NORWAY Law and Practice Contributed by: Kari Gimmingsrud, Stian Hultin Oddbjørnsen and Andreas Bernt, Haavind
sions regarding all forms of agreements, includ - ing rules on how a binding contract is concluded and rules on certain circumstances that can lead to the invalidation of a contract. Commercial contracts will, however, very rarely be censored or invalidated by a Norwegian court of law fol - lowing the provisions of the Contracts Act. It is therefore important that the agreement, or the choice of standard template, is considered well in advance, and that the agreement regulates the placement of risk between the parties. One of the major discussion and negotiation topics over recent years in Norway has been the relationship between contract templates and standard terms and conditions from cloud ser - vice providers. Different templates have different takes on the question, from full applicability of the standard terms and conditions to very lim - ited possibility to deviate from the contract tem - plate even though standard services are offered as part of the deliverables. The Norwegian Act relating to the Sale of Goods applies directly to the sale of goods, but is to some degree seen as an expression of applica - ble non-statutory principles governing contracts law and may therefore apply analogously to IT service agreements, especially for matters not regulated in the contract. The Act governs the parties’ obligations and remedies in the event of a breach of contract, and will consequently need considering when entering into an IT ser - vice agreement. Consumers enjoy mandatory protection that cannot be varied in contract, so B2C contracts require more scrutiny than B2B contracts. Data Protection GDPR compliance is a typical challenge in many IT service contracts, as these will often involve the processing of personal data to some extent.
If the service provider will be processing data on behalf of the customer, a data processing agreement will be mandatory, pursuant to Arti - cle 28 of the GDPR. Common GDPR challenges include complex supply chains, access rights, the supplier's use of personal data for its own purposes, audit of suppliers and data transfers to third countries. Regulated Industries Regulated industries obviously have some more sector-specific regulations to be complied with. However, regulated industries frequently use the ordinary templates, with some additions to secure compliance with sector-specific regula - tions. Security regulations in the energy, finance and health sectors, for example, are often part of the contracts with entities within these domains. There are regular discussions with IT service pro - viders regarding how much responsibility they should take for compliance with sector-specific Key elements include a detailed scope of ser - vices with clear definitions of the services being provided. This should encompass all technical specifications and functional requirements. Ser - vice Level Agreements (SLAs) are furthermore very important, with performance metrics such as uptime, latency and response times, and the inclusion of penalties or remedies for failure to meet these standards. Pricing and payment terms and data protection and information secu - rity are naturally also important elements. Any infrastructure investments should be specified, with clear responsibilities for both parties. regulations in the agreements. 7.2 Service Agreements and Interconnection Agreements Favourable terms are achieved when the market standards are understood through conducting research on industry benchmarks for service
353 CHAMBERS.COM
Powered by FlippingBook