DIGITALEUROPE aisbl Rue de la Science, 14 >> B-1000 Brussels [Belgium] T. +32 2 609 53 10 >> F. +32 2 609 53 39 www.digitaleurope.org
>> 1 of 24
15 December 2011
CLOUD COMPUTING
DIGITALEUROPE’S PERSPECTIVE
Contents
Introduction ........................................................................................................................... 2
The Evolution of the Cloud ................................................................................................. 3
1- Cloud Building Block #1: Robust and coherent data protection regime .......................... 8
2- Cloud Building Block #2: Effective cybersecurity ..........................................................10
3- Cloud Building Block #3: Fostering interoperability and data portability in the cloud .....12
4- Cloud Building Block #4: Affordable and ubiquitous broadband ....................................14
5- Cloud Building Block #5: Support for the use of energy efficient cloud ..........................16
6- Cloud Building Block #6: Meaningful investment in e-skills and awareness-raising ......18
7- Cloud Building Block #7: Grow the public sector cloud .................................................19
8- Cloud Building Block #8: New R&D initiatives and incentives .......................................20
9- The Multilateral Dimension ............................................................................................22
10- Conclusion .................................................................................................................23
>> 2 of 24
INTRODUCTION
DIGITALEUROPE is a strong proponent of economic growth as well as social progress in Europe
through the effective use of information and communication technologies (ICT). A current trend in
ICT, cloud computing, represents an evolution that could contribute in many ways to accelerate
economic and social advances. In this paper, DIGITALEUROPE offers its perspective on: cloud
computing and continued ICT evolution; how they support economic growth and the development of
new business and societal benefits; and how these developments to technological and related
business model innovations impact, and are impacted by current policy discussions of importance to
the growth and competitiveness of the European Union.
Converging ICT developments in recent years have multiplied the choices available to users as well as
suppliers of technology, in terms of how and where computing power can be consumed. Even small
enterprises and individual users now have access to supercomputing power to meet any range of
needs. The underlying value of many of these developments lies in the efficiency gains that can be
achieved through ICT, and the ways that those efficiency gains can translate into productivity gains,
cost savings, greater performance and new innovation. There are many potential sources of
efficiency gains through cloud computing, providing many options for users, but the most significant
efficiency gains involve seamless communications involving wide networks and large-scale data
centres often located in different countries. Moreover, increasing optimization of computing
resources has significant implications for energy efficiency and overall environmental impact.
To capture all the potential advantages of cloud computing, a Digital Single Market, and barrier-free
global communications more generally, is becoming more and more important. The Single Market
has been vital to Europe’s prosperity and global competitiveness – fueling dramatic growth in intra-
community trade and creating important opportunities for foreign direct investment. Thanks to the
Single Market, Europe is now the world’s most important trading area with 500 million people
generating a total GDP of over €12,000,000 million in 20101.
But while the Single Market has been a success in the world of traditional physical goods and
services, replicating that market in the digital environment has proven challenging. As economic,
cultural and political activity increasingly moves online, we are confronted with the irony that while
the internet is borderless, much online activity stops at Member State borders.
Reaping these benefits will require that the EU take affirmative and targeted measures to ensure
that Europe is cloud-ready. Specifically, DIGITALEUROPE believes that the foundation of a successful
cloud economy in Europe – and of a seamless market more broadly – rests on eight key building
blocks:
1 See September 2011 International Monetary Fund World Economic Outlook Database, available at
http://www.imf.org/external/pubs/ft/weo/2011/02/weodata/index.aspx.
>> 3 of 24
1. a coherent Single Market regulatory regime – most importantly, with regard to the rules governing the protection of personal data;
2. close collaboration between industry and government to keep data safe in the cloud;
3. support for private sector led efforts fostering greater cloud interoperability and data portability, including a modernised framework for ICT standardisation;
4. an infrastructure that supports the cloud via ubiquitous and affordable broadband;
5. close collaboration with the private sector on developing strategies and measures designed to encourage the use of energy efficient ICT, including cloud computing;
6. EU investment in e-skills training and awareness raising;
7. faster public sector adoption of cloud technologies; and
8. support for new R&D funding initiatives and incentives.
The Evolution of the Cloud
While the ICT industry has always been known for rapid innovation, and in some ways cloud
technologies are not new, many consider cloud computing to be an unusually dramatic leap forward,
even a paradigm shift. Cloud represents an amalgam and evolution of existing technologies taken in
support of new business models and with a greater scope of users and uses. This is the result of a
combination of factors converging at roughly the same time, including: increasing demands for
capacity to handle exponential growth in the volume of data to store and process, continued
advances in computing hardware power and efficiency, increasing sophistication of software able to
consolidate and optimise the utilisation of hardware, availability of large-scale computing resources
offering significant economies of scale, expansion and improving connectivity of devices and
reliability of broadband networks, and, importantly, evolving business models to enable more and
more convenient, economic, and powerful services to customers.
At the most basic level, cloud technologies provide users with access to computing infrastructure,
platforms (operating systems, development environments, etc.), and software applications via a
network (generally the web) – but it is important to recognise that in practice cloud computing
trends are diverse and difficult to summarise. While some view cloud computing as a means to store
data remotely, for others the cloud is a rich source of applications and software that can be installed,
delivered, operated and maintained remotely. And as technology evolves, dynamic new functions
continue to emerge.
Understanding the complexity of cloud computing, and recognising its current and potentially
expanding diversity -- and the diversity of stakeholder interests, from consumers to large enterprises
>> 4 of 24
to small and large cloud providers -- is an essential first step towards an informed dialogue on how
policy can support the growing European cloud ecosystem.
What is cloud computing?
Cloud computing is a short label, but it describes a vast array of business models, technologies
and services. At the simplest level, cloud computing enables IT capabilities to be delivered as
a service to users via the Internet.2 Cloud services are frequently divided into three categories
– “IaaS”, “PaaS” and “SaaS.”, although this should not be taken as a finite categorization.
Infrastructure as a Service (IaaS). These services typically provide users with virtual infrastructure, such as a platform virtualisation environment and ancillary storage and networking functions. Such services can be paid for on an “as used” basis, similar to other utilities such as water or electricity.
Platform as a Service (PaaS). This category of cloud computing sits between IaaS and SaaS. Cloud platforms include not only virtual infrastructure but also cloud application environments (and applications). Users can operate PaaS services to create and operate bespoke applications.
Software as a Service (SaaS). These services offer users access to software programs without the need to locally install and run the software. This reduces the need for each user to have their own high level computing capabilities and often also reduces maintenance costs.
Cloud services normally divide between public and private clouds – the former open to all, and the
latter managed by or specifically for the organizations they serve – or some combination of those
resources. The following diagram distinguishes features of some typical cloud scenarios:
2 NIST has also developed a helpful definition of cloud computing, calling it a “model for enabling ubiquitous,. . .
on-demand network access to a shared pool of configurable computing resources . . . .”See the NIST Definition of Cloud Computing, September 2011, available at http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.
