Annexes to COM(2012)529 - Unleashing the Potential of Cloud Computing in Europe - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
dossier | COM(2012)529 - Unleashing the Potential of Cloud Computing in Europe. |
---|---|
document | COM(2012)529 |
date | September 27, 2012 |
These questions, among others, are being examined in an on-going mediation process led by Mr. Antonio Vitorino.[16] On the basis of the outcome of this process the Commission will inter alia assess whether there is a need to clarify the scope of the private copying exception and the applicability of levies, in particular the extent to which cloud computing services allowing for the direct remuneration of right holders are excluded from the private copy levy regime.
Digital Agenda Actions to "Make Online and Cross-Border Transactions Straightforward"
The recent review of the e-commerce directive undertaken as an action in the Digital Agenda reaffirmed its role as an essential foundation of digital services growth in Europe through the exemption from liability of information society service providers when they host or transmit illegal information that has been provided by a third party. Many such online services are now migrating onto cloud infrastructures which facilitates the offer of more integrated services. This gives rise to more complex value chains frequently spanning multiple jurisdictions which in turn raises questions related to the determination of the applicable law (e.g. establishment) and the application of the notification procedures concerning (alleged) illegal information and activities to these emerging services. These issues are being addressed in the follow-up to the Communication on the Digital Single Market for e-commerce and online services, in the Commission's initiative on notice and action procedures.[17]
Secure eAuthentication methods for internet transactions are also essential for the development of the digital single market. The more complex value chains and the nested nature of many services in cloud computing makes reliable authentication necessary both to secure trust and to streamline the use of the services. For example single sign-on procedures makes the use of a set of services much smoother but require more sophisticated and reliable authentication methods than simple self-created passwords to enhance trust in the set of providers concerned. The adoption of common standards that permit safe but seamless use of services requiring reliable authentication and authorisation would be a major boon to cloud adoption. The provision of such solutions will be greatly enhanced by the adoption of the Commission's proposals on e-identification and authentication.[18]
The Commission will in the coming months address general cyber security challenges in its Strategy for Cyber Security. The strategy will address all information society providers including cloud computing service providers. It will inter alia indicate appropriate technical and organisational measures that should be taken to manage security risks as well reporting obligations to competent authorities of significant incidents.
Digital Agenda Actions on Building Digital Confidence
Data protection emerged from the consultation and the studies launched by the Commission as a key area of concern that could impede the adoption of cloud computing. In particular, faced with 27 partly diverging national legislative frameworks, it is very hard to provide a cost-effective cloud solution at the level of digital single market. In addition, given the cloud’s global scope, there was a call for clarity on how international data transfers would be regulated. These concerns have been addressed, in completion of another Digital Agenda Action, by the proposal of a strong and uniform legal framework providing legal certainty on data protection by the Commission on 25 January 2012. The proposed regulation addresses the issues raised by the cloud. Centrally, it clarifies the important question of applicable law, by ensuring that a single set of rules would apply directly and uniformly across all 27 Member States. It will be good for business and citizens by bringing about a level playing field and reduced administrative burden and compliance costs throughout Europe for businesses, while ensuring a high level of protection for individuals and giving them more control over their data. Increased transparency of data processing will also help increase consumer trust. The proposal facilitates transfers of personal data to countries outside the EU and EEA while ensuring the continuity of protection of the concerned individuals. The new legal framework will provide for the necessary conditions for the adoption of codes of conduct and standards for the cloud, where stakeholders see a need for certification schemes that verify that the provider has implemented the appropriate IT security standards and safeguards for data transfers.
Given that data protection concerns were identified as one of the most serious barriers to cloud computing take-up, it is all the more important that Council and Parliament work swiftly towards the adoption of the proposed regulation as soon as possible in 2013.
Meanwhile, as cloud computing involves chains of providers and other actors such as infrastructure or communications providers, guidance is required on how to apply the existing EU Data Protection Directive, notably to identify and distinguish the data protection rights and obligations of data controllers and processors for cloud service providers, or actors in the cloud computing value chain. Moreover, due to the specific nature of the cloud, questions have been raised about applicable law in case where the relevant place of establishment of a cloud provider may be hard to determine, e.g. for a non-EU user of a non-EU provider operating equipment in the EU. In this context, the Commission welcomes the guidance on how to apply the existing EU Data Protection Directive given in the Opinion of the data protection working party, the so called "Article 29 Working Party" on cloud computing of 1 July 2012.[19] The Commission considers that the Article 29 Working Party Opinion provides a good basis for the transition from the current EU Data Protection Directive to the new EU Data Protection Regulation and that it should guide the work of national authorities and of businesses, thereby offering maximum clarity and legal certainty on the basis of the existing legal framework.
