Xaas: the legal implications of the inevitable evolution towards an integrated, service-based business model

In this article, Thought Leader Steven De Schrijver of Astrea explores the development of the Xaas concept and its impact on the data market.

Steven De Schrijver

What does Xaas entail?

Cloud computing made its entry in the early 2000s, creating a paradigm shift in the way IT services are delivered and consumed. The “as-a-service” system was initially focused on delivering software technology under the label “software-as-a-service”, but soon expanded to other disciplines such as “platform-as-service”, “infrastructure-as-a-service” and “datacenter-as-a-service”.

The subscription-based model is evolving further to meet the needs of enterprises, pursuing their digital transformation journey driven by trends including the internet of things (IOT) and machine intelligence, as well as by the desire to optimise their processes and achieve greater flexibility and performance efficiency.

The anything-as-a-service – or the “XaaS” – concept has disrupted the market in this context, offering an all-in-one package aimed at enhancing every element of enterprise IT: the software, the network, platforms, security, storage, applications, analytics, compliance and more. By integrating all these key functionalities into the central IT, XaaS helps enterprises to become agile and respond to the challenges emerging from billions of users and smart devices.

A combination of rising connectivity and more sophisticated automation is transforming traditional businesses as they blend products and services in new ways. In product-led industries such as manufacturing, this trend first manifests itself in the growth of services alongside products. However, it goes further than that. Enterprises discover that selling services in a connected world fundamentally changes how they engage with their customers. They are no longer selling discrete products and services, but blending both together to satisfy a customer need through XaaS concepts that open the door to a more continuous, proactive and predictive service culture, and more connected, engaged customer relationships. This may prove to be quite disruptive to companies that were previously merely selling products.

Examples of XaaS include UCaaS (unified communications-as-service), STaaS (storage-as-a-service), MaaS (mobility-as-a-service), NaaS (network-as-a-service), DRaaS (disaster recovery-as-a-service), SECaaS (security-as-a-service), CaaS (containers-as-a-service), FaaS (function-as-a-service), DaaS (desktop-as-a-service) or PCaaS (PC-as-a-service), AaaS (authentication-as-a-service or analytics-as-a-service), and BaaS (backend-as-a-service). There is also RaaS (robot-as-a-service), DaaS (drone-as-a-service), AIaaS (artificial intelligence-a-service), VaaS (video-as-a-service), HRaaS (human resources-as-a-service), dbPaaS (database platform-as-a-service) and LaaS (sometimes used for “location-as-a-service”, but also for “logistics-as-service”). Basically, everything can constitute a service. Key vendors include AWS, Cisco Systems, Google, IBM and Microsoft.

Of course, delivering services does require industrial-strength efficiency, but services are not production processes. Tailoring and personalising relationships and services with customers, partners and suppliers in the XaaS economy is the new reality. Unlike products, services can be modified as they are delivered; they can sometimes be co-created with customers and partners; and service providers must sometimes respond in real time to customer preferences.

Both subscription and usage-based pricing can be offered. Subscriptions provide predictable recurring revenue, and usage-based models provide continuous revenue while still supporting the agreements based on commitments and consumption that are desired by customers. For partner offerings, the billing and compensation system also needs to reflect the revenue that is due to the partner.

Rolls-Royce came up with the “Power-by-the-Hour” concept that is relevant to so many other industries: provide the exact same service for exactly the same products, but charge customers per flying hour of the engine. It is worth noting that Rolls-Royce introduced it about 50 years ago, before the term “cloud” even existed. Why is this differentiated service so valued by customers? And how can other service industries learn from this way to source?

The actual business case is straightforward for the end customer. Airlines have a difficult time forecasting how often equipment will break down. Additionally, the cost of repair and stocking spare parts is not desirable. After all, what the airline really wants is for the engine to fly. That is precisely what the Rolls-Royce Power-by-the-Hour contract offers: customers buy functionality (a flying engine) and not spare parts, as a company selling you parts and labour has a direct incentive to sell you more of it.

