Report - Global Cloud Computing Scorecard (2016)
- About this version of the report on the Galexia website
- Scores and Rank and how this has changed from 2012 to 2016
- Executive Summary and Overall Findings (from the BSA Report)
- Changes in Score - Showing the Theme Breakup
- Key Findings Across Themes (from the BSA Report)
- Country Checklist on a page
- Country Summaries (including historic scores and ranks)
- 2016 Rank 1. Japan - Score: 84.78 | Change from 2013 Score: +0.68 - Rank: same
- 2016 Rank 2. United States - Score: 82.36 | Change from 2013 Score: +2.64 - Rank: +1
- 2016 Rank 3. Germany - Score: 82.02 | Change from 2013 Score: +2.96 - Rank: +1
- 2016 Rank 4. Canada - Score: 80.91 | Change from 2013 Score: +5.12 - Rank: +5
- 2016 Rank 5. France - Score: 80.74 | Change from 2013 Score: +2.41 - Rank: +1
- 2016 Rank 6. Australia - Score: 80 | Change from 2013 Score: +0.08 - Rank: -4
- 2016 Rank 7. Singapore - Score: 79.5 | Change from 2013 Score: +1 - Rank: -2
- 2016 Rank 8. Italy - Score: 79.32 | Change from 2013 Score: +3.81 - Rank: +2
- 2016 Rank 9. United Kingdom - Score: 78.88 | Change from 2013 Score: +1.94 - Rank: -2
- 2016 Rank 10. Poland - Score: 76.7 | Change from 2013 Score: +4.7 - Rank: +2
- 2016 Rank 11. Spain - Score: 76.25 | Change from 2013 Score: +2.55 - Rank: same
- 2016 Rank 12. Korea - Score: 75.54 | Change from 2013 Score: -0.62 - Rank: -4
- 2016 Rank 13. Malaysia - Score: 69.66 | Change from 2013 Score: +0.15 - Rank: same
- 2016 Rank 14. South Africa - Score: 61.3 | Change from 2013 Score: +10.04 - Rank: +6
- 2016 Rank 15. Mexico - Score: 60.79 | Change from 2013 Score: +3.91 - Rank: same
- 2016 Rank 16. Argentina - Score: 57.98 | Change from 2013 Score: +1.48 - Rank: same
- 2016 Rank 17. Russia - Score: 56.39 | Change from 2013 Score: -0.66 - Rank: -3
- 2016 Rank 18. India - Score: 56.08 | Change from 2013 Score: +2.99 - Rank: -1
- 2016 Rank 19. Turkey - Score: 54.41 | Change from 2013 Score: +2.02 - Rank: -1
- 2016 Rank 20. Indonesia - Score: 49.45 | Change from 2013 Score: +1.01 - Rank: +1
- 2016 Rank 21. Thailand - Score: 48.85 | Change from 2013 Score: +4.82 - Rank: +2
- 2016 Rank 22. Brazil - Score: 48.55 | Change from 2013 Score: +4.46 - Rank: same
- 2016 Rank 23. China - Score: 47.89 | Change from 2013 Score: -3.58 - Rank: -4
- 2016 Rank 24. Vietnam - Score: 43.66 | Change from 2013 Score: +3.59 - Rank: same
Chris Connolly and Peter van Dijk, Galexia
Galexia has been working with The Software Alliance (BSA) since 2009 and has assisted in the development of an extensive body of cloud research, thought leadership and first to market analysis on key cloud issues.
Galexia has worked extensively with the Singapore, Washington and Brussels BSA offices and has engaged with BSA stakeholders in more than 20 countries.
Related BSA reports developed by Galexia (external links)
- 3rd Global Cloud Computing Readiness Scorecard » (2016) - This report.
- 2nd Global Cloud Computing Readiness Scorecard » (2013)
- 1st Global Cloud Computing Readiness Scorecard » (2012)
- 1st EU CyberSecurity Maturity Dashboard (2015) » (April 2015)
- 1st APAC CyberSecurity Maturity Dashboard (2015) » (July 2015)
About this version of the report on the Galexia website
This version of the 2016 Cloud Scorecard reflects the final and official version as published on the BSA | Software Alliance Scorecard micro-site with additional embedded analytics and visualisations from Galexia. The release of the 3rd in this series of ground breaking reports is a great time to take stock and look at what we think are the fascinating and significant trends and patterns of global improvements over the past 4 years. We have included graphs, analysis and data not previously published.
