TRAI doubles down on the need for an industry led body to regulate cloud services

The Telecom Regulatory Authority of India (TRAI) has reiterated that there is a need for a light-touch regulatory approach towards cloud services in India. To make this happen, it says that an industry body should be set up through the following process— enrolling the cloud service providers (CSPs) operating in India, forming an ad-hoc body to frame broad rules for CSPs ( organizational structure, election procedure for a CSP industry body, etc.) and the election of office bearers to take over the functioning of the industry-led body. 

TRAI made the same recommendations to the DoT in 2020 but these were sent back for reconsideration on grounds that the CSP industry was still in its nascent stage. But in the three years that have passed since, TRAI seems to have stuck to its ground that CSPs need to be regulated. Based on the 2020 recommendations, this industry-led body, should work with TRAI and the Department of Telecommunications (DoT).

Why were TRAI’s 2020 recommendations sent back?

In April 2023, the DoT sent TRAI a back-dated reference where it stated that the Ministry of Electronics and Information Technology (MeitY) had responded to TRAI’s recommendations on cloud services saying that it was not in favor of creating a light touch regulatory framework. MeitY was of the view that “any such framework may limit the growth of the Cloud ecosystem in the country.” 

Article continues below ⬇, you might also want to read:

• TRAI Opens Consultation Process On Cloud Services
• TRAI Recommends Industry-Led Body For Cloud Service Providers
• TRAI’s Recco For Governing Cloud Service Providers In India Is…Odd

MeitY pointed out that cloud computing is not a telecom service, rather it is an IT service that falls squarely within its jurisdiction. It said that it did not interpret TRAI’s recommendations as a ‘light touch’ and argued that they could result in a set of regulations that CSPs might find hard to comply with. 

Why it matters: 

MeitY, in its comments on the recommendations, argued that it has been carrying out the empanelment of cloud service providers since 2015. It explained that to receive empanelment CSPs have to adhere to various compliances, certifications, and technical criteria. These CSPs also have to comply with the CERT-In guidelines that are released from time to time. As such, MeitY said that the empanelment already acts as a light touch regulation.

It is notable here that by reiterating these recommendations, TRAI is effectively arguing that CSP regulation should be the purview of the DoT. But given that MeitY is already empaneling CSPs, one must wonder, are these recommendations even necessary? 

What did TRAI recommend?

• TRAI says that there are many different types of CSPs such as infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). It says that the scope of CSPs should initially be limited to the IaaS and PaaS platforms providing services in India.
• It suggests that telecom service providers should not be allowed to share infrastructure and platforms related to Telegraph with a cloud that is not a member of the CSP industry body registered with DoT. 
• The industry body may review its experience and further deliberate upon the need to form multiple bodies for different purposes such as, to address the requirements of different market segments. The DoT might carry out this review two years after the body has taken on its functions or any other time period it finds appropriate. 

Similarities between telcos and CSPs: 

TRAI says that that CSPs often rely on telcos to deliver their services and telecom operators may offer cloud services as part of their portfolio. It says that both these players rely on network infrastructure, require scalable data centers and both have to safeguard themselves against cyber threats and unauthorized access. 

As a result of this convergence between telcos and cloud services, TRAI suggests that it needs to make regulatory interventions as and when required in the case of cloud services to protect the interests of customers. Furthermore, it says, that the “DoT can consider its recommendations to introduce appropriate measures or institutional mechanisms to deal with the issues related to ‘Cloud Services’. ”

STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!