>> 5 of 24
Because of the way cloud services are structured, cloud computing enables convenient and instant
access to a wide range of computing resources (e.g. storage, applications, services and data)
regardless of the user’s geographic location. And because these users can rely on the cloud for as
many or as few computing resources as they need, they can “pick and mix” among offerings Some
enterprises, for example, have migrated entire operations to “public clouds” hosted and maintained
by third party cloud providers, while others are using private clouds (e.g., infrastructure dedicated to
a single organisation or value chain); many organisations are combining aspects of both services in a
“hybrid” cloud, relying on a combination of public and private clouds either to allocate data or
services across those clouds based on need and purpose or to extend resources of dedicated clouds
on an as needed basis.
In addition to providing more broadly available anytime and anywhere access to more flexibly
provisioned computing resources, the cloud offers many other benefits, among them:
Promoting European competitiveness. The cloud creates innovation opportunities for
both providers and users of cloud services in Europe. Because the global cloud market is
young, vibrant and diverse with low barriers to entry, the market offers EU firms the
possibility to become market leaders; already, a number of European companies have
become brand-names in the cloud. At the same time, by giving small and mid-sized
organisations the ability to tap into virtually unlimited processing and storage capacity –
computing power previously available only to the world’s largest companies – the cloud
>> 6 of 24
enables SMEs to build businesses and offer solutions and services that in the past would
have required an up-front investment in ICT well beyond their means. Indeed, the cloud’s
impact on SME growth is potentially dramatic – some predict that cloud computing could
enable the creation or development of up to 400,000 new SMEs across the EU.3
Providing users with choice and cost-savings. Cloud users can flexibly scale computing
usage up and down as dictated by their needs. This elasticity allows users – including
SMEs – to customise their ICT usage in ways never before possible. Cloud computing also
allows enterprises and public authorities to more precisely and effectively manage their
ICT spend by paying only for the computing resources that they consume – reducing
capital expenditures and overspend. Some estimates suggest that widespread adoption of
cloud computing could reduce IT capital expenditure by almost €155 billion in the key
European economies over the next five years.4 And by reducing the fixed costs of IT
investments, cloud computing can lower the cost of creating new businesses, and
therefore boosts the entry into and competition in markets throughout the economy (and
particularly in those sectors where fixed IT spending is important).5
Helping Europe achieve social goals. In addition to driving innovation and economic
competitiveness, cloud computing can also help Europe to achieve important social
objectives. In healthcare, for example, cloud computing has enabled critical collaborations
between doctors and scientists across the globe via shared databases that in a more
efficient and cost effective fashion via software solutions that previously were accessible
only to the largest medical centres; the cloud is also being used to combine patient data
(prescription details, patient history, test results etc.) into comprehensive records that can
be instantly accessed across the patient’s healthcare providers. Public authorities have
enjoyed similar benefits using the cloud to deliver e-government services.
Reducing our energy footprint. Typically every company department, small business or
government ministry maintains servers to store data and run IT services. However, not all
this computing power is needed all the time, meaning that many servers run at 30% or less
capacity whilst still drawing power. Because computing loads are spread across users and
geographies in the cloud, hardware utilisation is improved – reducing energy consumption
by individual servers and data centres alike. One cleantech market intelligence firm
forecasts that the adoption of cloud computing will lead to a 38% reduction in worldwide
3 The Economics of Cloud Computing, F Etro, March 2011, available at:
http://www.intertic.org/Policy%20Papers/JManEc.pdf. 4 The Cloud Dividend: Part One, The economic benefits of cloud computing to business and the wider EMEA economy, Cebr
Report for EMC, December 2010, available at: http://www.redstor.com/downloads/cloud-dividend-report.pdf. 5 The Cloud Dividend: Part Two, The economic benefits of cloud computing to business and the wider EMEA economy, Cebr
Report for EMC, February 2011, available at: http://emea.emc.com/microsites/2011/cloud-dividend/cloud-dividend-report.pdf.
>> 7 of 24
data centre energy expenditures by 2020, compared to a business as usual scenario for
data centre capacity growth.6
Because of its many benefits, over the last five years, cloud computing has been transformed. Large
enterprise based private cloud solutions have evolved – to a broader array of services relied on by a
wider scope of enterprises and the public sector. According to a recent study, 37 percent of
businesses globally are deploying cloud to either remotely host applications or host data while 23
percent of global public sector IT is in the cloud.7 At the same time, consumer usage of the cloud has
also changed from services such as e-mail and social networks to consumers being creators and
distributors of content and applications on new and more far reaching cloud platforms and
infrastructure.
Worryingly, however, user uptake of the cloud in Europe has been slower than in other markets.
Estimates indicate that a smaller proportion of European businesses are using the cloud for remotely
hosted applications (17%) and to host data (19%) than in the U.S. (29% for hosted applications) and
Asia (29% for hosted data).8 And while the U.S. is estimated to have contributed 60 percent of the
$68 billion in global spending on cloud services, Europe spent only $560 million on cloud services that
same year.9
The cloud landscape in Europe may be starting to change, however. Cloud spend in Europe is on the
rise in 2011 and is anticipated to reach €5.9 billion by 201510 – and it’s predicted that cloud
computing could contribute over €760 billion to the major economies of the EU between 2010 and
2015.11 Cloud computing provides innovation opportunities not only for cloud providers and users
but to the wider ICT sector existing around the cloud, such as network providers and device
manufacturers. As an example, the cloud offers Europe’s network providers an opportunity to add
new revenues through partnerships with cloud service providers as they look for ways to enhance
their services, control delivery and ensure quality. Similarly, the increased mobility and functionality
created by the cloud is driving new opportunities and expanded global markets for consumer
electronics manufacturers in Europe. We should recall that some of the greatest benefits of cloud
are not limited to the provision of cloud services, but rather include the benefits of building new
business models and functional services that are supported and facilitated in cloud environments.
Reaping these benefits depends directly on Europe’s ability to tackle the challenges that stand in the
way of cloud deployment in Europe, and on strengthening existing policies and practices that
6 Cloud Computing Energy Efficiency, Pike Research, December 2010, see http://www.pikeresearch.com/newsroom/cloud-
computing-to-reduce-global-data-center-energy-expenditures-by-38-in-2020. 7Adoption, Approaches and Attitudes: The Future of Cloud Computing in the Public and Private Sectors, Red Shift Research,
June 2011, available at: http://www.amd.com/us/Documents/Cloud-Adoption-Approaches-and-Attitudes-Research-Report.pdf. 8 Ibid.
9 Forecast: Public Cloud Services, Worldwide and Regions, Industry Sectors, 2009-2014, Gartner, June 2010, see
http://www.gartner.com/it/page.jsp?id=1389313; and European Cloud Professional Services 2010 and 2011–2015, IDC, June 2011, see http://www.idc.com/getdoc.jsp?containerId=prUK22881811. 10
European Cloud Professional Services, supra n. 7. 11
The Cloud Dividend: Part One, supra n. 2.
>> 8 of 24
currently support the cloud. We set out below the eight building blocks that DIGITALEUROPE
members believe are imperative to drive cloud uptake and usage in Europe and to foster a more
vibrant and robust Digital Single Market.
