DIGITALEUROPE aisbl Rue de la Science, 14 >> B-1000 Brussels [Belgium] T. +32 2 609 53 10 >> F. +32 2 609 53 39 www.digitaleurope.org

>> 1 of 24

15 December 2011

CLOUD COMPUTING

DIGITALEUROPE’S PERSPECTIVE

Contents

Introduction ........................................................................................................................... 2

The Evolution of the Cloud ................................................................................................. 3

1- Cloud Building Block #1: Robust and coherent data protection regime .......................... 8

2- Cloud Building Block #2: Effective cybersecurity ..........................................................10

3- Cloud Building Block #3: Fostering interoperability and data portability in the cloud .....12

4- Cloud Building Block #4: Affordable and ubiquitous broadband ....................................14

5- Cloud Building Block #5: Support for the use of energy efficient cloud ..........................16

6- Cloud Building Block #6: Meaningful investment in e-skills and awareness-raising ......18

7- Cloud Building Block #7: Grow the public sector cloud .................................................19

8- Cloud Building Block #8: New R&D initiatives and incentives .......................................20

9- The Multilateral Dimension ............................................................................................22

10- Conclusion .................................................................................................................23

>> 2 of 24

INTRODUCTION

DIGITALEUROPE is a strong proponent of economic growth as well as social progress in Europe

through the effective use of information and communication technologies (ICT). A current trend in

ICT, cloud computing, represents an evolution that could contribute in many ways to accelerate

economic and social advances. In this paper, DIGITALEUROPE offers its perspective on: cloud

computing and continued ICT evolution; how they support economic growth and the development of

new business and societal benefits; and how these developments to technological and related

business model innovations impact, and are impacted by current policy discussions of importance to

the growth and competitiveness of the European Union.

Converging ICT developments in recent years have multiplied the choices available to users as well as

suppliers of technology, in terms of how and where computing power can be consumed. Even small

enterprises and individual users now have access to supercomputing power to meet any range of

needs. The underlying value of many of these developments lies in the efficiency gains that can be

achieved through ICT, and the ways that those efficiency gains can translate into productivity gains,

cost savings, greater performance and new innovation. There are many potential sources of

efficiency gains through cloud computing, providing many options for users, but the most significant

efficiency gains involve seamless communications involving wide networks and large-scale data

centres often located in different countries. Moreover, increasing optimization of computing

resources has significant implications for energy efficiency and overall environmental impact.

To capture all the potential advantages of cloud computing, a Digital Single Market, and barrier-free

global communications more generally, is becoming more and more important. The Single Market

has been vital to Europe’s prosperity and global competitiveness – fueling dramatic growth in intra-

community trade and creating important opportunities for foreign direct investment. Thanks to the

Single Market, Europe is now the world’s most important trading area with 500 million people

generating a total GDP of over €12,000,000 million in 20101.

But while the Single Market has been a success in the world of traditional physical goods and

services, replicating that market in the digital environment has proven challenging. As economic,

cultural and political activity increasingly moves online, we are confronted with the irony that while

the internet is borderless, much online activity stops at Member State borders.

Reaping these benefits will require that the EU take affirmative and targeted measures to ensure

that Europe is cloud-ready. Specifically, DIGITALEUROPE believes that the foundation of a successful

cloud economy in Europe – and of a seamless market more broadly – rests on eight key building

blocks:

1 See September 2011 International Monetary Fund World Economic Outlook Database, available at

http://www.imf.org/external/pubs/ft/weo/2011/02/weodata/index.aspx.

>> 3 of 24

1. a coherent Single Market regulatory regime – most importantly, with regard to the rules governing the protection of personal data;

2. close collaboration between industry and government to keep data safe in the cloud;

3. support for private sector led efforts fostering greater cloud interoperability and data portability, including a modernised framework for ICT standardisation;

4. an infrastructure that supports the cloud via ubiquitous and affordable broadband;

5. close collaboration with the private sector on developing strategies and measures designed to encourage the use of energy efficient ICT, including cloud computing;

6. EU investment in e-skills training and awareness raising;

7. faster public sector adoption of cloud technologies; and

8. support for new R&D funding initiatives and incentives.

The Evolution of the Cloud

While the ICT industry has always been known for rapid innovation, and in some ways cloud

technologies are not new, many consider cloud computing to be an unusually dramatic leap forward,

even a paradigm shift. Cloud represents an amalgam and evolution of existing technologies taken in

support of new business models and with a greater scope of users and uses. This is the result of a

combination of factors converging at roughly the same time, including: increasing demands for

capacity to handle exponential growth in the volume of data to store and process, continued

advances in computing hardware power and efficiency, increasing sophistication of software able to

consolidate and optimise the utilisation of hardware, availability of large-scale computing resources

offering significant economies of scale, expansion and improving connectivity of devices and

reliability of broadband networks, and, importantly, evolving business models to enable more and

more convenient, economic, and powerful services to customers.

At the most basic level, cloud technologies provide users with access to computing infrastructure,

platforms (operating systems, development environments, etc.), and software applications via a

network (generally the web) – but it is important to recognise that in practice cloud computing

trends are diverse and difficult to summarise. While some view cloud computing as a means to store

data remotely, for others the cloud is a rich source of applications and software that can be installed,

delivered, operated and maintained remotely. And as technology evolves, dynamic new functions

continue to emerge.

Understanding the complexity of cloud computing, and recognising its current and potentially

expanding diversity -- and the diversity of stakeholder interests, from consumers to large enterprises

>> 4 of 24

to small and large cloud providers -- is an essential first step towards an informed dialogue on how

policy can support the growing European cloud ecosystem.

What is cloud computing?

Cloud computing is a short label, but it describes a vast array of business models, technologies

and services. At the simplest level, cloud computing enables IT capabilities to be delivered as

a service to users via the Internet.2 Cloud services are frequently divided into three categories

– “IaaS”, “PaaS” and “SaaS.”, although this should not be taken as a finite categorization.

Infrastructure as a Service (IaaS). These services typically provide users with virtual infrastructure, such as a platform virtualisation environment and ancillary storage and networking functions. Such services can be paid for on an “as used” basis, similar to other utilities such as water or electricity.

Platform as a Service (PaaS). This category of cloud computing sits between IaaS and SaaS. Cloud platforms include not only virtual infrastructure but also cloud application environments (and applications). Users can operate PaaS services to create and operate bespoke applications.

Software as a Service (SaaS). These services offer users access to software programs without the need to locally install and run the software. This reduces the need for each user to have their own high level computing capabilities and often also reduces maintenance costs.

Cloud services normally divide between public and private clouds – the former open to all, and the

latter managed by or specifically for the organizations they serve – or some combination of those

resources. The following diagram distinguishes features of some typical cloud scenarios:

2 NIST has also developed a helpful definition of cloud computing, calling it a “model for enabling ubiquitous,. . .

on-demand network access to a shared pool of configurable computing resources . . . .”See the NIST Definition of Cloud Computing, September 2011, available at http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.

