TRAI (Telecom Regulatory Authority of India) has released its recommendations for cloud providers in the country.
Light touch regulatory approach may be adopted to regulate cloud services.
DOT (Department of Telecommunications) may prescribe a framework for registration of CSPs industry body. The terms and condition of registration of Industry body, Eligibility, entry fee, period of registration, and governance structure etc. would be recommended by TRAI once the recommendations are accepted by the Government in principle.
All Cloud service providers above a threshold value notified by the Government from time to time in previous financial year have to become member of one of the registered Industry body for cloud services and accept the code of conduct (CoC) prescribed by such body.
The threshold may be based on either volume of business, revenue, number of customers, etc. or combination of all these. Industry body, not for profit, may charge fee from its members, which is fair, reasonable and non-discriminatory. Industry body for Cloud Services would prescribe the code of conduct of their functioning.
No restrictions on number of such industry bodies may be imposed to ensure that there is freedom in functioning of such industry body and such body should not become monopoly of few big entities.
DoT may issue directions, from time to time, to such industry body as and when needed to perform certain function and procedures to be followed.
DoT may also withdraw or cancel registration of industry body, in case it finds the instances of breach or non-compliance of the directions/ orders issued by it, from time to time or non adherence to code of practices notified by it.
DoT may keep close watch on the functioning of industry body and investigate functioning of the body to ensure transparency and fair treatment to all its members.
A Cloud Service Advisory Group (CSAG) to be created to function as oversight body to periodically review the progress of Cloud services and suggest the Government actions required to be taken. This Advisory Group may consist of representatives of state IT departments, MSME associations, consumer advocacy groups, industry experts and Representatives of Law Enforcement agencies.
The Government may consider to enact, an overarching and comprehensive data protection law covering all sectors.
This data protection framework may incorporate the following:
# Adequate protection to sensitive personal information
# Adopt globally accepted data protection principles as reiterated by Planning Commission’s Report of Group of Experts on Privacy 2012
# Provisions governing the cross-border transfer of data
# Interoperability and Portability
No regulatory intervention is necessary for interoperability and portability in Cloud services at this stage, these aspects may be left to the market forces. for the time being. However, industry body should be tasked to promote interoperability in Cloud Services industry.
The industry body for Cloud Services should be mandated to incorporate a disclosure mechanism that promotes transparency regarding interoperability standards followed by the CSPs.
Telecommunications Standards Development Society, India (TSDSI) may be tasked with the development of Cloud Services interoperability standards in India.
To address the issue of access to data, hosted by CSPs in different jurisdictions, by law enforcement agencies:
Robust MLATs should be drawn up with jurisdictions where CSPs usually host their services, enabling access to data by law enforcement agencies
Existing MLATs should be amended to include provisions for lawful interception or access to data on the cloud.
There is no need to undertake cost benefit analysis of cloud services at this stage as the progress made so far clearly demonstrate the benefit of its use.
Incentives for conceptualisation and implementation of cloud based services in India, especially in government networks
Government of India’s should continue its policy to promote cloud services through cloud infrastructure projects, such as GI Cloud Meghraj, NIC CC and National eGov App Store.
There is no need to give any additional incentive to large customers and CSPs at this stage. Ministry of MSME may continue to promote adoption of ICT in this sector, including the subsidies as being done at present.
