BSA Cloud Report


The first-of-its-kind BSA Global Cloud Computing Scorecard ranks 24 countries based on seven policy categories that measure the countries’ preparedness to support the growth of cloud computing. Together, these countries account for 80 percent of the global ICT market.

The Scorecard aims to provide a platform for discussion between policymakers and providers of cloud offerings, with a view toward developing an internationally harmonized regime of laws and regulations relevant to cloud computing. It is a tool that can help policymakers conduct a constructive self-evaluation, and determine the next steps that need to be taken to help advance the growth of global cloud computing.


Download the Global Scorecard

Country Ranking

The scorecard finds a sharp divide between advanced economies and the developing world when it comes to cloud readiness.

Cloud Computing Policy Environment

  1. 1Japan




    Japan has a comprehensive suite of modern laws that support and facilitate the digital economy and cloud computing.

    It is particularly noteworthy that Japan has signed the Convention on Cybercrime — it was one of the first non- European countries to do so and has set an example for other countries. Japan updated its cybercrime legislation in 2011 and intends to ratify the Convention on Cybercrime soon.

    Japan also has comprehensive privacy legislation in place, as well as intellectual property laws that cover the full range of protections relevant to cloud computing.

    Japan is very active in the development of international standards.

    Broadband penetration in Japan is already very high. The government has committed to ensuring that by 2015, all households will have very high-speed fiber broadband connections.  

  2. 2Australia




    Australia does not have specific regulations in place for cloud computing today, though the government has been keen to include consideration of cloud computing issues in the development and reform of relevant laws, regulations and standards. For example, Australia has a strong commitment to international cooperation, free trade and interoperability. Key laws are based on international models, and Australia is an active participant in the development of international standards.

    Australia has up-to-date cybercrime laws and is considering signing the Convention on Cybercrime. Australia also has comprehensive electronic signature, electronic commerce and privacy laws in place and is considering further updates and reforms to keep pace with technology developments and international initiatives such as the UN Convention on Electronic Contracting.

    Intellectual property laws in Australia provide a comprehensive and balanced layer of protection for cloud computing services and the digital economy. However, some uncertainty remains regarding ISP liability for copyright breaches that occur when subscribers participate in peer-to-peer sharing of copyrighted material. This issue is the subject of litigation that is expected to be determined by the High Court in early 2012.

    One risk in Australia is that a proposal for mandatory Internet content filtering may act as a barrier for innovation in the digital economy. Key parts of this proposal are being reviewed by the Australian Law Reform Commission.

    Australian ICT infrastructure is reasonably well developed, and work has begun on the development of a National Broadband Network that will provide further capacity to facilitate the digital economy.

  3. 3Germany




    Germany has comprehensive cybercrime legislation and up-to-date intellectual property protection in place. The combination of these laws provides reasonable protection for cloud computing services in Germany. Both of these laws are scheduled to be reviewed soon.

    However, there is some continuing uncertainty about whether web-hosting businesses and access providers are liable under the Civil Code for copyright breaches that occur on their systems.

    Germany also has modern electronic commerce and electronic signature laws in place. Like most European countries, Germany has comprehensive privacy legislation, but it includes onerous registration requirements that may act as a cost barrier for the use of cloud computing. In addition, Germany has 17 Data Protection Authorities, which leads to uncertainty in the application of the law.

    Germany has a strong commitment to international standards and interoperability, which has improved with recent policy revisions.

    In 2009 Germany released the Breitbandstrategie der Bundesregierung (Broadband Strategy of the Federal Government), which committed to extending download speeds of 50 Mbps to 75% of households by 2015.  

  4. 4US




    The United States has comprehensive and up-to-date laws in place for e-commerce, electronic signatures and cybercrime. The US has signed and implemented the Convention on Cybercrime and plays a leading role in the investigation of global cybercrime.

    The United States has an unusual approach to privacy protection, with a strong focus on enforcing the terms of individual privacy policies by relying on basic consumer protection laws. However, no general privacy laws are in place, and the majority of US companies are not covered by the few sectoral privacy laws that exist (e.g., for health data). Data breach notification requirements first developed in the United State, and they are common — if conflicting — at the state level. These inconsistencies in the state requirements can be a burden for businesses in the event of a breach. Intellectual property protection in the United States is mixed. The United States has signed all of the relevant international agreements, and a strong enforcement culture is in place. However, multiple conflicting court decisions leave considerable legal uncertainty about what constitutes an online copyright breach.

