'%20stroke-width='15'%20stroke-linecap='round'%20stroke-dasharray='0%2044%200%2044%200%2044%200%2044%200%20360'%20cx='100'%20cy='100'%20r='70'%20transform-origin='center'%3e%3canimateTransform%20type='rotate'%20attributeName='transform'%20calcMode='discrete'%20dur='2'%20values='360;324;288;252;216;180;144;108;72;36'%20repeatCount='indefinite'%3e%3c/animateTransform%3e%3c/circle%3e%3c/svg%3e%20--%3e%3csvg%20width='78'%20height='78'%20viewBox='0%200%2078%2078'%20fill='none'%20xmlns='http://www.w3.org/2000/svg'%3e%3crect%20x='14'%20y='17'%20width='48'%20height='44'%20fill='white'%20/%3e%3cpath%20d='M24.0741%2034.9365C21.432%2034.9365%2019.377%2037.0503%2019.377%2039.7365C19.377%2042.4228%2021.4466%2044.5512%2024.0741%2044.5512C26.7016%2044.5512%2028.7714%2042.4375%2028.7714%2039.7365C28.7714%2037.0356%2026.7016%2034.9365%2024.0741%2034.9365Z'%20fill='%235082AF'%20/%3e%3cpath%20d='M38.5614%200C17.2624%200%200%2017.2624%200%2038.5616C0%2059.8606%2017.2624%2077.123%2038.5614%2077.123C59.8606%2077.123%2077.123%2059.8606%2077.123%2038.5616C77.123%2017.2624%2059.8606%200%2038.5614%200ZM32.1469%2047.5597H28.7707V46.0624L28.6533%2046.1651C27.2734%2047.2661%2025.644%2047.8386%2023.8093%2047.8386C19.3469%2047.8386%2015.9853%2044.3597%2015.9853%2039.7506C15.9853%2035.1413%2019.3469%2031.6624%2023.8093%2031.6624C25.5853%2031.6624%2027.2734%2032.2349%2028.6533%2033.3358L28.7707%2033.4238V31.9267H32.1469V47.5597ZM43.0238%2044.5506C44.7707%2044.5506%2046.3413%2043.611%2047.1486%2042.0992H50.7891C49.7616%2045.5781%2046.723%2047.824%2043.0238%2047.824C38.4147%2047.824%2034.9358%2044.345%2034.9358%2039.7358C34.9358%2035.1267%2038.4147%2031.6477%2043.0238%2031.6477C46.7083%2031.6477%2049.7469%2033.8936%2050.7891%2037.3872H47.1634C46.356%2035.8459%2044.8147%2034.9211%2043.0093%2034.9211C40.367%2034.9211%2038.312%2037.0349%2038.312%2039.7358C38.312%2042.4368%2040.3818%2044.5506%2043.0093%2044.5506H43.0238ZM60.213%2035.2H56.9835V42.7157C56.9835%2043.5963%2057.6882%2044.2862%2058.5835%2044.2862H60.213V47.5597H58.5835C55.7506%2047.5597%2053.6074%2045.4754%2053.6074%2042.7157V29.2992H56.9835V31.9267H60.213V35.2Z'%20fill='%235082AF'%20/%3e%3c/svg%3e)
'%3e%3cpath%20d='M24.0741%2034.937C21.432%2034.937%2019.377%2037.0508%2019.377%2039.737C19.377%2042.4233%2021.4466%2044.5517%2024.0741%2044.5517C26.7016%2044.5517%2028.7714%2042.438%2028.7714%2039.737C28.7714%2037.0361%2026.7016%2034.937%2024.0741%2034.937Z'%20fill='%235082AF'/%3e%3cpath%20d='M38.5614%200C17.2624%200%200%2017.2624%200%2038.5616C0%2059.8606%2017.2624%2077.123%2038.5614%2077.123C59.8606%2077.123%2077.123%2059.8606%2077.123%2038.5616C77.123%2017.2624%2059.8606%200%2038.5614%200ZM32.1469%2047.5597H28.7707V46.0624L28.6533%2046.1651C27.2734%2047.2661%2025.644%2047.8386%2023.8093%2047.8386C19.3469%2047.8386%2015.9853%2044.3597%2015.9853%2039.7506C15.9853%2035.1413%2019.3469%2031.6624%2023.8093%2031.6624C25.5853%2031.6624%2027.2734%2032.2349%2028.6533%2033.3358L28.7707%2033.4238V31.9267H32.1469V47.5597ZM43.0238%2044.5506C44.7707%2044.5506%2046.3413%2043.611%2047.1486%2042.0992H50.7891C49.7616%2045.5781%2046.723%2047.824%2043.0238%2047.824C38.4147%2047.824%2034.9358%2044.345%2034.9358%2039.7358C34.9358%2035.1267%2038.4147%2031.6477%2043.0238%2031.6477C46.7083%2031.6477%2049.7469%2033.8936%2050.7891%2037.3872H47.1634C46.356%2035.8459%2044.8147%2034.9211%2043.0093%2034.9211C40.367%2034.9211%2038.312%2037.0349%2038.312%2039.7358C38.312%2042.4368%2040.3818%2044.5506%2043.0093%2044.5506H43.0238ZM60.213%2035.2H56.9835V42.7157C56.9835%2043.5963%2057.6882%2044.2862%2058.5835%2044.2862H60.213V47.5597H58.5835C55.7506%2047.5597%2053.6074%2045.4754%2053.6074%2042.7157V29.2992H56.9835V31.9267H60.213V35.2Z'%20fill='%235082AF'/%3e%3cpath%20d='M160%2026.3203H156.463V47.4579H160V26.3203Z'%20fill='%235082AF'/%3e%3cpath%20d='M149.946%2033.0427C148.595%2031.9859%20146.907%2031.3547%20145.028%2031.3547C140.536%2031.3547%20137.102%2034.8923%20137.102%2039.5456C137.102%2044.1987