Tech debt – legal aspects of cloud technology in digital energy transformation

publication date: February 01, 2023

Data migration to the cloud – remedy for tech debt

Modernization of IT systems is often the result of a new business strategy, high costs of system maintenance and development, low level of security, efficiency, and often determination of technological debt. Determining the amount of technological debt and the risks associated with it are often part of risk management in the company and are included in the Business Continuity Plan. New digital strategies and digital energy transformations require highly scalable IT systems, data security and, accordingly, transfer of data to cloud. An element associated with digital transformation and its important stage is data migration to the cloud which stands for moving applications and data from one location (on-premise) to servers of the public cloud service provider (virtual servers). This is the beginning of digital transformation.

The digital transformation of enterprises requires additional computing power, storage space and devices. Green data centers increase the energy efficiency of cloud computing. The mere transfer of company data to the cloud can reduce electricity costs and in some cases IT migration to the cloud results in up to 80 percent of lowering electricity costs. Migration of data to cloud can mitigate GHG emissions by division of energy management while cloud computing can also reduce wasted energy by optimizing the physical environment.

Digital market – new legal definition

Data storage in the cloud, i.e. “digital content” and the phenomenon of cloud computing are a key issue of digitization of the energy sector and technological debt, which is very often discussed in the national jurisdictions of the European Union in the aspect of implementing Directive (EU) 2019/770 of the European Parliament and of the Council of May 20, 2019 on certain aspects of contracts for the supply of digital content and digital services. This act creates legal aspects for the definition of a digital service, one of the key concepts of the “digital market”, which is the primary hope for reducing technological debt by moving away from conventional infrastructure and moving data to the cloud.

Innovative in its approach to the issue of digital services, the Directive harmonises, to the maximum extent, issues that have not been regulated so far. One of them is the phenomenon of cloud computing. This affects the legal framework for the shape of the cloud data storage contract, which plays a key role in the process of redefining the ways of providing computing power. The legal framework for the provision of cloud computing services is inversely proportional to their growing importance.

Service Level Agreement in cloud computing

Users who transfer data to the cloud as part of the digital transformation should therefore pay attention to the compliance with the new law indicated above of contractual templates used by cloud computing service providers. Currently, changes in the EU law aimed at harmonizing consumer law are also a good reference point for absorbing the proper content of the service level agreement. This agreement is of a mixed character, with elements of data storage agreement and service agreement.

Provisions in contracts for the transfer and storage of data in the cloud are shaped by the parties in less discretionary way, because the scope and freedom of decisions should more increasingly take into account the national and EU regulations, including guidelines specific to contracts for the provision of goods and services of a digital nature.

Legal challenges in data digitization

When migrating data to the cloud the organisations also need to apply the regulations that cover the processes of storing, processing and managing data in the cloud. In certain sectors of the economy, for example, banking, finances, cryptocurrency, lending, consumer services, there will apply separate, sector-specific requirements.

When migrating data to the cloud the enterprises need to take into account such legal aspects as cybersecurity issues, data ownership, accountability for data storage, cloud policy infrastructure, and data privacy, especially through privacy impact assessment that helps organizations value and assess the impact of their cloud operations on personal privacy.

Author: Jakub Gładkowski, Attorney, Founder of KIELTYKA GLADKOWSKI KG LEGAL, cross border oriented law firm. He advises on modern technology transactions and represents clients in litigation.