     The United States is an active participant in international standards development processes and an advocate of free trade and harmonization. Some very limited domestic preferences remain in place for government procurement opportunities.

    The United States has high levels of Internet use, but access to fast broadband remains patchy.

  5. 5France




    France provides strong protection for cloud services, through a combination of comprehensive cybercrime legislation and up-to-date copyright protection. Recently enacted provisions clarify the liability for ISPs for copyright infringing material on their systems or shared by their subscribers, although enforcement of these provisions remains weak. France also has up-to-date electronic signature and electronic commerce laws in place.

    Comprehensive privacy laws exist, though French privacy legislation includes onerous and cumbersome registration requirements that appear unnecessary.

    France has a number of aspirational broadband targets as well as policy and regulatory initiatives and an approach to provide seed funding to programs that will deliver these targets through infrastructure-based competition. There does not appear to be a cohesive and funded National Broadband Plan.

    Digital France 2012 was announced in March 2008 with a stated target that by 2012, the entire population should have access to broadband. France has also begun consultations on broadband speed targets for 2020.  

  6. 6Italy




    Italy has strong cybercrime laws and strict privacy laws in place. Like many EU countries, Italy’s privacy law includes onerous registration requirements that appear unnecessary.

    Italy’s copyright law also provides adequate protection for cloud computing services, although some uncertainty remains in relation to the enforcement of copyright breaches in practice.

    Italy has a modern electronic signature law, though difficulties with implementation. It also has modern electronic commerce laws, and Italy is committed to international standards and interoperability.

    One risk in Italy is that limited Internet censorship is in place, including mandatory ISP level filtering for certain content.

    Italy has a moderate level of broadband penetration, and the “Italia Digitale” Plan aims to further bridge the digital divide.  

  7. 7United Kingdom




    The UK has a fairly comprehensive set of cyberlaws in place. Data protection laws are particularly strong, with regular enforcement including large fines. However, businesses are required to register their data sets with the regulator, which seems to be an unnecessary burden on business and may act as a barrier to some cloud services.

    The UK is free from Internet censorship and filtering, and up-to-date laws are in place for e-commerce and electronic signatures.

    The UK is a signatory to the Convention on Cybercrime but has been criticized for not yet implementing one of its key provisions.

    Advanced intellectual property laws are in place and are regularly enforced. Attempts have been made to clarify the role of ISPs in copyright enforcement, but this is still the subject of current debate.

    The UK already has high rates of Internet use and broadband penetration, and it plans to increase the availability of super-fast broadband to 90% of the population by 2015.

    For public sector use of ICT, the UK G-Cloud Strategy is the most fully elaborated cloud policy in Europe and adopts a “public cloud first” approach for public procurement.

  8. 8Korea




    Korea has a strong commitment to the promotion of the digital economy, and its laws and standards are generally based on international models.

    Korea's intellectual property laws are particularly strong, which facilitates the development and use of cloud computing services.

    However, cybercrime law does not cover the full range of relevant issues.

    In 2011 Korea replaced its patchwork of privacy protection with modern, comprehensive privacy legislation, and this will facilitate the adoption of cloud computing services in the country.

    Korea is an active proponent of free trade and interoperability and is a member of the WTO Agreement on Government Procurement.

    Korea has a very high level of broadband penetration and has plans in place to increase broadband speed and quality in 2012.  

  9. 9Spain




    Spain has comprehensive privacy legislation in place, although it relies heavily on a data registration process that could act as a barrier for cloud computing services.

    Spain has up-to-date cybercrime legislation and has ratified the Convention on Cybercrime. Spain also has comprehensive electronic commerce and electronic signature legislation, and ISPs are free from any Internet filtering or censorship.

    Some gaps exist in intellectual property protection, especially regarding ISP liability. These gaps are partly the result of tension between privacy rights and intellectual property rights, and further work is required to ensure that this issue does not become a barrier to cloud computing services.

    Spain is a very active participant in international forums and supports international standards development and interoperability.

    Excellent ICT infrastructure is in place, and broadband penetration in Spain is growing quickly.