1- CLOUD BUILDING BLOCK #1: ROBUST AND COHERENT DATA PROTECTION REGIME
Building a Single Market for cloud services requires that the EU look carefully at each of the
regulatory regimes that potentially impact cloud services, and ensure that these regimes do not
unnecessarily impede the development and/or deployment and use of cloud services. Cloud services
are not limited to any geography by definition, but the reality is that regulation is anchored in local,
national and regional law. The greater the harmonization of those regulations across a nation or
region, the easier the deployment of cloud services and the development of new businesses and
business models; this is the promise of the Digital Single Market. Regulatory variation between
nations and regions creates administrative burdens and operational hurdles which may not be tied to
any compelling public policy objectives. Reform and further harmonization of the EU’s data
protection rules must be a priority in the review currently under way.
As both market experience and expert studies have demonstrated, users will not move their data to
the cloud unless they have confidence it will be protected there. Robust data protection rules are
thus essential to cloud uptake. At the same time, it is equally important to put in place a harmonised
regime. The cloud furthers the trend of moving data from local on-site PCs and servers to equipment
that is physically and administratively controlled in numerous jurisdictions. Under the current data
protection regime, companies that are present in a number of EU Member States often find that they
are subject to multiple and sometimes inconsistent data protection rules – including diverging
administrative formalities, different interpretations of fundamental concepts such as “personal data”
and varying approaches to applicable law obligations. This fragmented regime not only unnecessarily
impedes the delivery of cross-border cloud services in the Single Market – it also undermines
consumer confidence. If EU citizens knew that they could expect the same level of data protection in
each Member State, then storing data in other EU Member States would not be such a great
concern.
Reconciling these divergences is critical to achieving a true Digital Single Market where cloud services
can flourish. To quote Commission Vice-President Vivian Reding,
In my mind, the free movement of personal data within the EU is another way to help to
complete the Digital Single Market in Europe. Therefore, the underlying approach ought
to be 'cloud-friendly'. But a 'cloud' without clear and strong data protection is not the
sort of cloud we need. Having clear and 'cloud-friendly' rules can only help ICT
>> 9 of 24
companies - and you know that many of them in Europe are SMEs - to know exactly
what is allowed and what is not.12
Of course, these issues are also critical to global information flows, where harmonization may be
more difficult to achieve due to the variety of legal and cultural factors that must be addressed.
Further work on enabling those data flows and developing globally deployable solutions across
differing data protection regimes is also needed – work that the EU is poised to lead by example,
starting with the reform of the EU’s data protection regime.
To achieve a coherent, robust regime, DIGITALEUROPE recommends that the EU prioritise six areas in
its upcoming review of the European data protection framework:
Keep the framework flexible and technologically neutral. Given the speed of cloud
innovation (and of ICT development more broadly), legislation targeted at certain solutions
or services will quickly become obsolete. To ensure that the EU’s data protection rules are
flexible enough to apply to technologies today and in ten years’ time, the EU’s new
framework should take a technology, platform and business model-neutral approach.
Clarify fundamental elements of the regime including applicable law rules and the role of
data controllers and processors. Because the EU’s current framework gives Member States
significant latitude in implementation, and because the applicable law rules are unclear,
cloud providers operating across the EU have to comply with multiple, divergent national
data protection norms. To resolve this, the framework should implement a home country
principle whereby a company that operates in multiple EU markets would be subject to one
law and one lead data protection authority (DPA), based on the location of the company’s
main establishment which is also usually the location of the contracting entity. In order to
increase harmonisation, lead DPAs should be required to work with their national
counterparts and a system of mutual recognition among DPAs should be established.
Reforms may also be warranted regarding the data controller processor/data controller
distinction. Although the current practice, definition of roles, and distinction between these
roles is largely workable, in certain cases there may be further need for clarification of
roles/definition.13
Reduce administrative burdens. A number of rules in the existing data protection
framework seem only to add administrative burdens on organisations processing data, with
no benefit in terms of improved protection for data subjects. Divergent notification and
prior checking requirements, for example, should be reconsidered and either eliminated
where they only provide administrative burden without commensurate benefit, or
streamlined to create a one stop shop regime for registration in only a single Member State.
12
See http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/686. 13
For further details, see DIGITALEUROPE Position Paper on the European Commission’s Communication on “A comprehensive approach on personal data protection in the European Union”, http://ec.europa.eu/justice/news/consulting_public/0006/contributions/organisations/digitaleurope_en.pdf
>> 10 of 24
Introduce an accountability principle. As data flows become more complex in the cloud,
end-to-end protection of data becomes increasingly important. The best way to achieve that
is not to impose additional prescriptive rules and processes on those handling data,
however. Instead, EU law should provide incentives for organisations to be broadly
accountable for their handling of data, wherever that data travels. Any rules on
accountability should establish clear guidance on what outcomes need to be achieved.
Streamline and simplify international data transfers. Cloud services can be located
anywhere globally and are not restricted to the EU Member States. Indeed, key cloud
computing advantages (such as economies of scale, resiliency, and 24 hour service support)
sometimes require that data be moved outside of the EU’s borders. Therefore a system to
allow data to be moved internationally whilst maintaining a high level of data protection will
also be needed to ensure the development of cloud services. The EU’s current constraints on
transferring data out of the EEA thus can deprive EU cloud users of the full benefits of the
cloud. It is widely accepted that these constraints and the mechanisms to legitimise
international transfers are outdated and impractical. The transfer regime should be
simplified to allow companies to certify their handling of data on a worldwide basis, as long
as adequate safeguards are in place for the fair processing of the data. A privacy governance
model based on accountability could help achieve this.14
2- CLOUD BUILDING BLOCK #2: EFFECTIVE CYBERSECURITY
Many in industry share the view that the cloud can advance security. Because of the scope and
sophistication of their operations, cloud computing providers may in some cases have greater and
better security expertise, management and controls than many enterprises and even government
agencies. Moreover, the need to be responsive to the security demands of their customers provides
a strong incentive for cloud providers to continue to improve their security practices.
At the same time, studies show that users continue to be concerned about the security risks of
moving data from local on-site PCs and servers to equipment that is physically and administratively
controlled by a third party.15 Cybersecurity is thus another cornerstone of cloud success. As cloud
providers continue to innovate and expand, so too must cybersecurity, as new environments and
changing threats emerge. Helpfully, given the scope of the threat, cybersecurity is an issue where
the interests of the ICT sector and the government fundamentally align. Just as the government
wants to accelerate security across the cyber infrastructure, so do cloud innovators.
Our recommendations for improved cybersecurity include:
14
For further detail on DIGITALEUROPE’s recommendations for an improved European data protection framework, see our position paper submitted to the European Commission earlier this year. 15
A recent “Global Cloud Computing Study” surveyed over 1,500 public and private sector organisations across Europe, Asia and the U.S. and concluded that for organisations that have rejected a move to the cloud, the majority (51 %) did so because of security/privacy concerns. Adoption, Approaches and Attitudes, supra n. 5.
