
Short answer: draft your cloud services agreement for clarity and transparency, and only commit to obligations you actually control, because outside of indemnities your liability generally flows from being in breach.
There are many things to think about when drafting a cloud services agreement, but here are three to get right.
1. Clarity.
Draft as clearly as possible. Customers want to understand your model and what they are committing to, and the faster you can communicate it, the better. Since you are providing something intangible, communication, consistency, and clarity matter a lot.
2. Transparency.
Communicate the easy issues and the hard ones. When you deliver a service remotely over the Internet, trust is a huge issue, and transparency is how you build it.
3. Avoid Breach of Contract.
Be careful what obligations you take on. Outside of indemnities, you generally have no liability under an agreement unless you are in breach, so the obligations you accept define your risk. Try to commit only to things within your control or that you can influence. That said, if there are obligations you are genuinely comfortable with, add them, especially if the customer wants them. Committing to return the customer’s data on termination, for instance, is usually easy and valuable. A breach of contract is the trigger for most non-indemnity liability, so do not over-commit and under-deliver.
The Principle Underneath All Three: Commit to What You Control.
The fastest way to lower contract risk is to phrase obligations around things within your control and avoid absolute promises about things that are not. A few concrete moves:
- Uptime. Commit to a “commercially reasonable” target with service-credit remedies, not an absolute guarantee backed by uncapped damages.
- Data return. Committing to return or export the customer’s data on termination is usually safe and easy, and customers value it.
- Security. Describe your program and commit to “no material degradation,” keeping the operational detail in a policy you can update rather than freezing it into every signed agreement.
- Third-party dependencies. Carve out failures caused by the customer or by systems you do not operate, which is part of what a force majeure clause does.
Where Vendors Over-Commit (and Pay for It).
The language that bites cloud vendors is almost always an absolute promise about something they do not fully control. “Guaranteed 100% uptime.” “We will keep your data secure” with no qualifier and no cap. “We will fix any error within 24 hours.” Each converts a normal operational hiccup into a breach, and a breach is what exposes you outside of indemnity. Watch the adjectives: “ensure,” “guarantee,” and “all” turn a reasonable commitment into a strict one. Swap them for “commercially reasonable efforts,” tie remedies to service credits, and make sure your limitation of liability backstops whatever is left. The goal is not to promise nothing; it is to promise what you can deliver and to make the remedy for a miss proportionate.
Frequently Asked Questions.
Should I guarantee 100% uptime? No. Commit to a commercially reasonable target with service credits as the remedy. An absolute guarantee turns any outage into a breach and can expose you beyond the service-credit cap.
What is a safe obligation to add that customers like? Returning or exporting the customer’s data on termination. It is within your control, easy to deliver, and a strong trust signal.
Why does breach matter so much? Because outside of indemnities, breach is the main thing that creates liability. If you only promise what you control, you are far less likely to ever be in breach of your own agreement.
Cloud, cybersecurity, and defense vendors face the closest scrutiny on these security and data terms, which is exactly the market around San Antonio. I help those vendors get the language right as a San Antonio software attorney, matching the commitments to what the product actually delivers.
I hope this helps.
For the foundational distinction between an indemnity claim and a breach-of-contract claim, which determines your real liability exposure, see SaaS Indemnity vs. Breach of Contract: What’s the Difference?
Disclaimer:
This post is for informational and educational purposes only, and is not legal advice. You should hire an attorney if you need legal advice, which should be provided only after review of all relevant facts and applicable law.
Discover more from Aber Law Firm
Subscribe to get the latest posts sent to your email.