There are number of components that go into building up the Cloud Readiness Scorecard & Report
- Consistent themes, criteria and scoring methodology across all reports from 2012
- 24 country reports
- Country checklist on a page - it is worth obtaining the BSA hard copy version of the report which has a double A4 foldout
- Country summaries
- Theme summaries
- Consistent scoring across 46 criteria
- Overall Score and Rankings
- Detailed change tracking, identifying trends and rates of improvement
Changes in the 2016 report - from 2013
Changes in the 2013 report - from 2012
Updates across 24 countries and 66 criteria, including:
Tracks change in score and rank from 2013
Full scorecard report translated into 3 languages (Korean, Spanish & Thai)
Country reports translated into 7 languages (Argentina, China, Germany, Korea, Japan, Mexico & Thailand)
Includes 2 new case studies
Updates across 24 countries and 66 criteria, including:
Tracks change in score and rank from 2012
Includes 3 new case studies
The 2016 BSA Global Cloud Computing Scorecard ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas.
This year’s results reveal that almost all countries have made healthy improvements in their policy environments since the release of BSA’s previous Scorecard in 2013. But the stratification between high-, middle- and lower-achieving country groups has widened, with the middle-ranking countries stagnating even as the high achievers continue to refine their policy environments.
Scores and Rank and how this has changed from 2012 to 2016
The following visualisations show the transition and trends in the overall scores, theme scoring components and rank changes (from 2012 to 2016):
Executive Summary and Overall Findings (from the BSA Report)
The 2016 BSA Global Cloud Computing Scorecard — the only report to regularly track change in the international policy landscape for cloud computing — shows that global cloud readiness continues to improve in every region of the world. Even so, important exceptions exist in certain countries that threaten to slow economic growth in those markets.
Information technology (IT) is integral to a nation’s economic growth. As a recent IT innovation, cloud computing has added a new dimension to that importance by increasing access to technology that drives economic growth at the national and global levels.
The Scorecard ranks the IT infrastructure and policy environment — or cloud computing readiness — of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas.
The results show progress in some areas, setbacks in others, and the trends that have emerged since the first Scorecard report in 2012. The results also serve as an important roadmap for the future, highlighting the initiatives and policies that countries can — and should — take to ensure that they reap the full suite of economic and growth benefits of cloud computing.
Cloud computing democratizes the use of advanced technologies. Cloud computing allows anyone — a start- up, an individual consumer, a government or a small business — to access technology previously available only to large organizations. These services in return have opened the door to unprecedented connectivity, productivity and competitiveness
Countries that offer a policy environment in which cloud- computing services can flourish gain in productivity and economic growth. The countries with the most favourable policies are those in which the free movement of data, privacy, intellectual property protections, robust deterrence and enforcement of cybercrime are all important priorities. Many countries also recognize that coordination of national cloud-computing policies with those of other nations will facilitate benefits for all countries participating in the global economy.
But countries inhibiting, or failing to support, the use of cloud computing will not keep pace with those embracing the tool.
This year’s results reveal that almost all countries have made significant improvements in their policy environments since 2013. But the stratification between high-, middle- and lower-achieving country groups has widened, with the middle-ranking countries stagnating even as the high achievers continue to re ne their policy environments.
The Scorecard can be analysed in many different ways, but the clearest measurements lie in the scores. The biggest improvers were South Africa (moving up six places), Canada (moving up five places) and Brazil (up more than 4 points but not changing position).
Notably, three of the lowest-ranked countries — Thailand, Brazil and Vietnam — continue to make significant and consistent gains that are closing their gap with next-higher countries. The world’s major IT markets remained stable with modest gains.
Negative trends emerged as well. For example, while many countries are focused on data protection and cybercrime, few are promoting policies of free trade or harmonization of cloud computing policies. Russia and China, in particular, have imposed new policies that will hinder cloud computing.
Other countries, such as Korea, may rank among the better-performing markets based on high scores in certain categories but also have adopted restrictive policies that drag down their overall ranking.
Among this Scorecard’s findings:
- Data privacy regimes continue to strengthen in most, but not all, countries:
- Most countries now have data protection frameworks in place. Canada scored highest based on its comprehensive privacy regime that avoids onerous registration requirements.
