Grid and Cloud Computing as a Tool to Transform European Economy:
Legal Considerations
Davide Maria Parrilli
Legal researcher
Interdisciplinary Centre for Law and ICT (ICRI), K.U.Leuven
Institute for Broadband Technology (IBBT)
[a] Sint-Michielstraat 6, B-3000 Leuven, Belgium
[t] +32 16 32 07 87 [f] +32 16 32 54 38
[e] davide.parrilli@law.kuleuven.be
Synopsis: The paper assesses how legal instruments and tools
can facilitate or impede the development of Grid/Cloud
technology and service providers in Europe. Particular attention
will be paid to the effects that the applicable legal framework has
directly on these providers and on the trust-generating
mechanism within the community of potential users of Grid and
Cloud computing services.
Introduction
Grid and Cloud computing are very promising technologies that may undoubtedly change the way
many companies operate. It is remarkable, in fact, that they create new offers on the providers’
side and, conversely, new needs on the users’ side. In other words, Grid and Cloud technologies
are potentially able to transform networks, through the interconnection of dispersed resources
located in different geographical places, services and lives. The transformation of services
supplied by ICT providers imply the advent and consolidation of software as a service (hereinafter
SaaS) [1], resource as a service (hereinafter RaaS), virtual hardware, etc: these are all examples
of the phenomenon of dematerialisation and virtualisation of physical items that involve to a great
extent hardware that often, in fact, is provided as a service. Transformation of lives means that
companies and consumers are expected to become familiar with the idea that their data are not
stored in-house, but ‘in the Grid’ or ‘in the Cloud’, i.e. in the dispersed servers of the provider. The
current developments in the field of Grid and Cloud computing are (maybe) paving the way to the
personal computer of the future, composed just of a monitor, a keyboard, a mouse and an
internet connection. Potentially, in fact, all data traditionally stored in the hard disk of the
computer can be retrieved online from the portal of the Grid or Cloud provider.
The scope of this paper is to assess whether or not, from the legal point of view, it is feasible that
these innovations continue in reality or, to the contrary, whether the development of Grid and
Cloud computing is expected to slow down or to stop. Actually, in fact, Grid and Cloud market is
still a niche one1, although the investments made by private companies and public institutions,
mainly in Europe and in the United States, allow analysts to be optimistic about the future of
these technologies.
The legal perspective is pivotal in order to assess the future of Grid and Cloud computing and of
their providers since the applicable legal framework is not neutral in facilitating or limiting that
expansion of businesses and innovations [1]. Legal aspects, in fact, can be seen as forces that,
often very subtly, deploy their effects on markets and businesses, acting as barriers or enablers.
In the next pages some selected legal forces will be taken into consideration and their impact on
some research questions will be investigated. The first question is if, and to what extent, the
1
Stanoevska, K., Parrilli, D.M., Thanos, G. BEinGRID: Development of Business Models for the Grid
Industry. LNCS 5206, Aug. 2008.
1
applicable legal framework can stimulate the starting up and growing of Grid/Cloud technology
providers and of Grid/Cloud-based service providers (e.s. SaaS, RaaS, etc). Furthermore, the
paper will investigate whether or not such a legal framework can stimulate companies and
individuals to become users of Grid/Cloud technologies, to store their data ‘in the Grid’ or ‘in the
Cloud’, to use software as services from remote locations, etc.
The focus of this paper is definitely European, i.e. it will take into consideration the development
of European Grid/Cloud providers and suppliers of Grid/Cloud-based services and, conversely,
the adoption of these technologies and services by European customers. At the same time,
attention will be paid to the applicable European legal sources and, when useful, to national laws
of European and non-European countries. This paper presents the research performed and the
results achieved by the author in the framework of the FP6 EU-funded IST project BEinGRID
(IST5-034702) 2 . This project, in which the author acts as legal consultant, is focused on a
considerable number (25) of real business experiments, which are pilot cases of implementation
of Grid-based businesses by European companies and research centres. In this sense BEinGRID
provides an excellent framework to evaluate the trends of Grid (and Cloud) markets in Europe.
Transforming economies: how to stimulate technology and service
providers?
As said above, the applicable legal framework, i.e. ‘the Law’, is not neutral in stimulating or
impeding that businesses using new technologies, like Grid and Cloud computing, are successful.
