In the EU there is the better payments directive to handle exactly this problem; big companies dragging their feet with smaller suppliers. The law requires NET-30 unless otherwise specified and anything above NET-60 in a contract is normally considered unconscionable. Of course the big companies can fudge that by complaining about issues with supply or by querying amounts, not enough description of supplied services, SLAs etc and delay it that way; but the big companies do run the risk of the regulators coming down on them.
The key phrase in his statement is "unless otherwise specified". Whenever an enterprise is dealing with a supplier -- and it doesn't matter whether it's software, electronic componentry, services, or anything else -- there is no such thing as an acceptable boilerplate contract or TOS... that is, unless the supplier is bigger than you and refuses to negotiate. Apple is notorious for bullying their suppliers for example, and Foxconn has gone so far as to purchase their own iron mine in order to control as much of their supply chain as possible. It typically takes 4-6 different groups (I feel like all this should be, and probably is documented somewhere... like every company's sales manual. You end up talking with the manager whose group requires the service/product, someone above or parallel to them as a sanity check, someone in the company's supplier management team, someone in the accounts payable org (to get your banking & credit details), someone in Legal to review contracts, a stamp of approval from one or multiple execs, and then finally whomever has to input the purchase request.) within an enterprise looking at it to get an approvable contract, and then another week or two to figure out whose signature it needs to have.
As long as money is flowing and there is no obvious abuse, no one really complains an regulators don't get involved. The wheels of commerce and all that.
Perhaps more apropos is the answer to a different version of your question, regarding a different EU directive: EU 95/46/ec (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:...). This directive covers data protection and proscribes quite a few things that make licensing or operating SAAS services challenging in the EU. Some enterprises take the tack that "well, Safe Harbor covers us." and do whatever they want. Others are ultra-conservative and refuse to use SAAS services that aren't explicitly compliant with 95/46/EC. And, since it's a directive and not actually a law in any country (except perhaps maybe slightly Sweden... which is also quite a bizarre situation, having a FB data center there and all), it's clear as mud how it would actually be enforced, or what enforcement would look like.
To close, I will tell you that The Street looks very closely at the payables/receivables numbers & ratio, just like they care about inventory turns and other supply chain metrics. It's a big, and bad, deal when a large enterprise doesn't pay more slowly than they receive payment (in aggregate).
I could tell a lot of stories but that would be ... career limiting.
> since it's a directive and not actually a law in any country
What? EU Directives are requirements on member states to bring in laws. That data protection directive has been implemented into national law in every EU member state…
> (except perhaps maybe slightly Sweden... which is also quite a bizarre situation, having a FB data center there and all)
Pretty sure Facebook is (legally) based on Ireland, and under Irish Data Procection law (which is the implementation of the EU DPD in Ireland).