>> 5 of 24

Because of the way cloud services are structured, cloud computing enables convenient and instant

access to a wide range of computing resources (e.g. storage, applications, services and data)

regardless of the user’s geographic location. And because these users can rely on the cloud for as

many or as few computing resources as they need, they can “pick and mix” among offerings Some

enterprises, for example, have migrated entire operations to “public clouds” hosted and maintained

by third party cloud providers, while others are using private clouds (e.g., infrastructure dedicated to

a single organisation or value chain); many organisations are combining aspects of both services in a

“hybrid” cloud, relying on a combination of public and private clouds either to allocate data or

services across those clouds based on need and purpose or to extend resources of dedicated clouds

on an as needed basis.

In addition to providing more broadly available anytime and anywhere access to more flexibly

provisioned computing resources, the cloud offers many other benefits, among them:

Promoting European competitiveness. The cloud creates innovation opportunities for

both providers and users of cloud services in Europe. Because the global cloud market is

young, vibrant and diverse with low barriers to entry, the market offers EU firms the

possibility to become market leaders; already, a number of European companies have

become brand-names in the cloud. At the same time, by giving small and mid-sized

organisations the ability to tap into virtually unlimited processing and storage capacity –

computing power previously available only to the world’s largest companies – the cloud

>> 6 of 24

enables SMEs to build businesses and offer solutions and services that in the past would

have required an up-front investment in ICT well beyond their means. Indeed, the cloud’s

impact on SME growth is potentially dramatic – some predict that cloud computing could

enable the creation or development of up to 400,000 new SMEs across the EU.3

Providing users with choice and cost-savings. Cloud users can flexibly scale computing

usage up and down as dictated by their needs. This elasticity allows users – including

SMEs – to customise their ICT usage in ways never before possible. Cloud computing also

allows enterprises and public authorities to more precisely and effectively manage their

ICT spend by paying only for the computing resources that they consume – reducing

capital expenditures and overspend. Some estimates suggest that widespread adoption of

cloud computing could reduce IT capital expenditure by almost €155 billion in the key

European economies over the next five years.4 And by reducing the fixed costs of IT

investments, cloud computing can lower the cost of creating new businesses, and

therefore boosts the entry into and competition in markets throughout the economy (and

particularly in those sectors where fixed IT spending is important).5

Helping Europe achieve social goals. In addition to driving innovation and economic

competitiveness, cloud computing can also help Europe to achieve important social

objectives. In healthcare, for example, cloud computing has enabled critical collaborations

between doctors and scientists across the globe via shared databases that in a more

efficient and cost effective fashion via software solutions that previously were accessible

only to the largest medical centres; the cloud is also being used to combine patient data

(prescription details, patient history, test results etc.) into comprehensive records that can

be instantly accessed across the patient’s healthcare providers. Public authorities have

enjoyed similar benefits using the cloud to deliver e-government services.

Reducing our energy footprint. Typically every company department, small business or

government ministry maintains servers to store data and run IT services. However, not all

this computing power is needed all the time, meaning that many servers run at 30% or less

capacity whilst still drawing power. Because computing loads are spread across users and

geographies in the cloud, hardware utilisation is improved – reducing energy consumption

by individual servers and data centres alike. One cleantech market intelligence firm

forecasts that the adoption of cloud computing will lead to a 38% reduction in worldwide

3 The Economics of Cloud Computing, F Etro, March 2011, available at:

http://www.intertic.org/Policy%20Papers/JManEc.pdf. 4 The Cloud Dividend: Part One, The economic benefits of cloud computing to business and the wider EMEA economy, Cebr

Report for EMC, December 2010, available at: http://www.redstor.com/downloads/cloud-dividend-report.pdf. 5 The Cloud Dividend: Part Two, The economic benefits of cloud computing to business and the wider EMEA economy, Cebr

Report for EMC, February 2011, available at: http://emea.emc.com/microsites/2011/cloud-dividend/cloud-dividend-report.pdf.

>> 7 of 24

data centre energy expenditures by 2020, compared to a business as usual scenario for

data centre capacity growth.6

Because of its many benefits, over the last five years, cloud computing has been transformed. Large

enterprise based private cloud solutions have evolved – to a broader array of services relied on by a

wider scope of enterprises and the public sector. According to a recent study, 37 percent of

businesses globally are deploying cloud to either remotely host applications or host data while 23

percent of global public sector IT is in the cloud.7 At the same time, consumer usage of the cloud has

also changed from services such as e-mail and social networks to consumers being creators and

distributors of content and applications on new and more far reaching cloud platforms and

infrastructure.

Worryingly, however, user uptake of the cloud in Europe has been slower than in other markets.

Estimates indicate that a smaller proportion of European businesses are using the cloud for remotely

hosted applications (17%) and to host data (19%) than in the U.S. (29% for hosted applications) and

Asia (29% for hosted data).8 And while the U.S. is estimated to have contributed 60 percent of the

$68 billion in global spending on cloud services, Europe spent only $560 million on cloud services that

same year.9

The cloud landscape in Europe may be starting to change, however. Cloud spend in Europe is on the

rise in 2011 and is anticipated to reach €5.9 billion by 201510 – and it’s predicted that cloud

computing could contribute over €760 billion to the major economies of the EU between 2010 and

2015.11 Cloud computing provides innovation opportunities not only for cloud providers and users

but to the wider ICT sector existing around the cloud, such as network providers and device

manufacturers. As an example, the cloud offers Europe’s network providers an opportunity to add

new revenues through partnerships with cloud service providers as they look for ways to enhance

their services, control delivery and ensure quality. Similarly, the increased mobility and functionality

created by the cloud is driving new opportunities and expanded global markets for consumer

electronics manufacturers in Europe. We should recall that some of the greatest benefits of cloud

are not limited to the provision of cloud services, but rather include the benefits of building new

business models and functional services that are supported and facilitated in cloud environments.

Reaping these benefits depends directly on Europe’s ability to tackle the challenges that stand in the

way of cloud deployment in Europe, and on strengthening existing policies and practices that

6 Cloud Computing Energy Efficiency, Pike Research, December 2010, see http://www.pikeresearch.com/newsroom/cloud-

computing-to-reduce-global-data-center-energy-expenditures-by-38-in-2020. 7Adoption, Approaches and Attitudes: The Future of Cloud Computing in the Public and Private Sectors, Red Shift Research,

June 2011, available at: http://www.amd.com/us/Documents/Cloud-Adoption-Approaches-and-Attitudes-Research-Report.pdf. 8 Ibid.

9 Forecast: Public Cloud Services, Worldwide and Regions, Industry Sectors, 2009-2014, Gartner, June 2010, see

http://www.gartner.com/it/page.jsp?id=1389313; and European Cloud Professional Services 2010 and 2011–2015, IDC, June 2011, see http://www.idc.com/getdoc.jsp?containerId=prUK22881811. 10

European Cloud Professional Services, supra n. 7. 11

The Cloud Dividend: Part One, supra n. 2.

>> 8 of 24

currently support the cloud. We set out below the eight building blocks that DIGITALEUROPE

members believe are imperative to drive cloud uptake and usage in Europe and to foster a more

vibrant and robust Digital Single Market.

