EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
Document 52014SC0214
COMMISSION STAFF WORKING DOCUMENT Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe' Accompanying the document Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions 'Towards a thriving data-driven economy'
COMMISSION STAFF WORKING DOCUMENT Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe' Accompanying the document Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions 'Towards a thriving data-driven economy'
COMMISSION STAFF WORKING DOCUMENT Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe' Accompanying the document Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions 'Towards a thriving data-driven economy'
/* SWD/2014/0214 final */
COMMISSION STAFF WORKING DOCUMENT Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe' Accompanying the document Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions 'Towards a thriving data-driven economy' /* SWD/2014/0214 final */
1. Introduction
In
September 2012 the European Commission adopted the Communication entitled 'Unleashing
the Potential of Cloud Computing in Europe'[1] with
the objective to stimulate the use and adoption of cloud computing across all
sectors of the European economy. The
Communication highlights the potential benefits of cloud computing for the
European economy and includes actions that will eventually deliver a net gain
of 2.5 million new European jobs and a boost of EUR 160 billion to the European
Union GDP in 2020. Cloud
computing is an important enabler for development for citizens, businesses and
public administrations in all sectors of the European economy, including the
data value chain. The transfer, processing and storage of data, including the
analysis of large data sets for big data applications, require interoperable services,
platforms and infrastructures that are widely accessible, that can be
provisioned rapidly and that are scalable. Cloud computing can provide these benefits
and the further use and adoption of cloud computing in Europe supports a
data-driven economy. The
European Council recognised the interplay between cloud computing and big data
by calling for EU action to provide the right framework conditions for a single
market for Big Data and Cloud Computing in its conclusions of October 2013.
In particular, the European Council noted the need for promoting high standards
for secure, high-quality and reliable cloud services.[2] The Communication on 'Unleashing the
Potential of cloud computing in Europe' complements several on-going actions of
the Commission under the Digital Agenda for Europe as regards the achievement
of a single market, such as related to cybersecurity and data protection. In
addition, it contains three key actions in respect of standards and
certification; development of safe and fair contract terms and conditions; and
the launch of the European Cloud Partnership with the aim to bring together the
public and the private sector. Additional policy recommendations on e-skills
and engagement in international dialogue with third countries are included as
well. The
Communication commits the Commission to report on the progress on the full set
of actions, present further policy options and, if necessary, legislative
proposals. This staff working document is used to report on the results of and
state of play as regards on-going actions and the foundation for further
follow-up actions in the field of cloud computing.
2. Progress
on activities targeted at the digital single market
The Communication recognises the
fragmentation of the digital single market as a key area where actions are
needed to support the use and adoption of cloud computing in Europe. In
particular the EU’s data protection reform package that has the objective to build
a single, modern, strong, consistent and comprehensive data protection
framework for the European Union is recognised as an important factor to
address data protection issues that are raised by cloud computing. Copyright aspects of cloud computing are
considered as a very important issue for building the digital single market in Europe. Published in January 2013, Mr Vitorino’s recommendations[3] for
the review of the private copy levies focused on trying to fix the existing
system and included suggestions to improve it. The report recognised that
cloud-based online content services provide unique opportunities to be
remunerated on the basis of direct licensing deals, rather than indirect
compensation mechanisms on devices, such as private copying levies. Also,
paragraph 30 of the European Parliament resolution of 27 February 2014 on
private copying levies calls on the
Commission to assess the impact on the private copying system of the use of
cloud computing technology for the private recording and storage of protected
works, so as to determine whether these private copies of protected works
should be taken into account by the private copying compensation mechanisms
and, if so, how this should be done.[4]
The Commission will consider follow-up actions for the specific recommendations
in the context of the on-going review of the EU copyright rules. Patent and
trademark aspects related to cloud services were identified as potential areas
for the further work. As regards security, the European
Strategy for Cyber Security was adopted and published by the Commission in
February 2013. A Public-Private Platform on Network and Information Security
was set up in order to identify risk management and information
sharing/incident notification best practices and incentives to adopt them. The
first output of the Platform will bring guidance on risk management and
information sharing practices, and will be issued in spring 2014. In order to address environmental
challenges, the Commission is working with industry to adopt a common
methodological framework for measuring the energy and carbon footprint of the
ICT sector (including data centres and clouds). Concerning e-skills, the Commission
launched 'The Grand Coalition for Digital Jobs' – an initiative aimed at
increasing the overall supply of digitally skilled professionals and to better
match supply and demand of digital skills. The goal is to increase the supply
of ICT practitioners by 2015, so as to ensure a sufficient number of them in Europe by 2020. The Commission is taking further action, in particular regarding the
development of an EU reference framework for digital competences for learners
and has addressed didactic digital competencies in its Opening up Education
initiative. In the field of taxation, the Commission
tasked a High Level Expert Group on Taxation of the Digital Economy to
examine the best ways of taxing the digital economy in the EU, weighing up the
benefits and risks of various approaches. The Commission has also launched a
study on issues on taxation in relation to cloud computing services.
