The Business Software Alliance (BSA) Global Cloud Computing Scorecard, released March 7, 2013, indicates that the legal frameworks for cloud computing are improving, but inconsistently and with some worrying trends. The study tracks year-over-year changes in the global cloud policy landscape. It assesses the relevant laws and regulations of 24 countries that together account for 80 percent of the global information and communications technology market, focussing on topics such as data portability, cybercrime, and information technology infrastructure.

This year’s study highlights an increasing number of countries adopting international norms aimed at building user trust while enabling innovation. Singapore was commended for having adopted the best of each of the Asia-Pacific Economic Cooperation and the European Union policies. However, many of the world’s biggest IT markets fell in the ranking, including each of the six EU countries covered by the study. The UK fell from sixth to seventh place, partly because of the requirement for businesses to register their data processing with a regulator, which was seen as an unnecessary burden, and the result of the UK’s failure to implement the Convention on Cybercrime in its entirety.

A number of countries were criticised, including South Korea, Indonesia, and Vietnam, for taking steps to effectively disconnect themselves from cloud computing by drafting legislation that would impose unnecessary formalities on cloud providers or by requiring them to establish national data centres. The BSA expressed concern that “governments are starting to chop up the cloud”, pointing out that if international service providers are blocked out of local markets, the economies of scale and efficiency, which cloud seeks to achieve, will be undermined. Protectionist policies should be shunned in favour of legal and regulatory frameworks that encourage innovation, and that can deliver benefits by ensuring confidence in the cloud through secure infrastructure, strong cybersecurity and respect of international data protection laws.