28.1.2012

EN

Official Journal of the European Union

C 24/40

---

Opinion of the European Economic and Social Committee on ‘Cloud computing in Europe’ (own-initiative opinion)

2012/C 24/08

Rapporteur: Mr PIGAL

On 20 January 2011, the European Economic and Social Committee, acting under the second paragraph of Rule 29 of its Rules of Procedure, decided to draw up an opinion on:

Cloud computing in Europe.

The Section for Transport, Energy, Infrastructure and the Information Society, which was responsible for preparing the Committee's work on the subject, adopted its opinion on 7 October 2011.

At its 475th plenary session, held on 26 and 27 October (meeting of 26 October), the European Economic and Social Committee adopted the following opinion by 143 votes to 1, with 7 abstentions.

1.   Conclusions and recommendations

1.1   Using the Europe 2020 strategy and in particular its Digital Agenda as a starting point, the Committee has set out to examine an IT solution that is still undergoing significant, rapid development, holding out great promise for the future: cloud computing (CC). This opinion firstly aims to gather and share the concrete experiences of stakeholders and the CC market. Secondly, it seeks to put forward a list of recommendations as to how to encourage Europe (1) to position itself at the forefront of this promising sector, helped by leading companies in the sector.

1.2   Cloud computing uses a digital architecture that has the advantage of being rapidly deployable, easy to extend and based on a ‘pay-per-use’ model.

1.3   CC is a technical solution based on a promising economic model:

—	a significant number of potential users: private individuals, businesses, public services etc.;

—	pooling of IT resources and tools, optimising their use;

—	mobility made possible by CC, particularly in the case of mobile workers who can have constant access to their data;

—	the simple, scalable and transparent integration of various technical components e.g. internet, IT facilities management, mobile applications etc.;

—	smoothing out of costs during the whole life cycle of IT systems, without any large up-front investment;

—	focusing companies on their core business, without the need to worry about the complex nature of IT systems;

—	opportunity for growth in new areas for major players in the sector, systems integrators, publishers of software.

1.4   CC has, to date, shown that it lacks maturity and has a number of weaknesses:

—	the profusion of standards designed to regulate and control the use of CC;

—	the absence of an identifiable European governing authority to enforce these;

—	users, especially private individuals, lack the broad perspective needed to assess the benefits and, above all, the risks involved;

—	the intrinsically fragile nature of the internet (interrupted service due to incidents, cyber attacks etc.);

—	internet congestion: sluggish performance and strong growth in traffic (audio, video, spam). Limitation of the address system (IP);

—	server congestion: the pooling of server resources and the resultant overbooking can trigger bottlenecks;

—	the risks relating to the outsourcing of data and processing to a third party;

—	the risks relating to the relocation of data and processing to another country which has another system of law;

—	the social risk arising from the concentration of development, hosting and operating activities;

—	the rights and obligations of both users and providers of cloudware are still unclear;

—	there is no unambiguous distinction between the person responsible for processing personal data and the person actually doing the processing;

—	service-level agreements are complicated and even incomprehensible for non-experts with respect to the composition, processing and transfer of user data and to users' legal rights.

1.5   For Europe, CC represents an opportunity to enter a promising, major and strategic market. In order to ensure the success of this venture, the Committee recommends that the following action be taken, by the European Commission itself, for instance, with the support of the Member States or European businesses within the sector.

1.5.1   Skills

—	launch a study on the development in IT skills needed to keep pace with changes in CC needs and human resources;

—	encourage and/or coordinate the implementation of training programmes;

—	approve a certification or qualification scheme that would recognise and certify the skills of the specialists managing CC.

1.5.2   Research and investment

—	encourage coordination among European research centres to help them keep abreast of developments in terms of knowledge and skills;

—	boost the development of fibre optics with the support of European telecommunications companies through subsidies or partnerships.

1.5.3   Partnership

—	promote the formation of consortia between European companies for investment in joint CC projects e.g. the framework programmes for research and technological development;

—	encourage or even subsidise investors so as create large server farms in the EU Member States, based on those already existing in other areas;

—	use public procurement to encourage partnerships;

—	bring together CC software producers and telecommunications companies, since the latter are automatically in direct contact with the target users of cloud computing.