The first aspect to analyse regards the possibility for European companies to successfully run
businesses as technology provider or as service provider. The former is the entity that supplies
Grid or Cloud resources, on top of which it is possible to provide services, developed and stored
‘in the Grid’ or ‘in the Cloud’ (i.e. using those resources) and delivered to the clients online. A
company can act as technology provider and service provider at the same time. However it is
imaginable that a certain amount of smaller enterprises enter the market of Grid/Cloud-based
service providers, following the few big international players that have already made the first
steps.
The investments needed to start up a business as service provider are undoubtedly lower than
those required to create, manage and update a Grid or Cloud infrastructure. Actually in Europe
the majority of Grids/Clouds are basically owned by academic institutions 3, while this is not the
case in point in the United States, where there exist commercial Grids and Clouds4. With this
respect Europe is called to fill this gap. However, some legal forces, which will be analysed below,
render this task more cumbersome for European companies that are willing to enter the market of
Grid/Cloud technology providers.
Things are partially different for Grid/Cloud-based service providers, where Europe plays a
notable role. However, this market is still limited and also in this sense its development is affected
by the applicable legal framework. The legal forces hereto analysed affect the chances (for both
technology and service providers) to enter the market, the possibilities to be successful by
reducing the compliance costs, and the risks to exit from the market.
Chances – Software Patentability
Chances to enter a market are undoubtedly linked to the protection that a company can have for
the innovations it develops [2]. In the course of the project BEinGRID the issue of software
patentability arose several times, since it potentially affects the success and profitability of a
service provider. The applicable European legal framework, namely the European Patent
2
www.beingrid.eu and www.gridipedia.eu.
http://www.gridipedia.eu/grid-infrastructures.html (last retrieved 18 June 2009).
4
http://www.gridipedia.eu/cloudservicesproducts.html
and
http://www.gridipedia.eu/grid_technology_
organizations.html (last retrieved 18 June 2009).
3
2
Convention of 19735, follows a twofold approach: from one point of view, hardware is patentable,
and therefore innovations as regards the structure of Grid/Cloud systems are protectable [2].
Conversely, software delivered through a Grid/Cloud infrastructure, typically based on the SaaS
paradigm (and the same applies for RaaS and virtual hardware resources), are in principle (as far
as they are considered computer programs ‘as such’) not patentable in Europe, as highlighted
also by the case law of the Boards of Appeal of the European Patent Organisation [2]. The
situation is different in the United States, where software patentability is not a priori excluded6.
This could allow one to say that American software houses are in a more competitive position in
comparison with European companies, thus they have better opportunities to enter (and above all
to survive and make profits) the SaaS market.
Given the fact that a software can be patentable in the United States but not in Europe means
also that an American company can compete in the European market but not vice versa. More
generally, it is extremely cumbersome to state which one of the two potential solutions (software
patentability vs. software unpatentability) is better. Both of them have advantages and
disadvantages: to the ends of this paper it must be highlighted that software unpatentability may
stimulate software houses to improve existing computer programs and to deliver them as a
service together with additional functionalities. In this sense, access to the market should be
easier for small enterprises that otherwise would not have many chances. At the same time, lack
of patent protections may reduce the growth of companies that are already in the market. In other
words, a definite solution cannot be reached, but nevertheless it is important that the competent
political and jurisdictional authorities are aware that software unpatentability is not the only
possible way and that it may be challenged.
Compliance costs – European VAT
Value Added Tax (VAT) is one of the most relevant tools used by providers of electronic services
in order to offer better prices to their customers. The applicable European legal source, the socalled VAT Directive of 2006 7 , provides for a special regime applicable to services provided
through electronic means: with this respect, Grid/Cloud-based SaaS, RaaS or other applications
are surely electronic supplied services [3]. In business to business (B2B) transactions, if the
provider is an EU-based business, the place of taxation is the customer’s Member State (and the
same applies if the provider is based outside the EU). To make an example, if a German (or
American) SaaS provider supplies the software to a Belgian business, Belgian VAT will be due. In
case of export of services from a European company to a business located outside the EU, no
VAT is due.