- South Africa received a big boost to its score, moving up six places in rank since 2013, after introducing a comprehensive privacy regime.
- Russia fell three positions in rank based on its new data protection framework that contains prescriptive data localization requirements. These requirements likely will pose a significant barrier to cloud service providers. Indonesia has also adopted a prescriptive data localization regime.
- Unfortunately, privacy laws are still absent in several countries. Brazil, Thailand and Turkey have no comprehensive laws in place, while the laws in China, India, Indonesia and Vietnam remain very limited.
- Data security and cybercrime continue to be high priorities for most countries:
- Recent high-profile cybersecurity attacks have spurred governments to respond with new cybersecurity laws and policies and most now have legislation to combat the unauthorized access to data in the cloud and cybercrime. A few key jurisdictions continue to have gaps, including China, Russia, Vietnam and Korea.
- Unfortunately, some countries have been over- prescriptive. China, for example, has imposed an Internet filtering and censorship regime that may act as a barrier to cloud computing.
- Fewer countries are promoting free trade, data portability and the harmonization of standards:
- Canada and the United States continue to lead in promoting free trade. A number of countries still provide preferential treatment for domestic suppliers in government procurement or have introduced other barriers to international trade.
- Damagingly, policies in China, India, Indonesia, Korea and Russia have moved away from accepting international standards and international certifications.
- Obstructive policies continue to keep some countries from advancing:
- Despite an improved IT infrastructure score, China dropped four places to next-to-last in the overall rankings due to gaps in privacy protection and cybercrime laws and poor enforcement of intellectual property rights. Other policies discriminate against foreign technology companies and impose onerous certification requirements that hinder free trade. China’s extensive regulation of Internet content, including mandatory Internet filtering and censorship, continues to inhibit data movement.
- Some countries made significant gains but little overall improvement:
- Although many of the lower-achieving countries made big gains in some policy areas, the effect was dampened by other low scores. The strong intellectual property and IT readiness scores of Indonesia, Thailand and Vietnam, for example, were negatively off-set by poor scores in security.
- Brazil typifies the struggle of these countries. Brazil ranked lowest in 2012. Although this year it improved considerably, its position in the rankings (22nd) remains the same as it was in the last Scorecard. Despite improvements in security, infrastructure and Internet freedom, Brazil is held back by a lack of comprehensive privacy laws, out-of-date copyright laws, gaps in intellectual property protection and widespread online piracy.
- In the world’s largest markets, countries remained stable with modest gains:
- Japan remains in first place, with a score made stronger by continual update and reform of privacy laws, among other policies.
- Canada made the biggest jump in rank, moving up five spots (for a total of eight positions since the first Scorecard in 2012) into fourth place. Canada’s score benefits from a comprehensive privacy scheme with no onerous registration requirements.
- Of the six European Union countries considered in the Scorecard, all but the United Kingdom improved or held their positions since 2013. Specifically, Poland (4.70-point increase) and Italy (3.81) each moved up two positions in the rankings, while Germany (2.96) and France (2.41) moved up one place and Spain (2.55) stayed the same. The United Kingdom’s score increased by 1.94 points, but the country lost two places in the rankings due to the gains of other countries. The EU continues to develop regulations that will likely improve harmonization of laws across Europe and increase their scores — so long as the regulations do not also create new burdens.
- The United States achieved a 2.64-point increase, thanks to a significant improvement in free trade policies and improved IT infrastructure. The United States moved up one position into second place behind Japan. The United States continues to be an active participant in international standards development processes and an advocate of free trade and harmonization.
- Despite their cloud-readiness, there remains a strong need among the higher-ranked countries for the alignment of legal and regulatory environments that will allow for cloud computing’s global potential and provide a model toward which other countries can strive.
- General improvements in global IT infrastructure continue, but the picture is uneven:
- Most countries have improved their infrastructure score significantly since the last Scorecard, with the biggest improvers being France, Russia, South Africa, Thailand and the United Kingdom. Several countries, including Japan, Korea and Singapore, have implemented impressive national broadband networks.
- Despite major infrastructure improvements under way in a number of countries, broadband penetration remains very inconsistent.
Changes in Score - Showing the Theme Breakup
For some countries, big changes really leap out. The following graphs show how the score has changed across themes across the series of 3 reports.
