computing Services: Recommendations for Best Practices from a Consumer Federation of America Retreat on Cloud Computing. Consumer Federation of America, 2010. https://consumerfed.org/pdfs/Cloud-report-2010.pdf
Jaiswal, Manishaben: Cloud Computing and Infrastructure. International Journal of Research and Analytical Reviews, 2017/2.
Jansen, Wayne – Grance, Timothy: Guidelines on Security and Privacy in Public Cloud Computing.
Kemp, Richard: Legal Aspects of Cloud Computing: Cloud Contracting. White Paper v1.0. Kemp IT Law LLP, 2019.
Khandelwal, Manish – Saini, Hukum: Review on Security Challenges of Cloud Computing. International Conference on Advancements in Computing & Management (ICACM-2019). https://ssrn.com/abstract=3463271
Kratochwill, György: What is the Difference between a Software License Agreement and a ‘Software as a Service’ (SaaS) Agreement?les Nouvelles, 2021/3.
Kuner, Christopher: Data Protection Law and International Jurisdiction on the Internet (Part 1). International Journal of Law and Information Technology, 2010/2.
Lando, Ole – Beale, Hugh: Principles of European Contract Law, Parts I and II. The Hague, Kluwer Law International, 2000.
Levi, Stuart D. – Lipton, Alex B.: An Introduction to Smart Contracts and Their Potential and Inherent Limitations. Harvard Law School Forum on Corporate Governance, May 26. 2018.
Loos, Marco – Luzak, Joasia: Update the Unfair Contract Terms Directive for Digital Services European Parliament. 2021. https://www.europarl.europa.eu/RegData/etudes/STUD/2021/676006/IPOL_STU%282021%29676006_EN.pdf?
Martic, Dusko: Online Dispute Resolution for Cloud Computing Services. CEUR Workshop Proceedings, 2013. 1105.
Meenu: The Impact of Artificial Intelligence on Contract Law: Challenges and Opportunities. Indian Journal of Law, 2024/2.
Mell, Peter – Grance, Timothy: The NIST Definition of Cloud Computing. Gaithersburg, National Institute of Standards and Technology, 2011.
Michels, Johan David – Millard, Christopher: Digital Assets in Clouds. In Millard, Christopher (ed.): Cloud Computing Law. 2nd edition. New York, Oxford University Press, 2021.
Michels, Johan David – Millard, Christopher – Turton, Felicity: Contracts for Clouds: An Analysis of the Standard Contracts for 40 Cloud Computing Services. Queen Mary Law Research Paper Series, No. 334/2020.
Michels, Johan David – Millard, Christopher – Turton, Felicity: Standard Contracts for Cloud Services. In Millard, Christopher (ed.): Cloud Computing Law. 2nd edition. New York, Oxford University Press, 2021.
Odumosu, Damilola O.: Cloud Service Agreement: Salient Contractual Clauses and Its Practical Implications. 2018. https://ssrn.com/abstract=3276612
Oppenheim, Charles: Cloud law and contract negotiation. El profesional de la información, 2012/5.
Overby, Stephanie – Greiner, Lynn– Paul, Lauren Gibbons: What Is an SLA? Best Practices for Service-Level Agreements. CIO, June 21. 2024.
Radu, Bogdan: Key Aspects of Cloud-Computing Services Related Contracts. National Strategies Observer, 2016/1.
Reed, Chris: Cloud Governance: The Way Forward. In Millard, Christopher (ed.): Cloud Computing Law. 1st edition. New York, Oxford University Press, 2013.
Reed, Chris: Information Ownership in the Cloud. In Millard, Christopher (ed.): Cloud Computing Law. 2nd edition. New York, Oxford University Press, 2021.
Reed, Chris – Cunningham, Alan: Ownership of Information in Clouds. In Millard, Christopher (ed.): Cloud Computing Law. 1st edition. New York, Oxford University Press, 2013.
Reynaud, Laura: Read Before Signing: 15 Terms in Cloud Service Agreements. ACC Docket, September 29. 2021.
