93
Sometimes, foreign rules can become relevant for operations of Cloud
services. For example, US American service providers are obliged to follow
US American regulations even if their servers are located in the EU or
Switzerland or their service is directed to non‐US residents (e.g. PATRIOT
Act).
3.3.4
Issues of No Choice (Provider Perspective)
In order to provide a state‐of‐the art service, the Cloud services provider will
need to ensure compliance with third party rights as well as with established
security standards.
Licensing questions
To be able to provide the Cloud‐services without the risk of violating third
party rights, corresponding rights of use (licenses) are typically required. In
particular, third parties’ copyrights may be affected.
The importance of not infringing third party rights is threefold:
A Cloud service provider must shield against the risk of being held
liable for infringement of third party rights;
Further, a Cloud service provider must at all times be able to
maintain agreed service availability. If the Cloud service provider is
unable to continue offering services due to violations of third party
rights, this is a considerable risk for a customer who relies on the
availability of those services.
Finally, third party rights will be relevant when scoping the rights of
use granted to the purchaser of Cloud services, or its end users.
A further distinction can be made along the lines of the established typology
of Cloud services: SaaS services, PaaS services and IaaS services.
Security Standards
The provider will also need to ensure established security standards. This
involves implementing technical and organisational security measures that
may be required from a data protection perspective, or to shield against
consequences under a criminal law perspective.
3.3.5
Need for Cloud Computing Agreements
In the context of a basic and thus necessarily incomprehensive definition,
Cloud computing shall be perceived as the supply of IT‐services which may