1- CLOUD BUILDING BLOCK #1: ROBUST AND COHERENT DATA PROTECTION REGIME

Building a Single Market for cloud services requires that the EU look carefully at each of the

regulatory regimes that potentially impact cloud services, and ensure that these regimes do not

unnecessarily impede the development and/or deployment and use of cloud services. Cloud services

are not limited to any geography by definition, but the reality is that regulation is anchored in local,

national and regional law. The greater the harmonization of those regulations across a nation or

region, the easier the deployment of cloud services and the development of new businesses and

business models; this is the promise of the Digital Single Market. Regulatory variation between

nations and regions creates administrative burdens and operational hurdles which may not be tied to

any compelling public policy objectives. Reform and further harmonization of the EU’s data

protection rules must be a priority in the review currently under way.

As both market experience and expert studies have demonstrated, users will not move their data to

the cloud unless they have confidence it will be protected there. Robust data protection rules are

thus essential to cloud uptake. At the same time, it is equally important to put in place a harmonised

regime. The cloud furthers the trend of moving data from local on-site PCs and servers to equipment

that is physically and administratively controlled in numerous jurisdictions. Under the current data

protection regime, companies that are present in a number of EU Member States often find that they

are subject to multiple and sometimes inconsistent data protection rules – including diverging

administrative formalities, different interpretations of fundamental concepts such as “personal data”

and varying approaches to applicable law obligations. This fragmented regime not only unnecessarily

impedes the delivery of cross-border cloud services in the Single Market – it also undermines

consumer confidence. If EU citizens knew that they could expect the same level of data protection in

each Member State, then storing data in other EU Member States would not be such a great

concern.

Reconciling these divergences is critical to achieving a true Digital Single Market where cloud services

can flourish. To quote Commission Vice-President Vivian Reding,

In my mind, the free movement of personal data within the EU is another way to help to

complete the Digital Single Market in Europe. Therefore, the underlying approach ought

to be 'cloud-friendly'. But a 'cloud' without clear and strong data protection is not the

sort of cloud we need. Having clear and 'cloud-friendly' rules can only help ICT

>> 9 of 24

companies - and you know that many of them in Europe are SMEs - to know exactly

what is allowed and what is not.12

Of course, these issues are also critical to global information flows, where harmonization may be

more difficult to achieve due to the variety of legal and cultural factors that must be addressed.

Further work on enabling those data flows and developing globally deployable solutions across

differing data protection regimes is also needed – work that the EU is poised to lead by example,

starting with the reform of the EU’s data protection regime.

To achieve a coherent, robust regime, DIGITALEUROPE recommends that the EU prioritise six areas in

its upcoming review of the European data protection framework:

Keep the framework flexible and technologically neutral. Given the speed of cloud

innovation (and of ICT development more broadly), legislation targeted at certain solutions

or services will quickly become obsolete. To ensure that the EU’s data protection rules are

flexible enough to apply to technologies today and in ten years’ time, the EU’s new

framework should take a technology, platform and business model-neutral approach.

Clarify fundamental elements of the regime including applicable law rules and the role of

data controllers and processors. Because the EU’s current framework gives Member States

significant latitude in implementation, and because the applicable law rules are unclear,

cloud providers operating across the EU have to comply with multiple, divergent national

data protection norms. To resolve this, the framework should implement a home country

principle whereby a company that operates in multiple EU markets would be subject to one

law and one lead data protection authority (DPA), based on the location of the company’s

main establishment which is also usually the location of the contracting entity. In order to

increase harmonisation, lead DPAs should be required to work with their national

counterparts and a system of mutual recognition among DPAs should be established.

Reforms may also be warranted regarding the data controller processor/data controller

distinction. Although the current practice, definition of roles, and distinction between these

roles is largely workable, in certain cases there may be further need for clarification of

roles/definition.13

Reduce administrative burdens. A number of rules in the existing data protection

framework seem only to add administrative burdens on organisations processing data, with

no benefit in terms of improved protection for data subjects. Divergent notification and

prior checking requirements, for example, should be reconsidered and either eliminated

where they only provide administrative burden without commensurate benefit, or

streamlined to create a one stop shop regime for registration in only a single Member State.

12

See http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/686. 13

For further details, see DIGITALEUROPE Position Paper on the European Commission’s Communication on “A comprehensive approach on personal data protection in the European Union”, http://ec.europa.eu/justice/news/consulting_public/0006/contributions/organisations/digitaleurope_en.pdf

>> 10 of 24

Introduce an accountability principle. As data flows become more complex in the cloud,

end-to-end protection of data becomes increasingly important. The best way to achieve that

is not to impose additional prescriptive rules and processes on those handling data,

however. Instead, EU law should provide incentives for organisations to be broadly

accountable for their handling of data, wherever that data travels. Any rules on

accountability should establish clear guidance on what outcomes need to be achieved.

Streamline and simplify international data transfers. Cloud services can be located

anywhere globally and are not restricted to the EU Member States. Indeed, key cloud

computing advantages (such as economies of scale, resiliency, and 24 hour service support)

sometimes require that data be moved outside of the EU’s borders. Therefore a system to

allow data to be moved internationally whilst maintaining a high level of data protection will

also be needed to ensure the development of cloud services. The EU’s current constraints on

transferring data out of the EEA thus can deprive EU cloud users of the full benefits of the

cloud. It is widely accepted that these constraints and the mechanisms to legitimise

international transfers are outdated and impractical. The transfer regime should be

simplified to allow companies to certify their handling of data on a worldwide basis, as long

as adequate safeguards are in place for the fair processing of the data. A privacy governance

model based on accountability could help achieve this.14

2- CLOUD BUILDING BLOCK #2: EFFECTIVE CYBERSECURITY

Many in industry share the view that the cloud can advance security. Because of the scope and

sophistication of their operations, cloud computing providers may in some cases have greater and

better security expertise, management and controls than many enterprises and even government

agencies. Moreover, the need to be responsive to the security demands of their customers provides

a strong incentive for cloud providers to continue to improve their security practices.

At the same time, studies show that users continue to be concerned about the security risks of

moving data from local on-site PCs and servers to equipment that is physically and administratively

controlled by a third party.15 Cybersecurity is thus another cornerstone of cloud success. As cloud

providers continue to innovate and expand, so too must cybersecurity, as new environments and

changing threats emerge. Helpfully, given the scope of the threat, cybersecurity is an issue where

the interests of the ICT sector and the government fundamentally align. Just as the government

wants to accelerate security across the cyber infrastructure, so do cloud innovators.

Our recommendations for improved cybersecurity include:

14

For further detail on DIGITALEUROPE’s recommendations for an improved European data protection framework, see our position paper submitted to the European Commission earlier this year. 15

A recent “Global Cloud Computing Study” surveyed over 1,500 public and private sector organisations across Europe, Asia and the U.S. and concluded that for organisations that have rejected a move to the cloud, the majority (51 %) did so because of security/privacy concerns. Adoption, Approaches and Attitudes, supra n. 5.

