Cloud computing and regulation: Following the eye of the storm
Out of the rapid growth of cloud computing technologies, we are starting to see a shift in how the law and regulation keep up. A major question mark looming over the sector is its lack of standardized guidance. Cloud computing is not governed by a specific “cloud law,” and no direct regulation applies to its services. Instead, the legal and regulatory landscape is made up of a matrix of different rules, as wide as the scope of the technology itself, spanning multiple industries and geographies.
Given this breadth, there has been a gradual shift from legislative solutions to industry standardization as a means of closing the gap between regulation and the eye of the technological innovation storm.
Whilst there is no direct legislation, some UK regulators, most notably in the financial services sector, have in recent years published guidance on the use of cloud technologies. This guidance focuses on how the technology can be used in compliance with existing regulatory rules, and whilst it has not set out a step-by-step process for deploying cloud technologies in compliance with regulatory requirements, it has shown that the regulators consider that there is no fundamental reason why firms cannot use cloud services in a regulatory compliant manner.
However, a key barrier preventing the widescale adoption of cloud solutions in heavily regulated sectors remains: there is a lack of certainty as to exactly what standards would likely be acceptable to regulators. The key, it would seem, is standardization.