NASSCOM recently submitted its comments on the Telecom Regulatory Authority of India (TRAI)’s Consultation Paper on Cloud Services dated 23 October, 2019 (CP).
TRAI had conducted a similar initiative in 2016, through the issuance of a Consultation Paper on Cloud Computing on 10th June 2016 (“2016 CP”). NASSCOM, in its’ responses to the 2016 CP had at that time suggested a ‘light touch’ approach for regulating the sector, subject to a detailed evaluation of ascertaining the need for any regulations in the first place and emphasising upon the need for harmonisation with other existing legislative and regulatory enactments applicable to the cloud services industry. TRAI’s 2016 CP echoed the suggestion of a ‘light touch’ regulatory framework. However, what could be an appropriate ‘light touch’ regulation for the Cloud Service Providers (“CSP”) was not defined.
Today, nearly four years later, we believe that the regulatory regime has evolved and is geared to provide the appropriate level of regulation. We have explained this in detail in the subsequent paras. The Indian cloud computing market is currently valued at USD 2.2 billion and is expected to grow at 30% p.a. to USD 7.1. billion by 2022. This in itself should serve to indicate that the current regulatory framework has been beneficial. This combined with the lack of any visible market failures should provide confidence that the current regime is reasonably balanced.
NASSCOM recommends that CSPs in India should not be subject to regulation by the Department of Telecommunications (“”DoT”) or the TRAI, directly or indirectly. Any regulation will in turn only hurt the Indian government’s flagship ‘Digital India’ programme, and the goal of creating a USD 1 trillion digital economy by 2025.
The key submissions made in NASSCOM’s feedback on the CP in this regard have been summarised below:
- The current CP proposed additional regulation, over and above the current regime. It indicates that the DoT would likely exercise regulatory control over CSPs indirectly through the industry bodies. For example, the CP proposes that the registered industry body and its CSP members ‘may’ be required to comply with the orders/directions issued by the DoT or TRAI in the future, while also being subject to requests to furnish information.
- At the same time, The CP does not specify the nature or scope of the potential order/directions that the TRAI/ DoT may issue, thus leaving the industry apprehensive of open-ended regulations. Moreover, the CP does not provide any justification for the proposed additional regulation as it acknowledges that there are no material instances which point to a market failure. We believe that timing of any additional regulation has an important impact on the growth potential of industry and its market structure. It should not be too early, and it should not be too late. At this stage, we believe that it would be too early to contemplate additional regulation, more so, of the kind being proposed.
- Cloud services are inherently global in nature and the government should create an enabling regulatory framework. The government should avoid unnecessary regulatory strictures. Instead, it should foster promotion of innovation and entrepreneurship. Additional regulation, of the kind being proposed in the CP, is likely to result in regulatory overlap with many other existing laws. TRAI should also note that the proposed draft Personal Data Protection Bill, 2018 (“PDP Bill”) is likely to provide a comprehensive regulation on data and the same would apply to the CSPs. Since the 2016 CP, additional regulations have only increased the regulatory oversight on the CSPs. It appears that this has not been adequately considered in the present CP.
- Further, the proposed regulation of CSPs, even if we set aside the view that such a regulation is not required, is likely to be unworkable. The market for industry association is based on the value that the association delivers to the industry. Any statutory based association is likely to harm the voluntary market for associations. This is more so if only one such association is promoted by the government. Moreover, industry associations adopt code of conduct on a voluntary basis. A government supervised code of conduct is likely to change the basic voluntary characteristic of associations.
- Further, if multiple associations are permitted to assume this role, it might result in industry association shopping by the CSPs and some associations being captured by a set of CSPs. Such a scenario is likely to undermine the objective behind any additional regulation and may lead to unintended outcomes i.e. abuse of the association platform.
- Lastly, we find that TRAI CP on CSP overlaps with the regulatory scope of Ministry of Electronics and Information Technology (“MeitY”). We recommend that TRAI or DOT should not plan to regulate the CSPs. If it all any additional regulation is required, it should be left to MeitY to consider and propose.
The NASSCOM’s full submissions have been attached.