>> 11 of 24

Public-private partnerships should be at the centre of efforts to improve cybersecurity.

The fluid nature of the threat landscape, together with the fact that the vast majority of the

infrastructure in cyberspace is in private hands, leads to the conclusion that PPPs are an

essential organisational construct in cybersecurity. Important national cybersecurity PPPs

already exist in many of the EU’s Member States. Care should be taken, however, that a

plethora of different organisations does not spread the resources of the private sector and

government too thinly and render activities less effective. Improved coordination of

European and international activities at the strategic and policy level via the European Public

Private Partnership for Resilience (EP3R) would be welcomed.16 The main focus of this

coordination should be on cross-border incidents, threats and policy frameworks.

The default approach should not be to introduce a regulatory regime but to recognise that

private actors generally are best placed to tackle cybersecurity and have the incentive to

do so. Where government regulations and guidelines have nonetheless been implemented,

they should be technology neutral, targeted, narrow and specific to the element in the entity

that requires concern. This logic applies to the recently adopted provision of the Telecom

Framework in Europe. Articles 13a and 13b of the Telecoms Framework introduced powers

for national regulators to ensure communication providers undertake technical and

organisational measures to manage risk to the security and integrity of their networks as

well as to notify authorities of security breaches having a significant impact on network

operation. While this has been implemented in nine Member States so far, it has yet to be

fully implemented in the remaining eighteen. In implementing these provisions, Member

States and national regulators should avoid a prescriptive approach and recognise the need

for flexibility – with innovation as the lynchpin.

The establishment of a network of well-functioning government/national CERTs and the

EISAS is essential. DIGITALEUROPE applauds the 20 Member States who had established

CERTs by the time the Commission’s 2011 Communication on Critical Information

Infrastructure Protection was published. These CERTs should strengthen ties with industry

CERTs and CERT platforms, such as FIRST and the Industry Consortium for Advancement of

Security on the Internet (ICASI). DIGITALEUROPE also supports the development of a

European Information Sharing and Alert System (EISAS), which requires the implementation

and interoperability of basic services at the national CERT level as a prerequisite. At the

European level, DIGITALEUROPE welcomes the temporary extension of the European

Network and Information Security Agency’s (ENISA) mandate and the proposal of the

European Commission to strengthen ENISA. DIGITALEUROPE calls on the European

Parliament and Council to move quickly to adopt the main aspects of the latter proposal.

16

EP3R objectives and principles are available at http://ec.europa.eu/information_society/policy/nis/docs/ep3r_workshops/3rd_june2010/2010_06_23_ep3r_nonpaper_v_2_0_final.pdf, and information on the most recent workshop on EP3R between ENISA and the European Commission is available at http://ec.europa.eu/information_society/policy/nis/strategy/activities/ciip/impl_activities/ep3r_06_07_2011/index_en.htm.

>> 12 of 24

European policymakers should support education programmes to boost cybersecurity. End

users have long been characterised as “weak links” in security. While it may not be a fair

description of most users, it nonetheless remains true of a significant minority. To address

this, Member States should ensure that public sector employees receive effective

cybersecurity training, and resources should be devoted towards public education campaigns

targeting citizens and small businesses. At the same time, Member States should ensure

that cybersecurity is effectively integrated into all levels of education programmes and

should take advantage of private sector assistance in this regard.

Finally, cybersecurity solutions must be global. The global nature of cybersecurity, and the

global economy for ICT products and solutions, requires that policymakers adopt a

corresponding international approach, whether for law enforcement, incident response or

efforts to protect national security. The EU-U.S. Working Group on Cybersecurity and

Cybercrime includes objectives which seek to work towards such a framework among its

priorities – particularly in relation to cyber incident management and cybercrime. The group

has already yielded a joint EU-U.S. cyber security exercise, which is expected to form a model

for other third countries to look to as they seek to strengthen cybersecurity links with the

EU.17 DIGITALEUROPE also welcomes the endorsement by Presidents Obama, Barroso and

Van Rompuy on 28 November of the 2012 Working Group goals – particularly in confronting

unfair market access barriers, promoting ratification of the Budapest Convention and

establishing appropriate information exchange mechanisms with the private sector.18We

urge the parties involved to involve industry and ensure a transparent process. The market

access goal for the Working Group is an important step in the EU’s cooperation with its

trading partners to avoid fragmentation of ICT markets and the associated decrease in

innovation and economic development. DIGITALEUROPE also encourages the EU to continue

to lead by example by implementing international rather than domestic security standards at

home.

3- CLOUD BUILDING BLOCK #3: FOSTERING INTEROPERABILITY AND DATA PORTABILITY IN THE CLOUD

The ability of consumers to move data between cloud providers has been cited as a major issue to

address in enhancing trust in, and adoption of, cloud services at the consumer level. The ability of

consumers to choose a provider and switch between providers without unreasonable burdens or

limitations is a shared objective. All agree that the portability of data between providers should be

enabled , especially when the service provided is storage of data in the cloud; and work on open and

interoperable technical standards, protocols and interfaces related to such data transfers is being

pursued by cloud providers. Another shared objective, but with greater complexity, is the desire to

minimize switching costs for consumers. Many companies are already working collaboratively in

17

See Enisa press release, 3 November 2011, available at http://www.enisa.europa.eu/media/press-releases/first-joint-eu-us-cyber-security-exercise-conducted-today-3rd-nov.-2011. 18

See http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/EN/foraff/126389.pdf.

>> 13 of 24

standards bodies to develop ways of assuring that technical standards help optimize the continued

utility and accessibility of data across various services.

Similarly, companies are also working to reasonably address some burdens on transfer created by

non-technical barriers such as language, semantic interoperability and usability. That being said, not

all service providers offer the same level of feature and function; some may provide functionalities

that are inseparable from the data to which they relate and/or which implicate third party rights. In

fact, innovation often results in offerings of new and different features and functions as part of

competitive differentiation or as a way to serve specific markets or smaller sectoral needs. Lastly we

must also recognize that some time spent in customization of services to particular needs may not be

able to migrate across services and could present an unavoidable sunk cost in tailoring a service; such

potential costs should be transparent to the customer to enable informed choices. Innovation and

consumer choice remain primary objectives and are critical to the evolution of cloud services.

Apart from these business led efforts to enable portability and enhance interoperability, there is the

need for government leadership to assure that regulatory interoperability, in the sense of

harmonization, within the EU and across regimes is enhanced to better enable data flows with the

Digital Single Market and beyond. It should also be recognized that portability may also be limited

where legal requirements may exist; such as the licensing of services or third party content which

may be limited to the specific service or provider.

With respect to some implementations of cloud computing, technical interoperability itself can be

achieved in various ways – including product engineering and cross-industry collaboration.

Standardisation is the key facilitator of interoperability. Cloud services already rely on a number of

existing technologies that are based on mature global standards (among them TCP/IP, SOAP and

others). Where gaps exist, the global standards community is working hard to adapt existing

standards and develop new ones where appropriate to the cloud business model in question. There

are also efforts underway to take stock of existing and emerging cloud and internet-related

standards around the world, in order to ensure that efforts to develop new cloud standards reflect

the real needs of the market.