1.5.4   Standards and governance

—	encourage public and private players to be involved in devising rules that will establish a framework governing relations between providers on the one hand and European businesses or private individuals on the other;

—	capitalise on the EU's competitive advantage in the field of data security and privacy protection to ensure their strict application in the area of CC;

—	set up a European agency with specific responsibility for ensuring compliance with these standards;

—	legislate so as to limit the transfer of sensitive data outside Europe;

—	seriously address the challenges posed by cloud computing applications in the forthcoming revision of the data protection Directive, the EESC recognising that these challenges are very broad.

2.   Introduction

2.1   Cloud computing should be considered as following on from other developments of a similar magnitude, such as the client/server model or the internet.

2.2   CC involves combining and optimising the use of such existing concepts and technologies as the internet, server farms, IT facilities management etc.

Accordingly, CC has inevitably inherited the strengths and weaknesses of its constituent parts: e.g. internet traffic performance, data protection in IT facilities management, overbooking of pooled computers etc.

2.3   The Committee has already done work on some of the features that CC has directly inherited, for example:

—	Data protection (2)

—	Telecommunications systems (3)

—	Electronic communications (4)

—	The internet (5)

—	Consumer protection (6)

—	The internet of things – an action plan for Europe (7).

To avoid any repetition, this opinion will focus on those aspects strictly relevant to CC.

2.4   In drawing up this own-initiative opinion, the EESC is not alone among the EU's institutions and bodies in being interested in CC.

2.5   At the World Economic Forum in Davos on 27 January 2011, Neelie Kroes, Vice-President of the European Commission, set out her vision of cloud computing:

‘[…] when it comes to cloud computing I have understood that we cannot wait for a universally agreed definition. We have to act. […] As foreseen in the Digital Agenda for Europe, I have started work on an EU-wide cloud computing strategy. This goes beyond a policy framework. I want to make Europe not just “cloud-friendly” but “cloud-active” […]’.

2.6   In 2009, the European Commission launched a study entitled The future of Cloud Computing  (8), which was based on the work of a group of experts from the digital sector and researchers. Furthermore, it also launched a public consultation  (9) the results of which will feed into the preparatory work for the European Cloud Computing Strategy, which will be presented in 2012. Cloud computing is an important factor in implementing the Europe 2020 strategy, especially its ‘Digital Agenda’ and ‘Innovation’ flagship initiatives.

CC programmes are already being funded under the 7th Research and Development Framework Programme (10).

2.7   In addition, the ENISA  (11) published a report in November 2009 entitled: Cloud Computing: benefits, risks and recommendations for information security.

2.8   The NIST (12) recently published its Cloud Computing Standards Roadmap (NIST CCSRWG – 092, 5 July 2011).

3.   Technical introduction to cloud computing

3.1   Attempts to agree on a single definition of cloud computing have been largely thwarted by endeavours on the part of software producers to establish their existing software as ‘cloud-ready’ solutions.

There is nevertheless a broad consensus that cloud computing is readily deployable, easy to extend and advantageous in terms of its ‘pay-per-use’ model.

3.2   What are the characteristics of CC?

—   Dematerialisation: this involves ensuring that the configuration, location or maintenance of IT resources is as invisible as possible for users, be they private individuals or businesses.

—   Ease of access: provided that there is internet access, users can access their data and applications wherever they are using them and by whatever means they wish (via computer, tablet, smartphone).

—   Dynamic scalability: the provider adapts the IT capacity provided in real time to the user's needs. This means the user is able to cover peak loads without needing to invest in IT resources that are under-utilised between two peaks.

—   Pooling: the provider is able to ensure dynamic scalability by pooling IT resources between various users. The provider can thus achieve the largest and best possible pooling, using huge server farms, made up of several thousand computers.

—   Pay-on-demand: the user pays only for the IT resources actually used i.e. in line with changing IT capacity needs. The terms of such contracts are still often somewhat ad hoc in nature; however, they are becoming increasingly standardised.

3.3   In the business sector, the first applications to adopt this new approach were: email, collaborative and web-conferencing tools, development and test environments, customer relations management (CRM) applications and Business Intelligence systems.

In future, the majority of IT applications will be cloud-compatible.

3.4   CC is typically deployed using one (or a combination) of the following three models, which vary in scope from partial to full-scale cloud computing and target different types of customer:

—   IaaS (Infrastructure as a Service),– where only the infrastructure is covered by CC, designed primarily for the IT services of large companies,

—   PaaS (Platform as a Service),– where infrastructure and core software are covered by CC, designed primarily for software developers,

—   SaaS (Software as a Service):– the solution is fully covered by CC, including application software, designed primarily for end-users, not necessarily IT specialists, e.g. for personal email use.

