Vol. I · No. 001Updated every weekdayAlways free
Compute Law Blog.

Cloud and hosting agreements and SLAs for AI workloads

By Junde Liu, JD Updated May 23, 2026 Contact

In short

Cloud and hosting agreements for AI workloads are different from traditional cloud deals in several important ways. The Azure OpenAI service level agreement covers only uptime, with inference latency, model quality, and throughput excluded from the standard commitment. Redress Compliance Standard hyperscaler AI uptime commitments range from 99 percent to 99.95 percent, but credits are usually capped and are the customer’s sole remedy. AWS SageMaker SLA, Azure Machine Learning SLA, GCP Vertex AI SLA IP ownership and indemnity for model outputs have become table stakes in enterprise agreements. Redress Compliance Meanwhile, the CLOUD Act, the EU Data Act, and the FTC’s scrutiny of cloud provider and AI developer partnerships introduce cross border, competition, and data access risks that contract drafters must address. Cloud compliance analysis, FTC.gov, Law firm analysis

What makes AI cloud agreements different from traditional cloud deals?

AI cloud contracts are built around scarce, power hungry GPU resources that can cost hundreds of thousands of dollars a month to rent. The contracts must address not just server uptime but also whether the provider can actually deliver the GPUs you need, how long it takes to provision them, and what happens when a training run that has been running for weeks is interrupted by an outage.

The numbers behind the market

Estimates of total AI infrastructure investment through the end of this decade reach 5.2 trillion dollars. In 2025, Alphabet, Amazon, Meta, and Microsoft together spent 381 billion dollars on capital expenditures, a figure forecasted to reach 700 billion dollars in 2026. Law firm analysis, News report, Company press release More than 120 billion dollars of data center spending has moved off the hyperscalers’ balance sheets and into special purpose vehicles in under two years. Law firm analysis Every dollar of that spending sits inside a contract. The terms of those contracts, from SLAs to IP indemnity, are the subject of this article.

Hyperscalers versus neoclouds

The market is split between the established hyperscalers (AWS, Microsoft Azure, Google Cloud) and a growing group of neocloud providers that specialize in GPU compute. A neocloud is a cloud provider that focuses on one thing, renting out GPU hours, often at lower prices and with more flexible terms than the big three.

The largest neocloud is CoreWeave. It went public on March 28, 2025, raising 1.5 billion dollars. CoreWeave Its revenue was 1.92 billion dollars in fiscal year 2024 and reached 5.13 billion dollars in fiscal 2025. CoreWeave As of March 31, 2026, CoreWeave reported a contracted revenue backlog of 99.4 billion dollars. CoreWeave It operates over 250,000 GPUs across 43 data centers with 850 megawatts of active power, and was the first to commercially deploy NVIDIA’s GB200 and GB300 NVL72 systems. Introl, CoreWeave

The price advantage is real. As of May 2026, CoreWeave’s on demand pricing for an H100 GPU was about 6.16 dollars per GPU hour. AWS charged 6.88 dollars, Google Cloud 10.98 dollars, and Azure 12.29 dollars for equivalent instances. Neocloud pricing can be 40 to 85 percent lower than hyperscaler rates, with spot pricing pushing savings toward the upper end of that range. CoreWeave also charges zero egress fees, which can be a significant cost saver for data heavy workloads.

But CoreWeave carries about 21.6 billion dollars in debt and posted a net loss of 1.17 billion dollars in fiscal 2025. MLQ.ai, LongYield One customer, Microsoft, accounted for roughly 67 percent of fiscal 2025 revenue, and Microsoft reportedly pulled back some agreements in early 2025 over delivery issues. Fitch Ratings, Where’s Your Ed At, Financial Times For a customer drafting a long term AI cloud contract with a neocloud, the provider’s financial health and dependence on a single tenant are central credit risks. A customer may want performance guarantees, step in rights, or parent guarantees in the agreement.