This industry leadership is critical in producing innovative global standards that meet market and

consumer needs. As experience demonstrates, the best standards – whether cloud-related or in

other domains – are those that result from a collaborative and voluntary effort by interested industry

stakeholders. But that does not mean that there is no role for the EU in global standards-setting: to

the contrary, the EU has an important role to play in creating an environment that promotes and

supports ICT sector standardisation efforts. Specifically, DIGITALEUROPE recommends:

Updating Europe’s regulatory framework for the development and procurement of

standards-based technologies. The EU’s current framework for ICT standardisation dates

from 1995 – well before the advent of cloud computing and many other technologies.

Modernising this framework is essential to promote cloud interoperability – and equally, to

advance standardisation in other important domains such as e-health, accessibility, security,

>> 14 of 24

e-business, and e-government. We thus encourage the EU to move quickly to adopt the

proposed Regulation on European Standardisation.

The proposal introduces a number of key reforms that will help to strengthen the

standardisation process in Europe and foster the use of global standards across the ICT

sector. Among these reforms, the Regulation will enable public authorities to reference

standards from ICT sector fora and consortia in public procurement. Because of the rapid

pace of technology development, many of today’s most innovative ICT standards are

developed by global standards development organizations. Allowing procuring authorities to

reference these standards will ensure that the technologies they procure – including cloud

technologies – are cutting-edge and market relevant. And by requiring that fora and

consortia standards meet certain “quality” criteria based on the WTO principles for

international standardisation processes, the Commission can also be certain that the

standards selected are widely available and the result of transparent, consensus-based

processes.

Bringing stakeholders together to help shape the EU’s standardisation policy. Because of

the many technical issues involved, the ICT industry can make important contributions to the

EU’s ICT standardisation policy. The Commission’s ICT Steering Committee has already

brought stakeholders together to begin this process. DIGITALEUROPE very much welcomes

the Commission decision to establish a formal multi-stakeholder advisory platform on ICT

Standardization and is looking forward to provide the ICT Industry contribution to the tasks

assigned to the Platform in Article 2 of the decision.

4- CLOUD BUILDING BLOCK #4: AFFORDABLE AND UBIQUITOUS BROADBAND

While the right regulatory framework is essential to promoting the cloud in Europe, regulatory

reform alone is not adequate. Equally critical, Europe must have an infrastructure in place that is

capable of supporting cloud computing – including ubiquitous access to affordable high-speed

broadband. Ubiquitous broadband is also key for other ICT-dependent initiatives, including

telemedicine (e.g. remote monitoring of patients, remote diagnostics etc.), VOIP, smart grid, e-

learning applications and many other online services.

The winners in the digital world of tomorrow will be those with access to next generation networks

(NGN), characterised by the ability to transmit vastly greater volumes at higher speeds, via wireless

transmission, and with lower levels of latency, packet loss, network oversubscription and service

failure. While Europe is well-positioned for NGN leadership, it must move quickly. With a total

population of around 500 million, in December 2010 the EU had less than 4 million subscribers with

access to high-speed, symmetrical fibre-based networks.19 Compared to the US, Korea, Japan, China

19

FTTH/B Panaroma, European Union (36) at December 2010, FTTH Council Europe, February 2011, available at: http://www.ftthcouncil.eu/documents/Reports/Market_Data_December_2010.pdf.

>> 15 of 24

and even Russia, the EU has almost the lowest number of FTTH lines, and estimates indicate that

FTTH adoption in the EU will grow more slowly than in other markets.20

Ultimately, Europe’s goal should be to establish global leadership in ICT infrastructure by 2015 by

delivering close to 100% broadband coverage, giving at least 2 Mbps service to the user, and

including at least 30% fibre-based infrastructure. This obviously will not be easy or inexpensive to

accomplish. The European Commission is proposing to spend over €9 billion between 2014 and 2020

on pan-European projects aimed at expanding EU access to high-speed broadband networks.21 But

the rewards are potentially significant: a 2008 study for the Commission estimated that faster

broadband deployment in Europe could create up one million jobs and growth of up to €850 billion

by 2015.22

The need for Member States to rapidly identify additional spectrum for broadband wireless is

particularly important. Given the current escalation in mobile data volumes, there is a serious

danger that without sufficient fixed and radio network transmission capacity to support increased

traffic demand and increased distributed processing capacity leveraged by the Cloud, many economic

and social benefits of the broadband Information Society – including the cloud -- could be

jeopardised. At the EU level, in the spectrum domain the Radio Spectrum Policy Programme

requests the identification of 1200 MHz for wireless broadband at the latest. Rapid action at the EU

and at Member State level is required to reach this target as soon as possible. Such spectrum should

be released across Europe in a harmonised fashion, and should include a broad range of bands,

including candidate bands above and below 1 GHz. Radio domain developments should be matched

by affordable fixed network capacity development: most uses of networks start in the radio domain

but most of the distance they go is in the fixed domain.

To achieve ubiquitous broadband, DIGITALEUROPE recommends that the EU, among other initiatives:

Establish a high-level EU task force with industry experts to develop a future broadband

infrastructure strategy;

Accelerate EU and Member States’ identification, allocation and assignment of 1200 MHz

of spectrum for wireless broadband by 2015 at the latest per the RSPP objective ;

Continue to encourage appropriate public-sector investment, Public-Private Partnerships

and tax incentive schemes for the roll-out of broadband; and

20

Digital Agenda Scoreboard 2011, the European Commission, available at: http://ec.europa.eu/information_society/digital-agenda/scoreboard/docs/pillar/broadband.pdf. 21

See http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/11/709&format=HTML&aged=0&language=EN&guiLanguage=en 22

The Impact of Broadband on Growth and Productivity, A study on behalf of the European Commission, 2008, available at: http://ec.europa.eu/information_society/eeurope/i2010/docs/benchmarking/broadband_impact_2008.pdf.

>> 16 of 24

Make available spectrum with a global footprint to wireless broadband on a harmonised,

technology and service neutral basis while at the same time introducing greater flexibility

in the management of spectrum.

5- CLOUD BUILDING BLOCK #5: SUPPORT FOR THE USE OF ENERGY EFFICIENT CLOUD

Among its many benefits, cloud computing can help to tackle climate change challenges by

empowering industries, organisations and consumers to reduce their carbon footprints through

lower energy consumption, new business models and decreased material and energy wastage.

In traditional computing scenarios, organisations maintain individual servers to host their data and

run their applications. To manage peak loads, organisations will often have excess computing

capacity – equipment that sits idle much of the time, while still drawing power. And because each

one of these servers, server stacks or small data centres are using energy to run equipment that is

essentially idle, they also need heating and cooling.

By placing these services in the cloud, this energy consumption can be avoided by assigning

computing power where it is needed. Through virtualisation and running servers at higher utilisation

rates, the cloud requires less energy to support a given service, resulting in lower carbon emissions.23

Furthermore efficiencies in software and hardware, creating much greater capacity per consumption

of energy, have helped address some of the heating and cooling requirements of large data centres.