Moreover, once the proposed regulation is adopted, the Commission will make use of the new mechanisms set out therein to provide, in close cooperation with national data protection authorities, any necessary additional guidance on the application of European data protection law in respect of cloud services.
Contract law was also an area of concern for negatively affecting the digital confidence of consumers who did not have certainty about their rights and lacked protection and traders who needed a framework which would make it easier for them to offer their products online. In this context, the Commission has already proposed a Regulation for a Common European Sales Law.[20]
3.2. Specific Key Actions on Cloud Computing
Completing the Digital Single Market by moving as rapidly as possible to adoption and implementation of the Digital Agenda proposals that are on the table is the essential first step towards making Europe cloud-friendly. But to move up a notch to become cloud-active, a climate of certainty and trust must be further developed so as to stimulate the active adoption of cloud computing in Europe.
There is a need for a chain of confidence-building steps to create trust in cloud solutions. This chain starts with the identification of an appropriate set of standards that can be certified in order to allow public and private procurers to be confident that they have met their compliance obligations and that they are getting an appropriate solution to meet their needs when adopting cloud services. These standards and certificates in turn can be referenced in terms and conditions so that providers and users feel confident that the contract is fair. The preparatory work mentioned above indicates the need for specific frameworks for Cloud Computing in relation to both standards and certification and contract terms and conditions.
Public authorities have a role to play in forging a trusted cloud environment in Europe. They have an opportunity to use their procurement weight to promote the development and uptake of cloud computing in Europe based on open technologies and secure platforms. Establishing a clear and protective framework for public sector adoption will ensure that this technology provides trusted access for international users and make Europe a hot spot of cloud service innovation. In addition, take-up amongst public procurers of trusted cloud solutions could encourage SMEs to adopt as well.
There are also concerns that the economic impact of cloud computing will not reach its full potential unless the technology is adopted by both public authorities and small to medium sized enterprises (SMEs). In both cases adoption so far is marginal due to the difficulty of assessing the risks of cloud adoption.
To deliver on these goals therefore the European Commission will launch three cloud-specific actions:
(1) Key Action 1: Cutting through the Jungle of Standards
(2) Key Action 2: Safe and Fair Contract Terms and Conditions
(3) Key Action 3: Establishing a European Cloud Partnership to drive innovation and growth from the public sector.
3.3. Key Action 1 – Cutting through the Jungle of Standards
A wider use of standards, the certification of cloud services to show they meet these standards and the endorsement of such certificates by regulatory authorities as indicating compliance with legal obligations will help cloud take-off.
Currently, individual vendors have an incentive to fight for dominance by locking in their customers, inhibiting standardised, industry-wide approaches. Despite numerous standardisation efforts, mostly led by suppliers, clouds may develop in a way that lacks interoperability, data portability and reversibility, all crucial for the avoidance of lock-in.
Standards in the cloud will also affect stakeholders beyond the ICT industry, in particular SMEs, public sector users and consumers. Such users are rarely able to evaluate suppliers' claims as to their implementation of standards, the interoperability of their clouds or the ease with which data can be moved from one provider to another. For this, independent, trusted certification is needed.
Standardisation and certification actions for cloud computing are already taking place. The U.S. National Institute for Standards and Technology (NIST) has published a series of documents including a widely accepted set of definitions. The European Telecommunications Standards Institute (ETSI) has set up a Cloud Group to consider cloud standardisation needs and conformity with interoperability standards. Additional standards setting initiatives will clearly be needed. However, the priority now is to deploy existing standards to develop confidence in cloud computing via comparable service stacks as well as interoperable and diverse offerings. In addition to identifying the concerned standards compliance certification is needed.
Many, and certainly all larger organisations, require certification of their IT systems' compliance with legal and audit requirements and that applications and systems are interoperable. The Commission will:
· Promote trusted and reliable cloud offerings by tasking ETSI to coordinate with stakeholders in a transparent and open way to identify by 2013 a detailed map of the necessary standards (inter alia for security, interoperability, data portability and reversibility).
