This article has been written by Kiran Krishnan, pursuing a Diploma in Cyber Law, FinTech Regulations and Technology Contracts from LawSikho.

Introduction

The rapid evolution of technology has led to innovations that were once chalked off as impossible. Although technological innovation is a well thought out plan which in turn makes peoples’ lives easier, it does bring along several legal issues for the concerned businesses. Using information technology products and services has become a new norm. However, one needs to understand and consider certain essential features and issues during negotiation of technology contracts. Some of the key legal issues include data security and data privacy in cloud computing, compliance with software license terms and conditions, and infringement of another party’s copyrighted content, among others. The aforesaid issues can be prevented from happening or systematically dealt with if occurred, by entering into a well drafted technology contract or agreement. Let us now understand some of the most commonly used technology agreements.

Commonly used Technology Agreements

Here are some of the most frequently used technology agreements are:

• Cloud Computing Services Agreement: In this Agreement, the cloud service provider and the customer agree that the cloud service provider will provide access to: 
• • software (SaaS), or 
  • platform including hardware, software stack, development tools to run, develop and manage applications (PaaS), or
  • computing resources such as physical servers and/ or virtual servers, networking, storage resources. (IaaS).

over the internet. The cloud service provider does not provide software to the customer but merely access to it and/ or the aforesaid resources via the internet.

• Software License Agreement: In this Agreement, the software vendor grants the customer rights to own, use, modify or redistribute the software (depending on the requirements and terms of the agreement). Examples of Software License Agreements are shrink-wrap agreements, click-wrap agreements, browse-wrap agreements, end-user license agreements (“EULA”) etc.

• Software Development Agreement: It is an agreement between a software developer and a client or company wherein the software developer is hired by the company to develop or create a software. The software developer may create the software for private as well as commercial use. In this agreement, the software developer works according to the terms and conditions of the company. Examples of Software Development Agreements are Agile contracts, Waterfall contracts etc.

• Technology Transfer Agreement: It is an agreement wherein the technological knowledge, expertise or knowhow of a company or individual is transferred to another company or individual. The transfer of technology may take place from one country to another, from a company in one industry to a company in another industry or from one company to another within the same group. Other types of technology transfers may also take place.
• Outsourcing Agreement: It is an agreement between a company and a service provider or vendor wherein the company hires the service provider to undertake tasks, monitor and handle operations or provide services to the company for a particular period.

Let us now understand the essential features or key clauses of each of the technology agreements:

Cloud Computing Services Agreement

Cloud computing agreements are commonly entered into between parties wherein the cloud service provider either provides Software as a Service (SaaS), Platform as a Service (PaaS) or Infrastructure as a Service (IaaS) services to the customer.  

Here are some of the key clauses in a cloud computing services agreement:

• Data security and confidentiality: Since it is the company’s duty to keep its customers’ personal data safe, the company must make sure that when entering into the cloud services agreement with the service provider, the company insists on incorporating a clause where the service provider implements effective security measures, and which qualify as “industry standard” regarding the company’s personal data (i.e. personal data of the company’s clients) as such data will be stored on the cloud servers of the service provider.

Besides, the company must consider incorporating a clause specifically defining confidential information which implying what information the company considers of crucial importance. Another clause the company needs to adopt is that it must entrust a responsibility on the service provider to make sure it does not disclose the confidential information to any person or entity unless necessary or to provide a service according to the subject matter of the Agreement.

The company may incorporate a clause to implement periodic audit review of the service provider’s data protection policies and procedures and the company must be informed of the review.

• License: A clause must be incorporated where the service provider grants a license to the customer or company to access the service i.e. IaaS, PaaS, or SaaS. 
• Third-party responsibilities: In many cases, service providers depend on third-party vendors to provide services that help in the operation of cloud computing. In other cases, the role of third-party vendors is crucial to the availability of cloud computing services. Therefore, it is important from a client’s point of view to understand the role of a third-party vendor in provision of cloud services. Accordingly, the client must insist that the service provider takes up the responsibility for the third-party vendor’s performance of services since the vendor is not a party to the agreement. However, the service provider may want to absolve liability in this case. The main objective must be for both parties to arrive at a consensus such as ensuring that the service provider notifies the customer of any issues in advance and gives an option to the customer to opt out in exceptional circumstances or defer a service for genuine reasons.