  10. 10Singapore




    Singapore has an ambitious program of cyberlaw development and has some of the most modern digital economy laws in the region. For example, the Electronic Transactions Act 2010 implements the UN Convention on Electronic Contracting, which Singapore has ratified.

    Singapore also has up-to-date cybercrime laws and intellectual property laws. One unexpected gap is that there is no privacy law in Singapore, and therefore no protection for personal information in cloud computing and the digital economy.

    However, Singapore recently published a public consultation paper on a proposed privacy law and appears to be making progress toward filling this gap.

    Singapore has some minor Internet censorship in place but generally promotes innovative business practices that are free from tariffs and government intervention.

    Singapore has excellent ICT infrastructure in place and is developing a national high-speed fiber to the home network.

  11. 11Poland




    Poland has up-to-date laws in place for privacy, electronic signatures, electronic commerce and cybercrime. These laws combine to provide a good platform for promoting confidence in cloud computing and the digital economy.

    Poland also has one of the most comprehensive regimes for the protection of intellectual property and updated its laws in 2008 to deal specifically with ISP liability. However, some gaps still exist in enforcement, and Poland has recognized intellectual property enforcement requires greater skills and resources.

    Poland promotes innovation and interoperability and has non-discriminatory policies in place for government procurement.

    ICT infrastructure and access to broadband are still fairly limited, considering Poland's progress in other areas. Poland does not currently have a comprehensive strategy in place for delivering improvements in broadband access; significant improvements will be required to take full advantage of Poland's position in Europe and its up-to-date laws and regulations. Despite the progress in recent years (partially as an effect of the investment of EU funds) broadband penetration remains below the European average. The access in large metropolitan areas is relatively good, but in most of the countryside access is much more limited.

  12. 12Canada




    Canada is a world leader in ICT adoption and innovation and has played a leading role in the development of international standards. It has a strong commitment to free trade and interoperability.

    Canada also has very strong privacy and e-commerce laws in place. Surprisingly, Canada has two major gaps in its ICT laws and regulations. No modern cybercrime laws are in place, nor have copyright laws been updated to provide appropriate protection for online material. Canada is one of the few developed nations not to have ratified the WIPO Copyright Treaty.

    Cybercrime and copyright reforms are both the subject of current debate in Canada, and these gaps may be addressed in the near future.

    Although Canada does not have a cohesive and funded National Broadband Plan in place, the existing level of broadband penetration is quite high and the country plans to improve broadband access in regional areas.  

  13. 13Malaysia




    Malaysia upgraded its electronic signature laws and electronic commerce laws in 2006 and introduced new privacy laws in 2010. These measures provide a strong level of protection for the digital economy and cloud computing in Malaysia.

    Intellectual property law in Malaysia is reasonably strong; further provisions in relation to circumvention technology could improve it.

    One risk in Malaysia is that cybercrime laws require significant expansion to comply with international models and provide an adequate level of protection for cloud computing and the digital economy.

    Malaysia has a moderate level of broadband penetration. It has committed to a target of providing 75% of households with access to high-speed broadband by 2015.

  14. 14Mexico




    Mexico has made significant progress on implementing relevant cyberlaws. A good example is the recently adopted privacy legislation, including rules on data breach notification.

    Mexico also has up-to-date cybercrime legislation in place and has been formally invited to accede to the Convention on Cybercrime.

    Intellectual property laws in Mexico generally meet international standards, but enforcement action is rare and the bar is set very high for prosecution. Considerable improvement is required to gain confidence in intellectual property protection in Mexico.

     Mexico is also one of the few countries in the study group that retains domestic preferences in government ICT procurement opportunities.

    Internet use and broadband penetration remain very low in Mexico, and the country faces serious challenges in delivering a modern ICT infrastructure that can facilitate cloud computing.

  15. 15Argentina




    Argentina is committed to developing a strong ICT industry and updating its laws to facilitate cloud computing. Effective laws on cybercrime and electronic signatures are already in place.

    However, Argentina’s laws on intellectual property have not kept pace with modern technology. There is no direct coverage of important issues such as the unauthorized “making available” of copyright material online. Argentina also has a poor track record of enforcing copyright laws, with few prosecutions and lengthy court delays.