>> 11 of 24
Public-private partnerships should be at the centre of efforts to improve cybersecurity.
The fluid nature of the threat landscape, together with the fact that the vast majority of the
infrastructure in cyberspace is in private hands, leads to the conclusion that PPPs are an
essential organisational construct in cybersecurity. Important national cybersecurity PPPs
already exist in many of the EU’s Member States. Care should be taken, however, that a
plethora of different organisations does not spread the resources of the private sector and
government too thinly and render activities less effective. Improved coordination of
European and international activities at the strategic and policy level via the European Public
Private Partnership for Resilience (EP3R) would be welcomed.16 The main focus of this
coordination should be on cross-border incidents, threats and policy frameworks.
The default approach should not be to introduce a regulatory regime but to recognise that
private actors generally are best placed to tackle cybersecurity and have the incentive to
do so. Where government regulations and guidelines have nonetheless been implemented,
they should be technology neutral, targeted, narrow and specific to the element in the entity
that requires concern. This logic applies to the recently adopted provision of the Telecom
Framework in Europe. Articles 13a and 13b of the Telecoms Framework introduced powers
for national regulators to ensure communication providers undertake technical and
organisational measures to manage risk to the security and integrity of their networks as
well as to notify authorities of security breaches having a significant impact on network
operation. While this has been implemented in nine Member States so far, it has yet to be
fully implemented in the remaining eighteen. In implementing these provisions, Member
States and national regulators should avoid a prescriptive approach and recognise the need
for flexibility – with innovation as the lynchpin.
The establishment of a network of well-functioning government/national CERTs and the
EISAS is essential. DIGITALEUROPE applauds the 20 Member States who had established
CERTs by the time the Commission’s 2011 Communication on Critical Information
Infrastructure Protection was published. These CERTs should strengthen ties with industry
CERTs and CERT platforms, such as FIRST and the Industry Consortium for Advancement of
Security on the Internet (ICASI). DIGITALEUROPE also supports the development of a
European Information Sharing and Alert System (EISAS), which requires the implementation
and interoperability of basic services at the national CERT level as a prerequisite. At the
European level, DIGITALEUROPE welcomes the temporary extension of the European
Network and Information Security Agency’s (ENISA) mandate and the proposal of the
European Commission to strengthen ENISA. DIGITALEUROPE calls on the European
Parliament and Council to move quickly to adopt the main aspects of the latter proposal.
16
EP3R objectives and principles are available at http://ec.europa.eu/information_society/policy/nis/docs/ep3r_workshops/3rd_june2010/2010_06_23_ep3r_nonpaper_v_2_0_final.pdf, and information on the most recent workshop on EP3R between ENISA and the European Commission is available at http://ec.europa.eu/information_society/policy/nis/strategy/activities/ciip/impl_activities/ep3r_06_07_2011/index_en.htm.
>> 12 of 24
European policymakers should support education programmes to boost cybersecurity. End
users have long been characterised as “weak links” in security. While it may not be a fair
description of most users, it nonetheless remains true of a significant minority. To address
this, Member States should ensure that public sector employees receive effective
cybersecurity training, and resources should be devoted towards public education campaigns
targeting citizens and small businesses. At the same time, Member States should ensure
that cybersecurity is effectively integrated into all levels of education programmes and
should take advantage of private sector assistance in this regard.
Finally, cybersecurity solutions must be global. The global nature of cybersecurity, and the
global economy for ICT products and solutions, requires that policymakers adopt a
corresponding international approach, whether for law enforcement, incident response or
efforts to protect national security. The EU-U.S. Working Group on Cybersecurity and
Cybercrime includes objectives which seek to work towards such a framework among its
priorities – particularly in relation to cyber incident management and cybercrime. The group
has already yielded a joint EU-U.S. cyber security exercise, which is expected to form a model
for other third countries to look to as they seek to strengthen cybersecurity links with the
EU.17 DIGITALEUROPE also welcomes the endorsement by Presidents Obama, Barroso and
Van Rompuy on 28 November of the 2012 Working Group goals – particularly in confronting
unfair market access barriers, promoting ratification of the Budapest Convention and
establishing appropriate information exchange mechanisms with the private sector.18We
urge the parties involved to involve industry and ensure a transparent process. The market
access goal for the Working Group is an important step in the EU’s cooperation with its
trading partners to avoid fragmentation of ICT markets and the associated decrease in
innovation and economic development. DIGITALEUROPE also encourages the EU to continue
to lead by example by implementing international rather than domestic security standards at
home.
3- CLOUD BUILDING BLOCK #3: FOSTERING INTEROPERABILITY AND DATA PORTABILITY IN THE CLOUD
The ability of consumers to move data between cloud providers has been cited as a major issue to
address in enhancing trust in, and adoption of, cloud services at the consumer level. The ability of
consumers to choose a provider and switch between providers without unreasonable burdens or
limitations is a shared objective. All agree that the portability of data between providers should be
enabled , especially when the service provided is storage of data in the cloud; and work on open and
interoperable technical standards, protocols and interfaces related to such data transfers is being
pursued by cloud providers. Another shared objective, but with greater complexity, is the desire to
minimize switching costs for consumers. Many companies are already working collaboratively in
17
See Enisa press release, 3 November 2011, available at http://www.enisa.europa.eu/media/press-releases/first-joint-eu-us-cyber-security-exercise-conducted-today-3rd-nov.-2011. 18
See http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/EN/foraff/126389.pdf.
>> 13 of 24
standards bodies to develop ways of assuring that technical standards help optimize the continued
utility and accessibility of data across various services.
Similarly, companies are also working to reasonably address some burdens on transfer created by
non-technical barriers such as language, semantic interoperability and usability. That being said, not
all service providers offer the same level of feature and function; some may provide functionalities
that are inseparable from the data to which they relate and/or which implicate third party rights. In
fact, innovation often results in offerings of new and different features and functions as part of
competitive differentiation or as a way to serve specific markets or smaller sectoral needs. Lastly we
must also recognize that some time spent in customization of services to particular needs may not be
able to migrate across services and could present an unavoidable sunk cost in tailoring a service; such
potential costs should be transparent to the customer to enable informed choices. Innovation and
consumer choice remain primary objectives and are critical to the evolution of cloud services.
Apart from these business led efforts to enable portability and enhance interoperability, there is the
need for government leadership to assure that regulatory interoperability, in the sense of
harmonization, within the EU and across regimes is enhanced to better enable data flows with the
Digital Single Market and beyond. It should also be recognized that portability may also be limited
where legal requirements may exist; such as the licensing of services or third party content which
may be limited to the specific service or provider.
With respect to some implementations of cloud computing, technical interoperability itself can be
achieved in various ways – including product engineering and cross-industry collaboration.
Standardisation is the key facilitator of interoperability. Cloud services already rely on a number of
existing technologies that are based on mature global standards (among them TCP/IP, SOAP and
others). Where gaps exist, the global standards community is working hard to adapt existing
standards and develop new ones where appropriate to the cloud business model in question. There
are also efforts underway to take stock of existing and emerging cloud and internet-related
standards around the world, in order to ensure that efforts to develop new cloud standards reflect
the real needs of the market.