Key Findings Across Themes (from the BSA Report)
The Scorecard examines major laws and regulations relevant to cloud computing in seven policy categories as well as each country’s ICT-related infrastructure and broadband deployment. These policy categories align with the BSA’s Cloud Computing Guiding Principles, which underpin the Scorecard’s analytical framework and its suggestions for providing a workable framework to allow for the growth of cloud computing.
The 2016 BSA Global Cloud Computing Scorecard reveals significant changes in the policy environment for cloud computing in key global economies since the previous Scorecard in 2013. Many of the changes are positive, especially in the field of data protection and intellectual property protection.
General improvements in global IT infrastructure have produced a positive environment for cloud computing. However, some countries have lost ground due to new restrictions on IT service providers, and new trade barriers that threaten further growth and innovation in the cloud computing sector.
The findings are based on a unique examination and ranking of the 24 countries that account for 80 percent of the global IT market. Countries are scored across seven policy areas encompassing the laws, regulations and IT infrastructure necessary for the support and growth of digital technology and cloud computing.
Users of cloud computing continue to be concerned with the protection of private information they store in the cloud. The revelations regarding widespread national security surveillance have increased scrutiny of the issue and its scope.
Cloud users need to trust that their data, which may be stored anywhere in the world, will not be used or disclosed by a cloud provider in unauthorized ways. Countries can provide these assurances with appropriate privacy laws. But it is a delicate balance: unnecessarily burdensome restrictions will hinder the important advantages of cloud computing that users want and need.
This section of the Scorecard examines how countries are managing these competing interests. Overall, the concern for privacy has produced many positive results around the globe, including significant law reform, greater oversight of national security agencies, a strengthening of security and encryption regimes by key cloud service providers and a greater public awareness of data privacy issues.
But in some nations, governments have proposed stronger restrictions on the cross-border transfer of data without further benefits. If those proposals become law, they could negatively impact cloud service providers.
Since 2013, most countries have data protection frameworks in place and have established independent privacy commissioners. Many of the protection laws are based on the Organisation for Economic Co-operation and Development Guidelines, the European Union Data Protection Directive and the Asia-Pacific Economic Cooperation Privacy Principles.
However, some countries still have registration requirements for data controllers and cross-border data transfers in place, and a small number of countries have adopted or proposed prescriptive data localization regimes that would require cloud providers to restrict the free flow of data or build costly — and unnecessary — servers in order to provide services in a specific market.
Canada and Korea have the highest score in the privacy section, offering comprehensive privacy regimes with no onerous registration requirements. Because Japan continues to update and reform its privacy laws, it also scores well in this section. South Africa received a big boost to its score and ranking for introducing a comprehensive privacy regime.
Unfortunately, privacy laws are still absent or insufficient in several countries. Brazil, Thailand and Turkey have no comprehensive laws in place, while laws in China, India, Indonesia and Vietnam remain very limited.
One notable development is the introduction of a new data protection framework in Russia containing prescriptive data localization requirements, such as a new law requiring that the personal data of Russian citizens be stored on servers based in Russia. This new regime is likely to act as a significant barrier to cloud service providers, and Russia’s score and ranking fell as a direct result.
Privacy laws in the European Union and the United States continue to be the subject of significant debate and reform. The EU is close to the final implementation of a new regulation. The proposed General Data Protection Regulation (GDPR) contains many positive elements, and it should drive improved harmonization of laws across Europe. But the proposed regulation presents some challenges and potential administrative burdens for cloud service providers, including its liability regime, extension of data processor burdens, and the potential for jurisdictional clashes on access to data by authorities.
(Editor’s note: Following the completion of the research underlying this year’s research, the United States and European Union have continued to move closer to finalizing a new agreement, the Privacy Shield, that will allow data to continue to be shared across borders. This is an important development that was not finalized in time to fully be considered for this report.)
In the United States, officials have not made significant progress on development of general privacy legislation, but work has increased on improving oversight of national security agencies and improving legal redress avenues for overseas data subjects.
The following visualisations show the transition and patterns in the overall scores and scoring components for this theme over time (from 2012 to 2016):
Users of cloud computing and other digital services need to be certain that cloud service providers can manage the security risks of storing their data and running their applications on cloud systems. These concerns have been intensified by a number of recent high-profile, international cybersecurity attacks, including breaches that range across the economy, from health insurance providers to hotel chains and even toymakers.