In addition, the self-service and pay-as-you-go nature of cloud computing encourages users to

consume only what they need, encouraging energy and resource efficiencies.24 In one vivid example

of the potential benefits on offer from server consolidation and virtualisation – both cloud-enabled

technologies – the Municipality of Copenhagen recently was able to replace 638 computers with just

38 new servers.25

Beyond the benefits of not having so many servers running all the time cloud offers other benefits.

The simple scalable model of cloud computing would allow the development and easy deployment of

applications that could help tackle environmental challenges. For example, the cloud can assist in

giving commuters access to traffic data in real time so they can choose the shortest route to work. In

short, cloud computing can help ICT reach its full enabling potential. Other ways the cloud can create

new efficiencies include:

23

Carbon Disclosure Project Study 2011 - Cloud Computing - The IT Solution for the 21st Century, Verdantix, 2011, available at: http://www.businessgreen.com/digital_assets/3236/CDP_US_Cloud_Computing_-_FINAL_as_of_7_15_11.pdf. 24

As an example, it is predicted that a typical food and beverage firm transitioning its human resources application from dedicated IT to a public cloud could reduce CO2 emissions by 30,000 metric tons over five years – an amount equivalent to the annual emissions from 5,900 passenger vehicles. See Carbon Disclosure Project Study 2011, supra n. 19. 25

Nordic Council of Ministers, Green Procurement Makes a Difference!, 2009, available at http://www.mim.dk/NR/rdonlyres/47888C72-7152-4D04-8376-66A3D7875D7F/0/COP15_GC_41030_GronUpphandling_UK_3K.pdf.

>> 17 of 24

Offering new efficiencies for business. The cloud helps companies to pool functions and

resources across their business activities. Studies from Imperial Study and Accenture found

that reductions of 30-90% in carbon emissions were achievable for companies that move

their functions to the cloud.26 Additionally, cloud computing is flexible, which allows

companies to purchase and maintain less redundant computing power to hold on-site in

reserve.

Enabling the smart grid and geospatial analysis. Cloud computing is an increasingly

essential part of the real-time data monitoring that forms the backbone of the new energy

smart grid. Smart, cloud-enabled grids will enable the systematic tracking and optimisation

of energy use, which in turn should lead to reductions in energy consumption. Other

examples of real-time data monitoring systems will help citizens to track e.g. air quality and

pollution levels in real time.

Creating new business models. The cloud has already re-written the rules of business in

some industries, producing new opportunities for energy savings. For example, cloud-

powered digital downloads allowed the music industry to reduce C02 emissions by between

40 - 80%.27

To drive these benefits, however, the EU must support the development of appropriate incentives to

encourage the uptake of cloud computing and other energy efficient technologies. Specifically,

DIGITALEUROPE recommends:

Allow the ICT industry space to self-regulate. Although the ICT industry’s C02 footprint could

increase as it builds cloud capacity in data centres across Europe, the greater efficiencies and

utilization models of new data centres, coupled with decommissioning of older data facilities

they are replacing should address many of these concerns. It is clear that this investment will

pay carbon dividends in the longer term by way of the benefits described above. Despite the

growth in emissions, there is currently no need to regulate – the industry is already investing

aggressively to find energy and carbon efficient solutions, as these are ultimately also the

most cost effective strategies.

Strong public sector leadership. Studies increasingly demonstrate the leadership effect that

public sector action can have as a spur for greater private investment. European

governments should consider where adopting cloud solutions could provide needed carbon

reductions and energy efficiencies. Investment in building retro-fits that include smart

energy management systems would also help to encourage private sector progress.

26

See http://buildaroo.com/news/article/cloud-computing-reduces-carbon-emissions/. 27

See Lawrence Berkeley Study, August 2009, The Energy and Climate Change Impacts of Different Music Delivery

Methods, at http://download.intel.com/pressroom/pdf/cdsvsdownloadsrelease.pdf.

>> 18 of 24

Incentives for renewable energy and energy efficiency. The EU should encourage Member

States to adopt new, and deeper, incentives for companies to invest in renewable energy

capacity. Member States should also consider creating new incentives for cities, home

owners and office owners to increase their energy efficiency through feed-in tariffs and

carbon pricing. This in turn will aid private sector efforts to invest in energy efficiency

technologies, including cloud computing. Technologies such as smart grids should be

supported with regional research funding programs.

6- CLOUD BUILDING BLOCK #6: MEANINGFUL INVESTMENT IN E-SKILLS AND AWARENESS-RAISING

Measures to promote cloud and development uptake in Europe will be of little value if Europeans do

not have the e-skills necessary to fully exploit the opportunities that the cloud provides. Importantly,

the Commission has supported initiatives in the e-skills area over the past twenty years of

technological change, and rightly continues to make this a priority as part of the Digital Agenda and

other EU 2020 flagship policies. The Commission’s long-term e-skills agenda and commitment with

industry to run initiatives such as last year’s European e-Skills Week – the first pan-European

awareness raising campaign on e-skills, to be repeated in March 2012 – are to be applauded.

It is clear, however, that more needs to be done. The recent evaluation of the Commission’s 2007

Communication on “e-Skills for the 21st Century” found that 198 million European citizens still do not

have ICT user skills and are some distance away from being digitally literate.28 With an 85 percent

correlation between e-skills and competitiveness, Europe must move rapidly to improve the skills of

its children, teachers, and public administrations.

Europe should set ambitious goals for itself in this area, including halving the digital literacy and

competence gaps and ensuring that all primary and secondary school students receive training

regarding safe use of the internet. All adults of working age should have access to e-skills training.

DIGITALEUROPE set out several recommendations in our Vision 2020 White Paper29 to meet these

goals, including:

Quick wins, such as Member State awareness campaigns – run by public private

partnerships – which highlight the career opportunities available to those studying maths,

science or technology. Such campaigns should also highlight the EU e-skills shortages, expand

the range of activities and reach of the first EU e-skills Week into a multi-year programme.

28

Final Report on the Evaluation of the Implementation of the European Commission's Communication on e-Skills for the 21st Century, October 2010, available at: http://ec.europa.eu/enterprise/sectors/ict/files/reports/eskills21_final_report_en.pdf. 29

DIGITALEUROPE's Vision 2020 White Paper, available at: http://www.digitaleurope.org/index.php?id=1179.

>> 19 of 24

Mid-term measures, such as launching an initiative to use EU structural funds to improve

ICT training. This training should focus on core areas such as cloud computing, trust and

security.

In parallel to measures aimed at strengthening Europeans’ ICT skills, DIGITALEUROPE also encourages

the EU to help raise awareness about the potential benefits offered by cloud computing. Awareness-

raising efforts could include workshops and training seminars involving training institutes, SME

associations, ICT industry representatives and other relevant stakeholders. The establishment of an

EU stakeholder platform under the EU Competitiveness and Innovation Platform may also be

warranted.