3.5    Private cloud computing is being broadly developed: it is deployed within companies, which means it can take advantage of CC's flexibility and productivity without the need to worry about the difficulties linked to outsourcing to a CC provider.

This option seems to meet various needs:

—	to prepare for the transfer of existing IT systems to a platform that uses CC, which should be a cautious, in-house procedure;

—	to make in-house IT departments – in their relations with other departments - more service-oriented and more transparent through pay-per-use charging.

4.   The impact of cloud computing

4.1   What can a business expect from CC?

4.1.1   As noted above, CC has ‘inherited’ the strengths and weaknesses of some of its constituent parts.

4.1.2   At the outset it is worth highlighting a number of benefits for business which are not specific to CC but which stem from the prior emergence of IT facilities management:

—	they remain focused on their core business;

—	they benefit from economies of scale due to industrialisation and pooling on the part of the service provider;

—	they have access to the expertise and service quality of specialists.

4.1.3   According to a recent study, 70 % of the costs of in-house IT facilities arise from the management of existing facilities. If part of this can be outsourced, IT departments will have the spare capacity needed for innovation and the development of new services.

4.1.4   The following are some of the benefits most often cited by businesses.

—   Lower initial investment: for new digital solutions, the establishment or development of an IT system does not entail heavy investment in computer rooms, servers, software, application-specific training, etc.

However, it should be noted that existing systems will require heavy investment from both companies and software producers in order to be adapted and transferable to a CC platform.

—   Shorter deployment times: development teams focus on business problems rather than getting involved in technical infrastructure issues, which are taken care of by the CC provider. Material and human resources can be made available flexibly, as the need arises.

—   Accounting recognition and cost control: with CC, IT becomes an operating cost rather than a capital cost.

Maintenance costs are based on the rental fee; in particular, this covers transparent software or hardware updates and online technical support for hardware or software problems.

—   Strengthening the service model: IT departments can rely on the commitments of the CC provider in terms of quality, availability, security and scalability of tools so as to offer Service Level Agreements to their in-house customers.

—   Mobility of employees: a CC solution maintains quality and easy access to data for all company employees, whether they are mobile or not.

4.2   CC is of particular interest to certain businesses, especially:

—	very small enterprises and SMEs which see CC as an opportunity for acquiring IT capacity (hardware, software and skills) without the need to pay any prohibitive ‘entrance fee’;

—	start-ups, which by definition are in the phase of rapid growth and which know that the CC model will make it easier to gear their IT capacity to the growth of their business.

4.3   How are systems integrators preparing for CC?

4.3.1   The main activity of systems integrators is to implement IT solutions for their corporate clients.

They have come to play a major role in the IT sector: in terms of their expertise, their manpower and their ability to adapt to their customers' changing workload.

The leaders on the European market include Accenture, Atos, Cap Gemini, HP, IBM and Wipro.

4.3.2   Since IT developments are ad hoc and temporary in nature, IT departments call on the services of systems integrators as and when needed to provide them with IT specialists during the development stage.

Permanent IT departments are only involved in this stage to enable them to carry out the next stage, that of operation and maintenance, more effectively.

4.3.3   With CC, Systems integrators will continue to be responsible for designing and developing solutions for their customers.

Given the new work that this represents, the emergence of CC is certain to be well received and even encouraged by systems integrators.

4.3.4   However, there is a question mark over the sustainability of this new activity. Will it simply lead to a one-off boom in activity, similar to that witnessed with the ‘Millennium Bug’ or the introduction of the euro?

Several decades of innovation and technological progress have led to an increase in productivity which has reduced neither the volume of developments nor the number of IT specialists during this period; on the contrary, it has led to a considerable increase in both the number and the size of IT systems.

CC fits logically into this trend. It should therefore open IT developments up to new areas of SI activity.

4.4   How are software producers preparing for CC?

4.4.1   Microsoft, Google, Oracle and SAP – to name but a few – are all having to invest heavily in converting their existing products so that they can be labelled ‘cloud-computing ready’.

4.4.2   This transformation requires substantial investment in new IT developments to start with. Above all it presents a radical challenge to certain business models. For example, Microsoft's Office 365 is offering something very different from its usual model based on selling a licence the first time one of its software products is used.

