Seite 93 - Cloud Migration Version 2012 english

93 
Sometimes, foreign rules can become relevant for operations of Cloud 
services. For example, US American service providers are obliged to follow 
US American regulations even if their servers are located in the EU or 
Switzerland or their service is directed to non‐US residents (e.g. PATRIOT 
Act). 
3.3.4
Issues of No Choice (Provider Perspective) 
In order to provide a state‐of‐the art service, the Cloud services provider will 
need to ensure compliance with third party rights as well as with established 
security standards. 
Licensing questions 
To be able to provide the Cloud‐services without the risk of violating third 
party rights, corresponding rights of use (licenses) are typically required. In 
particular, third parties’ copyrights may be affected. 
The importance of not infringing third party rights is threefold:  
A Cloud service provider must shield against the risk of being held 
liable for infringement of third party rights; 
Further, a Cloud service provider must at all times be able to 
maintain agreed service availability. If the Cloud service provider is 
unable to continue offering services due to violations of third party 
rights, this is a considerable risk for a customer who relies on the 
availability of those services.  
Finally, third party rights will be relevant when scoping the rights of 
use granted to the purchaser of Cloud services, or its end users. 
A further distinction can be made along the lines of the established typology 
of Cloud services: SaaS services, PaaS services and IaaS services. 
Security Standards 
The provider will also need to ensure established security standards. This 
involves implementing technical and organisational security measures that 
may be required from a data protection perspective, or to shield against 
consequences under a criminal law perspective. 
3.3.5
Need for Cloud Computing Agreements 
In the context of a basic and thus necessarily incomprehensive definition, 
Cloud computing shall be perceived as the supply of IT‐services which may