Software License Agreement

In this Agreement, the sale of software is characterised as a “license”. 

Here are some of the key clauses covered in an End User License Agreement which is a Software License Agreement:

• Nature and identity of License: The software vendor usually grants a limited, non-exclusive, and non-transferable license. The fact that it is limited means that the vendor only allows the user or customer to use the software for specific and limited purposes. Such a license cannot be transferred by the user to anyone. Besides, the non-exclusivity of the license implies that the vendor can freely sell the software to anyone else. It is also important for the vendor to properly identify the software and any additional documentations and/ or manuals as a package and whether any modules and/ or functionalities are licensed separately or together with the software.

• Ownership of Intellectual Property rights (IPR): The software vendor must incorporate a clause where he clearly defines the IPR and mentions that he owns and retains the title, trade secrets, copyrights, trademarks and other IPR in the software. The vendor must further add that the users will be prohibited from removing or destroying the copyright notices or trademarks on the software or any confidential information regarding the software. The vendor shall also clarify that the customer is entitled only the aforesaid limited rights to use the software and nothing beyond that including the ownership of the software.

• Term of the license: The vendor must make sure the term of the license is clearly mentioned. In case the user has obtained a trial version of the software, the license will be valid for a limited period. However, if the user has purchased a paid version of the software, the license will be valid for a perpetual or indefinite period. In this case, the term will expire at the end of the period or end of the year in case the software was subscribed annually. The term may also be renewed if the user desires so.    
• Limited Warranties: Software vendors usually limit their liabilities in case of any defect or malfunction. The vendor, especially in cases of software sold off-the-shelf, state or warrant that the software or content on the software will be free from defects such as those that prevent the user from loading the software. The vendor clarifies that this warranty is valid for a limited period after delivery of the software.    

Software Development Agreement

Here are some of the crucial clauses covered in a software development agreement:

• Scope of Work: The scope of work is an extremely important clause in a software development agreement. It is important from the perspective of the client because the company or client must be certain as to what are the issues the company wants to solve, the objectives of the company, costing, business process and other requirements. The aforesaid requirements must be clearly defined to ensure systematic and effective implementation of each process. Besides, the software developer must agree to develop the software as per the scope of the agreement. Activities that the parties do not agree to must be specifically excluded in the Agreement.

• Definitions: In a software development agreement, it is important to include as many definitions as possible for clarity. The definitions must be clear and detailed especially that of the required deliverables, milestones, project management, financials, what is expected of both parties, among others.

• Timeframe: Mentioning a timeframe within which the software developer is required to finish the development work is essential. Besides, it will be flexible and systematic if the parties have milestones within the timeframe where there will be deadlines for the developer to complete certain listed tasks and the customer shall have an opportunity to review or give feedback on a frequent basis.
• Ownership of IPR: In most cases, the company intends to acquire ownership of the software or IPR in the software once the software developer completes the development of the software. Therefore, the company shall incorporate a clause where it states that the company shall obtain ownership of IP over the software once the developer finishes the development work of the software. The software developer must also ensure that it takes the necessary steps to formalise the assignment of IP to the company.                    

Technology Transfer Agreement

In this agreement, technology transfer may be tangible i.e. knowledge in physical goods, designs, technical documents etc. or intangible i.e. skills, knowhow acquired or learned by individuals over a period of time.

Here are some of the key clauses in a Technology Transfer Agreement:

• Territory and Exclusivity of License: The agreement must clearly mention whether the nature of license granted is exclusive or non-exclusive and must define the territory of license. Depending on the subject matter and terms of the agreement, the licensor or transferor may grant the license exclusively or non-exclusively or in some situations exclusive for a limited period and conversion to non-exclusive in case the transferee or licensee fails to meet a target. 

