The first-ever report to track year-over-year change in the international policy landscape for cloud computing shows that cloud readiness is improving, if unevenly.
Cloud Computing Policy Environment
Japan has a comprehensive suite of modern laws that support and facilitate the digital economy and cloud computing.
Japan ratified the Convention on Cybercrime in 2012, setting a positive example for other countries.
Japan also has comprehensive privacy legislation in place, as well as intellectual property laws that cover the full range of protections relevant to cloud computing.
Japan is very active in the development of international standards.
Broadband penetration in Japan is already very high. The government has committed to ensuring that by 2015, all households will have very high-speed fiber broadband connections.
Overall, Japan’s score increases slightly in the 2013 Scorecard, and the country easily retains its top ranking in the overall rankings.
Australia is keen to promote cloud computing through the development and reform of relevant laws, regulations, and standards. For example, Australia has a strong commitment to international cooperation, free trade, and interoperability. Key laws are based on international models, and Australia is an active participant in the development of international standards.
Australia has up-to-date cybercrime laws and ratified the Convention on Cybercrime in late 2012. Australia also has comprehensive electronic signature and electronic commerce laws in place. In 2012 Australia passed further improvements to its existing privacy legislation, including stronger powers for the regulator.
Intellectual property laws in Australia provide a comprehensive and balanced layer of protection for cloud computing services and the digital economy. However, some uncertainty remains regarding ISP liability for copyright breaches that occur when subscribers participate in peer-to-peer sharing of copyrighted material.
In 2012 Australia dropped a long-term proposal for mandatory Internet content filtering that may have acted as a barrier for innovation in the digital economy.
Australian ICT infrastructure is reasonably well developed, and significant progress has been made in the rollout of a National Broadband Network that will provide further capacity to facilitate the digital economy.
Overall, Australia’s scorecard results remained fairly stable in the 2013 report. Improvements in the country’s security and cybercrime laws settings were offset by a small reduction in ICT infrastructure, and the country remained in 2nd place in the Scorecard rankings.
The United States has comprehensive and up-to-date laws in place for e-commerce, electronic signatures, and cybercrime. The US has signed and implemented the Convention on Cybercrime and plays a leading role in the investigation of global cybercrime.
Although no general privacy laws are in place, the US still had a busy year in 2012 in relation to privacy protection. A new Consumer Privacy Bill of Rights was published, and work has begun on its potential implementation through enforceable codes of conduct. The key regulator, the Federal Trade Commission, also had a very active year enforcing existing sectoral rules.
The US approach to interoperability improved in 2012 with new standards developed for cloud services by the National Institute of Standards and Technology.
Intellectual property protection in the United States remans mixed. The US has signed all of the relevant international agreements, and a strong enforcement culture is in place. However, multiple conflicting court decisions leave considerable legal uncertainty about what constitutes an online copyright breach.
The United States is an active participant in international standards development processes and an advocate of free trade and harmonization. Some very limited domestic preferences remain in place for government procurement opportunities.
The United States has high levels of Internet use, but access to fast broadband remains patchy. The US has the 4th highest number of FttX connections and it has (by a considerable margin) the largest number of active mobile broadband connections.
Overall, the United States improved its ranking by one spot to 3rd in the 2013 Scorecard through a combination of positive policy developments and improved ICT infrastructure.
Germany has comprehensive cybercrime legislation and up-to-date intellectual property protection in place. The combination of these laws provides reasonable protection for cloud computing services in Germany. However, there is some continuing uncertainty about whether Web-hosting businesses and access providers are liable under the Civil Code for copyright breaches that occur on their systems.
Germany also has modern electronic commerce and electronic signature laws in place. Like most European countries, Germany has comprehensive privacy legislation, but it includes onerous registration requirements that may act as a cost barrier for the use of cloud computing. In addition, Germany has 17 data protection authorities, which leads to uncertainty in the application of the law.
Germany has a strong commitment to international standards and interoperability.
Germany is making good progress on extending broadband access to the population.
Germany’s score improved by one-tenth of a point in the 2013 Scorecard, and the country slipped one spot in the rankings, from 3rd to 4th.
Singapore has an ambitious program of cyberlaw development and has some of the most modern digital economy laws in the region. For example, the Electronic Transactions Act 2010 implements the UN Convention on Electronic Contracting, which Singapore has ratified.