The three layers of risk that set AI cloud deals apart

For contract drafters, AI cloud agreements involve three layers of risk that traditional cloud deals do not. First, the SLA must cover GPU specific performance metrics and respond to the reality that a single outage can waste weeks of training time. Second, the agreement must define who owns the AI model’s outputs and who bears the risk if those outputs infringe someone else’s intellectual property. Third, the contract must navigate the regulatory and competitive forces that can lock a customer into one provider, including government data access laws, cloud switching obligations, and the exclusive relationships between cloud providers and AI developers.

How do SLAs for AI services work?

SLAs for AI services use the same monthly uptime percentage structure as traditional cloud SLAs, but they often add or substitute metrics for GPU availability, provisioning lead time, and latency consistency. The credits that follow a breach are almost never enough to compensate for the business harm of a failed AI training job, and they are typically the customer’s only contractual remedy.

Uptime commitments across major providers

The table below shows the AI specific SLA uptime commitments for several major providers. The credit tiers are a percentage of the monthly bill for the affected service, applied as a credit toward future invoices, not paid in cash.

ProviderAI ServiceMonthly UptimeService Credits (typical tiers)Maximum Credit CapChange Notice
AWSSageMaker AI online inference99.95%10% (<99.95% to ≥99%), 25% (<99%), 100% (<95%)100% of monthly bill90 days for adverse SLA changes
AWSSageMaker Batch Transform99.9%10%, 25%, 100%100%Same
Google CloudVertex AI (training, deployment, batch)99.9%10% (<99.9% to ≥99%), 25% (<99% to ≥95%), 50% (<95%)50% of monthly bill90 days for materially adverse changes
Google CloudCloud Run GPU (with zonal redundancy)99.95%10%, 25%, 50%50%90 days
Microsoft AzureAzure OpenAI (standard)99.9%Not publicly detailed, financially backedNot publicly detailedLocked during initial term, then current SLA
NVIDIADGX Cloud service availability99%10% (<99% to ≥95%), 25% (<95%)Not publicly statedNot publicly stated
OVHcloudAI Training, AI Notebooks, AI Deploy99.5%10% (<99.5% to ≥99%), 25% (<99% to ≥95%)30% of monthly invoiced amountNot publicly stated

Source data from AWS SageMaker AI SLA, Google Vertex AI SLA, Redress Compliance, Redress Compliance, NVIDIA Cloud Services SLA, OVHcloud AI SLA.

A few points stand out. AWS may change, discontinue or add Service Level Agreements, but it must provide at least 90 days’ advance notice for adverse changes, which it may do by updating its website. AWS Customer Agreement Google Cloud must give 90 days’ notice for a materially adverse change to its SLAs. UpperEdge Microsoft locks the SLA terms during the initial contract term, then the current SLA on the web portal applies at renewal. UpperEdge The notice and change provisions are just as important as the uptime number, because a provider can lower the commitment and cap your remedy after you are already locked in.

What AI workloads need beyond uptime

A traditional SLA measures whether a virtual machine is reachable. That is not enough for AI. A training job running on thousands of GPUs needs the entire cluster to be available and performing at speed. Companies that run large AI workloads should negotiate an SLA that separately defines data breaches, cyber-attacks, and natural disasters metrics.

  • GPU availability. Is a specific number of requested GPUs on a specific instance type actually available and functioning? A standard uptime SLA only covers the service endpoint, not whether you can get the hardware. GPU cloud SLA analysis
  • Provisioning lead time. How long after you request a cluster until it is ready? For the most popular GPU models, the wait can be weeks. JarvisLabs H100 price guide
  • Latency consistency. Measured as p50, p95, and p99 latency (the 50th, 95th, and 99th percentile response times). Many AI inference workloads require consistent tail latency. GMI Cloud
  • Capacity guarantees. A commitment that the provider will have a specified number of GPUs of a certain type available, with a remedy if it does not. An SLA typically only applies to hardware you have already provisioned, not to capacity you cannot obtain. Lyceum Technology

Service credits are the only remedy, and they are small

Most major cloud providers make service credits the exclusive remedy for an SLA breach. Law firm analysis, Google Cloud SLA Credits are not paid in cash. They are applied to future monthly bills. The maximum credit for a month’s AI service is typically between 30 and 100 percent of that month’s bill, depending on the provider.

