European CIOs want to regulate the cloud market

By publishing eleven fair principles of relationships with cloud providers, Cigref and its Belgian, Dutch and German counterparts are calling for European regulation for a more balanced cloud market.


Cigref has joined forces with its usual European counterparts and partners (Belgium's Beltug, the Netherlands' CIO Platform and Germany's Voice) to call for compliance with 11 principles for a balanced cloud market. The purpose of these principles is to ensure a healthy relationship between cloud users and cloud providers, which can be compared to business ethics principles.

When technical choices are made in favor of a cloud provider, switching providers is often very expensive, especially for data retrieval that remains the customers property.

This financial barrier blocks competition that would force players to take better account of their customers' requirements.

There are often many disappointments between the promises made at the time of contract and the delivery of services. For example, once the software is deployed, it is highly embedded in business processes, which leads to customer lock-in. It is so complex and costly to switch vendors that user organizations are forced to keep the same provider.

Furthermore, business users have no bargaining power with large suppliers.

On the ROI side, it is also very complicated. Suppliers can unilaterally modify subscription prices and the parameters on which these prices are based whereas customers cannot build their profitability analysis, as they are unable to predict future costs.

These practices do not only concern large providers but also the niche players who are forced to adapt their models to better compete.

One of the key promises of the cloud is transparency and simplicity: budgeting is supposed to be easy, but the reality is quite different. Bernard Duverneuil, former president and current vice president of Cigref in charge of European Affairs.

Let's keep in mind that enterprise software and cloud services market are mainly concentrated in the hands of a few large players. Large vendors copy features from their smaller competitors and integrate them into their software, thus reducing competition and customer choice, and increasing dependency.

New features are often first offered for free or at a very low price to convince customers to adopt them. "During the first negotiation, the supplier offers very attractive prices and promises a lot of features. After signing, hidden costs appear and the features are not what was promised" explains Martijn Koning, President of CIO Platform Nederland.

A non-competitive environment requires a fair set of principles. The cloud market is characterized by several features that are unfavorable to business users.

Another major issue is that cloud vendors and suppliers tend to combine vertical offerings. This can limit the choice of infrastructure or applications the customer can use to run their applications in the cloud. In addition, the cost and the complexity of data retrieval at the end of the contract can be a major drawback.


Opportunities of European digital laws to reverse the trend


Future laws on digital markets, artificial intelligence and data, as well as the cloud rulebook and the standard contractual clauses, are opportunities to improve the situation.

The four associations are indeed calling the European Commission, the European Parliament, national governments and European and national regulatory and competition authorities to secure the future of the cloud in Europe.

They ask the institutions to stop the abuse of vendor lock-in and unfair practices ; to ensure fair business practices in the digital technology markets; to ensure that the control of data remains in the hands of business users without additional costs or negative effects.


The 11 fair principles of European IT departments

  • Vendor shall fulfil existing regulatory obligations.

When a vendor cannot comply with (part of) a regulatiory obligation, it shall inform its customers; allowing these customers to assess their own compliance and giving them the opportunity to either implement controls on their side or stop the contract.

  • Vendors must not create a technical, organisational or commercial lock-in.

When the standard exists, vendors shall apply it, so that switching is possible.

  • Customer shall remain in control of their own data and all the data uploaded or processed by the service/solution.

For instance, vendors shall not reuse data of the customer for their own purposes (such as service improvement or statistics).

  • Contractual terms and conditions shall be clear, unambiguous and not unilaterally changeable.

  • Contractual terms shall not restrict or discriminate for customer’s choice of cloud provider, outsourcing partner or hardware platform.

  • Contractual terms for licensing and subscriptions shall be free from geographic and entity restrictions.

For instance, licences need to be able to travel with the production or sales between different sites, independent of location.

  • Contractual terms shall allow customers to use progressive or innovative technologies and deployment models.

  • Service levels and product specifications shall be explicitly listed and take into account the context of the customer

  • Commercial models shall not be changed unilaterally and adhere to an active ‘opt-in’ principle.

  • Commercial models and offerings shall be consistent and reasonable, not combining different models for the benefit of the vendor’s revenue.

  • The scope, execution and intended outcome of an audit shall be clearly defined in the contract.


The four european associations expect regulatory changes at the European level to integrate their principles. Through this regulation, they want to restore a balance between customers and Cloud providers.


If these principles are more likely to be applicable to business ethics, it is however undeniable that some of them cannot be regulated or even applied, including by European suppliers, either because they interfere with other regulations in force, or because they are too unclear to be applicable (i.e respect of existing regulatory obligations).

Regarding the combination of revenue models, it's difficult to be applied in a context of a growing competition.



8 views