Singapore also has up-to-date cybercrime laws and intellectual property laws.
In 2012 Singapore passed comprehensive privacy law. The new law is an excellent example of providing a balanced approach between protecting personal information and facilitating innovation in cloud computing and the digital economy.
Singapore has some minor Internet censorship in place but generally promotes innovative business practices that are free from tariffs and government intervention.
Singapore has excellent ICT infrastructure in place and is developing a national network to bring high-speed fiber to the home.
Singapore’s score jumps by more than six points, and its ranking improved five places — to 5th — in the 2013 Scorecard based on its new privacy law and continued improvements in ICT infrastructure.
France provides strong protection for cloud services, through a combination of comprehensive cybercrime legislation and up-to-date copyright protection. Enforcement of some key provisions remains a concern. France also has up-to-date electronic signature and electronic commerce laws in place.
Comprehensive privacy laws exist, though French privacy legislation includes onerous and cumbersome registration requirements that appear unnecessary.
France is making good progress toward its national broadband targets and is one of the best performers in the study in relation to ICT infrastructure.
France's results did not change significantly between the 2012 and 2013 Scorecards, but the country’s ranking slipped one place to 6th.
The United Kingdom has a comprehensive set of cyberlaws in place. Data protection laws are particularly strong, with regular enforcement including large fines. However, businesses are required to register their data sets with the regulator, which seems to be an unnecessary burden on business and may act as a barrier to some cloud services.
The UK is free from Internet censorship and filtering, and up-to-date laws are in place for e-commerce and electronic signatures.
The UK is a signatory to the Convention on Cybercrime but has been criticized for not yet implementing one of its key provisions.
Advanced intellectual property laws are in place and are regularly enforced, although there is still a gap in relation to the exact role of ISPs in copyright enforcement.
The UK already has high rates of Internet use and broadband penetration, and it plans to increase the availability of super-fast broadband to 90% of the population by 2015.
Overall, the United Kingdom’s results do not change significantly in the 2013 Scorecard, but the country’s ranking slips slightly from a tie for 6th place to 7th.
Korea has a strong commitment to the promotion of the digital economy, and its laws and standards are generally based on international models.
Korea’s modern, comprehensive privacy laws and strong intellectual property laws facilitate the development and use of cloud computing services. However, cybercrime law does not cover the full range of relevant issues.
Korea is an active proponent of free trade and interoperability and is a member of the WTO Agreement on Government Procurement.
In 2012 Korea began discussions on the development of new, specific laws and regulations for cloud service providers. The early draft of the proposed rules appeared quite onerous for businesses, by including new registration and reporting requirements along with prescriptive security measures.
However, in November 2012 the Korean Communications Commission announced that it had listened to the concerns of cloud service providers and would work on revising the proposal.
Korea has a very high level of broadband penetration.
Overall, Korea’s results have not changed significantly, and in the 2013 Scorecard, the country’s ranking holds steady at 8th.
Canada is a world leader in ICT adoption and innovation and has played a leading role in the development of international standards. It has a strong commitment to free trade and interoperability.
Canada also has very strong privacy and e-commerce laws, although no modern cybercrime laws are in place.
In 2012 Canada finally passed new copyright laws (at the fourth attempt). These laws provide appropriate protection for online material and will allow Canada to ratify the WIPO Copyright Treaty. This development is the major change between the 2012 and 2013 reports in Canada.
Although Canada does not have a cohesive and funded National Broadband Plan in place, the existing level of broadband penetration is quite high and the country continues to improve broadband access in regional areas.
Canada’s updated IP laws and improved infrastructure helped improve its ranking by three spots — to 9th place in the 2013 Scorecard.
Italy has strong cybercrime laws and strict privacy laws in place. Like many EU countries, Italy's privacy law includes onerous registration requirements that appear unnecessary.
Italy’s copyright law also provides adequate protection for cloud computing services, although some uncertainty remains in relation to the enforcement of copyright breaches in practice. Unfortunately, the long anticipated regulations on ISP liability in Italy were dropped in 2012, and this has had a small negative impact on Italy’s score in the 2013 report.
Italy has modern electronic signature laws and electronic commerce laws, and Italy is committed to international standards and interoperability.
One risk in Italy is that limited Internet censorship is in place, including mandatory ISP-level filtering for certain content.