Things are different in business to consumer (B2C) scenarios. In this case, if a European
company (or a not-European company with a fixed establishment, e.g. a subsidiary, in the EU)
provides Grid/Cloud-based services to a European consumer, the place of taxation will be the
supplier’s Member State. In practice this means that suppliers of electronic services have the
incentive to open an establishment, from where (to tax purposes) the services are provided to
consumers, in a country with a lower VAT rate, in order to offer cheaper services [3]. Many
companies, in fact, moved to Luxembourg in order to take advantage of the rate of 15 % (the
lowest in the EU) pursuant to the national applicable legislation. An example will clarify the issue:
if a provider of SaaS established in Luxembourg sells its services to a consumer who lives in
Sweden (where a rate of 25 % applies) for 100 euro per month plus VAT, the final price for the
customer will be 115 euro. If, conversely, Swedish VAT should apply, the consumer would pay
125 euro for the same service.
5
Convention on the Grant of European Patents (European Patent Convention) of 5 October 1973, available
at http://www.epo.org/patents/law/legal-texts/html/epc/1973/e/ma1.html.
6 See United States Patent and Trademark Office. Manual of Patent Examining Procedure (MPEP). July
2008. Available at http://www.uspto.gov/web/offices/pac/mpep/.
7 Council Directive 2006/112/EC of 28 November 2006 on the common system of value added tax [OJ L 347,
11.12.2006, pp. 1-118].
3
This is exactly what will happen as from 2015 when the reforms introduced by the VAT package
of 2008 will enter into force. Pursuant to this package, and more precisely Directive 2008/8/EC8,
in fact, the place of taxation in case of provision of electronic services to consumers will be the
co-called ‘Member State of Identification’, at the rate of the customer’s Member State. In other
words, every European provider will have to register for VAT purposes in one Member State of
the EU (as now not-European providers are required to do) and the applicable rate will be that set
forth by the State of the consumer. The practical consequences for businesses are that they have
to consider the place of establishment of every single consumer and apply the corresponding
VAT rate. This poses, of course, practical problems, since there are no methods to locate the
establishment of the consumer with no margins for mistakes and, from a different perspective,
administrative costs for e-providers will dramatically increase [3].
Furthermore, for many customers that buy online services provided by companies located in
Luxembourg or other countries, the price for these services will increase and this may potentially
affect the willingness of these consumers to shop on the Internet. In other words, the European
lawmaker made a real counter-reform aimed to make more difficult the life for many providers of
electronic services (especially those located in Luxembourg) and to increase their costs and
burdens (wherever they are established). This may have of course a negative impact on existing
and/or future Grid/Cloud technology and service providers.
Risks – Bankruptcy and Liabilities
All companies face risks with the potential consequence not to be competitive any more and to go
out of the market. The same applies to Grid/Cloud technology and service providers, which may
incur in bankruptcy proceedings if they are not able to pay their creditors and to be profitable. It
would go beyond the scope of this paper to analyse the bankruptcy proceedings from a European
and comparative perspective. Nevertheless, it must be said that these proceedings are usually
severe and they are aimed to protect creditors more than to offer new possibilities to the
entrepreneurs and investors that failed in their venture 9. The possibility to fail when entering new
and difficult markets is undoubtedly relatively high and the fear to be bankrupted may potentially
prevent many people to start a business (this applies especially to people willing to start up a
small company providing e-services).
Another risk for technology and service providers is the possibility to be sentenced to compensate
the damages suffered by customers if the services are not performed as promised in the
agreement with the client. As it will be showed in the next paragraph, pursuant to the applicable
European legal framework, these risks can be dramatically reduced by virtue of a contract in B2B
transactions.
Transforming lives: how to stimulate the adoption of Grid and Cloud-based
solutions by users?
In the previous paragraphs it was assessed which legal forces may directly act as barriers or
enablers to investors willing to start up profitable Grid/Cloud-based businesses (technology
providers and service providers). Special attention has been paid to the topics of software
patentability, VAT treatment of the services provided online and the risks linked to the bankruptcy
of the company. In other words, one side of the market (that of the providers) has been analysed
from the legal point of view. It is now pivotal to assess which juridical forces are likely to affect the
customers’ side, i.e. to what extent the applicable European legal framework limits or enhances
the adoption of Grid/Cloud technologies by customers. Both businesses and consumers, in fact,
are expected to trust Grid/Cloud technology and service providers and to renounce, to a variable
8
Council Directive 2008/8/EC of 12 February 2008 amending Directive 2006/112/EC as regards the place of
supply of services [OJ L 44, 20.2.2008, pp. 11-22].
