We must prevent cloud cartels.

Tl;dr

The Telecommunications Authority of India (TRAI) invited comments up until December 4, 2019 on a consultation paper that suggested a framework for the registration of industry bodies for cloud services providers. IFF sent our submission which primarily questioned the mandate of the TRAI in creating such a framework; it then points out the concern of cloud cartelisation that would result out of regulation suggested and finally, the broader issue of self-regulation that appears to coat the essence of the paper.

The TRAI has no Jurisdication,

Cloud service providers ('CSPs') provide information technology services which are largely supervised by the Ministry of Electronics and Information Technology under the Information Technology Act, 2000. As these services use the telecom infrastructure which is regulated by the Indian Telegraph Act, 1885 and the Indian Telegraph Rules, 1951, the TRAI appears to use this to draw within its ambit the regulation of cloud services as well. However, our submissions emphasize on the distinction between the two and clearly state that any regulation should fall with the authority of MEITY to which the TRAI should not be able to frame binding directions.

Should not be allowed to create Cloud Cartels,

Having set out the authority, we looked closely at the suggestions put forth by the consultation paper; it indicates that cloud service providers should be regulated through not-for-profit industry bodies. This is a cause of concern as it involves registration requirements and even numerous conditions of which one specifies that only cloud service providers above a certain threshold are permitted to become a member. There is even a suggestion that the creation of industry bodies be based on the categories of cloud service providers.

Why is this a bad thing? The entire process of the creation of industry bodies for cloud service providers effectively brings to the fore the real possibility of cartelisation and its resulting anti-competitive effects. Our submission points out that the inclusion of entry and recurring fees which may be based on financial turnover will not only make it far more easier for large service providers to obtain better control over the market but will automatically exclude smaller providers from the same industry circles (especially those that financially constrained).

If you observe further, the paper also tends to only cater to industry bodies and the CSPs it includes, without considering its impact on the Indian consumer.

Or self-regulate

The established industry bodies have been recommended to curate a Code of Conduct that will aid in laying down mandatory standards and guidelines that CSPs will be required to adhere to. The essence of this code of conduct looks a lot like a self-regulatory mechanism. Irrespective of industry sector, our thoughts on self-regulation remain consistent; there is lack of legal form that binds any requirements put forth and the additional lack of formal oversight continues to be one of the major drawbacks.

While these major initial submissions were made, we informed that aspects such as data, cyber-security and consumer safeguards continue to remain concerns that require regulation by legal frameworks and cannot be goverened through self-regulation.

Important Documents

  1. Comments on the TRAI's Consultation Paper on Cloud Services (link)