DIGITALEUROPE also recommends that the Commission create a European Cloud Observatory to

provide SMEs with relevant resources and to publicize cloud services offered by European SMEs. This

could take the form of a website offering exposure for cloud services created by European SMEs in

order to increase awareness of these contributors to the knowledge economy and the types of

solutions they provide; case studies about usage of cloud services, illustrating benefits to SME users

as well as European SME suppliers; and a list of cloud services, their application and certificates.

7- CLOUD BUILDING BLOCK #7: GROW THE PUBLIC SECTOR CLOUD

The public sector stands to gain significantly from the adoption of new cloud technologies, and the

shift promises to create significant returns for government agencies in particular. One study

estimated that government agencies could save up to 25-50% per year through a shift of key

applications to the cloud.30 Other projects have documented additional areas where the public

sector can use and benefit from adopting cloud technologies.31 Among other benefits, cloud

solutions offer the potential for scalable virtualisation of big hardware infrastructures, which can

help governments rationalise the rising costs of ever-growing data centres. Cloud technologies also

offer new opportunities for the development of innovative cross-border government services.

Importantly, the Commission has recently launched a pilot named “Towards a Cloud of Public

Services” within the Competitiveness and Innovation Programme (CIP ICT PSP). Despite these and

other EU and national initiatives, however, uptake of cloud computing in the public sector remains

sluggish. Complicating matters, cloud initiatives across the Member States are not fully aligned at

the EU level. IT procurement budgets are often not optimised to enable an easy leap to cloud

technologies, and concerns over data portability, liability and security continue to inhibit public

sector adoption. Because of the scale of public sector IT procurement – governments are the largest

IT purchasers in Europe – the slow speed of public migration to the cloud is also hindering growth in

the private sector. Faster public sector adoption of cloud technologies would help the cloud build

scale in Europe. 30

See Brookings Institute report, May 2011, p. 15 at http://www.brookings.edu/~/media/Files/events/2011/0525_gti/20110525_growth_innovation_competetiveness.pdf. 31

Many of these areas are documented in a recent paper from the Fraunhofer Institute for Open Communication Systems. See http://www.interoperability-center.com/c/document_library/get_file?uuid=9176f0fa-1ea2-4771-b8e0-a3f9c685199f&groupId=12725.

>> 20 of 24

The EU would benefit directly from accelerated adoption of cloud technologies by the public sector,

and from a unified framework aimed at helping government agencies navigate challenges that are

specific to public sector cloud migration. To achieve this goal, DIGITALEUROPE recommends that the

EU:

Push cloud policy to the highest level of the EU’s agenda. EU cloud computing policy should

grow from the Digital Agenda and the upcoming EU Cloud Strategy to encompass a full

spectrum of EU activities. In particular, the EU’s eGovernment Strategy should embrace

cloud computing as a crucial element of the eGovernment Action Plan; cloud computing

should also be addressed at the eGovernment Ministerial Conferences, and other relevant

platforms. Ideally, this dialogue would lead to the adoption by Member States of firm

targets for public sector cloud adoption and a road map to achieving those goals.

Build pan-European resources for public agencies. Regular meetings of government officials

could contribute to the construction of an online portal to share best practices for public

cloud computing. The portal could focus on issues that most concern governments, such as

data portability, liability and security requirements, and could be supplemented by a “living”

online public cloud procurement guide for public sector agencies. In effect, the documents

could act as cloud adoption FAQs and instruction manuals for governments.32 These

resources could also be integrated with the European Cloud Observatory proposed by

DIGITALEUROPE. The resource framework could also periodically grant an award to

recognise and encourage innovative public sector cloud projects.

European public procurement should work with global standards. There is no need to

develop independent standards for cloud computing for the European public sector that

could fragment the market on a state-by-state or regional basis. Instead, DIGITALEUROPE

recommends that the EU and Member States be transparent about their interoperability

requirements and then adopt and support global standards for cloud computing wherever

possible.

Invest in the public sector cloud. Public sector cloud computing should be highlighted in the

next multi-annual financial framework (2014-2020), and in particular within the Connecting

Europe Facility Program.

8- CLOUD BUILDING BLOCK #8: NEW R&D INITIATIVES AND INCENTIVES

ICT has contributed half of the productivity gain in Europe in recent years.33 This growth has

benefitted from focused R&D investment by the EU (albeit investment that lags behind some of the

32

The procurement guide could be similar to the recently launched Cloud Buyer’s Guide, launched by the Cloud2 Commission in the United States. 33

See http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52005PC0119(01):EN:HTML.

>> 21 of 24

EU’s trading partners34). Continued growth will depend not only on robust funding for R&D,

however, but also on a thoughtful, targeted R&D strategy for Europe. A simplified program for

research and innovation that pours more resources into fewer sectors will achieve critical mass faster

and will better support new models of industrial growth. This approach should also strengthen

European competitiveness on the world stage.

The cloud is an ideal candidate for concentrated research efforts. As a key “enabler” of other future

technologies – such as the fast-growing “Internet of Things” – the cloud will become an increasingly

important factor in sector-wide ICT research going forwards, both as a tool for researchers and as the

basis of new next-generation technologies. To establish and maintain a leadership position in the ICT

industry, and the economy more generally, Europe thus must continue to invest in the development

of cloud technologies. While DIGITALEUROPE supports Europe’s objective of increasing research &

development expenditures to 3% of total European GDP by 2020, this action alone is not enough. To

assure Europe’s success, DIGITALEUROPE recommends that the EU take immediate action to:

Plan for cloud– (and industry–) friendly research. Industry ultimately will design, build and

operate the vast majority of cloud systems and services. By making the EU project design

process transparent and open, the EU can establish research partnerships with industry at an

early stage. This in turn will help to create more relevant projects designed from the

bottom-up to enhance cloud adoption across Europe.

Simplify the universe of EU research projects and prioritise the cloud. As a guiding

principle, the EU’s network of research programs should be simplified, with the greatest

emphasis placed on sectors of particular promise. At the same time, a holistic approach to

research and innovation can also help to reduce complexity and to facilitate a quick

introduction to market of new technologies. Combined with a more transparent and more

industry-friendly process, this will help speed new developments in cloud technologies to

market.

Focus on partnerships with corporate investors in the cloud. The EIF has the potential to

kick-start a new generation of cloud-enabled SMEs. To grow Europe’s local cloud-enabled

economy, the EIF should stand ready to provide flexible and robust financing, alongside

industry investors, to support and nurture entrepreneurial new European cloud-based SMEs.

Innovation partnerships are also an important building block for new technologies and pilot

projects.

Target cloud research funding. Public research funds should target key technical challenges

in cloud design, including how best to scale cloud management systems, how to maintain

cohesion of so-called ‘federated’ management schemes (involving the collaboration of

34

While the U.S. invests 29% of its total research on ICT, Europe spends only 17% – a gap that translates into over €50 billion less investment in European ICT research annually. See Digital Agenda, Research and Innovation Pillar, at http://ec.europa.eu/information_society/newsroom/cf/fiche-dae.cfm?action_id=208&pillar_id=47&action=Action%2050%3A%20Generate%20more%20private%20investment%20for%20ICT%20research.

