IBM Cloud® compliance: Digital Services Act
isometric illustration of platforms and objects representing various IBM cloud compliance programs
EU Digital Services Act Compliance

IBM Cloud is committed to providing a trusted and safe platform for our clients and to ensuring compliance with the EU Digital Services Act (DSA).  This page outlines the processes IBM has put in place to comply with the DSA. 

A. Intermediary Services Provider DSA Obligations

IBM’s single point of contact to enable communications with the EU Commission and recipients of IBM Cloud Services is abuse@softlayer.com.

IBM/Softlayer Consolidated Acceptable Use Policy

The Acceptable Use Policy (“AUP”) below outlines unacceptable and prohibited use of IBM Cloud Services (the “Services”), as well as the procedures used to address complaints of AUP violations. This policy is in addition to any other terms and conditions under which IBM provides the Services to you.

Clients utilizing the IBM Cloud platform are responsible for ensuring use of the Service and content is in compliance with all applicable laws, including laws where the Service or content is uploaded, hosted, stored, accessed, or used and to implement necessary restrictions to prohibit use by any individual (e.g. restrictions on access by minors) or in any jurisdiction, as required to comply with such laws.

IBM Cloud does not maintain access to moderation capabilities for client data and content on the IBM Cloud platform, however we reserve the right to take all actions deemed appropriate to comply with applicable laws – up to and including suspension of public access to systems and services in violation of the Policy as well as termination of services.

To notify IBM of a violation of this AUP, or to report illegal activity from an IBM Cloud resource, please email abuse@softlayer.com and provide sufficient details to describe the issue.  IBM will promptly investigate and when able, will provide notification to the reporting entity once a resolution has been reached.  Questions about this Policy (e.g., whether any contemplated use is permitted) should be directed to abuse@softlayer.com.

AUP
Cloud Services may not be used to undertake any activity or host Content that:

(1) is unlawful, fraudulent, harmful, malicious, obscene, or offensive;
(2) threatens or violates the rights of others;
(3) disrupts or gains (or intends to disrupt or gain) unauthorized access to data, services, networks, or computing environments within or external to IBM;
(4) sends unsolicited, abusive, or deceptive messages of any type; or
(5) distributes any form of malware.

Client may not use Cloud Services: i) for crypto-mining, unless otherwise agreed by IBM in writing; or ii) if failure or interruption of the Cloud Services could lead to death, serious bodily injury, or property or environmental damage.

Client may not:
(1) reverse engineer any portion of a Cloud Service;
(2) assign or resell direct access to a Cloud Service to a third party outside Client's Enterprise; or
(3) combine a Cloud Service with Client's value add to create a Client-branded solution that Client markets to its end user customers unless otherwise agreed by IBM in writing.

IBM may suspend or limit, to the extent necessary, Client's use of an IBM Cloud Service if IBM reasonably determines there is a breach of the AUP.  IBM will provide notice prior to a suspension as commercially reasonable.  If the cause of a suspension can reasonably be remedied, IBM will provide notice of the actions Client must take to reinstate the IBM Cloud Services. If Client fails to take such actions within a reasonable time, IBM may terminate the IBM Cloud Services.

Government Requests for Information

IBM Cloud complies with all local and regional laws when handling government requests for information, including the EU Digital Services Act (DSA). For service of subpoenas and other government requests for information, please email subpoenas@softlayer.com.

As a provider of data center services, centered on the delivery of on-demand server infrastructure, IBM Cloud does not maintain or manage direct access to client data and content hosted from our infrastructure, as this is the direct responsibility of our customers.

Unless otherwise provided with a non-disclosure or equivalent, IBM will notify our client of the request, including information that was provided to government agents in service of the request.

B.     Online Platform DSA Obligations

To the extent the IBM Cloud Catalog qualifies as an “online platform” under the DSA, the following items apply:

1.      users of the Cloud Catalog may lodge complaints with IBM within six months after any IBM decision to do any of the following on the grounds that information provided by the user constitutes illegal content or is incompatible with the terms and conditions of service:

a.      disable access to information, or
b.      suspend or terminate the user’s services, account, or ability to monetize information provided by the user.

Such complaints may be sent to abuse@softlayer.com.  If the IBM complaint-handling process does not resolve the dispute, then users are entitled to select an out-of-court dispute settlement body (that is certified as contemplated by the DSA) to help resolve the dispute.  The certified out-of-court dispute settlement body does not have the authority to impose a binding settlement of the dispute, but IBM will engage in good faith with the certified out-of-court settlement body with a view to resolving the dispute.     

2.      “Trusted Flaggers,” as defined in the DSA, may submit notices to abuse@softlayer.com about the presence of illegal content on IBM Cloud, and such notices will be given priority by IBM and processed and decided upon without undue delay. 

3.      As required by the DSA, as of February 17, 2024, the average number of monthly active users during the previous six months is approximately 2,800,000. 
Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

 

 See more compliance programs