What do the easyAML agreement clauses 3.4, 3.5 and 15.9 mean?
Plain-English explanations of clause 3.4 (as-is basis, preserving ACL), clause 3.5 (third-party data services), and clause 15.9 (limitation of liability) in the easyAML Service Agreement.
Three commonly-asked-about clauses in plain English:
Clause 3.4 - "As is" / "As available" basis
easyAML is provided on an "as is" and "as available" basis while preserving Australian Consumer Law guarantees. The clause acknowledges that easyAML relies on third-party data services (DVS for document verification, Dow Jones for PEP/sanctions screening, ASIC for company data, etc.) and doesn't guarantee their availability, accuracy, or performance.
What this means practically: if DVS is offline for 1 hour due to a government IT issue, easyAML's identity verification flow may be temporarily unavailable. The clause makes clear this isn't a breach by easyAML - it's an upstream dependency outside easyAML's control. Australian Consumer Law guarantees still apply - so the clause doesn't carve out fundamental fitness-for-purpose protections.
Clause 3.5 - Customer's responsibility for their own systems
Clients are responsible for their own systems and software meeting technical standards and staying up to date. This covers things like:
- Modern browser versions (the platform supports current Chrome, Firefox, Safari, Edge).
- Reasonable internet connectivity.
- Up-to-date device software (iOS, Android, macOS, Windows).
- Their own internal security (antivirus, firewall, access controls).
If a customer's IT is significantly out of date and that's causing platform issues on their end, the clause clarifies that easyAML isn't responsible for fixing the customer's infrastructure. easyAML support will still help diagnose but the remediation may be in the customer's environment.
Clause 15.9 - De-identified data for system improvement
easyAML may use de-identified client data for system/service improvement, in compliance with Privacy Laws. All personal information is removed or protected - the de-identified data is structurally separated from anything that could identify individuals or firms.
What this enables: aggregate analysis of usage patterns to improve the platform, machine learning model training on anonymised data for AI features (subject to the principle that customer data isn't used to train external models - see Section 14), benchmarking and performance analytics.
What this doesn't allow: any use of identifiable personal information for purposes beyond delivering the service to the customer. Privacy Law compliance is the binding constraint.
For larger firms with strict procurement/legal review processes, this clause sometimes attracts amendment requests - typical patterns covered in "What's the typical pattern of contract amendments larger firms request?" above.