Italy has a moderate level of broadband penetration, and the “Italia Digitale” Plan aims to further bridge the digital divide.
Italy is one of just three countries whose overall score fell in the 2013 Scorecard, and the country’s ranking slipped four spots — from 6th to 10th.
Spain has comprehensive privacy legislation in place, although it relies heavily on a data registration process that could act as a barrier for cloud computing services.
Spain has up-to-date cybercrime legislation and has ratified the Convention on Cybercrime. Spain also has comprehensive electronic commerce and electronic signature legislation, and ISPs are free from any Internet filtering or censorship.
Some minor gaps exist in intellectual property protection, especially regarding ISP liability.
Spain is a very active participant in international forums and supports international standards development and interoperability.
Spain is one of just three countries whose score falls in the 2013 Scorecard (by just two-tenths of a point), and the country falls two spots in the rankings — to 11th.
- Download Country Report and Scorecard for Poland (English)
- Download Country Report and Scorecard for Poland (Polish)
- Press Release (Polish)
Poland has up-to-date laws in place for privacy, electronic signatures, electronic commerce, and cybercrime. These laws provide a good platform for promoting confidence in cloud computing and the digital economy.
Poland also has one of the most comprehensive regimes for the protection of intellectual property, including specific rules for ISP liability. However, some gaps still exist in enforcement, and Poland has recognized that intellectual property enforcement requires greater skills and resources.
Poland promotes innovation and interoperability and has non-discriminatory policies in place for government procurement.
Broadband penetration remains slightly below the European average, but there are signs of improvement.
Small increases in Poland’s privacy and infrastructure scores were not enough to keep pace with changes in other countries, and Poland slips from 11th to 12th in the 2013 Scorecard rankings.
Malaysia has modern electronic signature laws and electronic commerce laws, and it introduced new privacy laws in 2010 (which came into force on January 1, 2013). These measures provide a strong level of protection for the digital economy and cloud computing in Malaysia.
In 2012, Malaysia updated and strengthened its copyright laws in accordance with international standards and signed the WIPO Copyright Treaty. This significant development resulted in a large increase of Malaysia’s score in the 2013 scorecard.
Malaysia has a moderate level of broadband penetration. It has committed to a target of providing 75 percent of households with access to high-speed broadband by 2015.
Malaysia made the biggest jump in the Scorecard scale — picking up more than 10 points for its policy and infrastructure improvements. Malaysia’s overall ranking remains unchanged at 13th, but with its increased score the country crosses the sharp divide between advanced economies and countries that continue to develop their cloud policy frameworks.
- Download Country Report and Scorecard for Russia
- Download Country Report and Scorecard for Russia (Russian)
- Press Release (Russian)
Russia has a patchwork of laws that apply to the digital economy and cloud computing, and these laws contain significant gaps and limitations. For example, its laws on privacy and cybercrime do not follow recognized international standards.
In 2012 Russia introduced new Internet filtering and censorship regulations that are likely to act as a significant barrier to cloud computing. Russia also mandates the use of certain products and software in government procurement opportunities.
However, in a major positive development, Russia joined the WTO in 2012 and began the process of updating its copyright laws to align with international best practice. Russia also removed tariffs that were acting as trade barriers for cloud service providers.
Broadband penetration in Russia continues to increase steadily.
Overall, Russia’s score increases significantly in the 2013 Scorecard. The negative impact of the new censorship regime was outweighed by the positive impact of the copyright and trade developments, and the country’s ranking improved by two spots — from 16th to 14th.
- Download Country Report and Scorecard for Mexico
- Download the Global Scorecard (Spanish)
- Press Release (Spanish)
Mexico has implemented many relevant cyberlaws, including privacy legislation, rules on data breach notification, and up-to-date cybercrime legislation.
Intellectual property laws in Mexico generally meet international standards, but enforcement action is rare and the bar is set very high for prosecution. Considerable improvement is required to gain confidence in intellectual property protection in Mexico.\
Mexico is also one of the few countries in the study group that retains domestic preferences in government ICT procurement opportunities.
Internet use and broadband penetration remain very low in Mexico, and the country continues to face challenges in delivering a modern ICT infrastructure that can facilitate cloud computing.
Overall, Mexico’s results did not change significantly in the 2013 Scorecard, and the country’s rank slipped one spot to 15th.
