The Law on securing and regulating cyberspace (SREN) of 21 May 2024[1] entrusts Arcep with new regulatory responsibilities over the data economy and cloud computing services, in preparation for the European Data Act. After a series of discussions with different stakeholders from the cloud computing value chain, and with businesses that use these services, today Arcep is launching a public consultation to gather input from all of the parties affected by the use of cloud computing services (including cloud service providers, systems integrators, infrastructure managers, business users) on the directions the Authority plans to take under the SREN Act.
The SREN Act seeks to promote freedom of choice for cloud service users, and entrusts Arcep with achieving this.
To courses of action are being pursued to this end:
- Capping data transfer and provider switching fees;
- Clarifying the rules and methods for implementing the essential requirements of interoperability, portability and open interfaces.
These purpose of these two courses of action is to make it easier to switch providers, and to facilitate the simultaneous use of multiple cloud vendors (multicloud). Below is a summary of the status of the work and reflections that Arcep is conducting as a result.
Data transfer fees incurred when switching providers: Arcep soliciting input on its proposal to have these transfer fees waived.
The SREN Act stipulates that the data transfer fees charged when switching providers cannot exceed the costs incurrent by the provider. These fees must be billed in accordance with the cap set by the order of the Minister responsible for Digital Affairs, based on a proposal from Arcep. Based on the analysis set forth in the public consultation and discussions with multiple stakeholders, Arcep plans on setting the cap proposed in its opinion to the Government at €0.
Data transfer fees for customers choosing a multicloud solution and provider switching fees (other than those tied to data transfer): Arcep asks for input to inform its analysis and help craft its future guidelines
On the matter of transfer fees for multicloud customers, only certain costs tied to network provisioning appear likely to be directly attributable to these transfers. Feedback from stakeholders will help to deepen this initial analysis and in crafting a methodological approach to identifying the costs directly tied to the data transfers generated by multicloud use.
For (non-data transfer) switching fees, the Authority is asking for input to be able to identify any services directly tied to the provider switching process, and the costs tied to these services.
Enabling the interoperability and portability of same-kind cloud computing services, to make it easier to switch providers and to adopt a multicloud approach: Arcep presents its initial findings
Technical disparities between cloud services appear to be the first obstacle to switching providers and adopting a multicloud solution (i.e. using multiple vendors). To key factors to removing this obstacle appear to be the interoperability and portability of cloud services of the same kind. Their implementation will depend on the type of service used: IaaS, PaaS, SaaS or ancillary services, and will thus require a different approach according to the type of service.
Increasing transparency on interoperability: Arcep asks contributors to provide details on the content of the technical reference offer that vendors will be required to publish.
This reference offer could borrow elements from the codes of conduct that the sector’s players have developed, and provide users with clear information on the particular features of the services provided and on available switching processes, and this in a uniform way for all providers.
Facilitate customers’ switching and multicloud projects: a targeted harmonisation effort could be conducted for certain ancillary services and on data sharing formats, taking the needs expressed by users into account.
The Authority has not identified a significant need to standardise IaaS and PaaS services. Discussions with users did, however, reveal a potential need to standardise “ancillary” services, and particularly identity and access management services (IAM), where a lack of harmonisation could prove an impediment to switching and multicloud projects. Lastly, as concerns SaaS solutions, work could also be done on formats for data exchanges between services of the same kind.
Arcep invites stakeholders, and especially cloud computing service providers and users, to answer the questions in the document that interest them, or to contribute freely, to help inform its future work in this area. The public consultation will run until 16 December 2024. Contributions must be sent to Arcep, preferably by using the form available on the Authority’s website.
Associated document
[1] Act No. 2024-449 of 21 May 2024 on securing and regulating cyberspace (aka the SREN Act)