4.5   What is the situation for hosting services as regards CC?

4.5.1   IT facilities management has significantly developed over the past ten years, particularly its principal role, the outsourcing of hosting services (servers, networks and core software). CC is extending this approach by pooling the outsourced resources among an indeterminate number of users (businesses or private individuals).

4.5.2   CC would therefore appear to be facilitating outsourcing, primarily concentrating hosting facilities in the form of giant ‘server farms.’ The emergence of CC should therefore lead to the reorganisation of the sector, with strengthened competition among suppliers and mergers, which are necessary if the huge need for investment is to be met. Inevitably, it will also have a social impact similar to that experienced by other sectors that have undergone phases of consolidation.

4.6   Does the public sector see CC in a different light to the private sector?

4.6.1   The public sector is based around strategies, cultures, employees and organisations that all have objectives, constraints and modes of operation similar to those of the private sector.

4.6.2   Consequently, the expected benefits of CC for businesses (see above) apply equally to public administrations.

CC can also help to improve public services for the general public by enhancing availability, accessibility, etc.

4.6.3   Nonetheless, the public sector has a number of distinctive features.

—	General climate of austerity This leads to budgetary constraints and cuts in public investment programmes, also in the area of IT. The CC model is fully justified in this context; it makes it possible to develop IT capacity without up-front investment costs.

—

Public-sector research While research obviously takes place in the private sector too, it is particularly widespread in the public sector through national research centres, universities and public-private partnerships. Research sometimes involves peaks in IT capacity use, which CC in particular is perfectly capable of providing.

—

Public-sector investment Through a leverage effect, this could prompt and encourage investment in CC by national or European private players, particularly telecommunications operators. In the past, certain public-sector investments have acted as a catalyst for investment and strategic positioning in the private sector, e.g. in the aviation and aerospace sectors, mobile telephony, high-speed rail links etc.

—	Certain Member States have already invested heavily in shifting their administrative software to CC architectures.

4.7   Will CC also have an impact on individuals?

4.7.1   CC solutions are aimed in particular at individual users. Examples of such products are Apple's iCloud, Microsoft's Office 365 and Picasa.

4.7.2   Very few private individuals are willing to buy one or more servers or network infrastructure. Furthermore, not everybody can or wants to get involved in the maintenance of such infrastructure in the case of personal computers.

4.7.3   Products which were once the preserve of PC hard drives (word processing, printing, photo storage, data storage etc.) are gradually being replaced by internet services, in line with the SaaS CC model (See above).

4.7.4   CC providers are able to offer basic services free of charge as it enables them to build up a list of potential targets for marketing and advertising. A fee-based premium version is usually available, offering more storage space, additional functionality etc.

4.7.5   In the case of private individuals, the CC model also responds to the growing complexity of IT tools, by offering simplifications providing external support. It is also a pay-on-demand model, which is perfectly suited to the limited and occasional use of IT tools and resources by private individuals.

4.7.6   Lastly, continuous and remote (mobile) access to data is becoming increasingly important for users. Several providers (13) now give their users the option of listening to their music, viewing their photographs etc. irrespective of their location.

4.8   Beyond the economic and commercial impact, what will be the social impact of CC?

4.8.1   IT specialists are the group most likely to be affected by the emergence of CC.

4.8.2   Systems integrators should not see any reduction in their activity due to CC and may even experience a substantial increase in connection with the introduction of CC. While the IT specialists at these companies will need to make the effort to acquire new skills to develop CC solutions, workforce numbers should not be affected.

4.8.3   In-house IT specialists (at SI client companies) responsible for development will most probably be deprived of their main task: participating in development alongside SI specialists in order to ensure effective maintenance once the consultants have finished their work. If the CC providers actually do take over a proportion of maintenance work, in-house development staff numbers ought to fall in proportion.

4.8.4   IT operations staff should be affected to a greater extent. They have already been significantly affected by the advent of IT facilities management which has brought them under the aegis of IT facilities management providers. With CC, IT facilities management will continue to develop but in a sector undergoing major consolidation and where data transfer or relocation is easier. We can therefore expect a further reduction in staff numbers in IT operating and hosting services.

4.8.5   The outsourcing of all or part of IT departments moves IT specialists further away from the end users. This organisational or even geographical distance limits the amount of contact between these two groups. Such contacts, however, can help stimulate direct and effective dialogue and provide a social link enabling IT specialists to gain a better understanding of, and respond more effectively to, users' problems and expectations.