    Some gaps exist in the important areas of standards development and technology-neutral and nondiscriminatory government procurement of ICT.

    Argentina launched its national broadband plan, “Argentina Conectada,” in 2010, with the aim of promoting digital inclusion and ensuring that all Argentinians have access to high-speed Internet. One goal is for more than 10 million homes to have broadband access by 2015. Argentina’s broadband penetration today is the second highest in Latin America.

  16. 16Russia




    Russia has a patchwork of laws that apply to the digital economy and cloud computing, and these laws contain significant gaps and limitations.

    For example, its laws on both privacy and cybercrime do not follow recognized international standards.

    Some additional barriers are in place in Russia for cloud computing services, including some limited Internet filtering and censorship and the imposition of rules that mandate the use of certain products and software in government procurement opportunities.

    Russia also faces challenges in the enforcement of intellectual property rights. Russia is not yet a member of the TRIPS Agreement, and Russian copyright law has gaps in both its scope and enforcement in relation to online breaches.

    Broadband penetration in Russia remains low, and no detailed or funded plan is in place to develop a national broadband infrastructure.

  17. 17Turkey




    Turkey has some significant gaps in its coverage of basic cyberlaws. While there is currently no data protection law in Turkey, Turkish citizens are entitled to a constitutional right to request protection of their personal data. The same constitutional provision requires for data protection issues to be regulated by law. In fact, there is work on enactment of the draft law on data protection but the timing is not defined at this point. A framework law in line with the international standards is expected to increase confidence in online services in Turkey.

    One data protection related concern is the tendency to require storage of data on premise and within national boundaries, especially for specific sectors such as banking and telecommunications.

    The rules on internet content regulation (Law no 5651) and the conditions under which internet providers can operate appear not to be in line with international standards protecting freedom of expression and may affect citizens' rights relating to internet access. Investigations of internet crimes are not very efficient, and identification of the criminals and accurate and efficient evidence cannot be obtained in many cases. The investigation and prosecution stages take a very long time. Also, the penalties imposed for internet crimes are not an effective deterrent.

    Intellectual property protection in Turkey is reasonably up to date, but enforcement is patchy. There is a specific provision for online copyright infringements that enables takedowns of infringing content.

    Turkey is making progress toward integration with the European and international communities, but some domestic preferences are still in place for government procurement opportunities. Furthermore, there are no IT specific public procurement regulations, which prevents some effective practices for government IT procurements.

    The government has an ambitious target of providing fast broadband to 95% of households by 2020. However, no cohesive, comprehensive and funded National Broadband Plan is currently in place.

  18. 18South Africa




    South Africa has useful laws in place for cybercrime and electronic commerce.

    South Africa does not yet have privacy legislation in place. Draft legislation presently being considered is expected to be enacted during the course of 2012, which would alter South Africa's scorecard in this regard. Some limited Internet filtering and censorship occurs, which may inhibit development of the digital economy.

    South Africa has only very basic copyright laws, which are not aligned with current US and EU copyright legislation, and the country has not signed the WIPO Copyright Treaty. Significant work is required to align the country with international standards.

    Another potential barrier in South Africa is the existence of a complex system of domestic preferences in government procurement opportunities.

    South Africa has low levels of ICT use and broadband penetration, and no comprehensive plan or funding is in place for expanding broadband infrastructure. However, South Africa is currently served by two submarine cables: SAT-2 and the SAT-2 and the SAT-3/WASC/SAFE system. Three further cables are in the pipeline which address the infrastructure and provide a high speed access in the near future.


  19. 19India




    India is an important regional economy, with a strong interest in ICT services development. The law in India has not entirely kept pace with developments in cloud computing, and some gaps exist in key areas of protection. Interestingly, a debate has begun in India about whether specific laws and regulations should be developed to enable and facilitate cloud computing.

    India has not yet implemented effective privacy legislation, and this may act as a barrier to the development and use of cloud computing and may also inhibit cross-border data transfers and related trade.

    India's cybercrime legislation and intellectual property legislation also require updates to conform to international models. In particular, Indian law needs to cover modern copyright issues such as rights management information and technical protection measures. India has still not ratified the WIPO Copyright Treaty, leaving significant gaps in copyright protection. Parliament is reviewing amendments to the Copyright Act.