- Download Country Report and Scorecard for Argentina
- Download the Global Scorecard (Spanish)
- Press Release (Spanish)
Argentina is committed to developing a strong ICT industry and updating its laws to facilitate cloud computing. Effective laws on cybercrime, electronic signatures, and data protection are already in place, although the implementation and enforcement of data protection regulation are limited.
However, Argentina’s laws on intellectual property have not kept pace with modern technology. There is no direct coverage of important issues such as the unauthorized “making available” of copyright material online. Argentina also has a poor track record of enforcing copyright laws, with lengthy court delays and few prosecutions. Some gaps also exist in the important areas of standards development and technology-neutral and non-discriminatory government procurement of ICT.
There were no major changes in Argentina’s results between the 2012 and the 2013 reports.
Argentina’s national broadband plan, “Argentina Conectada,” aims to ensure that all Argentinians have access to high-speed Internet. One goal is for more than 10 million homes to have broadband access by 2015, and Argentina is making good progress toward that goal.
Overall, the improvements in Argentina’s cybercrime laws and infrastructure statistics helped it move up one spot in the rankings to 16th.
India is an important regional economy, with a strong interest in ICT services development. The law in India has not entirely kept pace with developments in cloud computing, and some gaps exist in key areas of protection; notably, India has not yet implemented effective privacy legislation.
India’s cybercrime legislation also requires updating to conform to international models. Some laws and standards in India are not technology neutral (e.g., electronic signatures), and these may be a barrier to interoperability.
However, in 2012, India finally updated its copyright laws to cover modern copyright issues such as rights management information and technical protection measures. India is now expected to ratify the WIPO Copyright Treaty. This makes a significant positive impact on India’s score in the 2013 report.
The development of India’s technology sectors remains challenging, with low levels of broadband and personal computer penetration.
Overall, India’s ranking in the 2013 Scorecard improved by two spots — from 19th to 17th — based on its updated intellectual property laws and enhancements to its infrastructure.
Turkey continues to have some gaps in its coverage of basic cyberlaws. For example, there is currently no data protection law in Turkey.
Turkey also has rules on Internet content regulation in place that may act as a barrier to cloud services. The enforcement of cybercrime laws remains weak, and there is some concern that the penalties imposed for Internet crimes are not an effective deterrent.
Intellectual property protection in Turkey is reasonably up to date, but enforcement is patchy.
Turkey is making progress toward integration with the European and international communities, but some domestic preferences are still in place for government procurement opportunities.
The government has an ambitious target of providing fast broadband to 95% of households by 2020. However, Turkey faces significant challenges in reaching this goal.
Turkey made minor improvements to its infrastructure score in the 2013 Scorecard, but its policy environment remains largely unchanged. Its ranking falls one spot — to 18th.
China has a strong interest in ICT innovation and development. However, these goals are hindered by poor enforcement of intellectual property rights and the continued promotion of indigenous innovation policies that discriminate against foreign technology companies.
China has signed the UN Convention on Electronic Contracting and has applied to accede to the WTO Agreement on Government Procurement. China has also enacted strong cybercrime laws and greatly improved intellectual property laws, and while enforcement deficiencies remain significant they are also gradually improving.
In 2012, China introduced the first elements of a national level privacy regulation. This Guideline is new and has not yet been fully implemented, but it may help improve trust and confidence in cloud computing and the digital economy in China.
The extensive regulation of Internet content, including mandatory Internet filtering and censorship, remains a key issue in China. A foreign company also has to enter into a joint venture with a Chinese domestic partner to be eligible to apply for an Internet Content Provider license in order to provide cloud services in China.
China has made significant progress with respect to broadband coverage and in June 2012 adopted an ambitious national broadband plan to meet the predicted 800 million internet users there will be in China in 2015.
Overall China's results improved between the 2012 report and the 2013 report, thanks to improvements in privacy regulation and continued progress in ICT infrastructure.
South Africa has some useful laws in place for cybercrime and electronic commerce but is in danger of falling behind international best practice in other key areas.
South Africa does not yet have privacy legislation in place. Draft legislation was supposed to be considered in 2012, but it has been delayed. Some limited Internet filtering and censorship also occurs, which may inhibit development of the digital economy.
South Africa has only very basic copyright laws, which are not aligned with current international best practice, and the country has not signed the WIPO Copyright Treaty.