· Enhance trust in cloud computing services by recognising at EU-level technical specifications in the field of information and communication technologies for the protection of personal information in accordance with the new Regulation on European Standardisation[21].
· Work with the support of ENISA and other relevant bodies to assist the development of EU-wide voluntary certification schemes in the area of cloud computing (including as regards data protection) and establish a list of such schemes by 2014.
· Address the environmental challenges of increased cloud use by agreeing, with industry, harmonised metrics for the energy consumption, water consumption and carbon emissions of cloud services by 2014.[22]
3.4. Key Action 2: Safe and Fair Contract Terms and Conditions
Traditional IT outsourcing arrangements were typically negotiated and related to data storage, processing facilities and services defined and described in detail and up-front. Cloud computing contracts, on the other hand, essentially create a framework in which the user has access to infinitely scalable and flexible IT capabilities according to his needs. However, currently the greater flexibility of cloud computing as compared to traditional outsourcing is often counterbalanced by reduced certainty for the customer due to insufficiently specific and balanced contracts with cloud providers.
The complexity and uncertainty of the legal framework for cloud services providers means that they often use complex contracts or service level agreements[23] with extensive disclaimers. The use of "take-it-or-leave-it" standard contracts might be cost-saving for the provider but is often undesirable for the user, including the final consumer. Such contracts may also impose the choice of applicable law or inhibit data recovery. Even larger companies have little negotiation power and contracts often do not provide for liability for data integrity, confidentiality or service continuity.[24]
As regards professional users, the development of the model terms for cloud computing of the service level agreements for professional users were one of the most important issues that arose during the consultation process. The service level agreements determine the relationship between the cloud provider and professional users, and thus essentially provide the basis of trust cloud users can have in a cloud provider's ability to deliver services.
Concerning consumers and small firms, the Commission's proposal, as an action aiming at building digital confidence under the Digital Agenda, for a Regulation on a Common European Sales Law[25], addresses many of the obstacles stemming from diverging national sales law rules by providing contractual parties with a uniform set of rules. The proposal includes rules adapted to the supply of "digital content" that cover some aspects of cloud computing.[26]
Specific complementary work for those issues that lie beyond the Common European Sales Law is needed to make sure that other contractual questions relevant for cloud computing services can be covered as well, by a similar optional instrument approach. This complementary work should cover such issues as data preservation after termination of the contract, data disclosure and integrity, data location and transfer, direct and indirect liability, ownership of the data, change of service by cloud providers and subcontracting.
Although existing EU legislation protects users of cloud services, consumers are often unaware of their relevant rights especially including the applicable law and jurisdiction in civil and commercial matters, notably when it comes to contract law questions.[27] Development of model contract terms was identified in the consultation[28] as desirable to overcome these problems. Industrial users and suppliers have called for self-regulatory agreements or standardisation. For contracts with consumers and small firms European model contract terms and conditions based on an optional contract law instrument may be needed to create transparent and fair cloud services contracts.
Identifying and disseminating best practices in respect of model contract terms will accelerate the take up-of cloud computing by increasing the trust of prospective customers.
Appropriate actions on contract terms can also help in the crucial area of data protection. As noted above, the proposed Regulation on personal Data Protection will guarantee a high level of protection for individuals by ensuring continuity of protection when data is transferred outside the EU and EEA, namely through standard contractual clauses governing international data transfers and establishment of the necessary conditions for the adoption of cloud-friendly binding corporate rules. These changes will ensure the EU data protection rules cater for the geographical and technical realities of cloud computing. The Commission will by end 2013:
· Develop with stakeholders model terms for cloud computing service level agreements for contracts between cloud providers and professional cloud users, taking into account the developing EU acquis in this field.
· In line with the Communication on a Common European Sales Law[29], propose to consumers and small firms European model contract terms and conditions for those issues that fall within the Common European Sales Law proposal. The aim is to standardise key contract terms and conditions, providing best practice contract terms for cloud services on aspects related with the supply of "digital content".
· Task an expert group set up for this purpose and including industry to identify before the end of 2013 safe and fair contract terms and conditions for consumers and small firms, and on the basis of a similar optional instrument approach, for those cloud-related issues that lie beyond the Common European Sales Law .
