Rider regarding receipt, processing and storage of data and software controlled under the international traffic in arms regulations and the export administration regulations
- Receipt, Processing, and Storage of Data and Software Controlled under U.S. Export Control Laws.
- OUTSCALE Representations. OUTSCALE hereby warrants and represents the following with respect to the provision of the Service Offerings in the effort to comply with the U.S. Export Control Laws:
- Exclusively U.S.-Based Servers. All of the servers, equipment, and other elements of the OUTSCALE cloud infrastructure utilized in provident the Service Offerings will be physically located in the United States during the period of the provision of the Service Offerings to Client.
- Administered by Exclusively U.S. Persons. All OUTSCALE employees who will be involved in the administration of the Service Offerings will be “U.S. Persons” as such term is defined in 22 CFR §120.15 and 15 CFR Part 772.
- Services Configured to Enable Data Owner to Upload and Control Access to the Data. The Service Offerings will be configured to permit the Client to upload its data and software into the OUTSCALE cloud infrastructure and to have exclusive access to such data and software while it is in present in OUTSCALE’s cloud infrastructure.
- Data Encryption. It is recognized Client will provide Client’s data in an encrypted state and OUTSCALE will not decrypt such data during the period of the provision of the Service Offerings to Client nor provide the decryption keys to any parties related to such data during such period.
- Client Obligations. The client acknowledges that data and software provided by Client to OUTSCALE may be subject to export restrictions under the International Traffic In Arms Regulations (“ITAR”) or the Export Administration Regulations (“EAR”) (“collectively the “Export Control Laws”). The client agrees to fully comply with all applicable requirements under the Export Control Laws in the transfer, storage, and use of data and software in the OUTSCALE data system. Client further agrees that in the event it provides data or software that are subject to U.S. export control restrictions for processing in the OUTSCALE cloud environment, Client will comply with the following requirements as a condition of the utilization of the Service Offerings:
- Client shall not permit unauthorized Foreign Person employees of Client to have access to the OUTSCALE cloud resources or to any export-controlled data or software unless a license is obtained or a license exception applies. In addition, Client shall not otherwise transfer, export, re-export or retransfer any export-controlled data or software (including disclosure to unauthorized Foreign Persons in the U.S.) if such transfer requires an export license unless a license has been obtained or a license exception applies;
- If Client uses any third-party software applications within the OUTSCALE cloud environment, Client shall not permit any unauthorized Foreign Persons associated with such third-party applications to have access to the OUTSCALE cloud resources or to any export-controlled data or software unless a license is obtained or a license exception applies;
- Client shall not permit any other third parties (including customers, suppliers, vendors, contractors, subcontractors, supply chain partners, joint venture partners, or other parties) that are unauthorized Foreign Persons to have access to the OUTSCALE cloud environment or export-controlled data, whether through transfer, disclosure, release, misconfiguration of security settings or other means;
- If data subject to export control restrictions is encrypted, Client shall not release the decryption keys related to such data to any unauthorized Foreign Persons unless an export license is obtained, or a license exception applies;
- Client shall maintain adequate general data security processes for its IT resources throughout its wider data network to properly protect export-controlled data and software against cybersecurity attacks; and
- If Client permits the release of any export-controlled data or software to unauthorized Foreign Persons, Client shall be deemed to be the exclusive exporter of such data or software and OUTSCALE shall have no liability or obligation related to such release.
- For purposes of this provision, the term “Foreign Person” shall mean natural persons who are not U.S. citizens, U.S. permanent resident aliens or protected individuals under 8 U.S.C. §1324b(a)(3) and foreign entities and groups that are not incorporated or organized to do business in the U.S. (including international organizations, foreign governments and any agency or subdivision of a foreign government such as a diplomatic mission).
- Employees of Client. The client shall take steps to ensure that all of its employees comply with the above requirements.
- Failure to Comply with Obligations. The failure by the Client to comply with any of the above requirements shall void any warranties or representations made by OUTSCALE hereunder. Client further agrees that in the event of Client’s breach of any of the above requirements or of Client’s breach of any of the Export Control Laws Client shall indemnify OUTSCALE for all damages, fines, penalties, costs, expenses, and other liabilities incurred by OUTSCALE (including attorneys’ fees) arising as a result of such breach.