“Given the relatively early stage of cloud computing development we strongly caution against taking an overtly regulated approach to structuring the cloud computing industry in India,” said Amazon Web Services, one of the largest cloud service providers in the world. “At this stage of the sector’s development in India, we believe that a heavy-handed regulatory approach will likely inhibit growth,” it said in response to a consultation paper issued by sector regulator Telecom Regulatory Authority of India, or Trai.
As many as 37 stakeholders responded to the Trai paper and recommended a host of initiatives, including letting market forces decide migration between clouds of different companies, letting companies voluntarily adopt cyber security standards in line with evolving online threats, and developing more robust privacy and data protection rules.
“In a competitive operating environment, market forces should be allowed to address interoperability, data portability, migration, etc.,” said software services industry body National Association for Software and Services Companies (Nasscom).Read more ↓
This view was also shared by Internet and Mobile Association of India (IAMAI) and Cellular Operators Association of India (COAI).
The consultation paper, which Trai put out on June 10, covers a broad spectrum of issues, including defining policies for cloud computing, systems and processes for information governance framework in cloud from the perspectives of lawful interception, more so if it is hosted in a different country, and also whether cloud service providers should be licensed.
“There is no need to bring laws to govern cloud service providers as various laws like Information Technology Act and Companies Act 1956 are applicable to cloud service providers and also customers of cloud service, which require various disclosures, filing and record keeping obligations to be fulfilled,” IAMAI said on the question of roles and responsibilities for security of end users and cloud service providers (CSPs).
On the question of data localisation —making it mandatory for multinationals to set up local servers in India — some divergent views emerged in the submissions made public by Trai.
Reliance Jio, the new pure-play 4G telecom service provider, said, “Given the prominence to the national security, Reliance Jio strongly advocates setting up of data centres within the country and it becomes relevant while hosting government data.”
However, most submissions — including those from the US India Business Council, BSA the Software Alliance, AT&T and Vodafone — opposed ‘data localisation’. “Requirement for data localisation can impede effective service delivery as well as increasing costs and altering investment incentives. The economic consequences of this can be significant,” the UK-based Vodafone said.
Addressing Trai’s question on cross-border lawful interception in a cloud environment, Software Freedom Law Centre said that while lawful interception provisions exist in the IT Act, “mutual legal assistance treaties (MLATs) with specific provisions on the procurement of lawfully intercepted data from overseas cloud service providers could be a more sustainable solution” for companies based outside India.