• Scope of technology transfer: The scope of this agreement usually depends on the transferor and what he or she intends to transfer. The parties must specifically mention what will be transferred such as technology, strategies, objectives etc. Besides, the parties must clearly mention the exclusions of things which will not be transferred to avoid confusion.
• Intellectual Property: It is important that the agreement defines the IP. IP includes copyrights, patents, trademarks, knowhow, among others. Terms of use of the IP must also be clearly described in the agreement.

Outsourcing Agreement

A company usually decides to outsource activities when it finds out that certain functions performed by the company itself are not cost effective and that the company is spending unnecessarily on an activity which is not its core area of work.

Here are the key clauses in an Outsourcing Agreement:

• Transfer of assets: This clause must be incorporated by the parties where the customer transfers his assets to the service provider. The assets may include software license, various equipment, hardware, equipment leases, and relevant contracts. The fact that there is a transfer of assets involved implies that the parties must have also entered into a separate transfer agreement.

• Transfer of staff/employees: This clause will be important especially where the parties agree that certain employees will be transferred to the vendor or service provider. The agreement must ensure that the transfer of employees is executed by legal means and the remuneration or salaries of the employees is not affected after the transfer.
• IP Ownership: If the subject matter of the agreement is such that during the agreement, a new IP may be created, or improved, or the existing IP is to be used, then it is of high priority to clearly define the IP and what type of IP may be created by the service provider during the existence of the agreement. 

Let us now understand some of the common cyber law related services provided to clients:

Cyber Complaint regarding cyber-crime such as online abuse, online stalking, mobile apps etc

This is a service provided by specialised experts especially when companies or individuals fall prey to cyber fraud or cyber crime such as hacking, online abuse, online defamation, pornography, online stalking. The victim in the aforesaid cases can file a cyber complaint either in a cyber cell of his or her district or in a local police station. The expert shall take down information from the victim including information in writing about the complete incident, copy of alleged email in cases related to emails, copy of alleged profile in cases related to social media, copy of location of the source where the malicious app was downloaded in cases related to mobile applications.  

Cyber Complaint regarding financial fraud over email 

This kind of service is provided especially when companies fall prey to cyber fraud such as financial frauds. In this case, the professional takes information from the victim in writing such as explaining the incident including source of the email, email id and name of the sender, name of the originating bank, account number of originating bank, name of recipient name, name of recipient bank, account number of recipient bank, name of intermediary bank (if any), SWIFT number, date of email and transaction, amount involved in the transaction. 

Cyber Complain regarding data theft 

This service is provided when a cyber-crime such as data theft is committed by employees of their companies. In this case, the professional takes information from the aggrieved party in writing which includes a copy of the data, which was stolen, copyright certificate regarding the stolen data, necessary details of the suspected employee, employment letter of the employee, non-disclosure agreement between employee and the company, devices used by the employee since employment in the company.

Cyber Complaint regarding unknown callers obtaining confidential account details

This service is provided when a cyber-crime such as stealing account details is committed on individuals. Here, the professional takes information in writing from the individual which includes a copy of the bank statement of the last year of the concerned bank, copy of all the SMS messages received about the alleged transactions, copy of identity and address proof as shown in the records of the bank. 

Cyber Complaint regarding lottery scams received via SMS or email

Here a cyber fraud of participation in a fraudulent lottery SMS disguised as a valid SMS is committed on individuals. In this case, the sender asks for account details for enrolment in the lottery. The professional takes information from the individual which includes a copy of bank statement of the concerned bank, copy of SMS messages regarding the alleged transactions, copy of identity and address proof as shown in the records of the bank.     

References

• https://www.cyberlawconsulting.com/filing_cyber.php
• https://www.gussislaw.com/software-license-agreements/
• http://lr.bsulawss.org/files/archive/volume2/issue1/2BakuStULRev118.pdf

---