Main content

EU mulls new rules to free up the cloud market

Phil Wainewright Profile picture for user pwainewright February 11, 2015
Does a new set of European Commissioners mean a change of EU policy on cloud computing or more of the same? The answer came at an event in London this week

Election 2015

After last year's change of the guard at the European Commission, there's been a wait to find out what new policy directions the new team of incoming Commissioners may go off in. Given the attention that the previous cohort of Neelie Kroes, Viviane Reding and others lavished on cloud computing, this has special importance for anyone investing in cloud IT in the European market.

Some strong pointers came at this week's Think Cloud for Government conference in London during a presentation by Pearse O’Donohue, who has taken over the role previously held by Ken Ducatel as the Commission's head of unit for software, services and cloud computing. Essentially, this means he is the official in Brussels in charge of developing and delivering the EU's policies on cloud computing.

So what's new? The topline messaging is all about achieving the long-awaited 'digital single market' that sweeps away national barriers to delivering cloud services across Europe, especially for small businesses. This isn't new in itself although there's a hint of increased urgency this year to complete this project.

At the same time, the Commission continues to maintain that the cloud market will only take off if clear standards are defined, on the grounds that businesses won't buy into cloud without some certainty about what exactly is guaranteed.

O’Donohue insisted that the Commission prefers to leave the definition of standards to the industry where possible, but nevertheless expressed a renewed interest in pushing for standards in areas where they are seen as lacking, such as interoperability and portability of data between services.

The notion of Brussels-led regulation and standards is not something the cloud industry and indeed any UK audience generally takes kindly to, but there was a sop for Brits in a more emollient view of the UK government's G-Cloud initiative than the previous regime. He suggested the Commission was keen to see the lessons learned from national initiatives like G-Cloud being shared with other nations within the EU, even to the extent of proactively engaging with SMEs rather than the larger 'oligopoly' suppliers.

I want to be clear that — nor would you expect us — the European Commission is not trying to become the mass procurer of cloud services for everybody else. What we are doing is trying to help and to build on, for example, G-Cloud and other experiments and other services in other countries, in order to make that best practice the norm across the European Union.

We still have a way to go to ensure — but it is our clear vocation to ensure — that SMEs are a full part of that. The larger companies can look after themselves, it's the SMEs who are a huge part — this is what our data shows us — SMEs are a huge part of the cloud supplier market and they need to be assisted — particularly when it comes to providing services across borders.

That's what we do — it is the value added in terms of the cross-border and the single market in Europe that we have to focus on. SMEs are the ones who encounter the greatest barriers to actually offer their sometimes niche services to similar users in other countries.

Overall, O’Donohue said the Commission is currently addressing three main areas:

  • restrictions on data location;
  • work with industry on certification for security, data protection and other issues;
  • exploring the need for interoperability standards to encourage competition and prevent supplier lock-in

On data location, he made it clear the Commission will continue its campaign to reform the current patchwork of data protection regulation across Europe, which last year became mired in objections from national governments seeking to preserve their own data protection regimes. His comments implied a criticism of some of those national regulations as being too draconian.

Policy measures, which will be market-led, will identify those issues that need to be addressed by regulation — if any.

For example, barriers to free movement of data, where in some cases member states have laws which prevent organizations from availing of cloud services unless they can guarantee or be assured that the data will stay within the jurisdiction of that member state.

In many cases, that is an over-protective measure. Clearly there are certain sets of data which do need to be protected, but there is a vast majority of data that, certainly if it's been pseudonymized, can be allowed to move wherever is the most economic datacenter or storage space available.

Data protection is a topic that stirs strong emotions, especially among privacy campaigners. O’Donohue sought to keep the Commission's position clear of such sensitivities, focusing instead on the economic benefits of allowing cross-border data transfers within the EU.

There's a very political debate going on about data sovereignty, but the focus of our work is actually in relation to barriers that exist with regard to the freedom of movement of data and data services.

[The aim is to] have one marketplace in Europe, which will mean that the most interesting and innovative offers will be the ones that can win out in a competitive situation across Europe, which will make sure that Europe as a whole benefits from innovative cloud services.

He reiterated the Commission's long-held position that the marketplace needs standards to thrive. Referring to the Trusted Cloud Europe report completed for the Commission last year by a steering group of high-level industry CEOs and government representatives, he said this had brought feedback that there were issues that had to be addressed.

We are looking in a short space of time as part of an overall initiative in the digital single market to address some of the problems that were identified for us by the Trusted Cloud Europe report.

We had some very interesting feedback [that] a major barrier for purchasers, for CIOs, be they in public or private sector organizations or companies, from actually adopting cloud on a wide scale, is to ensure that the suppliers are compliant — that the compliance obligations which any CIO or company or public sector organization has can be guaranteed, and that there is a high level of surety in the services that they are offering.

The Commission last year completed an exercise with European standards body ETSI that worked on technical standards. He said it is now focusing on investigating along with ISO whether there is a need for standardization in service level agreements. But he added that the Commission is still looking carefully at technology standards for interoperability and data portability.

One of the key objectives that this Commission has also set itself is to ensure that there is not artificial or anti-competitive lock-in.

There may be the need for further standardization to ensure that there are APIs — interfaces — which will allow data to be ported when the data owner wants that to be the case, or when you quite simply, in the procurement process or otherwise, change supplier.

That's an essential part of making the European digital market more flexible and ensuring that we have take-up of services ...

We may now come back to the standardization issue specifically in the case of interoperability and data portability if we do not find that industry is finding those solutions.

We do know that there are a certain number of major suppliers whose technology does to a certain extent create lock-in. That is not healthy for a market which strives to be as flexible as possible and to provide the procurer — the buyer — with a choice of services on a regular basis.

That's where we may come back. No decisions have been taken.

My take

Overall, despite small changes of emphasis, not much change overall in the grand scheme of things. The Commission continues to worry about the potential for a few providers — US-based, of course — having undue dominance of the market and feels obliged to limit that potential.

At the same time it realizes the importance of removing barriers to cross-border trade in cloud services, such as the data protection minefield that currently exists.

Thus on the one hand it annoys the industry — and especially innovative SMEs — with its pursuit of standards and rules, while on the other hand it irritates national lawmakers with an insistence everyone toes a single EU line on those same rules. It's a recipe for acrimony that interest groups on all sides voraciously exploit to their own ends.

The one positive note is the hint of a greater willingness to learn from initiatives like G-Cloud. Let's hope that glimmer of light at the end of the tunnel turns into something more substantial.

Disclosure: The author acts as voluntary chair of EuroCloud UK, part of the wider EuroCloud industry network which represents its members in work with the European Commission. EuroCloud UK is hosting a debate tonight (Wednesday 12th February) in London on the topic This House doesn’t need regulation to build a successful Cloud business.

Image credit: © TSUNG-LIN WU -

A grey colored placeholder image