Promoting Cloud Computing

The Commission is pushing for EU-wide technical standards for cloud computing; EU-wide common rules for intellectual property, data portability, data protection and privacy in the cloud computing context; and a certification scheme for cloud computing providers to go along with all of this.

The aim is to boost the uptake of cloud computing in Europe.

Cloud computing it the storage, processing and use of data on remotely located servers accessed via the Internet. It provides almost unlimited storage space without a capital-intensive need for individual in-house ICT infrastructure. The servers are maintained by providers specialised in this area, rather than by the organisations who own and process the data.

Although cloud-computing is far more cost-efficient and can be more environmentally friendly than each organisation owning and maintaining its own server, its uptake is slowed by concerns over security, data portability, privacy-related legal issues, and technical standards, with many of these concerns exacerbated by the many national legal systems that apply in Europe.

The Commission’s Communication “Unleashing the Potential of Cloud Computing in Europe” is intended to outline a path towards addressing these concerns, so that Europe can reap the benefits of cloud computing fully.

Key Actions to Boost Confidence in the Cloud:

The Communication outlines three main areas of action:

1. Setting up the necessary standards

The European Telecommunications Standards Institute (ETSI) has established a Cloud Group to evaluate cloud standardisation requirements and conformity with interoperability standards.

The Commission will:
• Task ETSI to identify by 2013 a detailed map of necessary standards;
• Enhance trust in cloud computing services
• Cooperate with other bodies  to develop EU-wide voluntary certification scheme
• Address the environmental challenges

2. Contract Terms and Conditions

Current flexibility of cloud computing is often counterbalanced by contract terms and conditions uncertainties. Although these obstacles are addressed by the Common European Sales Law, more action is needed. Simpler, clearer and fairer consumer rights need to be adopted as well.

The proposed Regulation on Data protection covers the international transactions of data outside the EU. In this respect, the Commission will by the end of 2013:
• Develop model terms for cloud computing service level agreements for contracts;
•  Propose contract terms and conditions under the Common European Sales Law;
• Identify safe and fair contract terms and conditions for consumers and small firms;
• Facilitate Europe’s participation in global growth of cloud computing;
• Work on code of conduct for cloud computing providers.

3. European Cloud Partnership

The Commission is to set up a European Cloud Partnership (ECP) to provide an umbrella for comparable initiatives at national level. The ECP does not constitute a physical cloud infrastructure, but a blueprint for European clouds.

The ECP will work to:
• Identify public sector cloud requirements, develop specifications for ICT procurement and procure reference implementations
• Advance towards joint procurement of cloud computing services by public bodies and other necessary actions

Digital Single Market

The strategy also identifies key areas of action and the potential benefits of exploiting cloud computing. It also outlines future steps and key actions in the context of the Digital Single Market (DSM), and proposes further supporting measures and international dialogue on cloud computing.

As cloud computing is still at early development stage compared to the internet, the strategy aims to enable and facilitate the adoption of cloud computing in all sectors of the economy. The aim is to cut IT costs and boost productivity, growth and job creation. The strategy also addresses the legal framework the legal clarity of contract terms and conditions and the legal aspects of data protection.

The aim of the strategy is not to build a physical ‘European Super-Cloud’ as such, but to provide publicly available cloud offerings that meet European standards.

The strategy sets out to:
• Tackle fragmentation of the DSM due to divergent national legal frameworks and uncertainties over applicable law
• Address problems with contracts related to data access and portability, change control and ownership of the data
• Streamline and simplify standardisation and certification requirements for cloud computing

Digital Agenda Actions

The strategy also outlines key issues in the context of the Digital Agenda:
• In order for cloud computing to work efficiently, the content needs to be accessible from any device anywhere. Issues of cross-border intellectual property rights (IPR) as well as private copying and the applicability of levies must therefore be tackled.
• Standards for safe and reliable access to cloud computing and internet transactions need to be developed as a prerequisite of proper functioning of cloud computing, namely e-Authentication and e-Authorisation. 
• Data protection, clarity on international data transfers and contract law are among the major issues to be tackled in order to secure confidence for cloud computing.

Stimulation measures

The Strategy also foresees an engagement of its other existing or planned instruments in support of building cloud computing (e. g. Horizon 2020, Digital Service Infrastructures under Connecting Europe Facility etc.). The Commission will also promote e-skills and digital entrepreneurship.

International dialogue

Due to cloud computing’s cross-border nature the Strategy outlines the framework for an international dialogue and for partnerships for both legal aspects and adoption-supporting measures. These are oriented towards: 
• Drive for take-up by public bodies
• Promotion of technological developments and standardisation 
• Coordination on legal and technical issues

Next Steps

The Commission will in the coming months address general cyber security challenges in its Strategy for Cyber Security. Further, it will evaluate progress on the proposed actions in this strategy by the end of 2013 and propose further steps if needed.