The aim was to have the results in place before she leaves office next summer. But a year later, officials are beginning to cast doubt on how much can realistically be achieved. The progress report I heard at last week's annual EuroCloud Congress in Luxembourg illustrated some of the difficulties of reaching a consensus on any of these issues.
That's even if you agree in the first place that it's a good time to be laying down rules for how cloud computing should operate and be bought and sold. Many in the industry fear that premature regulation will restrict innovation and squeeze out smaller players at a time when the cloud business model is still maturing.
The danger is that any rules defined today may owe more to the way conventional, on-premise computing works, forcing cloud providers to conform to specifications and business models that would be better swept aside rather than being codified as best practice.
There was even an admission last week from Ken Ducatel, who heads up the DG-Connect policy unit responsible for delivering the Commission's cloud strategy, that, "It's going to take time because it's going to take experience and experimentation." But the Commission is convinced that early action is needed to build confidence and encourage adoption among buyers — and want to see it in place before leaving office next year.
It has to be said too that, in the context of Europe's patchwork quilt of national jurisdictions, it may be preferable to set EU-wide rules rather than let individual countries go ahead with local initiatives that end up becoming barriers to operating cross-border.
Therefore the cloud strategy has focused on making sense of many different and often conflicting specifications and rules that already exist for cloud computing, with the aim of bringing clarity for buyers. Here's a rundown of where each of the components of the strategy have got to.
Co-ordinating cloud standards
The Commission's research had found that market confusion over which cloud standards matter when evaluating what to buy has been a significant barrier to early adoption. "Cutting through the jungle of cloud standards" therefore became a key plank of the strategy.
European telecoms standards body ETSI was given the task of mapping out the landscape of technical standards for cloud and what use cases they covered. After a two-day meeting of interested parties in Cannes last December, three working groups were set up to look at standards for service levels, security, and interoperability/reversibility. Another working group defined over a hundred separate use cases to evaluate where the various standards and specifications might be applied.
Out of that work, ETSI is now developing an online look-up table where organizations can input their requirements to find out the most relevant standards.
"Progress is going fine, we will have something deliverable by the end of the year," Ducatel told Congress attendees last week. "It is really complicated stuff," he added.
After ETSI had begun its work, the Commission convened three more working groups drawn from industry representatives. In part this was in response to earlier complaints that the industry did not have enough participation in advising on how to implement the strategy.
Unlike the technologists on the ETSI working group, many of the participants in these 'Select Industry Groups' (SIGs) have been full-time lobbyists employed by large vendors to defend their interests in Brussels rather than cloud specialists. Discussions have sometimes descended into counterproductive horse-trading, delaying more meangingful efforts to build a genuine consensus. But that's one of the occupational hazards of policy making bodies.
The cloud SIG on certification schemes has the task of helping buyers work out which certifications are relevant to their own cloud needs. It is working on this with the help of the EU Agency for Network and Information Security (ENISA), which has produced a report on around a dozen certification schemes that operate either globally or within Europe. Currently ENISA is developing an online lookup table to help buyers find the certifications that match their needs.
Meanwhile, the SIG aims to define a 'meta framework' to help understand and compare the components of each scheme. This is expected to be complete by the middle of 2014.
The idea is to streamline the process of working out which certification (or combination) to use if a buyer wants independent reassurance of a cloud provider's credentials and trustworthiness. Even if buyers don't rely on a certification, having a ready reference of what to check can help streamline the decision process when evaluating providers.
Code of conduct
Another strand of the strategy was the development of "safe and fair contract terms and conditions" for cloud service providers. Much of this ground is already covered by an existing European initiative for a Common European Sales Law that would replace national sales laws with a single EU-wide set of rules. So the strategy looks at cloud-specific issues not covered in the generic rules, such as data protection and service level agreements.
The Code of Conduct cloud SIG has focused on the data protection issue. A first draft is now ready and will go to a second draft early next year. The plan then is to have the completed Code of Conduct endorsed by the Article 29 Working Party of the EU's 28 national data protection authorities.