We all have stories about going into a car dealership with one problem, and having the mechanic find three other problems under the hood. Under the Power-by-the-Hour model this would not happen: both the service provider and the customer would have a common goal and commitment.

The service provider is actually incentivised to perform more proactive maintenance (operating time is money – downtime is not) or maybe even to design a better engine. This is a classic case of both the customer and the service provider winning.

With the introduction of cloud computing, technology lawyers became experts in advising IT companies on legal issues surrounding cloud computing, such as service levels, data security, data privacy, liability issues and exit provisions. As a result, they are now ideally suited to assist traditional businesses in their digital transformation process, converting them from companies selling products to companies providing services on a subscription or performance basis, certainly in the Industry 4.0 world where all machines, devices, sensors, people and products are interconnected via the IOT or the Internet of People (IOP).


Benefits and drawbacks of XaaS

XaaS offers a wide variety of services and applications to users on demand. XaaS is transforming the business model of enterprises across industry verticals driven by their need to do more with less. It enables businesses to reduce costs by purchasing services from cloud providers on a subscription basis. Its pay-per-use model shifts the cost from capital expenditure to operational spending, which implies a significant reduction in upfront investments in IT and infrastucture. Enterprises are increasingly embracing XaaS with the rapid evolution and adoption of cloud computing.

Technavio’s analysts forecast the global XaaS market to grow at a compound annual growth rate of 38.22% during the period 2016–2020.

The fundamental benefits of the as-a-service model are clear and include: a shift from capital to operational expenditure; fewer upfront investments; access for businesses of all sizes to up-to-date technology, maintained by service providers that can leverage economies of scale; scalability according to business requirements; fast implementation times for new applications and business processes; and freeing up staff and resources for other projects and priorities.

Of course, there are potential downsides to as-a-service adoption, which include internet bandwidth and latency, service outages, security, governance and compliance issues, inadequate performance, hidden costs (including the cost of integrating, managing and securing multiple cloud services, and of handling potentially large amounts of data), data storage and retrieval times, service provider lock-in, and customer support issues.

Most of these potential problems can be minimised with good planning and a tightly defined service-level agreement (SLA), but businesses will need to remain vigilant to minimise them and also realise that public cloud deployment will not be the answer for every IT workload or business process.


Legal challenges raised by XaaS: XaaS agreements

With the development of the as-a-service model comes the drafting of the applicable service agreements. Owing to the nature of the as-a-service system, which is to integrate many different aspects of a specific problem or functionality (eg, the entire IT system organising the management of a warehouse) in a single service package, the resulting agreements have become increasingly complex.

The customer, as well as the XaaS service provider, will have the following needs that will have to be addressed by the agreement.

Service-level agreements

As the XaaS service provider will often offer an integrated set of various services, the service levels for each aspect thereof must be laid out in a comprehensible manner and in measurable terms. This can range from the availability, capacity and support provided for a specific electronic solution to the delivery times for specific hardware.

It is also important to include the remedies and penalties that apply if the XaaS service provider is in breach of the agreed-upon service levels, as an SLA will serve little purpose without such remedies. It is possible to tie specific service levels to various incentives, such as a portion of the contractor’s payment or a bonus, and contract extensions.

Security and data protection

It is important to ensure that the appropriate security and data protection solutions, such as encryption, authentication and authorisation requirements, data mirroring, data backup, data retention, data restoration and security incident management are part of the package offered to the customer.

Because of the outsourcing of data storage, it is also important for the customer to understand where and in which manner this data is stored, as well as which legislation may apply to data stored abroad. Particular care must be taken with regard to the GDPR, as both the customer and the XaaS service provider will have obligations under data protection law in their capacity as data controller and/or data processor. Overseas data may present practical difficulties, as other state laws may impose additional compliance requirements. Including restrictions on data transfer in the service agreements without prior written consent by the customer may be considered.

In addition, the ownership of the data must also be regulated in the agreement. The customer must remain in full ownership of its own data, and obligations regarding the confidentiality of such data must be included.