This section examines how countries regulate security criteria and test security measures. It also examines the status of electronic signature laws and the Internet censorship or filtering requirements some countries are imposing with a view to stemming certain Internet-related crimes. Overall, many countries have responded to emerging threats to cybersecurity by developing and implementing new cybersecurity frameworks, laws and policies.
The Scorecard indicates that most countries now have security requirements in place. Most also now have clear, technology-neutral electronic signature laws. Overall, cybersecurity scores have risen significantly when compared with the last Scorecard.
France, Japan, Italy, the United Kingdom and the United States all score well in this section. China, Indonesia, Malaysia and Vietnam score poorly.
The Scorecard also reveals some overly prescriptive security requirements that duplicate accepted international standards and/or impose onerous local requirements. For example, Russia requires service providers to locate their data centers inside the country, and several countries have introduced local security testing requirements.
Several countries also continue to impose Internet filtering or censorship regimes that may act as barriers to the expansion of the digital economy and cloud computing. The intention of the schemes may be to address criminal conduct, including distribution of illegal material such as child pornography, but some are blocking sites that express political dissent.
The following visualisations show the transition and patterns in the overall scores and scoring components for this theme over time (from 2012 to 2016):
Because the massive quantities of valuable data held in cloud-computing data centers have attracted the attention of organized crime, governments must address these ever-evolving threats with robust legislation, investigation and enforcement.
This section examines cybercrime laws, as well as rules relating to investigation and enforcement, which includes access to encrypted data by investigators and the prosecution of extraterritorial offenses.
Overall, the Scorecard indicates that most countries are rising to the challenge of protecting data from cyber attack and physical security breaches. Most have legislation combatting the unauthorized access of data stored in the cloud. Most also have now implemented computer crime laws or cybercrime laws, many of which are broadly compliant with the Convention on Cybercrime.
Indeed, many countries in the study — Australia, Canada, EU Member States, Japan and the United States — have now ratified the convention. Australia, France, Germany and Japan score extremely high results in the cybercrime section.
Unfortunately, a few key jurisdictions still have gaps and inconsistencies in their cybercrime laws. China, Korea, Russia and Vietnam scored poorly.
Countries diverge when it comes to enforcement, investigation and prosecution of cybercrime. In particular, many countries are debating the extent to which law enforcement should be allowed access to encrypted data. The resolution of these issues and their impact on global policy remains to be seen.
The following visualisations show the transition and patterns in the overall scores and scoring components for this theme over time (from 2012 to 2016):
Intellectual Property Rights
As with other highly innovative and fast-evolving products, providers of cloud computing services rely on a combination of patents, copyrights, trade secrets and other forms of intellectual property protection. To encourage investment in cloud research and development, intellectual property laws must provide clear protections and vigorous enforcement of misappropriation and infringement. Online intermediaries should be offered incentives to operate responsibly and should enjoy safe harbor from copyright liability when they do so.
This section examines the intellectual property protections in place in each country, as well as their investigatory and enforcement approaches.
Overall, the Scorecard reveals significant reform in intellectual property laws since the last Scorecard, although gaps and inconsistencies still exist, especially with regard to enforcement.
Australia, Italy and Korea received the highest scores for intellectual property protection due to their robust legislative schemes. Canada updated and improved its intellectual property laws. Significant gaps in the laws of Brazil and Vietnam left these countries with the poorest results.
Standards/International Harmonization of Rules
Users need data portability and seamless interoperable applications if they are to make full use of cloud-computing services and the digital economy. IT industry organizations are developing international standards that will ensure optimal portability. Government support for these voluntary, industry-led efforts is highly important. Countries must also promote global harmonization of e-commerce rules, tariffs and relevant trade rules.
This section examines the extent to which governments have encouraged industry-led processes and promoted harmonization of e-commerce rules.
The Scorecard reveals that some countries have moved away from accepting international standards and international certifications, most notably China, India, Indonesia, Korea and Russia.
Although tariffs and trade barriers for online software and applications continue to be rare, they are still hindering new technology products used to access cloud services in a few countries. Argentina, Brazil and Russia all scored poorly in this section.
Promoting Free Trade
Cloud services operate across national boundaries, and their success depends on access to regional and global markets. Restrictive policies that create actual or potential trade barriers will inhibit or slow the evolution of cloud computing.
This section examines government procurement regimes and the existence or absence of barriers to free trade, including each country’s requirements and preferences for particular products. The section also examines whether countries have joined the World Trade Organization Agreement on Government Procurement, which liberalizes such policies.
