Legal strategies for building and operating AI-ready data centers

Legal strategies for building and operating AI-ready data centers

Vinson & Elkins Partner Michael Kurzer summarizes legal issues that must be navigated when structuring AI data center agreements.

Legally speaking, what does it take to build and operate an AI-ready data center?  We provide an overview – with considerations for how to draft and negotiate the commercial agreements for a data center project.

Build, Lease or License a Data Center?

  • Building. Building an AI data center is often managed by a contractor under an engineering, procurement and construction contract. Key considerations include avoiding delays and managing unforeseen risks. Power demands and environmental and regulatory requirements may require extensive permitting from government authorities.
  • Leasing. A partial lease of a data center is typically governed by a co-location lease. Services can vary, ranging from power and environmental controls to full third-party management of the environment, servers, and IT staffing under a managed services agreement.
  • Licensing. In the fully outsourced model, all services may be licensed through a cloud computing model akin to licensing cloud software (i.e., “infrastructure-as-a-service”).

Future expansion of a data center may be limited by geography, power, environmental factors and regulatory hurdles. Expansion options, such as rights of first offer or refusal for more power or space, should be negotiated at the outset, not when they are needed.

End user needs are outlined in a customer agreement, sometimes called a “platform services agreement” or a “master services agreement.” It may be necessary to negotiate customer terms before executing agreements with service providers. Otherwise, the operator could end up stuck between “high” customer expectations and “too-low” service provider commitments.

Power, Network and Telecom Connectivity

If purchasing power from multiple sources, software and hardware pricing and switching technology can streamline energy sourcing. Even with a dedicated power source, Internet and telecommunications connectivity are typically provided by third parties. These connectivity agreements cover bandwidth provisioning, performance standards, and redundancy plans. Understanding customers’ needs and business risks is paramount to negotiate sufficient power, connectivity and peering agreements.

Servers and Software

When negotiating procurement, implementation and maintenance agreements, avoid creating inconsistent terms or gaps in service obligations between providers. Unless negotiated, general terms and conditions, product-specific terms and conditions, service level obligations, and software licenses may be one-sided and subject to unilateral changes by the seller. These services are set forth under a master services agreement, along with technical specifications, implementation deadlines and maintenance schedules. The negotiation process may take several months to complete.

The Service Level Agreement (SLA) is part of the master services agreement and outlines the performance standards of the equipment and connectivity that customers receive.  SLAs usually specify uptime guarantees for servers, mandatory staff response times to issues, and penalties for a provider’s non-compliance. The principal remedy offered for a failure to meet a service level is a service level credit on the next invoice. Credits act as liquidated damages, providing discounts in exchange for resolving disputes over substandard performance. It is critical to provide enough specificity in the list of service level obligations to categorize issues as they arise for response and remediation. A mechanism to regularly update issue and response criteria is helpful and provides customers with a mechanism to track performance.

Large enterprise software providers often conduct license audits of data centers, especially those that allow for rapid scaling up of services. Frequent audits can be disruptive and additional license fees resulting from the audits can be substantial. Operators should carefully consider user pricing contracts, data access controls, and customer termination and extension rights.

Demand for AI Chips

The demand for faster processing continues to drive demand for AI chips.  The new power-efficient chips consume even more power because they are used to process more operations in the same amount of time.  Recent AI software developments show potential to alleviate demand for AI chips and could place more focus on improvements in software efficiency, notably with respect to training and use of AI models, but at this time chip demand is at an all-time high. In the last few years, lead times on ordering high-end AI chips have ranged from a few months to the better part of a year. If you are looking to obtain AI chips for a data center located outside of the US, restrictions may apply. For example, recent export control restrictions can be a significant obstacle to obtaining the latest and next-generation AI chips, depending on the country where the data center is located, and in some cases prohibit sales entirely.

Development Agreements

Software development may be necessary to integrate and maintain equipment and to meet customer needs for connectivity. When contracting, it is important to either obtain ownership of the developed software, or to receive a perpetual, irrevocable license to the developed software and access to any source code. Without these rights, projects may have to start from square one with a new developer in the event of a dispute.

Other Equipment and Services

Support systems such as power and HVAC systems ensure reliable connectivity within the data center and to external networks. Software management tools are helpful to monitor and manage servers. These environmental support services may be provided under a managed services agreement, staffed internally or contracted out.

Compliance

Data center operators must comply with data privacy and cybersecurity laws.  Additionally, when housing data from persons from other countries and jurisdictions, the data laws of other jurisdictions may apply.  These regulations govern how personal data must be handled, stored, and protected by data center operators.  Some countries have geolocation restrictions, which limit cross-border data transfers. When providing cloud services, customers will expect the customer agreement to include a data processing agreement and/or information security addendum, which outline the types of access the data center operators may have to customer data; how it will be stored; and the responsibilities of each party to protect data.  Larger customers will insist on using their own protective forms. It is important to understand obligations before setting up infrastructure. Several US states have also implemented environmental restrictions related to data centers, including requiring stricter energy efficiency, reporting standards and renewable energy power sources.

Browse our latest issue

Intelligent Data Centres

View Magazine Archive