Intellectual property

As XaaS agreements are often tailored to the specific customer’s needs for the outsourcing of a particular function, it may be possible for the XaaS service provider to develop specific solutions at the customer’s request. Particularly when existing data or input is used from the customer for such customised solutions, an agreement must be reached between the XaaS service provider and the customer as to who retains the intellectual property rights thereto. While the developed solutions may be specific to a particular customer’s need at a point in time, the XaaS service provider may not wish to restrict the flexibility of its own product and the solutions that may be developed for other customers in this regard. If an agreement cannot be reached, it may be possible that this results in a joint ownership instead of the sole ownership of those adaptations by either party.

Subcontractors and integration

While a single service package is offered to the customer, the service provider may (and will most likely) work with subcontractors to provide all services that are part of the subscription package. The identity of all subcontractors must be verified, as well as the contractual relationship with and between all subcontractors to make sure there are no gaps; for instance, with respect to liability.

Contract expiration, termination and exit provisions

Because of the outsourcing of a specific function as a service, the customer becomes more reliant on the service provider, as it has not invested the relevant tools in-house to maintain or control the specific outsourced function. Therefore, it is important for the customer to understand the ways in which the business relationship with the XaaS provider can come to an end, and what the implications of this are.

Problems can especially arise if the customer were to no longer have access to its own data. An important tool that can help prevent this is the inclusion of exit provisions in the service agreement. Ideally, the contract will include provisions regarding the transition of services to the customer or another supplier, such as the purchase of the licence or the provided hardware components for continued use as well as the manner in which the customer’s data will need to be destroyed or returned to the customer by the XaaS service provider. Provisions can also be included regarding measures that can be taken if the XaaS service provider were to go out of business, such as an escrow agreement.


The rapid development of different types of XaaS agreements is providing both enterprises and service providers with ample new opportunities. The as-a­-service model offers both enterprises and service providers more flexibility and a shared incentive in order to generate the best results possible. Instead of selling manufactured products, or providing one-time solutions or solutions for specific issues, XaaS service providers enter into a durable business relationship with the customer enterprise, in which they are responsible for the implementation and maintenance of a specific function that the customer enterprise desires. This allows XaaS service providers to take a more efficient approach and develop solutions that are tailored for a specific customer’s needs.

The XaaS service agreement is characterised by the long-term relationship the service provider and the customer enter into, as well as its large scope, personalisation and flexibility. However, this nature of the XaaS business model, which integrates many different services and products into a single package, also comes with its own legal challenges that differ from those in classic agreements. XaaS service agreements are often lengthy, complex documents that must attempt to integrate all of these issues in a clear manner.

Particular attention must be paid to issues that may arise surrounding the service levels for different services, security and data protection, intellectual property, the use of subcontractors, and contract expiration and termination, as discussed above. This is especially important as public awareness regarding the importance of adequate security and privacy is rising, and legal obligations in this regard have become more onerous for both parties.

Because of the scope and the personalised nature of the XaaS service agreement and the issues raised above, entering into such an agreement constitutes a large commitment by both parties that should not be taken lightly if the intention is to establish a long-term efficient business relationship that benefits both parties. As different customers rarely have identical needs, different customers should also rarely conclude identical XaaS agreements. It is, therefore, imperative more than ever for both customers and service providers to take care and spend a sufficient amount of time drafting, discussing and negotiating a XaaS service agreement with each other before it can be concluded.

Back to top

Follow us on LinkedIn

News & Features

Community News



Pro Bono

Corporate Counsel

Women in Law

Future Leaders

Research Reports

Practice Areas


The Who's Who Legal 100


Special Reports



About Us

Research Schedule

It is not possible to buy entry into any Who's Who Legal publication

Nominees have been selected based upon comprehensive, independent survey work with both general counsel and private practice lawyers worldwide. Only specialists who have met independent international research criteria are listed.

Copyright © 2019 Law Business Research Ltd. All rights reserved. | http://www.lbresearch.com

87 Lancaster Road, London, W11 1QQ, UK | Tel: +44 20 7908 1180 / Fax: +44 207 229 6910

http://www.whoswholegal.com | editorial@whoswholegal.com

Law Business Research Ltd

87 Lancaster Road, London
W11 1QQ, UK