If successful, this would mean that a provider that signed up to the Code of Conduct would be compliant with all current data protection rules across Europe — a major breakthrough, and one that would remain valid irrespective of the separate timetable for bringing in a new EU-wide data protection law. The hope is that this could happen by the middle of 2014, but it depends on the SIG members reaching agreement on a satisfactory draft.
Service level agreements
The third of the cloud SIGs convened by the Commission is on service level agreements. This is working on a template for cloud provider SLAs, along with a user checklist for cloud contracts. The work is slow going and won't finish until sometime in 2014.
"The whole issue of what metrics you use when measuring availability is still something we're struggling with," said Ducatel. "And that's a relatively easy one."
This is despite the fact that SLAs were also a focus for the standards workgroup set up almost a year ago by ETSI. As well as the difficulty of getting industry agreement, the work on SLAs is tied to the Justice Commission's broader work to define model terms for sales contracts. The best Ducatel can offer on progress so far is that, "It's midstream at the moment."
European Cloud Partnership
The final initiative announced as part of the strategy is governed by a steering board drawn from Europe's cloud industry and digital government leaders — among them the President of Estonia, the CEOs of Accenture, ATOS, SAP and Telefonica Digital; plus Werner Vogels, Amazon's CTO, and a sole SME, the UK's Kate Craig-Wood, MD of hosting provider Memset — all assisted by teams of "sherpas" from their staffs.
The ECP Steering Board has oversight of the whole strategy and has reiterated the need for speedy action by each of the workgroups outlined above. In addition it has its own remit:
The ECP aims at driving the first steps towards better public procurement of cloud services in Europe, based on common definitions of requirements and possibly eventually going as far as joint procurement across borders.
This has taken the form of the €10 million CloudforEurope project, which it will formally launch at its next meeting on 14th November. I'll cover the detail of this in a separate post.
Charter for cloud computing
The ECP Steering Board last met in July, when unsurprisingly the NSA PRISM revelations were a major topic of discussions, specifically in terms of their potential impact on cloud computing in Europe. Out of this came a new initiative, as Andreas Tegge, a member of the SAP team at the meeting, explained in a session at last week's EuroCloud Congress:
"In Tallinn it was decided to work on a Charter for cloud computing to address all those issues. The target audience of this document will be political leaders in Europe, like [German Chancellor] Angela Merkel or [French President François] Hollande.
"For that we need to make them understand, why does it matter for Europe? Not everybody understands that cloud computing is probably one of the main drivers for job creation, innovation and economic growth — especially when you think about that the European economy is driven by SMEs who will especially benefit from cloud computing.
"So this document will make this very clear, and at the same time make it also very clear, we are about to lose this train again, like many other innovative areas. We are lagging behind in terms of uptake, and we are about to miss the boat in terms of creating a single market.
"Because all what's happening right now are national initiatives. There is no single market for cloud computing emerging, which we desperately need to realize the scale economies of the cloud."
Taking the case for cloud computing to heads of government raises the political focus on the industry even higher, which can be a two-edged sword. But if change is needed, getting the support of the people in charge is often a good idea.
There are certainly plenty of different strands that need to be pulled in the same direction — not just the cloud strategy co-ordinated by Commissioner for the Digital Agenda Neelie Kroes but also the data protection and sales contract initiatives being handled by Justice Commissioner Viviane Reding; and the proposed NIS Directive on cybersecurity. Having the Council of Ministers onside, as the ultimate decision-making body in Europe, ought to be a sound move.
The question is, what change is going to be prioritized and will it turn out to be helpful for the advance of cloud computing in Europe? A lot hangs on the content of the charter document and the prevailing sentiment in the Steering Group. That November 17th meeting could be a very important one indeed, not just for Europe, but with consequences for the future of cloud computing everywhere.
Disclosure: SAP is a diginomica premium partner. The author is a vice-president of EuroCloud and organizer of the EuroCloud Congress. The views expressed here are his own as a diginomica writer.
Photo credit: © WavebreakmediaMicro - Fotolia.com