The Shift to Cloud Services: Some underlying legal considerations

Over the years, businesses have relied on the innovative power of ‘software’ to manage their processes and deliver tailored services. In its earliest form, ‘software’ and its related products were offered primarily as ‘executable programmes’ installed for ‘on-premise’ uses only.

These have helped improve product designs, service offerings, customer management, revenue reporting, expenditure tracking, and people management, among other things, across many industries—such as banking, healthcare, education, insurance, and agriculture.

Today, the use format of ‘software’ as a tool for promoting business efficiency and effectiveness is shifting from ‘on-premise’ to ‘cloud services’, attributable mainly to technological advances enabling such new business models.

Instructively, it is not only the use format that is changing. Even though the underlying intellectual property rights for ‘software’ have mainly remained the same – copyright, patents, trademarks, etc., the scope of use, permissions, and associated rights conveyed to end users have changed with the shift.

Thus, the purpose of this article is to highlight the influence of this shift on the legal obligations of end-users and, in the end, underscore the legal considerations that must underpin ‘on-premise’ and ‘cloud service’ software use regimes as well as help business owners negotiate rights or permissions, scope, and conditions that secure their business interests.

The concept of ‘on-premise’ software

Do you remember when Microsoft used to sell ‘compact discs’ (CDs) containing proprietary software for its Microsoft Office suites? That is a classic example of how on-premise software works. It requires software stored on a media or CD to be installed and run on an electronic device, implying hosting the software on one’s electronic devices or IT infrastructure rather than on a third-party server or in the cloud.

It includes enterprise or productivity solutions, copies of which are given to or installed on customers’ IT devices – primarily for internal use only. The installation and use processes prove the software has been embedded in a customer’s electronic or IT device for related use. Further, by design, on-premise software may permit single or multiple (concurrent) uses.

Notwithstanding the significant shift in software design and business model, on-premise software solutions continue to be highly recommended across many industries in response to the growing risks of cyber attacks, data breaches, service downtimes etc. associated with cloud services and in compliance with regulatory demands. And its use cases may not be entirely replaced by cloud services.

The emerging model – cloud services

Emerging strongly in some instances as complementary to on-premise software uses is ‘Cloud Services.’ Cloud services are on-demand software, platforms, applications, and infrastructure designed by service providers and developers to enable end-user access and uses via internet-connected devices.

Using web-based applications or Mobile apps, cloud services effectively remove the need to download and install full-service programmes before use. With virtual logins, end-users are able to access the full functionality of related software just as on-premise ones.

The virtual software platforms are operated as ‘services’ rather than ‘software’, primarily focusing on permitting ‘access for use’ with no opportunity to copy, modify, or distribute the underlying software.

Apart from single-use cloud-service platforms, businesses may adopt multi-cloud strategies as leverage for their competitive service offerings. In a multi-could environment, services of multiple cloud service providers are integrated for flexibility, optimal performance, and to reduce dependency on a single vendor.

Legally, the resulting relationship between the provider and the end-user becomes a ‘service provider—customer’ instead of a ‘licensor-licensee’ relationship in an on-premise software arrangement. Under these models, no copyright (patents, trademarks) rights are granted except permission to use the related system and its interface, which can be likened to a subscription model.

The following examples of cloud service models ensure IT services, software, and infrastructure needs are delivered to businesses and other end-users remotely:

Software-as-a-Service (SaaS): With SaaS, services designed as productivity tools are offered over cloud-based platforms. The use cases provide virtual access on connected end-user devices. Some examples include Microsoft 365, Google Workspace, Slack, Dropbox, and DocuSign.

Platform-as-a-Service (PaaS): This service provision ensures the availability of platforms for developers to develop, operate, manage, and test their software applications – granting access to development tools, operating systems, and databases. Examples include Google Cloud and Microsoft Azure.

Infrastructure-as-a-Service (IaaS): These services provide virtual data centers that offer data storage, network infrastructure, servers, and operating system functionality virtually. They provide complete computing resources for access at scale and are payable on use. Amazon Web Services (AWS) and Microsoft Azure are examples.

As an evolving service model, it is highly anticipated that other models designed to promote flexibility, scale, and cost-efficiency in business operations will emerge in the near future as dominant cloud service models.

Some underlying legal considerations

Developers and service providers of ‘on-premise’ software and ‘cloud services’ have inherent legal protections for their software and related products. The dominant intellectual property right—copyright (and, to some extent, patents and trademarks)—has been bestowed on them and established by statutes and case law as exclusive rewards for their enterprise or ingenuity.

To preserve and protect the exclusive economic exploitations by developers of their works as guaranteed by law, unpermitted uses, reproduction, copying, installation, downloading, etc., have been prohibited and classified as infringements.

For permitted uses, developers or rights owners have used various licensing arrangements to grant third-party end-users lawful uses in exchange for negotiated compensations. Uses, downloading, installations, copying, etc., within the scope of such granted rights are not infringements of inherent intellectual property rights.

Inherent in the exchange of permissions to the associated works for compensation are obligations—variously imposed depending on whether the use is granted under an on-premise software arrangement or as a cloud service. Comparatively, the following critical legal considerations must inform the negotiation and signing of any licensing or general contractual agreements in both instances:

A License vs a Service Contract:

Under an on-premise software use arrangement, the copyright holder grants the end-user a license to use, reproduce, download, install, copy, etc., the software for the end-user’s internal business operational needs.

Except for software sold under the ‘first-sale doctrine,’ where the purchaser has the right to resell, lend, or dispose of the specific purchase copy of the copyrighted material without the permission of the copyright holder, an on-premise use of software without a license or sublicense will amount to unlawful use constituting an infringement of the holder’s copyright.