3. Progress
on key actions on cloud computing
For the implementation of the three key
actions on cloud computing in respect of standards and certification, safe and
fair contract terms and conditions and the launch of the European Cloud Partnership,
a collaborative approach with relevant stakeholders was taken to allow the
various activities to benefit from specific expertise in the field of cloud
computing. In particular, a Cloud Select Industry Group with industry
representatives was established to support the Commission in the implementation
of the actions of the European Cloud Computing Strategy.
3.1. Standards
and certification
With
stakeholders' participation, the European Telecommunications Standards
Institute (ETSI) completed its Cloud Standards Coordination (CSC) initiative in
December 2013. ETSI delivered a comprehensive mapping of existing cloud
computing standards, such as in the field of interoperability and network and
information security, thereby providing more transparency in the market for
cloud computing customers.[5] In
the field of cloud computing certification, the collaboration with the Cloud
Select Industry Group[6]
and the European Union Network and Information Security Agency (ENISA) resulted
in the publication of a validated list of cloud computing relevant network and
information security certification schemes in February 2014.[7]
On-going work with the support of ENISA will further enhance the usability of
this list of certification schemes by the end of 2014, which will also provide
greater transparency in the market for cloud computing customers.[8] Where
relevant, this work will be informed by Regulation (EC) No. 765/2008 on setting
out the requirements for accreditation and market surveillance relating to the
marketing of products.[9]
3.2. Contract
terms and conditions
As regards the safe and fair model
contract terms, an expert group on model contract terms and conditions for
cloud services for consumers and small firms and a working group with industry
stakeholders on service level agreements for professional users were
established in order to identify and disseminate best practices in respect of
model contract terms for cloud services and to increase trust of prospective
customers.[10]
Deliverables from this working group will be published by the end of 2014. Moreover, the collaboration with the
Cloud Select Industry Group resulted in the establishment of a working
group on service level agreement (SLAs). The industry group is working with the
aim to deliver guidelines that define standard options for SLAs and contracts. These
guidelines that are to be published by the summer of 2014[11] will
provide the basis for further concrete European contributions to standards
development on cloud computing SLA standards in the ISO/IEC SC38. Considering cloud contract-related
aspects, insurance for cloud services and possible sectorial approach (e.g. for
the financial sector) were identified as one of the areas for further work. Also
in the context of the Cloud Select Industry Group, another working group with
was established with the objective to deliver a Data Protection Code of Conduct
for cloud service providers to support a uniform application of data protection
rules and to build trust and confidence in the field of cloud computing.[12] In
February 2014, the Code of Conduct was submitted to the Article 29 Working
Party for its opinion in order to ensure legal certainty and coherence between
the Code of Conduct and EU law. The opinion from the Article 29 Working Party
as well as the establishment of a governance framework for the Code is expected
by September 2014.