· Facilitate Europe's participation in the global growth of cloud computing by: reviewing standard contractual clauses applicable to transfer of personal data to third countries and adapting them, as needed, to cloud services; and by calling upon national data protection authorities to approve Binding Corporate Rules for cloud providers.[30]
· Work with industry to agree a code of conduct for cloud computing providers to support a uniform application of data protection rules which may be submitted to the Article 29 Working Party for endorsement in order to ensure legal certainty and coherence between the code of conduct and EU law.
3.5. Key Action 3 – Promoting Common Public Sector Leadership through a European Cloud Partnership
The public sector has a strong role to play in shaping the cloud computing market. As the EU's largest buyer of IT services, it can set stringent requirements for features, performance, security, interoperability and data portability and compliance with technical requirements. It can also lay down requirements for certification. Several Member States have started national initiatives such as Andromede in France, G-Cloud in the UK and Trusted Cloud in Germany.[31] But with the public sector market fragmented, its requirements have little impact, services integration is low and citizens do not get the best value for money. Pooling public requirements could bring higher efficiency and common sectoral requirements (e.g. eHealth, social care, assisted living, and eGovernment services such as open data[32]) would reduce costs and enable interoperability.
The private sector would also benefit from higher quality services, more competition, rapid standardisation and better interoperability and market opportunites for high -tech SMEs.
This year, the Commission is therefore setting up a European Cloud Partnership (ECP) to provide an umbrella for comparable initiatives at Member State level. The ECP will bring together industry expertise and public sector users to work on common procurement requirements for cloud computing in an open and fully transparent way. The ECP does not aim at creating a physical cloud computing infrastructure. Rather, via procurement requirements that will be promoted by participating Member States and public authorities for use throughout the EU, its aim is to ensure that the commercial offer in Europe is adapted to European needs. The ECP will also be instrumental for avoiding fragmentation and ensuring public cloud usage is interoperable as well as safe, secure and greener and fully in line with European rules, e.g. in the areas of data protection and security. The ECP will, under the guidance of a steering board bring together cooperating public authorities working with industry consortia to implement a pre-commercial procurement action to:
· identify public sector cloud requirements; develop specifications for IT procurement and procure reference implementations to demonstrate conformance and performance.[33]
· Advance towards joint procurement of cloud computing services by public bodies based on the emerging common user requirements.
· Set up and execute other actions requiring coordination with stakeholders as described in this document.
4. Additional Policy steps
The Commission will also implement a series of flanking actions to support the three key actions. Other initiatives, such as on broadband access, roaming or open data also contribute to an environment conducive to faster cloud adoption, particularly for consumers and SMEs.
4.1. Stimulation measures
The Commission will investigate how to make full use of its other available instruments notably through research and development support under Horizon 2020 on long-term challenges specific to cloud computing as well as assisting the migration to cloud-based solutions, e.g. software for switching from legacy systems to cloud, for managing hybrid services (combining cloud and non-cloud systems) and to avoid lock-in[34].
The Commission intends to launch Digital Service Infrastructures under the proposed Connecting Europe Facility[35]in 2014 as ubiquitously available cloud-based public services for, e.g., setting up businesses online; cross-border procurement and eHealth services; and access to public sector information. It will also implement its own cloud plan under the eCommission strategy, including a programme of actions to move public services implemented under other Community programs into the cloud.
Finally it will take action (inter alia studies, mentoring and counselling schemes, raising awareness) to promote e-skills skills and digital entrepreneurship with regard to cloud computing.
4.2. International dialogue
With no technical barriers to stop cloud services at geographical borders, there is a need not only to fully exploit the opportunities of the Digital Single Market but to look beyond the EU at the wider international situation for both the legal framework (e.g. on applicable law) and adoption-supporting measures.
Cloud computing, being born global, calls for a reinforced international dialogue on safe and seamless cross-border use. For example, the international dialogues on trade, law enforcement, security and cybercrime all need to fully reflect the new challenges raised by cloud computing.[36]
More third countries are recognising the importance of cloud computing. The USA, Japan, Canada, Australia and South East Asian countries such as Korea, Malaysia and Singapore have or are developing cloud computing strategies. The main axes are partnerships to drive take-up by public bodies; promotion of technological developments and standardisation; and international dialogue and coordination on legal and technical issues.The EU therefore needs to deepen its structured collaboration with international partners not just to share experiences and do joint technological development but also for legal adjustments to promote more efficient and effective cloud roll-out.[37] These dialogues will be pursued in multilateral fora such as the WTO and the OECD to advance common objectives for cloud computing services as well as by integrate cloud-computing-related issues in its free trade negotiations with India, Singapore etc.
