China is in the middle of a rapid shift towards cloud technologies. Execution of the 13th Five Year Plan will deliver substantial investment into cloud computing and the sector is undergoing unprecedented growth. Meanwhile, organisations operating in this digital economy face an increasingly complex intellectual property (IP) environment, as China becomes a global IP centre and scales up IP protection, enforcement and penalties for infringement. Indeed, the number of cloud-related IP lawsuits in China grew 158% between 2011 and 2016. Against this backdrop, organisations face an important question: how can they take advantage of the enormous opportunities presented by the cloud in a way that manages this complex IP landscape? In this post, Matt Pollins and Nick Beckett from CMS look at the practical steps organisations can take to protect themselves and succeed in the cloud.
China's "Internet Plus" economy and the role of cloud computing
China is undergoing a rapid digital transformation. The "Fourth Industrial Revolution" is well underway, as the Government's "Internet Plus" initiative sees the integration of digital technologies into organisations in every industry across the nation.
The 13th Five Year Plan, which prioritises digital technologies and innovations, is the driving force of this digital transformation. As part of the Plan, China's broadband coverage will reach 70% of households by 2020. Mobile internet will reach around 85% of the population, adding a staggering 400 million additional internet users.
Against these seismic shifts in technology development and adoption, the opportunity for organisations to leverage digital technologies to drive growth and improve services is clear – whether it is the shift towards cashless payments, the growth of tele-health or the explosion in e-commerce sales. And, not content with maximising the opportunities arising from growth in the domestic market, Chinese companies are going global, launching international enterprises, from e-commerce to digital media.
At the core of China's digital transformation is cloud computing. The sector has grown an average of 40% year-on-year since 2011 and there is no sign of the pace of cloud adoption slowing. China's digital economy is being built on cloud services, often provided by third party cloud service providers. The cloud offers the opportunity to expand into new businesses and markets faster than ever before. However, this new opportunity comes with new challenges and, like every transaction with a supplier, customers need to assess any associated legal considerations. Like our previous posts on the position in Europe and South-East Asia, this post focuses on an often-overlooked legal consideration in moving to the cloud: IP.
"Infringers will pay a heavy price": China ramps up IP protection and enforcement
China is fast becoming a global centre of innovation. As the country shifts from "Made in China" to "Created in China", China is investing heavily in the development, commercialisation, protection and enforcement of IP rights.
This trend applies across all categories of IP rights – but patents are perhaps the best example of China's changing IP landscape. Chinese patent applications soared 45% in 2016 and the country is on-track to overtake the United States and Japan as the biggest user of the international patent system by 2019, according to the World Intellectual Property Office (WIPO). At a domestic level, China's patent office is already by far the world's busiest, handling about one million applications a year.
China's IP laws are also evolving to reflect the changing IP landscape. In 2017, President Xi Jinping himself made rare public comments about the need for China to further strengthen its protection of IP rights. President Xi also emphasised that China would introduce even heavier sanctions for infringement: "Wrongdoing should be punished more severely so that IP infringers will pay a heavy price". In 2015, China published a draft Fourth Amendment to its Patent Law, increasing statutory damages five-fold and expanding a number of patent and enforcement provisions.
China already sees more IP lawsuits than any other country and dispute resolution mechanisms are adapting to adjudicate these disputes more quickly and effectively. Since 2014, China has launched specialist IP courts in major cities, in addition to specialist IP "tribunals" across the country. China is one of only a limited number of countries across Asia to have such specialist dispute resolution mechanisms.
Clearly IP has become a national priority in China. This increases the range of protections available to organisations that develop IP, which is good news for the digital economy. However, it also increases the IP risks for organisations because the increasingly complex landscape raises the risks of inadvertent infringement – and the penalties for such infringement are becoming ever-more stringent.
As a result of these developments, every digital business needs to have an IP strategy, both in terms of protecting its own assets and in terms of defending itself against potential infringement claims. This is no different for companies who use the cloud than those using on-premises servers. However, the cloud gives rise to a number of new IP considerations.
How can IP be infringed in the cloud?
Unfortunately, IP risks do not disappear when information is stored in the cloud. Let's say Company A is one of the growing number of digital, technology-powered businesses in China. If the cloud services it uses, or the applications and services it runs on those cloud services, incorporate code that is owned by Company B, then Company A may have infringed Company B's intellectual property rights – including copyright and/or patents.
If Company B decides to bring an infringement claim, it could be very costly for Company A – not least since Company B might be one of a growing number of patent assertion entities, companies that exist to acquire and enforce patents, primarily in the field of software, through litigation.
The number of patent assertion entities active in China's technology sector is on the rise. There are several reasons for this. China's filing systems are increasingly efficient, making the process for securing patent protection faster than in many other countries. New patent examination guidelines are friendlier to software patent owners because they reduce the complexities associated with prosecution procedures. China's specialist IP dispute resolution courts are capable of resolving disputes more quickly than non-specialist courts. And the penalties for infringement are becoming ever-more stringent, as outlined above.
As a result of these developments, the number of cloud-related IP lawsuits in China increased 158% between 2011 and 2016.
What are the key IP infringement risks in the cloud, and how can they be addressed?
We see three key IP infringement risks as organisations in China move to the cloud – each of which we believe can be addressed by putting in place the right organisational processes.
