IBM Cloud is committed to providing a trusted and safe platform for our clients and to ensuring compliance with the EU Digital Services Act (DSA). This page outlines the process IBM has put in place to comply with the DSA.
- Intermediary Services Provider DSA Obligations
For the purposes of the DSA, IBM has its main establishment in The Netherlands and IBM’s single point of contact to enable communications with the authorities in the EU and recipients of IBM Cloud Services is abuse@softlayer.com.
IBM/Softlayer Consolidated Acceptable Use Policy
The Acceptable Use Policy (“AUP”) below outlines unacceptable and prohibited use of IBM Cloud Services (the “Services”), as well as the procedures used to address complaints of AUP violations. This policy is in addition to any other terms and conditions under which IBM provides the Services to you.
Clients utilizing the IBM Cloud platform are responsible for ensuring use of the Service and content is in compliance with all applicable laws, including laws where the Service or content is uploaded, hosted, stored, accessed, or used and to implement necessary restrictions to prohibit use by any individual (e.g. restrictions on access by minors) or in any jurisdiction, as required to comply with such laws.
IBM Cloud does not maintain access to moderation capabilities for client data and content on the IBM Cloud platform, however we reserve the right to take all actions deemed appropriate to comply with applicable laws – up to and including suspension of public access to systems and services in violation of the Policy as well as termination of services.
To notify IBM of a violation of this AUP, or to report illegal activity from an IBM Cloud resource, please email abuse@softlayer.com and provide sufficient details to describe the issue. IBM will promptly investigate and when able, will provide notification to the reporting entity once a resolution has been reached. Questions about this Policy (e.g., whether any contemplated use is permitted) should be directed to abuse@softlayer.com.
AUP
Cloud Services may not be used to undertake any activity or host Content that:
(1) is unlawful, fraudulent, harmful, malicious, obscene, or offensive;
(2) threatens or violates the rights of others;
(3) disrupts or gains (or intends to disrupt or gain) unauthorized access to data, services, networks, or computing environments within or external to IBM;
(4) sends unsolicited, abusive, or deceptive messages of any type; or
(5) distributes any form of malware.
Client may not use Cloud Services: i) for crypto-mining, unless otherwise agreed by IBM in writing; or ii) if failure or interruption of the Cloud Services could lead to death, serious bodily injury, or property or environmental damage.
Client may not:
(1) reverse engineer any portion of a Cloud Service;
(2) assign or resell direct access to a Cloud Service to a third party outside Client’s Enterprise; or
(3) combine a Cloud Service with Client’s value add to create a Client-branded solution that Client markets to its end user customers unless otherwise agreed by IBM in writing.
IBM may suspend or limit, to the extent necessary, Client’s use of an IBM Cloud Service if IBM reasonably determines there is a breach of the AUP. IBM will provide notice prior to a suspension as commercially reasonable. If the cause of a suspension can reasonably be remedied, IBM will provide notice of the actions Client must take to reinstate the IBM Cloud Services. If Client fails to take such actions within a reasonable time, IBM may terminate the IBM Cloud Services.
Government Requests for Information
IBM Cloud complies with all local and regional laws when handling government requests for information, including the EU Digital Services Act (DSA). For service of subpoenas and other government requests for information, please email subpoenas@softlayer.com.
As a provider of data center services, centered on the delivery of on-demand server infrastructure, IBM Cloud does not maintain or manage direct access to client data and content hosted from our infrastructure, as this is the direct responsibility of our customers.
Unless otherwise provided with a non-disclosure or equivalent, IBM will notify our client of the request, including information that was provided to government agents in service of the request.
The current DSA transparency report for IBM is available here.