This industry leadership is critical in producing innovative global standards that meet market and
consumer needs. As experience demonstrates, the best standards – whether cloud-related or in
other domains – are those that result from a collaborative and voluntary effort by interested industry
stakeholders. But that does not mean that there is no role for the EU in global standards-setting: to
the contrary, the EU has an important role to play in creating an environment that promotes and
supports ICT sector standardisation efforts. Specifically, DIGITALEUROPE recommends:
Updating Europe’s regulatory framework for the development and procurement of
standards-based technologies. The EU’s current framework for ICT standardisation dates
from 1995 – well before the advent of cloud computing and many other technologies.
Modernising this framework is essential to promote cloud interoperability – and equally, to
advance standardisation in other important domains such as e-health, accessibility, security,
>> 14 of 24
e-business, and e-government. We thus encourage the EU to move quickly to adopt the
proposed Regulation on European Standardisation.
The proposal introduces a number of key reforms that will help to strengthen the
standardisation process in Europe and foster the use of global standards across the ICT
sector. Among these reforms, the Regulation will enable public authorities to reference
standards from ICT sector fora and consortia in public procurement. Because of the rapid
pace of technology development, many of today’s most innovative ICT standards are
developed by global standards development organizations. Allowing procuring authorities to
reference these standards will ensure that the technologies they procure – including cloud
technologies – are cutting-edge and market relevant. And by requiring that fora and
consortia standards meet certain “quality” criteria based on the WTO principles for
international standardisation processes, the Commission can also be certain that the
standards selected are widely available and the result of transparent, consensus-based
processes.
Bringing stakeholders together to help shape the EU’s standardisation policy. Because of
the many technical issues involved, the ICT industry can make important contributions to the
EU’s ICT standardisation policy. The Commission’s ICT Steering Committee has already
brought stakeholders together to begin this process. DIGITALEUROPE very much welcomes
the Commission decision to establish a formal multi-stakeholder advisory platform on ICT
Standardization and is looking forward to provide the ICT Industry contribution to the tasks
assigned to the Platform in Article 2 of the decision.
4- CLOUD BUILDING BLOCK #4: AFFORDABLE AND UBIQUITOUS BROADBAND
While the right regulatory framework is essential to promoting the cloud in Europe, regulatory
reform alone is not adequate. Equally critical, Europe must have an infrastructure in place that is
capable of supporting cloud computing – including ubiquitous access to affordable high-speed
broadband. Ubiquitous broadband is also key for other ICT-dependent initiatives, including
telemedicine (e.g. remote monitoring of patients, remote diagnostics etc.), VOIP, smart grid, e-
learning applications and many other online services.
The winners in the digital world of tomorrow will be those with access to next generation networks
(NGN), characterised by the ability to transmit vastly greater volumes at higher speeds, via wireless
transmission, and with lower levels of latency, packet loss, network oversubscription and service
failure. While Europe is well-positioned for NGN leadership, it must move quickly. With a total
population of around 500 million, in December 2010 the EU had less than 4 million subscribers with
access to high-speed, symmetrical fibre-based networks.19 Compared to the US, Korea, Japan, China
19
FTTH/B Panaroma, European Union (36) at December 2010, FTTH Council Europe, February 2011, available at: http://www.ftthcouncil.eu/documents/Reports/Market_Data_December_2010.pdf.
>> 15 of 24
and even Russia, the EU has almost the lowest number of FTTH lines, and estimates indicate that
FTTH adoption in the EU will grow more slowly than in other markets.20
Ultimately, Europe’s goal should be to establish global leadership in ICT infrastructure by 2015 by
delivering close to 100% broadband coverage, giving at least 2 Mbps service to the user, and
including at least 30% fibre-based infrastructure. This obviously will not be easy or inexpensive to
accomplish. The European Commission is proposing to spend over €9 billion between 2014 and 2020
on pan-European projects aimed at expanding EU access to high-speed broadband networks.21 But
the rewards are potentially significant: a 2008 study for the Commission estimated that faster
broadband deployment in Europe could create up one million jobs and growth of up to €850 billion
by 2015.22
The need for Member States to rapidly identify additional spectrum for broadband wireless is
particularly important. Given the current escalation in mobile data volumes, there is a serious
danger that without sufficient fixed and radio network transmission capacity to support increased
traffic demand and increased distributed processing capacity leveraged by the Cloud, many economic
and social benefits of the broadband Information Society – including the cloud -- could be
jeopardised. At the EU level, in the spectrum domain the Radio Spectrum Policy Programme
requests the identification of 1200 MHz for wireless broadband at the latest. Rapid action at the EU
and at Member State level is required to reach this target as soon as possible. Such spectrum should
be released across Europe in a harmonised fashion, and should include a broad range of bands,
including candidate bands above and below 1 GHz. Radio domain developments should be matched
by affordable fixed network capacity development: most uses of networks start in the radio domain
but most of the distance they go is in the fixed domain.
To achieve ubiquitous broadband, DIGITALEUROPE recommends that the EU, among other initiatives:
Establish a high-level EU task force with industry experts to develop a future broadband
infrastructure strategy;
Accelerate EU and Member States’ identification, allocation and assignment of 1200 MHz
of spectrum for wireless broadband by 2015 at the latest per the RSPP objective ;
Continue to encourage appropriate public-sector investment, Public-Private Partnerships
and tax incentive schemes for the roll-out of broadband; and
20
Digital Agenda Scoreboard 2011, the European Commission, available at: http://ec.europa.eu/information_society/digital-agenda/scoreboard/docs/pillar/broadband.pdf. 21
See http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/11/709&format=HTML&aged=0&language=EN&guiLanguage=en 22
The Impact of Broadband on Growth and Productivity, A study on behalf of the European Commission, 2008, available at: http://ec.europa.eu/information_society/eeurope/i2010/docs/benchmarking/broadband_impact_2008.pdf.
>> 16 of 24
Make available spectrum with a global footprint to wireless broadband on a harmonised,
technology and service neutral basis while at the same time introducing greater flexibility
in the management of spectrum.
5- CLOUD BUILDING BLOCK #5: SUPPORT FOR THE USE OF ENERGY EFFICIENT CLOUD
Among its many benefits, cloud computing can help to tackle climate change challenges by
empowering industries, organisations and consumers to reduce their carbon footprints through
lower energy consumption, new business models and decreased material and energy wastage.
In traditional computing scenarios, organisations maintain individual servers to host their data and
run their applications. To manage peak loads, organisations will often have excess computing
capacity – equipment that sits idle much of the time, while still drawing power. And because each
one of these servers, server stacks or small data centres are using energy to run equipment that is
essentially idle, they also need heating and cooling.
By placing these services in the cloud, this energy consumption can be avoided by assigning
computing power where it is needed. Through virtualisation and running servers at higher utilisation
rates, the cloud requires less energy to support a given service, resulting in lower carbon emissions.23
Furthermore efficiencies in software and hardware, creating much greater capacity per consumption
of energy, have helped address some of the heating and cooling requirements of large data centres.