Another potential barrier in South Africa is the existence of a complex system of domestic preferences in government procurement opportunities.
South Africa has low levels of broadband penetration and continues to face ICT infrastructure challenges.
Minor improvements in South Africa’s infrastructure were not accompanied by any policy changes, and the country falls two spots in the 2013 Scorecard rankings to 20th.
Indonesia continues to update and reform laws and regulations in the ICT sector, and the result is not always positive for cloud computing. In 2012 Indonesia introduced a new regulation to complement its existing electronic commerce laws. The new regulation is positive in some areas, such as the introduction of strengthened privacy rules. However, in other areas the regulation introduces significant barriers for cloud service providers. It includes provisions requiring providers to register their services with a central authority and rules that will force some providers to establish local data centers and hire local staff.
Copyright law in Indonesia is now closely aligned with international models. However, some concerns remain regarding resources for investigating and enforcing copyright protections. The law remains uncertain regarding the exact role and liability of ISPs in relation to copyright breaches.
Indonesia has not yet developed effective laws and policies regarding interoperability, free trade, and government procurement.
Broadband penetration rates in Indonesia remain low, although the government continues to work to increase “meaningful” broadband penetration.
Overall, Indonesia’s results dropped slightly in the 2013 Scorecard, as the positive developments in privacy law were outweighed by negative results in relation to free trade. The country’s ranking fell one spot from 20th to 21st.
Note: Indonesia’s infrastructure score was adjusted by -0.75 in the 2013 Scorecard due to a calculation correction from the 2012 Scorecard.
- Download Country Report and Scorecard for Brazil
- Download the Global Scorecard (Portuguese)
- Press Release (Portuguese)
Brazil is a fast-growing economy that recognizes the importance of ICT and the digital economy. However, some gaps in law and regulation have acted as barriers to ICT innovation in Brazil.
For example, no privacy legislation is in place, and Brazil has some gaps in intellectual property protection. Brazil has not signed the WIPO Copyright Treaty and has not updated its copyright laws to cover new technology. Online piracy in Brazil is widespread, and prosecutions are rare. Significant court delays add to the problems facing copyright holders in Brazil.
Brazil finally passed modern cybercrime legislation in 2012, and this has had a very positive impact on its score in the 2013 report.
Brazil continues to make good progress in the implementation of its National Broadband Plan — Programa Nacional de Banda Larga (PNBL) — and its broadband penetration remains the highest in South America.
Based on the changes to its cybercrime and IP laws and improved infrastructure, Brazil moved up two spots to 22nd in the 2013 Scorecard rankings.
Thailand’s laws and policies in relation to cloud computing and the digital economy are patchy, with strengths in some areas and significant gaps and weaknesses in others.
Thailand has implemented comprehensive cybercrime legislation, which helps to enhance confidence in ICT. Thailand also has good laws in place for electronic commerce and electronic signatures.
However, Thailand has no privacy laws in place, and this is a major weakness.
Thailand’s intellectual property laws also require significant updating and expansion, as they do not currently cover rights management information, technical protection measures, or anti-circumvention.
Additional risks in Thailand include mandatory Internet censorship (some of which is clearly political in nature) and filtering and some technology mandates.
Overall, Thailand’s results have not changed significantly between the 2012 and 2013 Scorecards but the country’s ranking has slipped one spot to 23rd.
Vietnam continues to develop relevant cyberlaws that will enhance confidence in the digital economy and facilitate cloud computing. However, gaps still exist in key areas.
Modern laws are in place for electronic commerce, electronic signatures, and intellectual property. However, only very limited laws are in place for cybercrime and privacy, and these would require significant expansion to align Vietnam with international models.
An additional risk is that Vietnam has not yet developed appropriate laws and policies on interoperability and government procurement. However, of greater concern is that Vietnam is in the process of erecting some trade barriers may hamper the development of cloud computing and the digital economy, including a Draft Decree on IT Services and a Draft Decree on the anagement, Provision and Use of Internet Services and Information on the Network. These decress may require cloud service providers to establish a presence and locate servers in Vietnam, as well as other onerous registration and licensing requirements.
Broadband penetration in Vietnam remains low, although there has been very strong growth in a number of key infrastructure indicators.
Overall, Vietnam's results have not changed significantly in the 2013 Scorecard, but the country's ranking has slipped one spot — to 24th.