%20140.536%2047.7363%20145.028%2047.7363C146.907%2047.7363%20148.595%2047.1051%20149.946%2046.0483V47.4722H153.483V31.6189H149.946V33.0427ZM145.292%2044.2869C142.65%2044.2869%20140.639%2042.2319%20140.639%2039.5309C140.639%2036.8299%20142.65%2034.7749%20145.292%2034.7749C147.935%2034.7749%20149.946%2036.8299%20149.946%2039.5309C149.946%2042.2319%20147.935%2044.2869%20145.292%2044.2869Z'%20fill='%235082AF'/%3e%3cpath%20d='M131.642%2033.0427C130.291%2031.9859%20128.603%2031.3547%20126.725%2031.3547C122.233%2031.3547%20118.798%2034.8923%20118.798%2039.5456C118.798%2044.1987%20122.233%2047.7363%20126.725%2047.7363C128.574%2047.7363%20130.262%2047.1346%20131.583%2046.0776C131.216%2048.3528%20129.235%2049.8501%20126.989%2049.8501C125.609%2049.8501%20124.141%2049.2923%20123.554%2047.7363H119.326C120.251%2050.9805%20123.187%2053.0208%20126.725%2053.0208C131.642%2053.0208%20135.18%2049.7474%20135.18%2044.8299V31.6189H131.642V33.0427ZM126.989%2044.2869C124.346%2044.2869%20122.336%2042.2319%20122.336%2039.5309C122.336%2036.8299%20124.346%2034.7749%20126.989%2034.7749C129.631%2034.7749%20131.642%2036.8299%20131.642%2039.5309C131.642%2042.2319%20129.631%2044.2869%20126.989%2044.2869Z'%20fill='%235082AF'/%3e%3cpath%20d='M109.226%2031.3401C104.573%2031.3401%20101.035%2034.8778%20101.035%2039.531C101.035%2044.1842%20104.573%2047.7218%20109.226%2047.7218C112.764%2047.7218%20115.597%2045.6815%20116.786%2042.775H112.661C111.809%2043.7292%20110.606%2044.287%20109.226%2044.287C107.083%2044.287%20105.365%2042.9366%20104.793%2040.9842H117.285C117.358%2040.5145%20117.417%2040.0007%20117.417%2039.531C117.417%2034.8778%20113.879%2031.3401%20109.226%2031.3401ZM104.778%2038.0778C105.365%2036.1255%20107.083%2034.775%20109.211%2034.775C111.34%2034.775%20113.072%2036.1255%20113.644%2038.0778H104.763H104.778Z'%20fill='%235082AF'/%3e%3cpath%20d='M98.6138%2026.3203H95.0762V47.4579H98.6138V26.3203Z'%20fill='%235082AF'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2008_12343'%3e%3crect%20width='160'%20height='78.4'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cg%20clip-path='url(%23clip1_1328_798)'%3e%3crect%20width='22'%20height='16'%20rx='2'%20fill='%231A47B8'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M2.34035%200H0V2.66667L19.6469%2016L22%2016V13.3333L2.34035%200Z'%20fill='white'/%3e%3cpath%20d='M0.780579%200L22%2014.4378V16H21.2377L0%201.54726V0H0.780579Z'%20fill='%23F93939'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M19.9048%200H22V2.66667C22%202.66667%208.39122%2011.5499%202.09524%2016H0V13.3333L19.9048%200Z'%20fill='white'/%3e%3cpath%20d='M22%200H21.2895L0%2014.4502V16H0.780579L22%201.55895V0Z'%20fill='%23F93939'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M8.00075%200H14.0176V4.93527H22V11.0615H14.0176V16H8.00075V11.0615H0V4.93527H8.00075V0Z'%20fill='white'/%3e%3cpath%20fill-rule='evenodd'%20clip-rule='evenodd'%20d='M9.26316%200H12.7368V6.15385H22V9.84615H12.7368V16H9.26316V9.84615H0V6.15385H9.26316V0Z'%20fill='%23F93939'/%3e%3c/g%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_1328_798'%3e%3crect%20width='22'%20height='16'%20fill='white'/%3e%3c/clipPath%3e%3cclipPath%20id='clip1_1328_798'%3e%3crect%20width='22'%20height='16'%20rx='2'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Drafting a cloud computing contract
Legal Framework
Cloud agreements in Belgium are shaped by several overlapping legal frameworks. Belgian contract law provides the general foundation governing the formation, performance and termination of cloud service agreements. Where personal data is processed, GDPR imposes specific obligations on both controllers and processors. Depending on the nature of the cloud provider's activities, cybersecurity obligations under NIS2 (and its Belgian implementing legislation) may also apply. In addition, the rules on unfair contract terms must be taken into account when drafting and negotiating cloud agreements. Sector-specific regulations, such as those applicable to financial services or healthcare, may impose additional requirements regarding data localisation, outsourcing and regulatory oversight. Because cloud services often involve cross-border processing, international data transfer rules under GDPR are of particular importance and must be carefully addressed.