3.3. European
Cloud Partnership
The
Steering Board of the European Cloud Partnership (ECP), which was set up as an
advisory body to the Commission, presented its vision for a 'Trusted Cloud
Europe' in March 2014.[13]
Trusted Cloud Europe is a framework to support the definition of
common cloud computing best practices, linking them to use cases, and applying
them in practice. The
Trusted Cloud Europe framework aims to support a single market for cloud
computing in Europe based on best practices and on a common understanding of
these best practices, which will enable Europe to become a leader in
trustworthy cloud computing provision and cloud computing adoption. Specific
recommendations directed towards different stakeholders, including the
Commission, Member States and industry of the ECP steering board include 1) the
creation of a common framework of legal, operational and technical best
practices, 2) a review of formal data location requirements (that currently
still divide cloud architectures up by national jurisdiction) with the aim to
replace them by functional requirements to ensure the same accessibility and
security of the data, and 3) to promote an active consideration of cloud
computing when procuring IT systems for public bodies. The
Trusted Cloud Europe Report has been consulted widely in the form of a public
survey and questionnaire. Although not yet a formal consultation, the results
of the survey and questionnaire are an important indication for further steps
of the European Commission as regards the field of cloud computing. As such,
the results of the survey indicate a wide support for the further development
of a digital single market for cloud computing in Europe and to reinforce Europe as a region for world class cloud computing. For example, the majority of
participants agree with important issues such as the need for a rapid political
agreement on a fully harmonised EU data protection regulation and the need for
clearer rules to resolve contractual or services disputes in the context of
existing legislative instruments relevant to cloud computing, in particular for
SMEs. A
clear majority of participants of the survey also underlines the need for a move
from formal to functional requirements as regards data location, in order to
support cross-border data flows and the development of the cloud computing
market in Europe. Participants also see a role for Member States, suppliers and
industry bodies to be engaged in the development of a robust framework of best
practices that better facilitate the adoption of cloud computing in Europe. The survey results furthermore show support for greater consistency and clarity in
procurement processes of Member States for cloud computing services, which is
recognised as an important driver for the adoption of cloud computing. Finally,
respondents also expressed concerns on data sovereignty and some suggested that
cloud service provider access to the market should be limited only to those
established in the EU and the adequacy of the current legal framework to
protect sensitive information was questioned by some. The use of appropriate
security measures was found to be an important topic for almost all respondents
and was linked to the implementation of the European Cybersecurity Strategy and
issues like identity and access management, certification, research and
innovation and the appropriateness for SMEs. The
Commission intends to respond to the Trusted Cloud Europe report and survey by
consulting on a package of policy measures that include regulatory as well as market-led
and co-regulatory options by 2015. As
part of the European Cloud Partnership, the pre-commercial procurement project
Cloud for Europe was launched in June 2013 by a consortium of 25 partners from
the public sector (EU Member States and third countries), with the aim to
develop common procurement requirements for cloud computing services for the
public sector in Europe.[14]
3.4. Supporting
actions
The European Cloud Computing Strategy
includes a number of flanking actions to support the implementation of the key
actions on cloud computing. As part of those flanking actions, cloud computing
is included as a priority area for research, development and innovation in the
first Work Programme of the Horizon 2020 Programme.[15] The
Commission has also built on its on-going international dialogues with third
countries on key themes in relation to cloud computing, notably with the United States, Japan, Korea, Brazil and with a Latin American multilateral forum (ECLAC). Concrete
results of these dialogues provide a foundation for Europe to benefit from
a broader cloud computing market beyond the European Union. [1] Communication
on 'Unleashing the potential of cloud computing in Europe'. COM(2012), 529. [2] Conclusions of the European Council (24/35 October 2013), EUCO
169/13. [3] http://ec.europa.eu/internal_market/copyright/docs/levy_reform/130131_levies-vitorino-recommendations_en.pdf [4] http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2014-0179 [5] ETSI, 'Cloud Standards Coordination - Final Report', November
2013, available at http://csc.etsi.org/website/home.aspx [6] http://ec.europa.eu/digital-agenda/en/cloud-select-industry-group-certification-schemes [7] https://resilience.enisa.europa.eu/cloud-computing-certification [8] https://resilience.enisa.europa.eu/cloud-computing-certification/certification-in-the-eu-cloud-strategy [9] Regulation
(EC) No. 765/2008 of the European Parliament and of the Council of 9 July 2008
on Setting out the requirements for accreditation and market surveillance
relating to the marketing of products and repealing Regulation (EEC) No 339/93. [10] Commission
Decision of 18 June 2013 on "setting up the Commission expert group on
cloud computing contracts" (2013/C 174/04), available at http://ec.europa.eu/justice/contract/cloud-computing/expert-group/index_en.htm [11] http://ec.europa.eu/digital-agenda/en/cloud-computing-strategy-working-groups [12] http://ec.europa.eu/digital-agenda/en/cloud-computing-strategy-working-groups [13] European
Cloud Partnership, 'Establishing a Trusted Cloud Europe: A policy vision
document by the Steering Board of the European Cloud Partnership', March 2014,
available at http://ec.europa.eu/digital-agenda/en/news/trusted-cloud-europe [14] http://www.cloudforeurope.eu/ [15] http://ec.europa.eu/programmes/horizon2020/en/h2020-section/information-and-communication-technologies