In addition, the self-service and pay-as-you-go nature of cloud computing encourages users to
consume only what they need, encouraging energy and resource efficiencies.24 In one vivid example
of the potential benefits on offer from server consolidation and virtualisation – both cloud-enabled
technologies – the Municipality of Copenhagen recently was able to replace 638 computers with just
38 new servers.25
Beyond the benefits of not having so many servers running all the time cloud offers other benefits.
The simple scalable model of cloud computing would allow the development and easy deployment of
applications that could help tackle environmental challenges. For example, the cloud can assist in
giving commuters access to traffic data in real time so they can choose the shortest route to work. In
short, cloud computing can help ICT reach its full enabling potential. Other ways the cloud can create
new efficiencies include:
23
Carbon Disclosure Project Study 2011 - Cloud Computing - The IT Solution for the 21st Century, Verdantix, 2011, available at: http://www.businessgreen.com/digital_assets/3236/CDP_US_Cloud_Computing_-_FINAL_as_of_7_15_11.pdf. 24
As an example, it is predicted that a typical food and beverage firm transitioning its human resources application from dedicated IT to a public cloud could reduce CO2 emissions by 30,000 metric tons over five years – an amount equivalent to the annual emissions from 5,900 passenger vehicles. See Carbon Disclosure Project Study 2011, supra n. 19. 25
Nordic Council of Ministers, Green Procurement Makes a Difference!, 2009, available at http://www.mim.dk/NR/rdonlyres/47888C72-7152-4D04-8376-66A3D7875D7F/0/COP15_GC_41030_GronUpphandling_UK_3K.pdf.
>> 17 of 24
Offering new efficiencies for business. The cloud helps companies to pool functions and
resources across their business activities. Studies from Imperial Study and Accenture found
that reductions of 30-90% in carbon emissions were achievable for companies that move
their functions to the cloud.26 Additionally, cloud computing is flexible, which allows
companies to purchase and maintain less redundant computing power to hold on-site in
reserve.
Enabling the smart grid and geospatial analysis. Cloud computing is an increasingly
essential part of the real-time data monitoring that forms the backbone of the new energy
smart grid. Smart, cloud-enabled grids will enable the systematic tracking and optimisation
of energy use, which in turn should lead to reductions in energy consumption. Other
examples of real-time data monitoring systems will help citizens to track e.g. air quality and
pollution levels in real time.
Creating new business models. The cloud has already re-written the rules of business in
some industries, producing new opportunities for energy savings. For example, cloud-
powered digital downloads allowed the music industry to reduce C02 emissions by between
40 - 80%.27
To drive these benefits, however, the EU must support the development of appropriate incentives to
encourage the uptake of cloud computing and other energy efficient technologies. Specifically,
DIGITALEUROPE recommends:
Allow the ICT industry space to self-regulate. Although the ICT industry’s C02 footprint could
increase as it builds cloud capacity in data centres across Europe, the greater efficiencies and
utilization models of new data centres, coupled with decommissioning of older data facilities
they are replacing should address many of these concerns. It is clear that this investment will
pay carbon dividends in the longer term by way of the benefits described above. Despite the
growth in emissions, there is currently no need to regulate – the industry is already investing
aggressively to find energy and carbon efficient solutions, as these are ultimately also the
most cost effective strategies.
Strong public sector leadership. Studies increasingly demonstrate the leadership effect that
public sector action can have as a spur for greater private investment. European
governments should consider where adopting cloud solutions could provide needed carbon
reductions and energy efficiencies. Investment in building retro-fits that include smart
energy management systems would also help to encourage private sector progress.
26
See http://buildaroo.com/news/article/cloud-computing-reduces-carbon-emissions/. 27
See Lawrence Berkeley Study, August 2009, The Energy and Climate Change Impacts of Different Music Delivery
Methods, at http://download.intel.com/pressroom/pdf/cdsvsdownloadsrelease.pdf.
>> 18 of 24
Incentives for renewable energy and energy efficiency. The EU should encourage Member
States to adopt new, and deeper, incentives for companies to invest in renewable energy
capacity. Member States should also consider creating new incentives for cities, home
owners and office owners to increase their energy efficiency through feed-in tariffs and
carbon pricing. This in turn will aid private sector efforts to invest in energy efficiency
technologies, including cloud computing. Technologies such as smart grids should be
supported with regional research funding programs.
6- CLOUD BUILDING BLOCK #6: MEANINGFUL INVESTMENT IN E-SKILLS AND AWARENESS-RAISING
Measures to promote cloud and development uptake in Europe will be of little value if Europeans do
not have the e-skills necessary to fully exploit the opportunities that the cloud provides. Importantly,
the Commission has supported initiatives in the e-skills area over the past twenty years of
technological change, and rightly continues to make this a priority as part of the Digital Agenda and
other EU 2020 flagship policies. The Commission’s long-term e-skills agenda and commitment with
industry to run initiatives such as last year’s European e-Skills Week – the first pan-European
awareness raising campaign on e-skills, to be repeated in March 2012 – are to be applauded.
It is clear, however, that more needs to be done. The recent evaluation of the Commission’s 2007
Communication on “e-Skills for the 21st Century” found that 198 million European citizens still do not
have ICT user skills and are some distance away from being digitally literate.28 With an 85 percent
correlation between e-skills and competitiveness, Europe must move rapidly to improve the skills of
its children, teachers, and public administrations.
Europe should set ambitious goals for itself in this area, including halving the digital literacy and
competence gaps and ensuring that all primary and secondary school students receive training
regarding safe use of the internet. All adults of working age should have access to e-skills training.
DIGITALEUROPE set out several recommendations in our Vision 2020 White Paper29 to meet these
goals, including:
Quick wins, such as Member State awareness campaigns – run by public private
partnerships – which highlight the career opportunities available to those studying maths,
science or technology. Such campaigns should also highlight the EU e-skills shortages, expand
the range of activities and reach of the first EU e-skills Week into a multi-year programme.
28
Final Report on the Evaluation of the Implementation of the European Commission's Communication on e-Skills for the 21st Century, October 2010, available at: http://ec.europa.eu/enterprise/sectors/ict/files/reports/eskills21_final_report_en.pdf. 29
DIGITALEUROPE's Vision 2020 White Paper, available at: http://www.digitaleurope.org/index.php?id=1179.
>> 19 of 24
Mid-term measures, such as launching an initiative to use EU structural funds to improve
ICT training. This training should focus on core areas such as cloud computing, trust and
security.
In parallel to measures aimed at strengthening Europeans’ ICT skills, DIGITALEUROPE also encourages
the EU to help raise awareness about the potential benefits offered by cloud computing. Awareness-
raising efforts could include workshops and training seminars involving training institutes, SME
associations, ICT industry representatives and other relevant stakeholders. The establishment of an
EU stakeholder platform under the EU Competitiveness and Innovation Platform may also be
warranted.
