The Telecommunications Authority of India (TRAI) has invited comments on a consultation paper that aims to provide a framework for registration of an industry body for cloud service providers (CSP). The paper cover issues such as eligibility criteria for registration, obligations, membership policy and other policy issues related to the governance structure of cloud service provider’s industry body. Comments can be sent till November 20 and counter comments till December 4 at advqos@trai.gov.in .
Where this consultation paper came from? TRAI had issued recommendations on ‘Cloud services’ in August 2017 which were adopted by the government in September 2018. These recommendations covered subjects such as legal and regulatory framework for cloud services, a comprehensive legal framework for data protection, interoperability, and portability, a legal framework for CSPs operating in multiple jurisdictions, cost-benefit analysis, etc. In September 2018, the Department of Telecommunication (DoT) had sought additional recommendation from TRAI on terms and conditions of industry body, eligibility, entry fee, period of registration and governance structure. This consultation paper is a response to DoT’s request from TRAI.
What the TRAI is seeking views on?
TRAI is seeking comments for the following issues:
1. Whether there should be a single industry body or more, for cloud service providers? The paper seeks views on whether there should be a single industry body or multiple industry bodies for cloud service providers which may be registered with DoT. It further asked whether there should be capping on multiple industries’ bodies or not. However, it recommends that too many bodies might create confusion in consumers’ minds and may also cause problems in terms of conflicting positions taken by multiple industry bodies communicating to DoT. It also suggests the creation of industry bodies category-wise for a particular sector, service model, deployment model, end-users, etc.
2. What should be the eligibility criteria for industry body(ies) to register? It seeks views on basic requirements of registration, eligibility criteria, terms and conditions for registration of CSPs with the DoT. It further asks for what all documents will be required for registration and the submission of the code of conduct by the industry body. TRAI had recommended earlier that industry bodies should be a not-for-profit body. It has also listed obligations that may be included in ‘Terms and Conditions’ of registration such as compliance with policies or DoT rules, transparency requirements, Code of Conduct, assessment of report on the performance of industry body and its members, etc.
3. Should entry or recurring fees be uniform or not? The paper asks whether entry fee and recurring fee needs to be uniform for all the members or if these may be on the basis of type or category of members for a CSP, to mandatorily become a member of a registered industry body.
4. What should be the guiding principles for governance? The paper seeks views on what should be the guiding principles for governance by an industry body and how would the guiding principles ensure fair, reasonable and non-discriminatory functioning of the body. It further seeks comments on whether the governance structure should be prescribed by DoT or industry body.
5. What policy should be adopted for initial formation of the industry body(ies)?: The paper seeks comments on policy required for the initial formation of an industry body for cloud services. It suggests the establishment of an ad-hoc industry body with representatives from major CSPs and service providers of communications networks. It also recommends that DoT should nominate enterprises, institutions, and individuals to become founding members of the industry body at the initial stage.
6. What will be the threshold value for parameters like the volume of business, revenue, number of customers for CSP? It seeks comments for deciding threshold value for parameters such as the volume of business, revenue, number of customers, or a combination of these for CSP to mandatorily become a member of a registered Industry body.
It also seeks comments on any other issues which might be relevant for Cloud Services in India.
Existing guidelines for cloud service providers
DoT had accepted TRAI’s earlier recommendations on cloud services in August 2018. The existing guidelines are as follows:
- All CSPs to become a member of one of the registered industry body for cloud services and should accept the code of conduct prescribed to them. The code of conduct shall include provisions such as the adoption of a constitution towards its members, Membership, Creation of working groups, and Mandatory codes of conduct standards or guidelines that specifically include-
- QoS (Quality of Services) parameters
- Billing models
- Data security
- Dispute resolution framework
- Model SLA
- Disclosure framework
- Compliance to its codes and standards
- Compliance to guidelines
- Directions or orders issued by DoT
- Providing requisite information in stipulated timelines when sought by DoT/TRAI
- No restrictions should be imposed on the number of such industry bodies to ensure that there is freedom in functioning.
- DoT may issue instructions to such an industry body whenever it needs to perform certain functions and procedures to be followed.
- DoT may withdraw registration in case if it finds the instances of breach or non-compliance of directions of order given out.
- DoT to keep a close watch on the functioning of the body to ensure transparency and fair treatment to its members.
- A Cloud Service Advisory Group (CSAG) to be created and will consist of representatives from state IT departments, MSME associations, consumer advocacy groups, industry experts and representatives from Law Enforcement agencies.
