In a draft report set to be released later this year, it is cited that India may become subject to stricter data laws, restricting the market for US cloud providers.
Across the world data sovereignty is on the rise. Laws and regulations increasingly require that citizen data be stored in local data centres, which often restricts movement of that data outside of a country’s borders. The European Union’s GDPR policy is one example, although isn’t exactly concrete. China’s relatively new cloud computing law is far more strict, and forced Apple to turn over its Chinese-citizen iCloud data to local providers and Amazon to sell off data centre assets in the country.
Now, it appears that India will join this policy movement. According to Aditya Kalra in Reuters, an influential cloud policy panel has recommended that India mandate data localisation in the country, for investigative and national security reasons, in a draft report set to be released later this year. That panel is headed by well-known local entrepreneur Kris Gopalakrishnan, who founded Infosys, the IT giant.
That report would match other policy statements from the Indian political establishment in recent months. The government’s draft National Digital Communications Policy this year said that data sovereignty is a top mission for the country. The report called for the government by 2022 to ‘Establish a comprehensive data protection regime for digital communications that safeguards the privacy, autonomy and choice of individuals and facilitates India’s effective participation in the global digital economy.’
It’s that last line that is increasingly the objective of governments around the world. While privacy and security are certainly top priorities, governments now recognise that the economics of data are going to be crucial for future innovation and growth. Maintaining local control of data — through whatever means necessary — ensures that cloud providers and other services have to spend locally, even in a global digital economy.
India is both a crucial and an ironic manifestation of this pattern. It is crucial because of the size of its economy: public cloud revenues in the country are expected to hit $2.5 billion this year, according to Gartner’s estimates, an annual growth rate of 37.5%. It is ironic because much of the historical success of India’s IT industry has been its ability to offer offshoring and data IT services across borders.
Localisation demands are nothing new to India. In areas as diverse as education and ecommerce, the country maintains strict rules around local ownership and investment. While those rules have been opening up slowly since the 1990s, the explosion of interest in cloud computing has made the gap in regulations around cloud much more apparent.
If the draft report and its various recommendations become law in India, it would have significant effects on major public cloud providers like Microsoft, Google, Amazon, and Alibaba, all of whom have cloud operations in the country.
In order to comply with the regulations, they would almost certainly have to expend significant resources to build additional data centres locally, and also enforce data governance mechanisms to ensure that data didn’t flow from a domestic to a foreign data centre accidentally or programmatically.
However, this expansion was probably pegged to happen regardless. Given the phenomenal growth of the Indian cloud IT sector, it’s highly likely that the major cloud providers are already planning a massive expansion to handle the increasing storage and computing loads required by local customers. Depending on how simple the regulations are written, there may well be limited cost to the rules.
One question will involve what level of foreign ownership will be allowed for public cloud providers. Given that several foreign companies already exist in the marketplace, it might be hard to completely eliminate them entirely in favour of local competitors. Yet, the large providers will have their work cut out for them to ensure the market stays open to all.
Realistically, when it comes to the large providers, financially, these changes wouldn’t exactly be devastating, far from it. The real costs would be borne by other companies, such as startups who rely on customer datasets to power artificial intelligence. It would be a shame if the very law designed to encourage growth in the IT sector was the one that put a dampener on it.
India’s main objective is to ensure that Indian data benefits Indian citizens. That’s a commendable, yet deeply complex goal, particularly when writing these sorts of regulations. Customers ultimately want their data to reside in a location of their choosing, whether that be with a local provider or a foreign one. Data portability should be key to data sovereignty, since it is consumers who will drive innovation through their demand for best-in-class services.