The Commission will also build on its on-going international dialogues with the USA, India, Japan and other countries, as regards, inter alia, key themes related to cloud services as discussed above, such as data protection; access to data by law enforcement agencies and the use of Mutual Legal Assistance Agreements to avoid confronting companies with conflicting requests from public authorities; coordination of data security at the global level; cyber-security, liability of intermediary service providers; standards and interoperability requirements, in particular for public services; application of the tax law to cloud services; and cooperation on research and technology development.
5. Conclusion
Cloud computing touches a wide range of policy fields. Ongoing policy initiatives such as the data protection reform and the Common European Sales law that will lower barriers to the uptake of cloud computing in the EU should be adopted quickly.
In parallel, the Commission will deliver on the key actions identified in this Communication in 2013, notably in respect of the actions on standardisation and certification for cloud computing, the development of safe and fair contract terms and conditions and the launch of the European Cloud Partnership.
The Commission will be vigilant on emerging policy issues which are likely to affect cloud computing's economic and societal potential in fields such as taxation, public procurement, financial regulation or law enforcement, where cloud computing's inherent cross-border nature raises questions regarding compliance and reporting obligations.
The Commission will by the end of 2013 report on the progress on the full set of actions in this Strategy and present further policy and legislative proposals initiatives as needed.
The next two years, during which the actions outlined above, will be developed and put into place will lay the foundation for Europe to become a world cloud computing powerhouse. The right progress during this preparation phase will provide a stable basis for a rapid take-off phase from 2014-2020 during which use of publicly available cloud computing offerings could achieve a 38% compound annual growth rate (around double the rate that would be achieved if the decisive policy steps are not implemented).
The Commission calls upon Member States to embrace the potential of cloud computing. Member States should develop public sector cloud use based on common approaches that raise performance and trust, while driving down costs. Active participation in the European Cloud Partnership and deployment of its results will be crucial.
The Commission also calls upon industry to cooperate closely on the development and adoption of common standards and interoperability measures.
[1] Kretschmer, T. (2012), “Information and Communication Technologies and Productivity Growth: A Survey of the Literature”, OECD Digital Economy Papers, No. 195, OECD Publishing. http://dx.doi.org/10.1787/5k9bh3jllgs7-en
[2] Communication, "A coherent framework for building trust in the Digital Single Market for e-Commerce and online services", COM (2011) 942 final.
[3] IDC (2012) "Quantitative Estimates of the Demand for Cloud Computing in Europe and the Likely Barriers to Take-up"; also see for more details the SWD accompanying this Communication, section 3.1. The importance of cloud computing for the creation of jobs is also recognised in "A Set of Key Actions for ICT Employment", annex to the Commission Communication "Towards a job-rich recovery", COM(2012) 173 final.
[4] For example, organisations may worry about business continuity in the case of service disruption whereas individuals may have concerns about what happens with their personal information. Such worries slow down the overall speed of adoption of cloud computing.
[5] Many such definitions are highly abstract: One well-known definition speaks of "a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources … that can be rapidly provisioned and released with minimal effort or service provider interaction" NIST (2009), US National Institute for Standards and Technology.
[6] IDC (2012) "Quantitative Estimates of the Demand for Cloud Computing in Europe and the Likely Barriers to Take-up".
[7] E.g. one study foresees the cloud market to grow threefold by 2014. Another study sees 11 million jobs added to the economy by that time. See the SWD, section 4.1.
[8] See: Greenpeace (2012) How clean is your cloud?
[9] See: http://www.broadbandcommission.org/net/broadband/Documents/bbcomm-climate-full-report-embargo.pdf
[10] HM Government (2011) Government Cloud Strategy, www.cabinetoffice.gov.uk
[11] By contrast, a private cloud is a service or infrastructure dedicated to a particular client that is not open for use by others.
[12] IDC (2012) "Quantitative Estimates of the Demand for Cloud Computing in Europe and the Likely Barriers to Take-up" estimates that in the “Policy-driven” scenario cloud-related workers could exceed 3.8 million, against some 1.3 million in the “No Intervention” scenario, i.e. 2.5 million additional jobs could be brought about by the policy.
