From Anatomy to Action: Navigating Data Center Contracts

As more businesses rely on external data centers to house their critical infrastructure, the importance of a well-negotiated data center services agreement becomes paramount. These contracts require more than just finding space—they require careful consideration of the technical, operational and financial details that will support a customer’s business needs.

Although terms may vary depending on whether the contract is with a dedicated data center, shared colocation ("colo") data center, and/or managed services provider (MSP) that subcontracts with a data center to provide space and services, the following are key considerations when negotiating any data center deal.

Space and Specifications: Defining the Environment
The space a customer leases within a data center can vary greatly in size and specifications. When contracting, it is important to detail:

• Size and Power Requirements: How much physical space and power the customer’s equipment will need. Power density (watts per square foot) is critical, and must align with the customer’s anticipated growth. Accordingly, parties should specify initial size and power requirements and negotiate a customer’s rights of first refusal for adjacent space and additional power.
• Cooling and Heating: Climate requirements to ensure that the data center maintains appropriate temperatures for customer equipment. Excessive heat can damage servers, while proper cooling enhances performance. Accordingly, contracts often specify acceptable temperature ranges and require continuous climate monitoring and alerts for any deviation beyond the acceptable range. The parties can also monitor these data center environment attributes as part of a Service Level Agreement (SLA) to incentivize the provider to meet those tolerances.
• Connectivity and Redundancy: Terms that specify failover systems and procedures to ensure business continuity if there is a failure (e.g., backup cooling systems, redundant power and network connections, the ability to connect to different carriers or cloud providers). Often, this takes the form of a detailed backup and recovery plan that meets the customer’s requirements and is tested regularly. Thoughtful SLAs that guarantee response and restoration times also help minimize the risk of downtime if there’s an incident.

Physical and Data Security: Protecting Your Assets
Security in a data center is twofold: protecting physical assets and ensuring data integrity. The contract should address both, including:

• Access Controls: The parties should negotiate access protocols, including who can physically enter the customer’s space and how security will be enforced and monitored. For instance, is 24/7 biometric access control available, and how long are video recordings retained? Is there an authorized list of entrants? Who is responsible for escorting approved visitors to a customer’s cage (and if it is someone other than the customer, is there a separate charge for this service)? These are some of the many details that should be defined.
• Data Security: If a third-party provider has access to a customer’s data or equipment, the parties need to ensure that data protection regulations (like the EU’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA)) are met, and each party’s obligations and rights are clearly defined. The contract should also include clauses covering encryption and other security requirements, along with each party’s obligations with respect to changes in regulations and compliance audits.

Service Delivery: Managing Expectations
Particularly where a customer is leasing space in a colo facility or working with an MSP, the parties need to clearly define what equipment, office/storage space, and services will be delivered, such as:

• Equipment: The contract should specify any equipment (e.g., racks, servers, power units) that will be provided or made available for rent by the data center provider or MSP. Where this is the case, the agreement will also need to clearly outline (i) the provider’s maintenance and replacement obligations, (ii) who is responsible for the equipment, including liability for damages, and (iii) each party’s ownership status during and after the term of the agreement. For example, does the customer have the right or obligation to purchase the equipment at the end of term?
• Smart Hands Services: If the customer does not have onsite personnel to manage its equipment, it may need "smart hands" services, whereby the provider’s technicians handle troubleshooting and maintenance within the customer’s space. The parties will need to specify the hours of operation, access protocols and costs associated with such services.
• Additional Space: If an MSP provides smart hands services for a customer, the parties will need to determine whether the MSP will have office space in the data center to work from when the personnel are not on the data center floor. In a colo data center, a customer may also need to rent additional storage space for spare parts and equipment. In addition to accounting for these additional space needs, the contract must specify the corresponding costs and use restrictions for such spaces.
• Service Level Agreements (SLAs): To incentivize adequate service delivery, it is crucial to include in SLAs appropriate provider obligations for things like uptime, response times and repair timelines, along with meaningful credit amounts due to the customer if the provider fails to meet the service level commitments.

Pricing Structures: Breaking Down the Costs
Pricing in data center deals often involves multiple layers and can be complex. Understanding the market standards can help avoid surprises.

• Space and Power: These are typically charged based on square footage and the amount of energy consumed (often in kilowatts). Some data centers offer tiered pricing depending on power density needs.
• Energy Costs: The parties must specify how energy consumption is calculated and whether costs are fixed or variable based on market rates.
• Services: Managed services, whether from the colo provider or an MSP, come at additional cost. These include smart hands, monitoring, backups and managed IT services.
• Flexibility and Scalability: The contract should specify whether the customer can expand or reduce space or power requirements, along with the associated costs. Including these pre-negotiated terms and rates can help avoid disputes as customer needs evolve.

Other Key Issues to Consider in Contract Negotiations
Finally, the parties will need to address these common issues during contract negotiations:

• Termination/Extension Rights and Exit Strategy: The parties should define their options, rights and obligations (and associated costs) if the customer needs to (i) exit the data center early, (ii) extend the term, or (iii) receive assistance transferring to another location/provider (“disengagement assistance”). This is typically done through appropriate termination, extension and disengagement assistance terms. What’s “appropriate” depends on the specifics of each deal; however, because exiting a data center can be a long and complex process, the parties should ensure adequate time to exit, ideally with rights to extend for predetermined periods (e.g., three-month blocks) at predetermined costs. This provides certainty for all parties if a customer experiences unexpected (and often, inevitable) data center exit delays. Having the right to a clean exit strategy, with rights to remove equipment and ensure continuous service elsewhere, will help a customer negotiate all other aspects of the services relationship.
• Energy Efficiency and Sustainability: With increasing focus on sustainability, the parties may want (or may be required by their regulators or investors) to negotiate terms related to energy efficiency, renewable energy use and the provider’s carbon footprint. In some cases, monthly reporting of carbon footprint sustainability may be required, including whether there is a zero-carbon footprint or carbon offset purchases.
• Liability and Insurance: The parties will need to define liability in the event of equipment damage, service failure, security incidents and other events. The parties should also define and understand the limits of the provider’s insurance coverage and whether additional coverage is required.
• Regulatory Compliance: Certain regulated customers may be obligated by their regulators to only use data center facilities that are certified according to applicable standards (e.g., NIST 800-53, ISO/IEC 27001, etc.), in which case the contract must include such flow-down requirements.

Conclusion: Tailoring Your Deal to Your Needs
A successful data center contract requires more than just securing space. It requires aligning the physical, operational and financial aspects of the arrangement to meet a customer’s specific needs. Addressing these and other key considerations in data center contracts will help protect each party’s interests and ensure a smooth operation.