DIGITALEUROPE also recommends that the Commission create a European Cloud Observatory to
provide SMEs with relevant resources and to publicize cloud services offered by European SMEs. This
could take the form of a website offering exposure for cloud services created by European SMEs in
order to increase awareness of these contributors to the knowledge economy and the types of
solutions they provide; case studies about usage of cloud services, illustrating benefits to SME users
as well as European SME suppliers; and a list of cloud services, their application and certificates.
7- CLOUD BUILDING BLOCK #7: GROW THE PUBLIC SECTOR CLOUD
The public sector stands to gain significantly from the adoption of new cloud technologies, and the
shift promises to create significant returns for government agencies in particular. One study
estimated that government agencies could save up to 25-50% per year through a shift of key
applications to the cloud.30 Other projects have documented additional areas where the public
sector can use and benefit from adopting cloud technologies.31 Among other benefits, cloud
solutions offer the potential for scalable virtualisation of big hardware infrastructures, which can
help governments rationalise the rising costs of ever-growing data centres. Cloud technologies also
offer new opportunities for the development of innovative cross-border government services.
Importantly, the Commission has recently launched a pilot named “Towards a Cloud of Public
Services” within the Competitiveness and Innovation Programme (CIP ICT PSP). Despite these and
other EU and national initiatives, however, uptake of cloud computing in the public sector remains
sluggish. Complicating matters, cloud initiatives across the Member States are not fully aligned at
the EU level. IT procurement budgets are often not optimised to enable an easy leap to cloud
technologies, and concerns over data portability, liability and security continue to inhibit public
sector adoption. Because of the scale of public sector IT procurement – governments are the largest
IT purchasers in Europe – the slow speed of public migration to the cloud is also hindering growth in
the private sector. Faster public sector adoption of cloud technologies would help the cloud build
scale in Europe. 30
See Brookings Institute report, May 2011, p. 15 at http://www.brookings.edu/~/media/Files/events/2011/0525_gti/20110525_growth_innovation_competetiveness.pdf. 31
Many of these areas are documented in a recent paper from the Fraunhofer Institute for Open Communication Systems. See http://www.interoperability-center.com/c/document_library/get_file?uuid=9176f0fa-1ea2-4771-b8e0-a3f9c685199f&groupId=12725.
>> 20 of 24
The EU would benefit directly from accelerated adoption of cloud technologies by the public sector,
and from a unified framework aimed at helping government agencies navigate challenges that are
specific to public sector cloud migration. To achieve this goal, DIGITALEUROPE recommends that the
EU:
Push cloud policy to the highest level of the EU’s agenda. EU cloud computing policy should
grow from the Digital Agenda and the upcoming EU Cloud Strategy to encompass a full
spectrum of EU activities. In particular, the EU’s eGovernment Strategy should embrace
cloud computing as a crucial element of the eGovernment Action Plan; cloud computing
should also be addressed at the eGovernment Ministerial Conferences, and other relevant
platforms. Ideally, this dialogue would lead to the adoption by Member States of firm
targets for public sector cloud adoption and a road map to achieving those goals.
Build pan-European resources for public agencies. Regular meetings of government officials
could contribute to the construction of an online portal to share best practices for public
cloud computing. The portal could focus on issues that most concern governments, such as
data portability, liability and security requirements, and could be supplemented by a “living”
online public cloud procurement guide for public sector agencies. In effect, the documents
could act as cloud adoption FAQs and instruction manuals for governments.32 These
resources could also be integrated with the European Cloud Observatory proposed by
DIGITALEUROPE. The resource framework could also periodically grant an award to
recognise and encourage innovative public sector cloud projects.
European public procurement should work with global standards. There is no need to
develop independent standards for cloud computing for the European public sector that
could fragment the market on a state-by-state or regional basis. Instead, DIGITALEUROPE
recommends that the EU and Member States be transparent about their interoperability
requirements and then adopt and support global standards for cloud computing wherever
possible.
Invest in the public sector cloud. Public sector cloud computing should be highlighted in the
next multi-annual financial framework (2014-2020), and in particular within the Connecting
Europe Facility Program.
8- CLOUD BUILDING BLOCK #8: NEW R&D INITIATIVES AND INCENTIVES
ICT has contributed half of the productivity gain in Europe in recent years.33 This growth has
benefitted from focused R&D investment by the EU (albeit investment that lags behind some of the
32
The procurement guide could be similar to the recently launched Cloud Buyer’s Guide, launched by the Cloud2 Commission in the United States. 33
See http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52005PC0119(01):EN:HTML.
>> 21 of 24
EU’s trading partners34). Continued growth will depend not only on robust funding for R&D,
however, but also on a thoughtful, targeted R&D strategy for Europe. A simplified program for
research and innovation that pours more resources into fewer sectors will achieve critical mass faster
and will better support new models of industrial growth. This approach should also strengthen
European competitiveness on the world stage.
The cloud is an ideal candidate for concentrated research efforts. As a key “enabler” of other future
technologies – such as the fast-growing “Internet of Things” – the cloud will become an increasingly
important factor in sector-wide ICT research going forwards, both as a tool for researchers and as the
basis of new next-generation technologies. To establish and maintain a leadership position in the ICT
industry, and the economy more generally, Europe thus must continue to invest in the development
of cloud technologies. While DIGITALEUROPE supports Europe’s objective of increasing research &
development expenditures to 3% of total European GDP by 2020, this action alone is not enough. To
assure Europe’s success, DIGITALEUROPE recommends that the EU take immediate action to:
Plan for cloud– (and industry–) friendly research. Industry ultimately will design, build and
operate the vast majority of cloud systems and services. By making the EU project design
process transparent and open, the EU can establish research partnerships with industry at an
early stage. This in turn will help to create more relevant projects designed from the
bottom-up to enhance cloud adoption across Europe.
Simplify the universe of EU research projects and prioritise the cloud. As a guiding
principle, the EU’s network of research programs should be simplified, with the greatest
emphasis placed on sectors of particular promise. At the same time, a holistic approach to
research and innovation can also help to reduce complexity and to facilitate a quick
introduction to market of new technologies. Combined with a more transparent and more
industry-friendly process, this will help speed new developments in cloud technologies to
market.
Focus on partnerships with corporate investors in the cloud. The EIF has the potential to
kick-start a new generation of cloud-enabled SMEs. To grow Europe’s local cloud-enabled
economy, the EIF should stand ready to provide flexible and robust financing, alongside
industry investors, to support and nurture entrepreneurial new European cloud-based SMEs.
Innovation partnerships are also an important building block for new technologies and pilot
projects.
Target cloud research funding. Public research funds should target key technical challenges
in cloud design, including how best to scale cloud management systems, how to maintain
cohesion of so-called ‘federated’ management schemes (involving the collaboration of
34
While the U.S. invests 29% of its total research on ICT, Europe spends only 17% – a gap that translates into over €50 billion less investment in European ICT research annually. See Digital Agenda, Research and Innovation Pillar, at http://ec.europa.eu/information_society/newsroom/cf/fiche-dae.cfm?action_id=208&pillar_id=47&action=Action%2050%3A%20Generate%20more%20private%20investment%20for%20ICT%20research.