For a large AI workload, the cost of a multiday outage can far exceed the monthly service bill. A few minutes of downtime can cost a large organization 23,750 dollars per minute on average. BigPanda If the provider fails to meet the SLA and a few percent of the monthly bill is credited, the customer absorbs the rest. That is why customers with enough bargaining power push for termination rights, liquidated damages, or step in rights that let them move the workload to another provider. Whether such terms are achievable depends on deal size.

The reality of cloud outages for AI workloads

Cloud outages are becoming more frequent and more severe. In 2024, critical cloud outages increased 18 percent over the prior year, with 47 major incidents and total downtime up nearly 19 percent. Parametrix Cloud Outage Risk Report 2024, Reinsurance News, The Insurer, Reuters In 2025, the trend continued.

  • AWS US-EAST-1. A 15 hour outage on October 19 and 20, 2025, caused by a DNS race condition, cascaded across 142 AWS services and caused an estimated 500 to 650 million dollars in losses. AWS postmortem, AWS Health Dashboard, Parametrix loss estimate
  • Microsoft Azure. An 8.5 hour global outage on October 29, 2025, triggered by an inadvertent configuration change in Azure Front Door, with an estimated 16 billion dollar global economic impact. Microsoft Azure
  • Google Cloud. A 7.5 hour global outage on June 12, 2025, after a code deployment corrupted policy data that replicated globally. LinkedIn

AI infrastructure is directly responsible for some of these failures. A Google Cloud facility supporting high density AI compute suffered a six hour blackout in March 2025 when a UPS failed. LinkedIn A Microsoft AI data center power failure in December 2024 caused a nine hour ChatGPT outage. LinkedIn The underlying reason is straightforward. A single AI pod with 72 NVIDIA Blackwell GPUs draws over 800 times the power of a typical CPU server, and rack power densities now reach 140 kilowatts. LinkedIn That stress makes power and cooling failures more likely.

66 to 68 percent of cloud outages in 2025 were caused by human error, up from 53 percent in 2023. LinkedIn Configuration changes caused 23 percent of impactful outages. LinkedIn This means that even a provider with high uptime commitments can fail because of an engineer’s mistake, and the SLA credit will not come close to covering the loss.

Who owns the AI model’s output and who is liable for IP infringement?

Most enterprise AI cloud providers now give the customer ownership of the model’s outputs, promise not to train on the customer’s data, and offer some form of IP indemnity. But those protections come with important conditions, and they are not uniform across providers.

The vendor defaults

Microsoft, OpenAI, Anthropic, and Google all default to not training on enterprise customer data in their enterprise tiers, assign output ownership to the customer, and offer IP indemnification. Redress Compliance Anthropic’s commercial terms go the furthest, assigning to the customer its right, title and interest (if any) in and to Claude outputs. Anthropic Commercial Terms

AWS takes a different approach. Under its May 2026 service terms, AWS agrees not to use Individualized Usage Data or Your Content to compete with the customer’s products and services. But it may use information about how customers use and interact with the Services to improve those Services. AWS Service Terms That is a narrower promise than a full training data opt out.

Microsoft’s Customer Copyright Commitment covers Azure OpenAI, Microsoft 365 Copilot, GitHub Copilot, and Copilot Studio. Microsoft On the Issues, Microsoft Learn To receive the commitment, the customer must implement specific mitigations.

  • A metaprompt that directs the model to avoid copyright infringement.
  • Testing and evaluation to detect third party content reproduction.
  • Use of Microsoft’s protected material detection filters.

The effective dates of these requirements range from December 2023 to April 2026 depending on the product. Microsoft Learn For a customer, this means that the indemnity is not automatic. The contract must be reviewed to confirm the customer can meet those operational requirements.

OpenAI’s Copyright Shield indemnifies API and enterprise customers against third party IP claims arising from model outputs. OpenAI Business Terms, OpenAI Service Terms But it contains four important exclusions. The indemnity does not apply in these cases.

