Tech & IT contracts — how to future-proof for sustainability, AI & cybersecurity

Originally published on 18 September 2025 and updated on 8 January 2026.

Technology contracts often focus on price, specification, service levels and performance. However, they’re now also being shaped by a new set of pressures from regulators, investors and customers, who are beginning to expect that digital services aren’t only effective but sustainable, ethical and secure.

This shift reflects the convergence of three major forces:

1. Expanding environmental, social and governance (ESG) obligations.
2. Evolving cybersecurity and data governance requirements.
3. Rising reputational and contractual risks across the digital supply chain.

With regulatory scrutiny intensifying and sustainability becoming a strategic priority, tech businesses might wish to explore how their commercial frameworks could evolve through smarter, values-driven contracting — as Paddy Fearnon explores.

Tech’s environmental footprint

The technology sector’s environmental footprint is undergoing growing scrutiny. From energy-hungry data centres to short hardware lifecycles and opaque supply chains, digital infrastructure is now seen as a significant source of emissions, waste and social risk. Data centres alone consume about 2.5% of the UK’s electricity and their power demand could rise fourfold by 2030. 

Emerging ESG clauses in practice

In light of this, the following ESG‑related provisions are beginning to appear in technology contracts and may be worth considering based on the nature of the deal and parties involved:

1. Carbon & energy reporting

Suppliers might be asked to disclose emissions data, energy usage and sustainability metrics. This supports transparency and helps to meet stakeholder expectations. 

2. Biodiversity commitments

ESG considerations are no longer limited to carbon. Increasingly, businesses are addressing biodiversity impacts across their operations and supply chains. In sectors such as construction, legislation now requires a measurable net gain in biodiversity and similar expectations are starting to influence technology deals. These clauses may require suppliers to demonstrate how they minimise habitat disruption, support ecological restoration or comply with biodiversity-related regulations.

3. Green service level agreements (SLAs)

SLAs are evolving to include commitments around code efficiency, low-carbon hosting and renewable energy use, aligning digital infrastructure with sustainability goals.

4. Sustainability-linked KPIs

Contracts are beginning to feature targets tied to broader ESG goals like emissions reduction, ethical sourcing or participation in the circular economy. These KPIs are typically measurable and may be linked to financial incentives or penalties, providing a clear mechanism for accountability.

5. Ethical hardware sourcing & circular economy clauses

Requirements for transparency around supply chains, labour standards and material provenance are becoming more common. Clauses may also promote recycling, reuse or responsible disposal of hardware, helping to address social and environmental risks in the supply chain.

6. Audit & flow-down mechanisms

Some agreements now include rights to audit ESG compliance and require subcontractors to meet similar standards. These provisions help to ensure that ESG commitments are upheld throughout the supply chain.

7. Climate & regulatory disruption clauses

Force majeure clauses now cover climate-related events and regulatory changes while ESG breaches and artificial intelligence (AI) risks are addressed through tailored limitations. Investors and pension funds are embedding climate risk into due diligence and aligning portfolios with net-zero and biodiversity goals. 

These developments are being shaped by UK legislation, including the Procurement Act 2023, UK Sustainability Reporting Standards (UK SRS), the Data Use and Access Act 2025 and the Cyber Security and Resilience Bill.

Things to keep in mind 

As ESG clauses become more common, it may be helpful to reflect on the following:

• Avoid overpromising — ambitious commitments can be appealing but it’s important that they’re achievable. Unrealistic obligations may carry legal or reputational risks.
• Be specific — vague language can be difficult to enforce. Clear metrics, timelines and reporting mechanisms help to ensure that ESG commitments are meaningful.
• Think beyond your own operations — ESG obligations often extend to subcontractors and partners. Consider how standards can be applied across the digital supply chain.

Five key questions to ask before signing

1. Are the ESG metrics in this contract clear and auditable?
2. Do we have the systems and data needed to report on these obligations?
3. Have we considered the full supply chain?
4. What are the consequences if ESG targets are missed?
5. Have we done due diligence on the climate risk?

Data ethics, AI & cyber resilience

AI and cybersecurity now sit at the centre of many digital services and business operations. As organisations adopt AI-enabled tools and cloud platforms, it’s becoming increasingly important for technology contracts to reflect how these systems are governed and secured. Careful drafting can help support resilience, meet regulatory expectations and maintain trust with customers and partners.

Key drivers include:

• The Data (Use and Access) Act 2025 which is reforming UK data protection and automated decision-making (ADM) rules.
• The forthcoming Cyber Security and Resilience Bill which is set to impose duties on digital service providers and their suppliers.
• Growing pressure to regulate AI systems, especially around bias, transparency and environmental impact.

These changes mean businesses should consider whether their contractual terms need updating to reflect new obligations and expectations.

Setting expectations for AI governance

AI introduces unique considerations around accountability, transparency and fairness. 

Contracts can help by setting clear, proportionate expectations:

• AI accountability clauses — define responsibility for the use, outputs and consequences of AI systems. Include assurances about compliance, lawful use of data (including training data) and clarity on liability (with appropriate warranties, indemnities and limitations on liability).
• Transparency & explainability — require suppliers to provide meaningful information about how AI systems make decisions and support independent audits or testing for bias and accuracy.
• Human oversight — where algorithms impact individuals, include rights for human review and challenge in line with UK data protection law.
• Intellectual property & data ownership — clarify who owns AI-generated outputs and any improvements and set boundaries on how data can be reused.

Embedding these principles helps to manage risk and demonstrates a commitment to ethical and responsible AI use.

Building cyber resilience across the supply chain

Cybersecurity is most effective when it runs through the full delivery chain. Contracts can set a reasonable baseline for information security and outline how those expectations flow down to subcontractors and third-party providers. Including obligations for vulnerability management, timely updates and secure data handling helps to reduce exposure to risk.

Flow-down clauses ensure that subcontractors meet the same standards while proportionate audit and reporting rights provide assurance without adding unnecessary complexity.

Incident readiness & response

Even with strong controls, incidents can still occur. Well-structured contracts often set out how parties will work together if a security issue arises. 

This may include:

• Incident response timelines — clear timeframes for breach notification.
• Cooperation duties — roles and responsibilities during investigation.
• Evidence preservation — steps to maintain integrity for regulatory reporting.

Including these provisions helps to ensure prompt, coordinated responses and reduces the impact of breaches.

Contractual best practice — aligning risk & responsibility

Effective technology contracts should bring together the various strands of risk — whether from AI, data, cybersecurity or sustainability — into a clear, balanced framework. The goal is to ensure that parties understand their roles, can adapt to change and have practical mechanisms for managing new challenges as they arise. Regularly reviewing and updating agreements and promoting open communication helps contracts to remain relevant and workable as technology and regulations evolve.

Talk to us

Sustainability, data ethics and resilience are no longer peripheral issues in the tech sector. They’re becoming central to how technology is built, delivered and trusted. Well-considered technology contracts can serve as tools of governance that support regulatory compliance, reduce disputes and help to meet ESG goals.

Our specialist commercial and technology solicitors are experienced in helping technology companies to explore how their contracts can evolve to reflect these shifting expectations. 

Whether you’re negotiating cloud agreements, software contracts or data-sharing terms, we can help you to consider how to embed sustainability and resilience where it matters most — into the contract itself.

Talk to us by giving us a call on 0333 004 4488, sending us an email at hello@brabners.com or completing our contact form below.