9 With this regard see the very interesting contribution of Lee, S., Peng, M.W., Barney, J.B. Bankruptcy Law
and Entrepreneurship Development: A Real Options Perspective. Academy of Management Review, 32(1),
2007.
4
extent, to the direct control of their data, files, information etc that are stored or processed ‘in the
Grid’ or ‘in the Cloud’. If customers are reluctant to accept this fact the Grid/Cloud market does
not have many possibilities to take off and pave the way to the abovementioned ‘personal
computer of the future’. This issue regards computer scientists but also lawyers and policymakers
that have the pivotal role to found the trust of customers towards providers on solid grounds.
In other words, the trust that clients currently have towards Grid/Cloud providers is basically
market-driven, i.e. it is based on the reputation of these suppliers and on the legitimate
expectation that they will respect their promises. This means that special attention must be paid
to the contractual obligations of the providers: basically they assure, typically in a Service Level
Agreement (hereinafter SLA), that a certain level of availability and quality of services (QoS) will
be respected. At the same time, they will tend to protect themselves limiting as much as possible
their liabilities and the possibilities for the customer to ask for compensation if the obligations of
the provider are not respected or, in a worse scenario, if the data stored and/or processed by the
supplier get lost or corrupted due to security failures. The experience gained as legal consultant
of the project BEinGRID allows the author of this paper to state that in the great majority of SLAs
entered into by (American, but also European) Grid/Cloud technology and service providers the
customer is in a very weak position, in the sense that basically the provider is never contractually
liable10.
The situation as defined pursuant to the applicable European legal framework can be
summarised as follows. First of all, it is necessary to separate two categories of customers:
consumers and businesses. The former are all those that operate outside their trade or
profession for purely personal purposes (with this regard the European Court of Justice stated
very clearly that companies and professionals cannot be considered as consumers 11). European
legislation assures a certain level of protection to consumers, so that:

The SLA (or other contract that regulates the provision of Grid/Cloud services) shall be
regulated by the law of the country where the consumer has his habitual residence if,
basically, the provider addresses this country through his website/portal. Furthermore,
the parties can state that another law (e.g. of a not-European State) will govern the
contract, but consumer protection rules of the country of residence of the consumer apply.
These principles are set forth by the Rome I Regulation 12 (applicable as from 17
December 200913). Pursuant to other applicable legal sources (e.g. Directive 93/13/EC 14),
the provisions in the agreement that are too unbalanced in favour of the provider are
invalid (e.g. clauses that exclude legal rights of the consumer in case of non performance
of the contractual obligations by the provider; clauses that allow the provider to
unilaterally modify or terminate the agreement; etc).

The consumer can sue the provider in the court of his country of domicile or of the
country where the provider is domiciled (basically where the supplier has his headquarter
or principal place of business); at the same time the consumer can be sued only in the
courts of the state where the consumer himself is domiciled. These rules are of strict
10
See Leff, A., Rayfield, J., Dias, D.M. Service-Level Agreements and Commercial Grids. IEEE Internet
Computing, July/Aug. 2003, available at http://ieeexplore.ieee.org/ielx5/4236/ 27339/01215659.pdf?
arnumber=1215659 (retrieved 25/2/2009).
11 The European Court of Justice, in the case C-269/05 Francesco Beniscasa v. Dentalkit S.r.l. [ECR 1997,
I-3767], decided that consumer contracts concern only agreements whose aim is to satisfy the private
consumption needs of an individual, supposed to be the weakest party.
12 Regulation (EC) No 593/2008 of the European Parliament and the Council of 17 June 2008 on the law
applicable to contractual obligations (Rome I) ]OJ L177, 4.7.2008, pp. 6-16].
13 Until 17 December 2009 Rome Convention of 1980 will apply [OJ L266, 9.10.1980, pp. 1-19].
14 Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts [OJ L95, 21.4.1993, pp.
29-34].