Rittinghouse, John W. – Ransome, James F.: Cloud Computing: Implementation, Management, and Security. Boca Raton, CRC Press, 2010.
Rustad, Michael L. – Kavusturan, Elif: A Commercial Law for Software Contracting. Washington and Lee Law Review, 2019/2.
Sandström, Isabel: The Impact of the NIS2 Directive on Subcontractors in the Transportation Sector. Master’s thesis. Luleå, Luleå University of Technology, 2024.
Schwartz, Alan – Scott, Robert E.: Third-Party Beneficiaries and Contractual Networks. Journal of Legal Analysis, 2015/2.
Scruggs, Ron – Trappler, Thomas – Philpott, Don: A 6-Step “How-To” Guide to Contracting for Cloud Services Includes a 137-Element Contracting Checklist. Longboat Key, Government Training Inc., 2011.
Svantesson, Dan Jerker B.: A New Jurisprudential Framework for Jurisdiction: Beyond the Harvard Draft. AJIL Unbound, Volume 109/2015.
Teramura, Nobumichi – Trakman, Leon: Confidentiality and Privacy of Arbitration in the Digital Era: Pies in the Sky? Arbitration International, 2024/3.
Vandezande, Niels: Cybersecurity in the EU: How the Nis2-Directive Stacks Up Against its Predecessor. 2023. https://ssrn.com/abstract=4383118
Wuermeling, Ulrich – Oldani, Isabella: Regulation of International Data Transfers in Clouds. In Millard, Christopher (ed.): Cloud Computing Law. 2nd edition. New York, Oxford University Press, 2021.
Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts
Cloud Computing. Benefits, Risks and Recommendations for Information Security. European Network and Information Security Agency, 2009. https://www.enisa.europa.eu/publications/cloud-computing-risk-assessment
Study on the Economic Detriment to Small and Medium-Sized Enterprises Arising from Unfair and Unbalanced Cloud Computing Contracts. Final report. Brussels, European Commission, 2018.
The Impact of Mandatory Arbitration Clauses in Commercial Agreements. 2025. https://www.possingerlaw.com/the-impact-of-mandatory-arbitration-clauses-in-commercial-agreements/
Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council
Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC
Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, and repealing Directive (EU) 2016/1148 (NIS2 Directive)
EUCS – Cloud Services Scheme. European Network and Information Security Agency, 2020. https://www.enisa.europa.eu/sites/default/files/publications/EUCS%20%E2%80%93%20Cloud%20Service%20candidate%20cybersecurity%20certification%20scheme.pdf
Navigating Regulatory Challenges in Cloud Services Agreements. 2024. https://www.sifma.org/wp-content/uploads/2024/03/SIFMA-BLG-White-Paper-Cloud-Services-Agreement-2024.pdf
NIS2 Directive: New Rules on Cybersecurity of Network and Information Systems. Brussels, European Commission, 2025.
Notes on the Main Issues of Cloud Computing Contracts (prepared by the UNCITRAL secretariat, 2019). United Nations Commission on International Trade Law. https://uncitral.un.org/en/cloud/liability
Notes on the Main Issues of Cloud Computing Contracts (prepared by the UNCITRAL secretariat, 2019). United Nations Commission on International Trade Law. https://uncitral.un.org/en/content/main-pre-contractual-aspects
Regulation (EU) No 526/2013 on information and communications technology cybersecurity certification and repealing (Cybersecurity Act)
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity)
Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act)
Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonized rules on fair access to and use of data (Data Act)
Questions and Answers: Digital Markets Act: Ensuring fair and open digital markets. Brussels, European Commission, 2023.
What Is a Cloud Service Provider? https://cloud.google.com/learn/what-is-a-cloud-service-provider
Copyright
(C) Pro Veritate Közhasznú Egyesület
(C) Szerző / Author
Az Ember és Jog nyílt hozzáférésű (Open Access) folyóirat, az abban megtalálható cikkek szabadon hozzáférhetők az Olvasók számára.
A folyóirat és a cikkek a Creative Commons CC BY-NC-ND 4.0 licenc alatt állnak.