  • The customer knew or should have known the output was infringing.
  • The customer disabled OpenAI’s built-in filtering or citation features.
  • The customer modified the output.
  • The customer lacked the rights to the input data it provided.

Drafters should read those exclusions carefully. The exclusion for input data means that if a customer fine tunes a model on copyrighted material, the resulting outputs may fall outside the shield.

Anthropic’s indemnity and its financial pressure

Anthropic provides IP indemnification for enterprise customers, but the company settled a $1.5 billion text copyright class action and faces a separate music copyright lawsuit seeking over $3 billion as of March 2026. Law firm analysis, Princeton University Press, Music Business Worldwide A settlement in Bartz v. Anthropic resolved claims involving approximately 500,000 copyrighted works at at least $3,000 per title for a total of 1.5 billion dollars. Authors Guild A separate suit, UMG/Concord v. Anthropic, seeks 3.1 billion dollars. Terms.Law This litigation pressure raises a practical question. Can Anthropic financially back the IP indemnity it offers? A customer may want to negotiate for a parent guarantee, insurance requirements, or a right to terminate if the provider’s indemnity posture materially weakens.

Drafting IP indemnity and training data clauses

A practice guide identifies nine essential clauses for enterprise AI agreements. Redress Compliance

  • Training data opt out. An express covenant not to train on the customer’s data.
  • Output IP ownership. A present assignment of all right, title, and interest in outputs.
  • Personal data processing. A clear designation of the provider’s role as a processor or service provider under data protection law.
  • Data residency lock. A geographic restriction on where data is stored and processed.
  • Data retention and deletion. Specific timelines and methods for deletion at contract end.
  • Sub processor list and notification. A list of subcontractors and advance notice of changes.
  • Audit and assurance. Rights to audit or receive third party assurance reports.
  • IP indemnity. The scope, exclusions, and procedures for the provider’s defense and indemnification obligations.
  • Confidentiality scope. A clear definition of what constitutes confidential information, including model parameters and customer prompts.

What are the cross border data access and exit risks?

Two laws, the U.S. CLOUD Act and the EU Data Act, create significant contract risks for cloud agreements involving international data flows. The CLOUD Act empowers U.S. law enforcement to reach data stored anywhere by a U.S. provider. The EU Data Act imposes mandatory cloud switching procedures and bans switching charges by 2027. Any cloud contract that crosses borders must address both.

The CLOUD Act reaches data wherever it sits

Under the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), a U.S. court can compel any provider of electronic communication service or remote computing service to produce data that is in the provider’s possession, custody, or control, no matter where the data is physically stored. Exoscale The jurisdiction follows the provider, not the server. The United States has bilateral executive agreements with the United Kingdom (in force October 2022) and Australia (in force January 2024) that permit direct cross border data requests for serious crimes, subject to oversight. Negotiations with the European Union and Canada are ongoing. BSA TechPost

The CLOUD Act puts a U.S. cloud provider in a direct conflict with European law. GDPR Article 48 provides that foreign court orders requiring transfer of personal data may only be recognized or enforced if based on an international agreement, without prejudice to other Chapter V transfer grounds, and the EU Data Act’s Chapter VII imposes similar restrictions on non-personal data transfers in response to foreign government access requests. Exoscale, EDPB Guidelines 02/2024 on Article 48 GDPR, EU Data Act Article 32 A U.S. provider cannot satisfy both a U.S. disclosure order and an EU prohibition at the same time. This means that a customer with sensitive data must include in its cloud contract explicit representations about data residency, a notification obligation if the provider receives a government demand, and a right to terminate or seek indemnity if the provider is forced to disclose data.