4.9   What are the key aspects of a CC solution contract?

4.9.1   The relationship between consumer and CC provider may take two different forms: free or fee-based services. However, the distinction is not always clear-cut. Free services, for example, may entail non-financial costs such as contextual advertising or consent for the provider to reuse the consumer's data.

4.9.2   Free or low-cost services are typically aimed at private individuals. People need to pay particular attention to the general conditions of their contracts which, while they may appear to be relatively informal, still represent a contractual commitment. In addition, even for private individuals, the information entrusted to a provider is of value. In the event of problems, free service can actually turn out to be highly expensive, in terms of wasted time or loss of information.

4.9.3   Businesses must also carefully examine the wording of their CC contracts and ideally take specialist legal advice. Businesses are giving external providers access to valuable information and tools; in the event of abuse by the provider, this could land them in serious difficulties.

4.9.4   CC contracts are rarely negotiable and most providers require potential subscribers to sign a standard contract. However, as is always the case, if a contract is of sufficient value or of strategic interest, the provider may well be willing to accept an individually tailored agreement.

4.9.5   Whether free or fee-based, standard or individualised, the contract must stipulate the following:

—	the CC service level (IaaS, PaaS, SaaS);

—	the guaranteed level of data availability, and liability in the event of data loss or damage;

—	the level of pooling of resources among the various users (risk of overbooking);

—	the flexibility of the IT resources available and used, and the billing rates based on usage;

—	the rights or obligations of the CC provider regarding the disclosure of information to a third party e.g. a court;

—	the exact identity of the parties actually providing the services, particularly given the multilayered cloud architecture;

—	the right to terminate the contract and the level of assistance guaranteed by the provider during the transition period;

—	the system of law (national or international) governing the contract, for example in the event of dispute.

5.   Weaknesses of cloud computing

5.1   CC is based on and largely dependent on the internet. However, the internet would appear to have reached its limit in a number of areas, particularly in terms of performance.

The ever-increasing number of users and forms of internet use; the explosion in the volume of data traffic (particularly audio and video); the ever shorter response times desired by users – these are all factors which have highlighted potential problems relating to internet performance. CC traffic can only exacerbate these problems by adding even higher volumes of data traffic and, above all, by reducing acceptable response times for users even further.

5.2   For CC, network resilience is another risk related to the internet. Technical incidents, cyber attacks or decisions by politicians have recently interrupted its operations and demonstrated its fragility and, above all, the extent to which its users are dependent on this public network. The CC model will only further emphasise the need for security for this network which was never originally designed for use by businesses.

5.3   Another major weakness of CC is the issue of data security, which is primarily linked to the outsourcing of data, whether it is transferred or not.

This poses problems in terms of continuity of access to data in cases where it is critical or vital that CC users have virtually immediate access. Then there is the issue of the confidentiality of data stored and managed by external providers.

This issue is especially relevant in the case of high-value data, particularly in the light of industrial espionage.

5.4   These solutions are all the more likely to be attacked, which means they are vulnerable as they represent a target for hackers whose appeal increases in line with the size, visibility and mission criticality of the server farms designed and built to support them. Additional efforts and specialists will be needed to make these targets less appealing to hackers.

It should also be noted that providers of IT services (outsourcing, CC, etc.) are already very aware of security issues and cybercrime, and are therefore almost certainly better prepared than most of their corporate clients.

To offer an analogy: a bank vault may attractive to criminals, but valuables are still safer there than in a box in the bedroom.

5.5   There is also the problem of establishing which system of law applies; that of the hosting provider or the owner of the data.

Moreover, which supervisory authority is responsible for ensuring compliance with the rules or resolving disputes between data owners and hosting providers?

On this subject, it is important to draw attention to the existence of Directive 95/46/EC on the Protection of individuals with regard to the processing of personal data and the Committee's opinion on the proposal for a Council Directive concerning the protection of individuals in relation to the processing of personal data (14).

The European data protection system acts as a very effective brake on transfers of any kind outside Europe. The international nature of CC raises questions about the potential for data transfer, either between the client and the provider or within the provider's infrastructure.

In this context, the absence of any (global) governance of the internet, and more specifically cloud computing, represents an additional weakness.

In addition to data protection, the issue of copyright should also be mentioned. As information that is covered by copyright may be transferred or distributed among various sites, it is becoming difficult to identify which rules apply for such issues as protection, remuneration and supervision.

