Making Cloud SLAs readily usable in the EU private sector

SLA-Ready Common Reference Model Challenge & Approach



Building the Digital Single Market means revitalising European industry with a strong focus on cloud computing and the data economy.

Small and medium-sized enterprises (SMEs) are expected to be the most enthusiastic users of cloud services but lack of knowledge and concerns mostly about security are holding them back. It is imperative more be done to address concerns and remove barriers to take up, especially by SMEs, the lifeblood of the European economy.

If a user cannot understand what the cloud offers, it is hard to meaningfully utilise the benefits of the cloud. Customers also see the use of standardised cloud service level agreements (Cloud SLAs) as a critical step towards better understanding the levels of security and data protection offered and actually delivered through monitoring of cloud service provider performance.

SLA-Ready is driving a common understanding of service level agreements with greater standardisation and transparency so firms can make an informed decision on what services to use, what to expect and what to trust.

Our Common Reference Model will benefit the industry by integrating a set of SLA common components, such as common vocabularies and service level objective service metrics, as well as best practices and relevant standards to fill identified gaps in the current SLA landscape.

Cloud service customers will benefit from understanding the language used in contractual agreements like SLAs and from having tools to check the service capabilities.

The Common Reference Model provides the basis for cloud service providers to self-assess their SLAs and also benefit from a deeper understanding of specific customer requirements, including legal and data protection compliance criteria and security and privacy requirements.



SLA-Ready has conducted a comprehensive analysis of technical, economic, legal and sociological aspects related to cloud contract terms of service and service level agreements.

Technical perspective: examining SLA components from several domains, including the standardisation community that is working on the definition of SLAs, such as the ISO 19086 specification, and the research community, especially European initiatives investigating the specification and management of SLAs.

Sociological perspective: examining the requirements demanded by cloud customers and the characteristics of the SLAs currently offered by cloud service providers.

Economic perspective: examining the characteristics of the SLAs offered by different types of cloud service providers, small and large, with a special focus on economic aspects such as billing and cost related clauses.

Legal and governance perspective: examining the current state of practice of cloud service providers in relation to current regulations and legal obligations or contract management.

This analysis led to the development of 26 requirements across four main themes.

  • General requirements: mostly derived from the legal domain covering aspects to be included in any contract, such as the duration of the SLA or simply general procedural aspects, such as the number of pages of the SLA.
  • Responsibility requirements: derived mostly from the sociological and legal analysis. Including requirements related to the regulations applied or responsible parties involved in the SLA.
  • Economic requirements: derived from the economic analysis and analyst studies on cloud pricing practices. This group of requirements mostly relates to charging and billing.
  • Technical service level objectives: emerging from the technical analysis. This group contains specific requirements derived from technical components found in SLAs from different domains, such as industry, research and the standardisation community.


SLA-Ready has used these 26 requirements to refine elements comprising the initial version of the Common Reference Model.

D2.1 Requirements emerging from the state-of-the-art analysis (June 2015)

D2.2 Requirements emerging from a state-of-the-art analysis - Final Report (December 2015)