The EU Data Act mandates free cloud switching

The EU Data Act, which entered into force in January 2024 and began applying in September 2025, phases in specific cloud switching rules that apply to any business offering cloud or data processing services in the EU, regardless of where the business is headquartered. Kiteworks

  • From September 12, 2025, a customer must be able to initiate a cloud switch on two months’ notice. The switching activities must be completed within a 30 day transitional period, followed by a 30 day data retrieval period. Extensions of up to seven months total are allowed where the switch is technically infeasible. A-Team Insight
  • From January 12, 2027, all switching charges are banned. Providers must also remove pre commercial, commercial, technical, contractual, and organizational barriers to switching. A-Team Insight

These rules will change the standard termination and exit assistance clauses in cloud contracts. A U.S. hyperscaler serving EU customers must be able to export data in a machine readable format, provide transitional support within the statutory windows, and cannot charge for it after 2027. Drafters should build these deadlines into the agreement so the customer does not have to rely on the statute after the fact.

Google Cloud’s exit program as a forerunner

Google Cloud already offers a free data transfer program for customers who are leaving the platform entirely. The customer submits an Exit Notice, then has an Initiation Period (starting 15 days after the notice, lasting 30 days) to begin migration. The migration itself must take at least 30 days. The customer then has 180 days to submit a Completion Notice, and the agreement terminates at the end of the calendar month at least 30 days after that notice. Google Cloud Exit This process closely tracks the EU Data Act’s structure and can be used as a benchmark when negotiating exit terms with other providers.

What did the FTC find about cloud provider and AI developer partnerships?

In January 2025, the Federal Trade Commission published a staff report examining the partnerships between the three largest cloud providers and their affiliated AI developers. The pairings are Microsoft and OpenAI, Amazon and Anthropic, and Google and Anthropic. The report does not accuse anyone of illegal conduct, but it details structural features that contract drafters should understand because they can create lock in.

Shared equity, exclusive spending, and embedded engineers

All three partnerships share several features, according to the FTC. FTC 6(b) Report

  • The cloud provider holds significant equity and rights to share revenue from the AI developer.
  • The cloud provider receives consultation, control, and exclusivity rights.
  • The AI developer must spend a large portion of the cloud provider’s investment on the cloud provider’s own services (a cloud spending commitment).
  • The AI developer gets discounted access to computing resources.
  • The cloud provider obtains access to the AI developer’s model related intellectual property and technical information.
  • The companies embed engineers in each other’s operations.

How these partnerships affect your contract

A customer that chooses Azure to host an AI workload may find that it is effectively locked into OpenAI’s models because Microsoft’s commercial incentives are aligned with OpenAI. If the customer wants to switch to a different model family, it may also have to migrate its cloud infrastructure, a costly and time consuming process. The reverse also applies. A customer building on Anthropic’s models through Amazon or Google may face a similar tie. When negotiating a cloud contract, a customer should consider asking for the following.

  • A commitment that the provider will support multiple model families on an equal footing, or at least will not degrade performance for non affiliated models.
  • Data portability rights that allow the customer to extract training data and fine tuned model weights in a standard format.
  • Audit or benchmarking rights to verify that the provider is not favoring its own models in network performance or resource allocation.

The FTC staff report itself is not a finding of wrongdoing, but it summarizes key findings to help the agency, the public, and policymakers deepen their understanding of these partnerships. FTC 6(b) Report

What litigation risks exist in AI cloud deals?

The most visible lawsuits in the AI cloud space are not yet about SLA breaches. They are securities class actions over AI data center capacity claims, construction disputes over the buildings themselves, and copyright cases that threaten the foundation of AI model outputs. Each one influences how contracts are drafted.

Securities class actions over capacity and bond disclosures

Two recent cases show the risk when a company’s public statements about AI data center capacity do not match reality.

  • Masaitis v. CoreWeave, Inc. (D.N.J., filed January 2026) alleges that CoreWeave overstated its ability to meet customer demand and understated infrastructure risks in connection with its IPO. VitalLaw Securities Regulation Daily
  • Ohio Carpenters’ Pension Plan v. Oracle Corp. (N.Y. state court, filed January 2026) claims that Oracle’s 18 billion dollar bond offering documents contained materially false and misleading statements about its need for additional debt to fund its AI infrastructure buildout. Reuters, Data Center Dynamics

For cloud customers, these cases are a reminder that the representations the provider makes about its AI data center buildout, power availability, and timeline should be specifically addressed in the agreement. A customer who observes that a provider is falling behind its own public roadmap may be able to call a default or demand assurance under the contract.