5.6   Thanks to IT innovation, a number of players have acquired a dominant position on the market, e.g. Microsoft or Apple in equipment intended for home use (PCs, mobile telephones, etc.) but also Google, Facebook (search engine and social network). Europe has always taken care to ensure that dominant positions do not damage the interests of other stakeholders, such as consumers.

CC, which combines a number of major technologies, combines the prospect – and risks - of a dominant position; Europe should therefore be all the more vigilant.

5.7   The question of portability is not only a technical issue but also a commercial one. Without portability the CC solution user is locked in, unable to transfer his data to another provider; this impedes competition between different providers. Use of open standards and ensuring interoperability between services and applications can provide a quick and easy way to switch data between providers at no special cost for the user.

5.8   All of these weaknesses would appear to represent a serious danger to the roll-out of the CC model. Media coverage (press, media, social networks) of these problems or of the resulting disputes could be very damaging to CC and lead to a loss of confidence in the model on the part of both users and providers.

6.   Challenges and opportunities for Europe

6.1   The European Commission has made it an objective for Europe to become ‘cloud-active’ (see the speech by Neelie Kroes quoted above). The word ‘active’ does not indicate whether this is about Europe simply using CC or about it developing CC. If it is about just using CC, this would reflect a glaring lack of ambition. Seeking to make Europe ‘cloud productive’ is much more explicit: in other words, Europe should provide CC solutions rather than simply using those provided by others.

6.2   The digital sector, whether it be IT services, products or content, is largely dominated by foreign firms, which are mostly based in North America or Asia.

In the telecommunications sector, meanwhile, Europe can legitimately claim to be on an equal footing. Operators such as Deutsche Telekom, Orange or Telefónica are leading players.

6.3   At a time when the digital industry is driving growth forward, Europe is lagging behind. In the recent past, Europe has shown that it can play a leading and dominant role in certain sectors, especially mobile telephony, even if its position has slipped somewhat of late.

6.4   The emergence of CC offers a new opportunity to ‘shuffle the cards’. In other words, all the players on the global market will have a new opportunity to compete for global leadership; the current major players will be challenged by existing competitors or new market entrants.

6.5   The global character of cloud computing calls for global principles and standards to be elaborated. The European Union must continue to work together with international organisations on developing such principles and standards. The EU must spearhead efforts to develop global principles and standards and stand as guarantor to ensure that these provide the high level of personal data protection intended by EU legislation.

6.6   Europe has a number of trump cards as it enters into this new era of global competition.

—	It has an excellent digital infrastructure. Fibre optics is well developed. The infrastructure is controlled and managed by a small number of well established companies which can have a bearing on both telecommunications standards and the investment needed;

—	It has the necessary ability and knowledge to introduce a strong public investment policy that can act as a catalyst for private investment;

—	Its regional or national SMEs prefer local business partners and therefore European CC players;

—	Certain sectors (e.g. the health sector, the armed forces, public transport, the public sector) are governed by national or even European rules and restrictions which give preference to national or European CC providers;

—	Other sectors (e.g. banks, insurance firms, energy and pharmaceutical companies) are bound by data security considerations which restrict firms when choosing suppliers from outside their country or outside Europe.

---

(1)  The terms ‘Europe’ and ‘European Union’/‘EU’ will be used interchangeably throughout this document.

(2)  EESC opinion on Personal Data Protection, OJ C 248, 25.10.2011, p. 123.

(3)  EESC opinion on Electronic Communications Networks, OJ C 224, 30.8.2008, p. 50.

(4)  EESC opinion on Ideas on the Universal Electronic Communications Service, OJ C 175, 28.7.2009, p. 8.

(5)  EESC opinion on Advancing the Internet, OJ C 175, 28.7.2009, p. 92.

(6)  EESC opinion on Creative Content Online, OJ C 77, 31.3.2009, p. 63.

(7)  OJ C 77, 31.3.2009, p. 60 and OJ C 255, 22.9.2010, p. 116.

(8)  European Commission/Information Society and Media – Expert Group Report – rapporteur for this report: Lutz Schubert.

(9)  From 16 May to 31 August 2011.

(10)  Or FP7.

(11)  European Network and Information Security Agency.

(12)  National Institute of Standards and Technology (United States).

(13)  Cloud Drive from Amazon and iCloud from Apple.

(14)  OJ C 159, 17.6.1991, p. 38 (CES 569/91).

---