1. The confidentiality and security risk – is my proprietary information kept confidential and secure?
Much has been written about the need for confidentiality and security in the cloud – however, this is usually looked at from a data protection or cybersecurity perspective. These issues also matter from an IP perspective.
Organisations are increasingly using the cloud for all categories of data – including commercially-sensitive data and proprietary information. The shift from "Made in China" to "Created in China" means that Chinese organisations are developing more proprietary IP rights. This also means that Chinese organisations are a target for malicious actors who recognise the value of their commercially-sensitive data and information. If that data and information were to leak into the public domain through a breach incident, it could carry immense value for competitors and malicious actors. Not only could the organisation lose the first-mover advantage, which could be relevant (amongst other things) to future patent applications, it could also find itself having to bring an IP claim against an unscrupulous competitor who leverages the stolen technology without its consent.
Of course, this does not mean that organisations should view the cloud as intrinsically less secure and therefore limit themselves to on-premises solutions. In fact, with billions of dollars of investments in cloud security by the biggest players, cloud actually has the potential to enhance security versus on-premises solutions.
The answer, instead, is to carry out thorough due diligence on the service provider and its security and confidentiality practices. This should happen both at an operational level (for example, is the service provider certified against national security standards, such as China's DJCP, and international security standards, such as ISO 27001?) and at a contractual level (e.g. does the service provider make binding contractual commitments as to data security and confidentiality?)
2. The service provider risk – what happens if their technology infringes third party IP and I get sued?
What about a situation in which an IP infringement claim is caused not by the cloud customer's own materials and code but because of the service provider's code? This is certainly a risk area that cloud customers will want to ensure is addressed, particularly at a time when patent assertion entities are becoming more active in China and around the world.
On the one hand, the cloud customer may take the view that, in all likelihood, the infringement claim will be brought against the cloud services provider – not least if the cloud services provider is a large international company with deep pockets. This is true, to an extent, but the large cloud services providers also have very large and sophisticated legal teams, not to mention a vast catalogue of many thousands of patents, which it can use to defend or counter-sue. A cloud customer may not have all of these protections – and, in the eyes of the patent assertion entity, may be more inclined to settle.
The practical solution lies, as always, in a fair allocation of risk between service provider and customer in the services contract. There is no magic in this issue – just as they would in any services contract, customers can and should be asking their services provider for indemnity protection in relation to third party claims. The problem is that the standard contracts of major cloud services providers often contain limited or no indemnity protections in favour of the customer.
Fortunately, the position is starting to change. Given the growing focus on legal and regulatory considerations with cloud adoption, cloud services providers are starting to compete not just based on technical specifications and service offerings but also based on their contractual offerings. Microsoft, for example, recently announced that it would expand its "Azure IP Advantage" offering into China through its partnership with 21Vianet. The offering provides uncapped IP indemnification coverage against third party claims. Microsoft is believed to be the first major hyperscale cloud provider to offer uncapped indemnification "as standard" in its contractual terms for cloud services in China. It remains to be seen whether uncapped indemnification will become an industry standard but undoubtedly IP indemnification is an "ask" that customers should now be raising with their service providers in China.
3. The international risk – navigating international IP laws as Chinese businesses go global
China's digital economy is not just developing on home soil. Organisations in China are increasingly active overseas, launching and investing in technology-powered businesses in other jurisdictions around the world.
The commercial opportunity to leverage domestic success to drive international growth is clear. However, international expansion carries new IP risks for technology-powered businesses. The international landscape for IP, like that in China, is changing rapidly. The risks of infringement and stringent enforcement by patent assertion entities are much the same as in China – but with the added challenge of having to navigate fragmented and unfamiliar legal frameworks for IP.
One example is South-East Asia, where we previously outlined the fragmented nature of the IP landscape and the risks of facing litigation in unfamiliar jurisdictions. So how can organisations in China navigate the international risk?
First, it is important to get data location transparency from the service provider. Without knowing where the data is located, the cloud customer cannot know which jurisdictions could potentially be relevant to an IP infringement claim. The service provider should be able to provide details of the locations in which it stores data in its cloud services (and this is of course relevant for other reasons, such as cybersecurity, data protection and country risk).
Second, the customer will want to consider whether its contractual IP indemnity protections, as outlined above, protects it against claims that occur outside of China.
Conclusions – managing IP risks to successfully leverage the cloud in China
Digital transformation is already a national priority for China – and it is already a boardroom priority. It is becoming a matter of when, rather than if, organisations will take advantage of the full spectrum of new technologies, including cloud computing.
A key part of this journey will be managing the associated legal and regulatory considerations that arise through the use of these technologies. Just as organisations have found ways to manage regulatory compliance risks, such as privacy, data security and cybersecurity considerations, so too will they need to find solutions to manage the IP risk. Cloud service providers need to play their part – and the measures above are the bare minimum that cloud customers should expect their service providers to support.
The position will no doubt continue to evolve as the 13th Five Year Plan and associated changes in IP strategy are executed. But as China transforms through cloud technologies as part of its "Internet Plus" initiative, and as the country shifts from "Made in China" to "Created in China" by placing more emphasis and value on intangible assets, management of IP risk in the cloud will be a key measure of success.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.