AI data center construction disputes

As the buildout accelerates, disputes between developers, contractors, and cloud providers are rising. In one publicly reported dispute, Rogers-O’Brien v. Microsoft, a contractor on a 1 billion dollar Texas data center alleged that Microsoft’s failure to supply equipment and manage vendors led to cascading disruptions and filed suit seeking over 34 million dollars in damages for unpaid work and extended overheads. Global Arbitration Review These disputes can delay the activation of capacity that a customer is counting on. A well drafted cloud contract will include a force majeure provision that addresses supply chain disruption and a right to transition to alternative capacity if the committed AI data center is not ready on schedule.

The pending cases that could alter the fair use analysis for AI training data, N.Y. Times v. Microsoft & OpenAI and Andersen v. Stability AI, remain pending. Daeryun Law The 1.5 billion dollar settlement in Bartz v. Anthropic may establish a per work damages figure that other plaintiffs use as a benchmark. If courts narrow the fair use defense, cloud providers’ IP indemnities become more expensive and more likely to be capped or withdrawn. A cloud contract should give the customer notice and a renegotiation window if the provider’s standard IP indemnity terms change materially.

SLA enforcement remains an open question

There is no widely reported final judgment on the merits in a pure AI cloud SLA breach dispute as of mid 2026. AI litigation tracker The litigation that exists has been securities or construction focused. That does not mean SLAs are unenforceable. It means that the industry has not yet seen a court test whether a credit cap and an exclusive remedy clause will hold up when a cloud failure destroys a multi million dollar AI training run. Until that test occurs, the drafting strategy is to negotiate the strongest remedies possible up front.

What terms must contracts include?

A well drafted AI cloud agreement addresses the nine IP and data governance clauses discussed earlier, plus three additional provisions that are especially important for AI workloads. They are AI specific force majeure, termination and transition, and financial assurance.

AI specific force majeure

Traditional force majeure clauses usually cover natural disasters and wars. They often do not address the supply chain constraints that can halt an AI buildout. A practice guide recommends that an AI cloud contract expressly list cyber-attacks and supply chain disruptions as potentially qualifying force majeure events. ContractKen

  • GPU supply constraints, including NVIDIA chip shortages.
  • Cyberattacks that specifically target AI infrastructure.
  • AI model failures that disable a core service.

The clause should require prompt written notice, obligate commercially reasonable mitigation efforts from the affected party, and grant a termination right if the disruption continues for 60 to 180 days. ContractKen

Termination, transition, and data deletion

The termination section should address the practical realities of moving a large AI workload. Key elements include the following.

  • A transition assistance period of at least 30 to 90 days after termination, during which the provider must continue to operate the service and assist with migration at rates agreed in advance (and after January 2027 in the EU, at zero cost).
  • Data export in a common machine readable format, such as JSONL for training data or standard model weight formats.
  • A data deletion deadline after termination (for example, 90 days) with a certificate of deletion.
  • A confidentiality obligation after termination that survives for a specified period, particularly for customer prompts and outputs that may contain trade secrets.

Financial assurance for neocloud contracts

If the provider is a highly leveraged neocloud, the customer should consider whether the standard parent company will stand behind the obligations. In the CoreWeave OpenAI deal, OpenAI took a 350 million dollar equity stake in CoreWeave as part of the 11.9 billion dollar contract. CoreWeave, CoreWeave That equity alignment gives OpenAI some protection. A customer without an equity stake may instead negotiate for a parent guarantee, a standby letter of credit, or a right to step into the provider’s AI data center lease if the provider defaults.

How are the biggest AI cloud deals structured in practice?

The largest AI cloud contracts use off balance sheet structures, take or pay commitments, and complex financings that tie the customer to the provider for years.