35 See http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/11/199.

>> 22 of 24

multiple cloud infrastructures) and how to ensure the robustness of cloud applications and

APIs. These areas are critical to the future of a diverse, vibrant and flexible European cloud

ecosystem.

9- THE MULTILATERAL DIMENSION

We have outlined above the pillars that DIGITALEUROPE members believe serve as the foundation

for a strong cloud economy in Europe. But as we said at the outset, one of the hallmarks of the cloud

is its ability to transcend national and even regional borders. The global nature of cloud computing

means that solutions to cloud challenges cannot be limited to Europe, but must also be negotiated

on the international stage with third country partners. While there are many areas where

international dialogue would be welcomed, we urge the EU to play a leadership role in relation to

two issues where global collaboration is particularly needed:

Jurisdiction and clarifying rules governing law enforcement access to data stored in the

cloud. While clouds can be located on-premises or contained within geographic

boundaries, cloud computing can often involve the storage and processing of data in

multiple markets in and also outside of Europe. The resulting international data flows can

raise complex questions about which country has jurisdiction over data in the cloud, and

whose laws apply to it. As a result, cloud service providers sometimes face conflicting

obligations – for example, a request to turn data over to law enforcement in one country

may violate rules in the country of storage prohibiting disclosure. Although it is

understandable that law enforcement agencies often are keen to obtain access to data in

the cloud that may help tackle online crime as well as threats to public safety and national

security, more transparency is needed about the circumstances under which they can

obtain such access. This is important not only for due process, but also to ensure that

customers do not lose confidence in the security of their data being hosted in the EU and

choose to host their data in another jurisdiction. Internationally-agreed norms on

jurisdiction and increased harmonisation of criminal procedural laws are needed to resolve

these challenges.

Countries should also commit to a moratorium on adopting and/or implementing

policies that address actual or potential trade barriers to the evolution of cloud

computing, and should assess existing trade rules and update them where needed. For

example, sometimes when a cloud provider tries to enter a foreign market, the

government in that country may stipulate as a condition of market access that the

provider locate some of its cloud servers within its jurisdiction. Such mandates severely

hinder European cloud providers’ abilities to grow, as well as create unnecessary

duplications and undermine energy efficiencies that the cloud model can offer. Measures

to prevent such location requirements should be considered at the multilateral trade

agreement level.

>> 23 of 24

The EU should take a lead role in seeking to build international consensus around these and other

cloud-related issues. There also, for example, is a need for bilateral and/or multilateral international

agreements on minimum protection levels for the privacy and security of transferred data.

DIGITALEUROPE strongly supports international efforts towards global privacy norms based on

market led approaches and industry based standards. And ongoing work with non-EU countries to

develop interoperable requirements that facilitate information flows with appropriate security and

privacy protection should continue.

Continuing the bilateral dialogue with the U.S. (and with industry from both markets) is an important

first step toward cloud-related international agreements. Opening new dialogues and collaborations

with other active countries (and their industry) in cloud computing around the world, notably in Asia,

is also very important. Such initial involvement will facilitate to build the basis of any international

agreements. Ideally, the EU/U.S. bilateral dialogue can be expanded to a dialogue including major

active countries in Asia and countries becoming active in Latin America and Africa to form the basis

of enhanced regulatory interoperability and multilateral guidance informed by multi-stakeholder

consultation – potentially under the aegis of the G8, G20, OECD, APEC or another organisation.

10- CONCLUSION

Cloud technologies hold out the promise of enormous future benefits for Europe, and early-adopter

European enterprises and governments have already demonstrated some of the gains that can be

made. To situate Europe as a world-leading cloud economy, the EU should act decisively to

implement the recommendations of DIGITALEUROPE. The opportunities created by the cloud are

real, and it is within the hands of the EU to help achieve them. In the words of Digital Agenda

Commissioner Neelie Kroes,

“I look forward to the day when the cloud puts many more thousands of our SMEs on the

European and world stage. When the cloud makes the single market real for them, to its

full extent. I look forward to the day when the cloud helps governments stay “in the

black.” And I cannot wait to show off the green implications of this work, as we struggle

to take better care of our fragile planet.”35

DIGITALEUROPE shares these goals for the cloud and we look forward to working with the EU to

achieve them.

35

See http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/11/199.

>> 24 of 24

ABOUT DIGITALEUROPE

DIGITALEUROPE is the voice of the European digital economy including information and

communication technologies and consumer electronics. DIGITALEUROPE is dedicated to

improving the business environment for the European digital technology industry and to

promoting our sector’s contribution to economic growth and social progress in the European

Union.

DIGITALEUROPE ensures industry participation in the development and implementation of

EU policies. DIGITALEUROPE’s members include 62 global corporations and 37 national

trade associations from across Europe. In total, 10,000 companies employing two million

citizens and generating €1 trillion in revenues. Our website provides further information on

our recent news and activities: http://www.digitaleurope.org

THE MEMBERSHIP OF DIGITALEUROPE

COMPANY MEMBERS:

Acer, Alcatel-Lucent, AMD, APC by Schneider Electric, Apple, Bang & Olufsen, BenQ

Europa BV, Bose, Brother, Buffalo, Canon, Cassidian, Cisco, Dassault Systems, Dell, Epson,

Ericsson, Fujitsu, Hitachi, HP, Huawei, IBM, Ingram Micro, Intel, JVC, Kenwood, Kodak,

Konica Minolta, Lexmark, LG, Loewe, Microsoft, Mitsubishi, Motorola Mobility, Motorola

Solutions, NEC, Nokia, Nokia Siemens Networks, Océ, Oki, Optoma, Oracle, Panasonic,

Philips, Pioneer, Qualcomm, Research In Motion, Ricoh, Samsung, Sanyo, SAP, Sharp,

Siemens, SMART Technologies, Sony, Sony Ericsson, Technicolor, Texas Instruments, The

Swatch Group R&D Ltd, Toshiba, Xerox, ZTE.

NATIONAL TRADE ASSOCIATIONS:

Austria: FEEI; Belgium: AGORIA; Bulgaria: BAIT; Cyprus: CITEA; Czech Republic: ASE;

Denmark: DI ITEK, IT-BRANCHEN; Estonia: ITL; Finland: FFTI; France: SIMAVELEC;

Germany: BITKOM, ZVEI; Greece: SEPE; Hungary: IVSZ; Ireland: ICT IRELAND; Italy:

ANITEC; Lithuania: INFOBALT; Netherlands: ICT OFFICE, FIAR; Poland: KIGEIT, PIIT;

Portugal: AGEFE, APDC; Romania: APDETIC; Slovakia: ITAS; Slovenia: GZS; Spain:

AMETIC, Sweden: IT&Telekomföretagen; United Kingdom: INTELLECT Belarus:

INFOPARK; Norway: ABELIA, IKT NORGE; Switzerland: SWICO; Turkey: ECID, TESID,

TÜBISAD; Ukraine: IT UKRAINE