Tech & IT contracts — how to future-proof for sustainability, AI & cybersecurity

Technology contracts have long centred on price, service levels and performance. Yet in 2025, they’re starting to be shaped by a new set of pressures from regulators, investors and customers, who are beginning to expect that digital services aren’t only effective but sustainable, ethical and secure.

This shift reflects the convergence of three major forces:

1. Expanding environmental, social and governance (ESG) obligations.
2. Evolving cybersecurity and data governance requirements.
3. Rising reputational and contractual risks across the digital supply chain.

With regulatory scrutiny intensifying and sustainability becoming a strategic priority, tech businesses might wish to explore how their commercial frameworks could evolve through smarter, values-driven contracting — as Paddy Fearnon explores.

Tech’s environmental footprint

From energy-intensive data centres to hardware sourcing and software lifecycles, the tech sector has a significant environmental impact — and ESG scrutiny is rising fast.

Procurement teams are starting to ask:

• Where’s our data hosted and how green is the infrastructure?
• Are our technology partners tracking and reducing emissions?
• Can our digital solutions support sustainability targets?

In light of this, some ESG-focused provisions are beginning to appear in IT contracts, such as:

• Carbon and energy reporting obligations.
• Green SLAs (such as commitments to code efficiency or reduced compute waste).
• Sustainability-linked KPIs.
• Ethical hardware sourcing and circular economy clauses.

While not yet standard, these clauses may be worth exploring, particularly for tech businesses aiming to supply corporates, public bodies or ESG-conscious investors.

Data ethics, AI & cyber resilience

Technology contracts are also under increased scrutiny over data handling, AI use and supply chain cyber risks.

Key drivers include:

• The Data (Use and Access) Act 2025, which is reforming UK data protection and automated decision-making (ADM) rules.
• The forthcoming Cyber Security and Resilience Bill, which is set to impose duties on digital service providers and their suppliers.
• Growing pressure to regulate AI systems, especially around bias, transparency and environmental impact.

This evolving landscape may prompt business to reflect on whether their terms may benefit from updates, such as:

• AI accountability clauses, including use of training data, ‘explainability’ and liability.
• Cyber-resilience obligations across all levels of the supply chain.
• Incident response timelines and data breach response procedures.
• ADM restrictions and human review rights (where algorithms impact individuals).

These provisions aren’t yet widespread but may be worth exploring as part of a broader risk management strategy. 

Contractual best practice — aligning risk & responsibility

To help manage these overlapping risks, it may be helpful to explore how active ESG and risk management tools could be incorporated into tech contracts.

Key contractual considerations might include:

• Warranties and indemnities on ESG claims, cyber compliance and ethical data use.
• Audit and flow-down provisions, especially where subcontractors or cloud platforms are involved.
• Force majeure definitions that address climate-related or regulatory disruption.
• Tailored limitation clauses for ESG breaches, data loss or AI-driven errors.

It is important that any such clauses are realistic, measurable and aligned with operational capabilities. Overpromising on ESG commitments can carry legal and reputational risks.

Next steps — four top tips for tech businesses

As digital infrastructure becomes a focus of both environmental and regulatory policy, tech businesses might consider:

1. Audit existing contracts for ESG and cyber clauses.
2. Update documents to reflect sustainability, ADM and data risk expectations.
3. Collaborate with partners on practical and scalable green obligations.
4. Train internal teams on the legal and commercial language of ESG in tech deals.

Talk to us

Sustainability, data ethics and resilience are no longer peripheral issues in the tech sector. They’re becoming central to how technology is built, delivered and trusted. Well-considered technology contracts can serve as tools of governance that support regulatory compliance, reduce disputes and help to meet ESG goals.

Our specialist commercial and technology solicitors are experienced in helping technology companies to explore how their contracts can evolve to reflect these shifting expectations. 

Whether you’re negotiating cloud agreements, software contracts or data-sharing terms, we can help you to consider how to embed sustainability and resilience where it matters most — into the contract itself.

Talk to us by giving us a call on 0333 004 4488, sending us an email at hello@brabners.com or completing our contact form below.