The CoreWeave OpenAI and CoreWeave Meta deals

OpenAI’s contract with CoreWeave totals approximately 22.4 billion dollars over five years. The deal began at 11.9 billion dollars in March 2025 and was expanded twice that year. In addition to GPU capacity, OpenAI received a 350 million dollar equity stake in CoreWeave. Sacra, CNBC, CoreWeave

Meta’s contract with CoreWeave was initially around 14.2 billion dollars through December 2031, with an additional expansion of approximately 21 billion dollars through December 2032. Separately, Meta’s Hyperion data center in Louisiana was financed through a special purpose vehicle called Beignet Investor, which Meta owns 20 percent of and Blue Owl owns 80 percent. Law firm analysis The SPV structure shifts the AI data center assets off Meta’s balance sheet while giving it control and equity upside.

Oracle’s Stargate bonds and lease back financings

Oracle’s Stargate project, which builds AI data centers for OpenAI, has been funded through layers of public and private financing. In September 2025, Oracle sold 18 billion dollars in publicly traded bonds. It then entered SPV lease back arrangements. These included approximately 13 billion dollars from Blue Owl and JPMorgan for the Abilene, Texas facility, a 38 billion dollar debt package for Texas and Wisconsin sites, and an 18 billion dollar loan for New Mexico. Law firm analysis, Credit research For the cloud customer (in this case, OpenAI), the contract must work across multiple entities, each with its own lenders and covenants. Coordination, step in rights, and intercreditor provisions become critical.

The Ratepayer Protection Pledge and energy obligations

In March 2026, seven major AI companies (Amazon, Google, Meta, Microsoft, Oracle, OpenAI, and xAI) entered the Ratepayer Protection Pledge, committing to build, bring, or buy their own power generation for new AI data centers and to cover the cost of all associated grid infrastructure upgrades. White House Ratepayer Protection Pledge, White House The pledge is voluntary and not legally binding at the federal level, and any enforceability would come through state-level utility regulation. Federal Register, Mintz analysis, ALEC But for cloud contracts, it signals that power availability and cost are becoming core contractual issues. A customer may want the provider to represent that it has secured adequate power capacity, and to provide a mechanism for cost sharing or termination if power becomes unavailable or uneconomically expensive.

Key takeaways

  • AI cloud SLAs must go far beyond server uptime. Negotiate separate metrics for GPU availability, provisioning lead time, latency consistency, and capacity guarantees. Standard credits are almost always the exclusive remedy and are capped at 30 to 100 percent of the monthly bill.
  • Secure output IP ownership and a training data opt out in writing. The major enterprise vendors offer these, but their indemnity protections are conditional and contain exclusions, such as for customer supplied input data.
  • Address the CLOUD Act and EU Data Act through data residency lock, government access notification, and exit assistance clauses. The EU Data Act’s zero switching charge mandate arrives in January 2027.
  • Build AI specific force majeure covering GPU supply chain disruptions and cyberattacks, with a termination right if the disruption persists beyond 60 to 90 days.
  • In large deals, off balance sheet SPV structures create multi party risk. Include step in rights, parent guarantees, or letters of credit, especially when the provider is a leveraged neocloud.
  • Monitor pending litigation and policy. Copyright cases, the FTC study, and securities actions may reshape the fair use defense, IP indemnities, and the market structure itself. Build renegotiation triggers into the contract.

Frequently asked questions

Q:What is a typical uptime SLA for an AI cloud service?

A:The most common AI specific SLA is 99.9 percent monthly uptime, offered by Amazon SageMaker batch, Google Vertex AI, and Azure OpenAI. Other tiers vary (99.95 percent for Google Cloud Run GPU with zonal redundancy, 99 percent for NVIDIA DGX Cloud). Google Cloud Run SLA, NVIDIA Cloud Services SLA The number matters less than what is covered and the remedy. AWS SageMaker AI SLA, Google Vertex AI SLA, Redress Compliance, Google Cloud Run SLA, NVIDIA DGX Cloud SLA

Q:Who owns the output from an AI model I use on a cloud provider?