[13] Communication Single Market Act COM(2011) 206 final
[14] The constituent actions were to propose a Directive on Collective Rights Management COM(2012) 372 final; a Directive on Orphan Works COM(2011) 289 final; and to review of the Directive on Re-Use of Public Sector Information, COM(2011) 877 final, all of which have been done.
[15] Green Paper on the online distribution of audiovisual works in the European Union: opportunities and challenges towards a digital single market, COM(2011) 427.
[16] See Commission Communication "A Single Market for Intellectual Property Rights" COM(2011) 287 – Action 8 – which launched this mediation process in order to "explor[e] possible approaches with a view to harmonising the methodology used to impose levies [....]" and stated that a "concerted effort on all sides to resolve outstanding issues should lay the ground for comprehensive legislative action at EU level". The eCommerce Communication, COM(2011) 942 final, envisages a legislative initiative on private copying in 2013.
[17] eCommerce Communication, COM(2011) 942 final, p. 15.
[18] Proposal for a Regulation on electronic identification and trust services for electronic transactions in the internal market COM(2012)238/2.
[19] See: Article 29 Data Protection Working Party, WP196 – Opinion 05/2012 on Cloud Computing, adopted July 1st 2012, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/index_en.htm#h2-1.
[20] COM (2011) 635 final
[21] Adopted on 11 September 2012 on the basis of the Commission's proposal, COM (2011) 315, and entering into force on 1 January 2013.
[22] http://www.ict-footprint.eu
[23] An SLA specifies the technical conditions of service delivery, e.g. the extent of guaranteed availability as a percentage.
[24] See the opinion of the Article 29 Working Party on cloud computing, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/index_en.htm#h2-1.
[25] COM(2011) 635 final
[26] The proposal for a Regulation on a Common European Sales Law applies to some of the contracts for the supply of digital content, i.e. “data which are produced and supplied in digital form, whether or not according to the buyer's specifications, including video, audio, picture or written digital content, digital games, software and digital content which makes it possible to personalise existing hardware or software” (digital content) which can be stored, processed or accessed, and re-used by the user but excludes “electronic communications services and networks, and associated facilities and services” as well as ”the creation of new digital content and the amendment of existing digital content”.
[27] See: Regulation (EC) No 593/2008 on the law applicable to contractual obligations (Rome I), OJ L 177, 4.7.2008 and Regulation (EC) No 44/2001 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters, OJ L 12, 16.1.2001.
[28] http://ec.europa.eu/information_society/activities/cloudcomputing/docs/ccconsultationfinalreport.pdf
[29] Commission Communication "A European Consumer Agenda - Boosting confidence and growth", COM (2012) 225 final.
[30] The relevant opinions of the Article 29 Working Party (See: WP 195 and WP 153) will serve as a basis for a Commission draft. Binding Corporate Rules are one means to allow for legal international data transfers: they govern in an enforceable manner how the different parts of a corporation, regardless of their international location, deal with personal data.
[31] http://www.economie.gouv.fr/cloud-computing-investissements-d-avenir; http://www.cabinetoffice.gov.uk/sites/default/files/resources/government-cloud-strategy_0.pdf;http://www.trusted-cloud.de/documents/aktionsprogramm-cloud-computing.pdf
[32] Communication on "Open data. An engine for innovation, growth and transparent governance", COM(2011) 882 final.
[33] This action will be funded from the Seventh Framework for Research (FP7) in 2013, the relevant call for proposals was published on 9 July 2012.
[34] See: Cloud Expert Group Report "The Future of cloud computing. Opportunities for European cloud computing beyond 2010 : http://cordis.europa.eu/fp7/ict/ssai/docs/cloud-report-final.pdf and Cloud Expert Group Report "Advances in Clouds": http://cordis.europa.eu/fp7/ict/ssai/docs/future-cc-2may-finalreport-experts.pdf
[35] Proposal for a Regulation establishing the Connecting Europe Facility, COM(2011) 665
[36] COM(2011)163 on Critical Information Infrastructure Protection identifies developing trust in the cloud as a priority and calls for "strengthen[ing] discussions on the best governance strategies".
[37] Such dialogue has started under the EU-US Information Society Dialogue, the European America Business Council and the EU-Japan Information Society Dialogue. Cloud may also be considered by the Transatlantic Economic Council and the EU-US SME Cooperation.