5
applicability and basically cannot be derogated by the parties, unless in some specific
cases. The relevant legal source is Regulation 44/200115.
As regards B2B transactions, things are dramatically different, so that the provider can limit his
contractual liability and it can be agreed that the competent court will be that of the place where
the supplier is domiciled. In practice this means that very often the customer will not be able to
get any compensation for the damages he suffered from the infringement of the contractual
obligations of the Grid/Cloud provider, also in case of security failures (with the consequence that
the costumers’ data got lost or damaged)16. Precisely for these reasons many businesses are
extremely reluctant to store data and information ‘in the Grid’ or ‘in the Cloud’, and the same
applies for services that are provided from remote locations and that require that these data and
information are processed ‘in the Grid’ or ‘in the Cloud’.
Honestly, from the legal point of view, it is not possible to say that these companies that prefer to
act in ‘traditional’ ways and to keep their data under their direct control are completely wrong and
irrational. The risk may be more or less low, but the problematic issue is that there is no legal
protection in case of problems, security failures, etc. It is therefore highly advisable that the
European lawmaker takes into consideration this issue and analyses whether or not it is fair that
businesses do not have adequate protection when dealing with technology and service providers.
This point is even more urgent if one considers that very often the customer does not negotiate
the content of the SLA he enters into, since this agreement is basically drafted unilaterally by the
provider.
Conclusion
The experience of the project BEinGRID shows very clearly that Grid and Cloud computing are
very promising and that they are potential tools to transform the European software and hardware
market. The era of applications, resources, computing capacity, etc supplied as a service from
remote locations in a flexible and scalable way is definitely open [1]. Its further development
depends also on some legal aspects that may impede that this process continues and that
European technology and service providers play a pivotal role at global level. In lights of the
considerations expressed above, we can say that it is probably the time to rethink and reshape
the notions of software patentability without ideological influences. At the same time, it is
advisable that the European lawmaker amends the VAT regime applicable to B2C provisions of
e-services and that the criterion that the place of taxation is the supplier’s Member State is
preferred and re-adopted. As regards risks faced by the Grid/Cloud providers, it was assessed
that the applicable legal framework should free potential entrepreneurs from the fear to be
bankrupted, in other words it is necessary to harmonise protection of creditors with creation of
new companies, i.e. with innovation and more jobs.
Furthermore, creating trust which is based on solid legal grounds is absolutely important. This
may happen through both traditional legal ways (amendment of existing legislation aimed to
improve the level of protection for customers in B2B transactions) or through so-called
instruments of ‘soft law’ or best practices. In particular, a good idea would be that of creating a
label for technology and service providers that use fair contractual provisions in their SLAs, so
that companies can easily recognize the trustable suppliers. This would also stimulate a race to
the top by all players in the market in order to keep or increase their market share. An
independent authority should be in charge of analyzing which providers deserve this label and the
15
Council Regulation (EC) No 44/2001 of 22 December 2000 on jurisdiction and the recognition and
enforcement of judgements in civil and commercial matters [OJ L12, 16.1.2001, pp. 1-23].
16 See Wild, C., Weinstein, S., Riefa, C. Council Regulation (EC) 44/2001 and Internet Consumer Contracts:
Some Thoughts on Article 15 and the Futility of Applying “In the Box” Conflict of Law Rules to the “Out of
Box” Borderless World. International Review of Law, Computers & Technology, 19(1), 2005. See also Berliri,
M. Jurisdiction and the Internet, and European Regulation 44 of 2001. Woodley, S. (ed.) E-Commerce: Law
and Jurisdiction. 2002.
6
task of (European and national) public institutions would be that of implementing, promoting and
disseminating the system and the corresponding good practices.
References
1. Parrilli, D.M., Stanoevska, K., Thanos, G., Software as a Service (SaaS) Through a Grid
Network: Business and Legal Implications and Challenges. Cunningham, P. and Cunningham,
M. (eds.) Collaboration and the Knowledge Economy. Nov. 2008.
2. Parrilli, D.M.: Software Patentability in a Grid Environment. Sept. 2008. Available at SSRN:
http://ssrn.com/abstract=1275227.
3. Parrilli, D.M.: European VAT and Electronically Supplied Services. Sept. 2008. Available at
SSRN: http://ssrn.com/abstract=1261822.
7