Therefore, it is imperative to clearly define what is being licensed (the licensed product or service) to avoid any potential infringement action by the right holder. It is not enough to name the software – what the end-user wants from the license must be listed in plain language except for terms of art. It may include the right to use current versions and future ones. For instance, if the license grants the right to reproduce, specify the number of copies and the medium or format of the reproduction.

Also, where user rights are granted, business owners must negotiate the optimal number of users for their business efficiency, considering any cost implications. The lack of clarity on some of these issues may become the point of disputes and must be negotiated and written in license agreements.

Under cloud services, no license is granted to the end-user to reproduce, copy, or modify the service provider’s software, platform, or infrastructure. In this arrangement, the cloud service platform only operates as a ‘service’ platform permitting virtual access for use by the end-user subject to general contractual arrangements that do not transfer or affect the service provider’s copyright rights in the related software or products.

As the copyright holder, the service provider retains all rights to the software and does not grant or transfer any such rights by the provision of the service. Therefore, contractual negotiation must take place with this in mind except in circumstances where dual uses (on-premise and cloud) are permitted for the related software.

Also, where the business adopts multiple-cloud strategies, the legal complexities around data sovereignty and compliance, multiple service level requirements, etc., must be well negotiated and documented to avoid creating gaps in liabilities for data breaches or service outages.

The resultant legal agreement will not be a license but a service level agreement (SLA) detailing arrangements for using the proprietary platform or service. Therefore, the end-user must focus on negotiating cost-effective user fees (subscription), customer service and complaint management arrangements, payment terms, etc.

Scope of Grant vs. Permissions:

Explicit provisions on the scope of a license or sublicense in an on-premise software arrangement are essential to prevent infringement actions. Usually, the scope will indicate the rights, specifically including words such as software is ‘licensed,’ not ‘sold.’

Further, the scope may indicate, subject to negotiations, whether the license or sublicense is exclusive or non-exclusive, revocable or irrevocable, royalty-base or royalty-free, geographical coverage (territory), duration—temporary or perpetual, subject to sublicense or transferability, among other things.

Also, a grant may limit third-party uses, restrict the number of internal users, restrict attempt reverse engineering, decompiling, or derive the source code from the software or its use for service bureau or time-sharing uses, among other things.

The scope of a grant is an outcome of negotiation between the parties. Therefore, enterprise end-users are encouraged to have broader internal engagements to determine beneficial limits before any negotiations and the signing of licensing agreements.

Although what underlines a cloud service use is not a license, it offers a similar opportunity for parties to negotiate and define restrictions. General restrictions on the number of users (or concurrent use); geographical restrictions – limiting access to a defined territory; operational restrictions – specifying the number of transactions beyond which new payment arrangements may activate; the requirement of compliance with provider’s policies such as privacy policy, acceptable use policy, customer complaint procedures; and the duration of access either monthly or annually are all matters parties can negotiate on.

These restrictions may affect permitted uses of cloud services, and negotiations must align with the end-user’s overall use objective before contracting.

Breach of Conditions of Grant vs. Breach of Contract:

Non-compliance with the terms of a license grant invalidates the grant, invariably amounting to an infringement of the holder’s copyright.

Although licenses are generally contractual, a breach of same does not ordinarily amount to a breach of contract – it amounts additionally to the infringement of copyright work, giving the right holder the option to commence an infringement action against the licensed end-user. Such infringement action may not only seek to enforce the terms of the executed license agreement (as a contract) but also to enforce the holder’s right to prevent unauthorized or unpermitted use of the related copyrighted software.

Anything done or permitted to be done by an end-user contrary to the scope of a license grant will amount to a breach of its conditions and call into question the validity of the grant and the ensuing contract. The duality of breach resulting from non-compliance with a license agreement calls for establishing a compliance tracking regime by an end-user post-contracting. The business owner must clearly define every condition in a checklist and religiously monitor for compliance.

In the case of cloud services, non-compliance with the terms of a service level agreement will amount simply to a breach of contract. This breach may not be a copyright infringement to warrant an infringement action. It may relate to non-payment of subscription fees, violation of customer service or complaint procedure, and access to the users beyond the agreed limits (which the platform may be designed to remedy by denying access), among others.

In rare circumstances, a breach may occur, giving rise to an infringement of the service provider’s copyrights. Even in such circumstances, it will not be a breach of the conditions of the service level agreement between the parties except in instances where additional on-premise software use is involved.

Remedies:

In both use cases, a breach of conditions amounting to an infringement of copyrights (or patents or trademarks) or a breach of contract resulting from the breach of an executed service level agreement may require the defaulting party to remedy the breach or compensate in damages or other contractual remedies. However, a copyright (patents, trademarks) holder may pursue other infringement reliefs, such as an injunction or repudiation of a license.

What next?

The lack of attention to the numerous legal issues associated with on-premise software and cloud services can expose businesses to substantial risks. Ambiguities in defining the rights being licensed and the scope of the license – particularly in on-premise software agreements – and the vague provisions in cloud-service SLAs can lead to costly legal disputes over intellectual property rights and contractual breaches, potentially disrupting business operations.

Negotiations offer the best chance for agreements, so business owners should use them to set clear ‘service’ expectations and document them in plain language. Nonetheless, obligations from these agreements must be drawn out into actionable checklists with assigned personnel to monitor for compliance, as that presents practical ways to monitor compliance and avoid infringements or breaches.

Conclusion

Software and related products are great productivity tools for businesses. Whether offered as on-premise products or cloud services, companies cannot discount their relevance to promoting operational efficiency, improving the design and offering of services, supporting financial management, and managing people.

However, their procurements and uses have inherent legal issues that business owners must understand before negotiating and signing the resultant license or service-level agreements. This article highlights some of these considerations.