35 See http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/11/199.
>> 22 of 24
multiple cloud infrastructures) and how to ensure the robustness of cloud applications and
APIs. These areas are critical to the future of a diverse, vibrant and flexible European cloud
ecosystem.
9- THE MULTILATERAL DIMENSION
We have outlined above the pillars that DIGITALEUROPE members believe serve as the foundation
for a strong cloud economy in Europe. But as we said at the outset, one of the hallmarks of the cloud
is its ability to transcend national and even regional borders. The global nature of cloud computing
means that solutions to cloud challenges cannot be limited to Europe, but must also be negotiated
on the international stage with third country partners. While there are many areas where
international dialogue would be welcomed, we urge the EU to play a leadership role in relation to
two issues where global collaboration is particularly needed:
Jurisdiction and clarifying rules governing law enforcement access to data stored in the
cloud. While clouds can be located on-premises or contained within geographic
boundaries, cloud computing can often involve the storage and processing of data in
multiple markets in and also outside of Europe. The resulting international data flows can
raise complex questions about which country has jurisdiction over data in the cloud, and
whose laws apply to it. As a result, cloud service providers sometimes face conflicting
obligations – for example, a request to turn data over to law enforcement in one country
may violate rules in the country of storage prohibiting disclosure. Although it is
understandable that law enforcement agencies often are keen to obtain access to data in
the cloud that may help tackle online crime as well as threats to public safety and national
security, more transparency is needed about the circumstances under which they can
obtain such access. This is important not only for due process, but also to ensure that
customers do not lose confidence in the security of their data being hosted in the EU and
choose to host their data in another jurisdiction. Internationally-agreed norms on
jurisdiction and increased harmonisation of criminal procedural laws are needed to resolve
these challenges.
Countries should also commit to a moratorium on adopting and/or implementing
policies that address actual or potential trade barriers to the evolution of cloud
computing, and should assess existing trade rules and update them where needed. For
example, sometimes when a cloud provider tries to enter a foreign market, the
government in that country may stipulate as a condition of market access that the
provider locate some of its cloud servers within its jurisdiction. Such mandates severely
hinder European cloud providers’ abilities to grow, as well as create unnecessary
duplications and undermine energy efficiencies that the cloud model can offer. Measures
to prevent such location requirements should be considered at the multilateral trade
agreement level.
>> 23 of 24
The EU should take a lead role in seeking to build international consensus around these and other
cloud-related issues. There also, for example, is a need for bilateral and/or multilateral international
agreements on minimum protection levels for the privacy and security of transferred data.
DIGITALEUROPE strongly supports international efforts towards global privacy norms based on
market led approaches and industry based standards. And ongoing work with non-EU countries to
develop interoperable requirements that facilitate information flows with appropriate security and
privacy protection should continue.
Continuing the bilateral dialogue with the U.S. (and with industry from both markets) is an important
first step toward cloud-related international agreements. Opening new dialogues and collaborations
with other active countries (and their industry) in cloud computing around the world, notably in Asia,
is also very important. Such initial involvement will facilitate to build the basis of any international
agreements. Ideally, the EU/U.S. bilateral dialogue can be expanded to a dialogue including major
active countries in Asia and countries becoming active in Latin America and Africa to form the basis
of enhanced regulatory interoperability and multilateral guidance informed by multi-stakeholder
consultation – potentially under the aegis of the G8, G20, OECD, APEC or another organisation.
10- CONCLUSION
Cloud technologies hold out the promise of enormous future benefits for Europe, and early-adopter
European enterprises and governments have already demonstrated some of the gains that can be
made. To situate Europe as a world-leading cloud economy, the EU should act decisively to
implement the recommendations of DIGITALEUROPE. The opportunities created by the cloud are
real, and it is within the hands of the EU to help achieve them. In the words of Digital Agenda
Commissioner Neelie Kroes,
“I look forward to the day when the cloud puts many more thousands of our SMEs on the
European and world stage. When the cloud makes the single market real for them, to its
full extent. I look forward to the day when the cloud helps governments stay “in the
black.” And I cannot wait to show off the green implications of this work, as we struggle
to take better care of our fragile planet.”35
DIGITALEUROPE shares these goals for the cloud and we look forward to working with the EU to
achieve them.
35
See http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/11/199.
>> 24 of 24
ABOUT DIGITALEUROPE
DIGITALEUROPE is the voice of the European digital economy including information and
communication technologies and consumer electronics. DIGITALEUROPE is dedicated to
improving the business environment for the European digital technology industry and to
promoting our sector’s contribution to economic growth and social progress in the European
Union.
DIGITALEUROPE ensures industry participation in the development and implementation of
EU policies. DIGITALEUROPE’s members include 62 global corporations and 37 national
trade associations from across Europe. In total, 10,000 companies employing two million
citizens and generating €1 trillion in revenues. Our website provides further information on
our recent news and activities: http://www.digitaleurope.org
THE MEMBERSHIP OF DIGITALEUROPE
COMPANY MEMBERS:
Acer, Alcatel-Lucent, AMD, APC by Schneider Electric, Apple, Bang & Olufsen, BenQ
Europa BV, Bose, Brother, Buffalo, Canon, Cassidian, Cisco, Dassault Systems, Dell, Epson,
Ericsson, Fujitsu, Hitachi, HP, Huawei, IBM, Ingram Micro, Intel, JVC, Kenwood, Kodak,
Konica Minolta, Lexmark, LG, Loewe, Microsoft, Mitsubishi, Motorola Mobility, Motorola
Solutions, NEC, Nokia, Nokia Siemens Networks, Océ, Oki, Optoma, Oracle, Panasonic,
Philips, Pioneer, Qualcomm, Research In Motion, Ricoh, Samsung, Sanyo, SAP, Sharp,
Siemens, SMART Technologies, Sony, Sony Ericsson, Technicolor, Texas Instruments, The
Swatch Group R&D Ltd, Toshiba, Xerox, ZTE.
NATIONAL TRADE ASSOCIATIONS:
Austria: FEEI; Belgium: AGORIA; Bulgaria: BAIT; Cyprus: CITEA; Czech Republic: ASE;
Denmark: DI ITEK, IT-BRANCHEN; Estonia: ITL; Finland: FFTI; France: SIMAVELEC;
Germany: BITKOM, ZVEI; Greece: SEPE; Hungary: IVSZ; Ireland: ICT IRELAND; Italy:
ANITEC; Lithuania: INFOBALT; Netherlands: ICT OFFICE, FIAR; Poland: KIGEIT, PIIT;
Portugal: AGEFE, APDC; Romania: APDETIC; Slovakia: ITAS; Slovenia: GZS; Spain:
AMETIC, Sweden: IT&Telekomföretagen; United Kingdom: INTELLECT Belarus:
INFOPARK; Norway: ABELIA, IKT NORGE; Switzerland: SWICO; Turkey: ECID, TESID,
TÜBISAD; Ukraine: IT UKRAINE