Cloudflare and SLAs: What are the legal consequences when a SaaS breaches its Service Level Agreement?

Cloudflare’s extensive outage this November underscores how critical a well-drafted Service Level Agreement is and why large organisations should have an contract lawyer at their side. When cloud infrastructure falters, not only availability suffers — the entire contractual framework is put to the test.

For companies directly dependent on SaaS services, an interruption is not just a technical issue; it is about responsibility, compensation and risk allocation. And what does it actually mean, legally, when a provider promises “100 per cent availability” under a Service Level Agreement?

Cloudflare’s promise of 100% uptime — but with limited remedies under the Service Level Agreement

In Cloudflare’s enterprise terms there is an apparently powerful guarantee: 100 per cent availability. It sounds absolute, but it is far from unlimited liability. As is typical with an SLA, the key is to understand which contractual remedies actually apply if the promise is not met.

Cloudflare’s terms state that service credits are the sole and exclusive remedy for an SLA breach. This means that, as a customer, you are not entitled to damages tort or any other compensation beyond a limited reimbursement in the form of those service credits — regardless of the business-critical consequences the interruption may have for your operations.

The terms also clarify that a breach of the SLA does not constitute a breach of the broader “service performance” warranty. This is a deliberate legal construction that minimises the provider’s liability, even in the event of extensive disruption.

When technical failure becomes business risk and legal liability

Cloudflare’s outage lasted several hours and affected a significant share of global internet traffic. For enterprise customers, the impact may include:

• Lost revenue
• Reputational harm
• Disruption to downstream customer relationships
• Internal strain on support, IT, legal and compliance

Even so, compensation is often marginal because that is how the SLA-avtal is structured. Here, the content of the Service Level Agreement is decisive: what rights do you have as a customer, and which contractual remedies can you actually enforce under the SLA?

What should companies consider in cloud contracts and SLA-avtal?

For large organisations reliant on cloud infrastructure providers such as Cloudflare, it is essential not to rely solely on standard terms. When reviewing or negotiating an SLA or Service Level Agreement, consider in particular:

• Exclusive remedies: Does the SLA limit your ability to obtain anything other than service credits?
• Scope of liability: Does the Service Level Agreement cover all categories of outages, or are there carve-outs?
• Definition of availability: How is availability measured, and over what period?
• Termination rights: Can you terminate for repeated incidents under the SLA?
• Warranties vs. SLA: Is an SLA breach also a warranty breach, or are they separated — as in Cloudflare’s case?

Understanding and negotiating SLA terms is particularly important where the provider forms a system-critical part of the organisation’s IT environment. It is also an area where legal advice can deliver real commercial value — before problems arise.

Cloudflare’s outage shows the contract can be as important as the technology

Cloudflare’s disruption shows that even the most stable technology providers can experience major incidents. When that happens, it is the Service Level Agreement — not general assurances — that determines your rights and options as a customer under the SLA.

At Morling Consulting, our contract lawyers help companies analyse, negotiate and strengthen their agreements with cloud and IT providers so that the contracts hold when the technology does not.