Navigating the Future of Cloud Transformation | DLA Piper

[co-author: Susan McKiernan]

In a recent webinar forming part of DLA Piper’s ‘Digital Evolution in conversation with’ series, Rami Zayat caught up with Jan Geert Meents, Joanna Sykes-Saavedra and Sophie Levett to discuss the future of cloud transformation. In addition to looking at various aspects of cloud deals across the UK, EU, US, and the Middle East, they consider the impact of artificial intelligence (AI) and relevant legislation on cloud services and highlight some of the key trends that they are seeing.

Considerations in cloud deals

A typical feature of cloud agreements is the complex contract structure, and it is important for the customer to understand the ‘contract stack’. In addition to the negotiated terms, the contract may include hyperlinked terms that can be changed unilaterally by the provider, third-party product terms that supersede negotiated provisions, as well as non-binding technical or service-related guidance available on the provider’s website.

Customers may have to accept a certain amount of risk in their agreements with cloud providers – depending on the parties and the deal size, there may be limited scope to deviate from standard terms. This may be mitigated and managed by the customer through strategic planning prior to negotiations by identifying its priorities and risk tolerance. Robust internal governance will be important to ensure that business activity is aligned with the contract terms. This includes, for example, checking that any minimum usage commitments are met.

Where cloud services have an AI element, AI terms frequently appear in the dynamic contract documents and are constantly evolving. The customer needs diligent oversight to identify any changes to these terms that could impact its use of AI offerings and ability to comply with updated terms, as well as clear internal policies governing how teams are permitted to procure and use AI.

Regulatory Impact

One of the biggest challenges for a business is how to leverage technology while navigating ever-changing law and regulation.

In the EU, legislation that emphasises data protection, interoperability and transparency – particularly the General Data Protection Regulation, the Data Act, and the AI Act – has had and will continue to have a significant impact on cloud deals. While aimed at protecting EU consumers and businesses, the legislation does have an extra-territorial reach.

In contrast to the EU’s harmonised approach, there is a patchwork of laws to be considered within the Gulf Cooperation Council, where data protection regulation is more advanced in some jurisdictions than others. Businesses will need to consider the various laws and regulations that can apply to cloud services and to use of AI.

It is not only the customer that needs to stay alert to new laws and regulation. The recently introduced ‘critical third party’ regimes in the EU (through the Digital Operational Resilience Act (DORA)) and the UK will impose new obligations directly on certain service providers that are considered critical to the sector. This is likely to include hyperscalers and will represent a major change for those providers, not least by bringing them under the direct supervision of financial services regulators for the first time.

Cloud trends

• AI adoption: We expect AI to increasingly feature in hyperscaler arrangements, with significantly more AI offerings being offered by providers. However, many organisations are not ready for AI adoption, and it will be critical that companies invest in upskilling their workforce and, in some cases, invest in their infrastructure. In addition to AI, we anticipate a rise in serverless architecture and edge computing.
• Multi-vendor solutions: We are seeing a growing trend in customers opting for multi-vendor cloud solutions to avoid vendor lock-in and to increase operational resilience.
• Increased competition: Increased competition between hyperscalers could lead to more favourable pricing models, especially for larger deals. However, improved pricing and competition may not come from market forces alone but also from regulatory pressure. In the UK, the Competition and Markets Authority will conclude its cloud services market investigation this year, and provisional findings of the investigation in January 2025 proposed interventions by the CMA in relation to egress fees (amongst others).

• DORA’s wider influence: DORA will continue to have an impact both inside and outside of the financial services sector, as unregulated clients increasingly seek enhanced standards in their contracts to match those being offered by hyperscalers to their regulated clients.
• Sustainability and ‘green cloud’ initiatives: There is a growing focus on the environmental impact of cloud services, with businesses seeking sustainable solutions and monitoring their carbon footprint. Customers are likely to start looking to hyperscalers to provide more sustainable solutions to improve supply chain credentials

Conclusion

The cloud landscape is rapidly changing and there are exciting times ahead. While there is an increasing desire to embrace AI and leverage the full potential of cloud and AI technologies, businesses must remain cognisant of the legal and regulatory framework and the risks. Governance is key in cloud transformation projects: this encompasses both robust external governance of the relationship and contract with the cloud provider and internal governance of usage across the enterprise, particularly for the use of AI products.

[View source.]