    Some laws and standards in India are not technology neutral (e.g., electronic signatures), and these may be a barrier to interoperability.

    Finally, the development of India's technology sectors is impeded by low levels of broadband and personal computer penetration.  

  20. 20Indonesia




    Indonesia’s electronic commerce law was not adopted until 2008, and because the omnibus legislation is very general it may not provide sufficient detailed coverage in key areas such as privacy and cybercrime. The significant gaps in these areas may inhibit the development of cloud computing services in Indonesia, though more detailed laws and regulations are being devised.

    Copyright law in Indonesia is more advanced and is closely aligned with international models. However, some concerns remain regarding resources for investigating and enforcing copyright protections. The law remains uncertain regarding the exact role and liability of ISPs in relation to copyright breaches.

    Indonesia has not yet developed effective laws and policies regarding interoperability, free trade and government procurement. It has pursued technology mandates in certain areas. Reform in those fields has begun.

    Broadband penetration rates in Indonesia remain low; the government has committed to increase “meaningful” broadband penetration by 30% by 2014.  

  21. 21China




    China has a strong interest in ICT innovation and development. However, these goals are hindered by poor enforcement of intellectual property rights and the continued promotion of policies that discriminate against foreign technology companies in government procurement.

    China has signed the UN Convention on Electronic Contracting and has applied to accede to the WTO Agreement on Government Procurement. China has also enacted strong cybercrime laws and greatly improved intellectual property laws, although enforcement deficiencies are significant.

    Trust and confidence in cloud computing and the digital economy would be enhanced if China proceeded with plans to develop an effective privacy law and to update key IP law provisions.

    An additional risk in China is its extensive regulation of Internet content, including mandatory Internet filtering and censorship.

    China has made significant progress with respect to broadband coverage, which is growing quickly. At the time of writing China does not have a cohesive and funded National Broadband Plan in place.  

  22. 22Thailand




    Thailand's laws and policies in relation to cloud computing and the digital economy are patchy, with strengths in some areas and significant gaps and weaknesses in others.

    Thailand has recently developed and implemented comprehensive cybercrime legislation, which will help to enhance confidence in ICT. Thailand also has good laws in place for electronic commerce and electronic signatures.

    However, Thailand has no privacy laws in place, and this is a major weakness. Thailand's intellectual property laws also require significant updating and expansion, as they do not currently cover rights management information, technical protection measures or anti-circumvention.

    Additional risks in Thailand include mandatory Internet censorship (some of which is clearly political in nature) and filtering and some technology mandates.

  23. 23Vietnam




    Vietnam is gradually developing relevant cyberlaws that will enhance confidence in the digital economy and facilitate cloud computing. However, some gaps still exist in key areas.

    Modern laws are in place for electronic commerce, electronic signatures and intellectual property. Only very limited laws are in place for cybercrime and privacy, and these would require significant expansion to align Vietnam with international models.

    An additional risk is that Vietnam has not yet developed appropriate laws and policies on interoperability and government procurement. Also, some trade barriers may hamper the development of cloud computing and the digital economy.

    Broadband penetration in Vietnam remains very low. Government plans to increase broadband access to just 20 to 30% of the population by 2015 are indicative of the significant infrastructure challenges.

  24. 24Brazil




    Brazil is a fast-growing economy that recognizes the importance of ICT and the digital economy. However, Brazil has not implemented appropriate laws and regulations to facilitate ICT development and faces significant challenges in bringing its laws up to date.

    No privacy legislation is in place, for example, and so the lack of privacy protection for any data transferred to Brazil may act as a significant barrier for successful cloud computing. Similarly, Brazil has not implemented cybercrime legislation. Existing criminal laws are seriously out of step with international standards on computer crime and cybercrime.

    Brazil also has gaps in intellectual property protection. Brazil has not signed the WIPO Copyright Treaty and has not updated its copyright laws to cover new technology. Online piracy in Brazil is widespread, and prosecutions are rare. Significant court delays add to the problems facing copyright holders in Brazil.

    In 2010 Brazil approved the National Broadband Plan — Programa Nacional de Banda Larga (PNBL) — with the aim of providing broadband access to low-income households and in areas where private operators had no commercial interest. Brazil's broadband penetration is the highest in South America.