Key elements
1. Service model and scope: Define the service model being provided, whether Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS) or a hybrid combination thereof. The functional scope of the services must be described with sufficient precision, including the specific functionalities, environments and resources made available to the customer.
2. Service Level Agreements (SLAs): Include measurable uptime commitments, clearly defined incident response times, structured escalation procedures and appropriate remedies in the event of non-compliance, such as service credits or, where appropriate, stronger contractual remedies. It is important to note that service credits should not automatically operate as an exclusive remedy excluding the customer's right to claim damages, unless this has been consciously negotiated and accepted by the parties.
3. Data processing: Where the cloud provider processes personal data on behalf of the customer, a data processing agreement compliant with Article 28 of the GDPR is mandatory. The agreement must clearly allocate the respective roles of controller and processor, specify the technical and organisational security measures to be implemented by the provider, ensure transparency regarding the use of sub-processors and establish appropriate safeguards for any international transfers of personal data outside the EEA. Cybersecurity representations made by the provider should be aligned with its actual technical capabilities, and the customer should retain the right to audit compliance with the agreed data protection obligations.
4. Data ownership and exit: Confirm whether all data uploaded or generated by the customer remains the customer's property at all times. Upon termination or expiry of the agreement, the provider should be required to make the customer's data available in a portable and commonly used format, to provide reasonable transition assistance to facilitate migration to an alternative provider, and to grant post-termination access to the data for a defined period. Following the completion of the transition, the provider should be obligated to permanently delete all customer data and to certify such deletion in writing. Vendor lock-in risk is primarily contractual in nature, and addressing these provisions at the drafting stage is essential to preserving the customer's ability to change providers.
5. Liability and limitations: Cloud providers frequently propose broad liability caps and blanket exclusions for indirect or consequential damages. When negotiating these provisions, particular attention should be given to ensuring appropriate carve-outs from any liability limitations, notably in respect of data breaches, breaches of confidentiality obligations, intellectual property infringement and wilful misconduct or gross negligence. Under Belgian law, liability for willful misconduct cannot be contractually excluded.
6. Business continuity and insolvency: The cloud contract should address business continuity and disaster recovery obligations, including the provider's obligation to maintain adequate backup and disaster recovery procedures, to implement and regularly test a business continuity plan, and, where critical software components are involved, to put in place escrow arrangements ensuring the customer's continued access to the source code in the event of the provider's insolvency or cessation of activities.
Given the degree of digital dependency inherent in cloud services, cloud contracts should not be seen as purely IT agreements, but as core infrastructure contracts that require careful legal structuring.