A:For enterprise tiers, the major cloud AI vendors assign output ownership to the customer. Anthropic’s terms assign all right, title, and interest. Microsoft, OpenAI, and Google provide IP ownership as a default for enterprise customers. Always confirm this in the specific agreement. Redress Compliance, Terms.Law

Q:Does the cloud provider train on my data?

A:For enterprise customers, the answer is now almost always no. Microsoft, OpenAI, Anthropic, and Google do not train on enterprise customer data. AWS states it will not use Individualized Usage Data or Your Content to compete with you, but may use information about how you use the Services to improve them. Check the service specific terms. Redress Compliance, AWS Service Terms

Q:What happens if the AI service goes down and my training job fails?

A:The cloud provider will issue service credits, typically a small percentage of your monthly bill for the affected service. The credits are usually your only remedy. They do not compensate you for the wasted computational time, missed deadlines, or business losses. If the outage is severe, you may have a termination right under a negotiated agreement, but the standard SLA does not provide one.

Q:How does the EU Data Act affect my cloud contract?

A:Starting September 12, 2025, any cloud provider operating in the EU must allow you to switch providers with two months’ notice, complete the switch within a 30 day transitional period plus a 30 day data retrieval period, with possible extension. From January 12, 2027, switching charges are banned and all barriers must be removed. Your contract should reflect these rights. A-Team Insight

Q:Can the U.S. government access my data stored in a European cloud region?

A:Yes. Under the CLOUD Act, a U.S. law enforcement order compels any U.S. based cloud provider to produce data it controls, regardless of where the data is stored. This creates a direct conflict with EU data protection law. Your contract should include data residency commitments and notice obligations if the provider receives a demand. Congress.gov, Kiteworks

Q:What is a neocloud and should I use one?

A:A neocloud is a GPU specialist cloud provider, CoreWeave being the largest. Neoclouds often offer lower prices than hyperscalers and zero egress fees. CoreWeave, CoreWeave blog The trade off is higher financial risk. CoreWeave carries significant debt and customer concentration. Sacra, Reuters, CoreWeave, SemiAnalysis

Q:What should I include in a force majeure clause for an AI cloud deal?

A:Include AI-specific force majeure clauses that address disruptions such as data breaches, cyber-attacks, and natural disasters. Traditional force majeure boilerplate may not cover AI-specific risks such as cyberattacks. Monjur, Law firm analysis, Contract guide

Q:Are AI cloud SLAs enforceable when the provider fails?

A:The standard SLA states that credits are the sole and exclusive remedy. No court has yet issued a final judgment on the merits in a pure AI cloud SLA breach dispute as of mid 2026. Until one does, the enforceability of the credit cap in the face of catastrophic AI workload failure remains untested. Conn Kavanaugh, OVHcloud AI SLA

Q:How does the FTC’s investigation affect my contract?

A:The FTC staff report on CSP AI developer partnerships describes exclusive spending commitments and engineer embedding that may lock customers into a single cloud model ecosystem. While the report does not allege illegality, it identifies areas of potential competitive concern including exclusivity, increased contractual and technical switching costs, and CSP access to sensitive technical and business information. FTC 6(b) Report

Subscribe to The Compute Law Brief

The Compute Law Brief is a free weekday newsletter on the law of AI infrastructure across tax, real estate, construction, power, and deals. The big US build markets and federal law. Three minutes a morning. No paywall, and no email gate to read the blog. Subscribe if you want it in your inbox.

Junde Liu, JD, LL.M. (Taxation) candidate at UF Law. Originally published on Compute Law Blog. This article is general information and does not constitute legal advice. Reading it does not create an attorney client relationship. The reader should not act on the basis of any content here without first consulting a licensed attorney in the relevant state. Last reviewed for accuracy May 23, 2026.

The Compute Law Brief

One interesting idea worth knowing, every weekday

A free email every weekday on the law of building AI infrastructure, before you grab coffee.

Related guides

Colocation agreements and SLAs for AI data centers

Deals

Anchor tenant and colocation leases for AI data centers

Deals

Buying and selling AI data center developers and assets

Deals

Project finance for AI data center construction

Deals

REIT structures for AI data center real estate

Deals