The Scorecard reveals that a number of countries still provide preferential treatment for domestic suppliers in government procurement, or have introduced other barriers to international trade. Vietnam and China recorded the lowest scores, while Canada and the United States scored the highest.
IT Readiness and Broadband Infrastructure
Digital economies and cloud computing require extensive, affordable broadband access, which in turn requires incentives for private sector investment in infrastructure and laws and policies that support universal access.
This section of the Scorecard examines and compares the infrastructure available in each country to support the digital economy and cloud computing. It is based on detailed comparative statistics on a range of important IT indicators, including the presence of a national broadband plan, a country’s International Connectivity Score and International Internet Bandwidth. In addition, the Scorecard includes statistics on the number of subscribers for various services, reflecting the importance (and growth) of mobile broadband subscriptions.
Overall, most countries have improved their infrastructure score significantly since the last Scorecard, with the biggest improvers being France, Russia, South Africa, Thailand and the top-scoring United Kingdom. Several countries, including Japan, Korea and Singapore, have high scores reflecting their implementation of impressive national broadband networks.
Despite major infrastructure improvements under way in a number of countries, broadband penetration remains very inconsistent. As a result, some countries continue to have low infrastructure scores. Countries that do not yet have sufficient infrastructure continue to be at risk of missing the economic benefits of the digital economy and cloud computing.
Country Checklist on a page
BSA produce a fantastic hardcopy of the report - contained within this is a double page double sided foldout.
Country Summaries (including historic scores and ranks)
2016 Rank 1. Japan - Score: 84.78 | Change from 2013 Score: +0.68 - Rank: same
Japan has a comprehensive suite of modern laws that support and facilitate the digital economy and cloud computing.
Japan has comprehensive privacy legislation, which it plans to strengthen by introducing a new central regulator, complemented by stronger enforcement provisions that will come into force in 2017.
Japan ratified the Convention on Cybercrime in 2012, setting a positive example for other countries.
Japan’s intellectual property laws cover the full range of protections relevant to cloud computing.
Japan is very active in the development of international standards.
Japan is characterized by having one of the most extensive broadband fiber deployments in the world, with the largest number of fiber users in the world. Japan has an actively managed competitive access regime and has had at least six significant information technology (IT) strategies and plans over the past decade. Typically, the targets are met, and there is progression to the next strategy. This puts Japan in a unique position, with one of the most complete broadband infrastructures in the world.
Overall, Japan’s score increases slightly in 2015, and the country easily retains its top spot in the overall rankings — a position it has held since publication of the first scorecard in 2012.
2016 Rank 2. United States - Score: 82.36 | Change from 2013 Score: +2.64 - Rank: +1
The United States has comprehensive and up-to-date laws for e-commerce, electronic signatures, and cybercrime.
The US has signed and implemented the Convention on Cybercrime and plays a leading role in the investigation of global cybercrime.
Although no general privacy laws are in place, the US does have some useful sectoral privacy laws and an active regulator. There is ongoing debate and reform in the US regarding the balance between national security surveillance and privacy protection.
Intellectual property protection in the United States remains mixed. The US has signed all of the relevant international agreements, and a strong enforcement culture is in place. However, multiple conflicting court decisions leave considerable legal uncertainty about what constitutes an online copyright breach.
The United States is an active participant in international standards development processes and an advocate of free trade and harmonization. The US recorded a significant improvement in the free-trade section of the report, as it continued to remove barriers to international information technology (IT) interoperability.
The United States has high levels of Internet use, but access to fast broadband remains patchy. The National Broadband Plan has a goal that by 2020 at least 100 million households will have download speeds of 100 Mbps and upload speeds of 50 Mbps. Not all parts of the plan have been adopted or fully funded, however significant parts of the plan have been implemented.
Overall, the United States improved its ranking by one place to 2nd through a combination of positive policy developments and improved IT infrastructure.
2016 Rank 3. Germany - Score: 82.02 | Change from 2013 Score: +2.96 - Rank: +1
Germany has comprehensive cybercrime legislation and up-to-date intellectual property protection in place. The combination of these laws provides reasonable protection for cloud computing services in Germany.
Germany also has modern electronic commerce and electronic signature laws. Like most European countries, Germany has comprehensive privacy legislation, but it includes onerous registration requirements that may act as a cost barrier for the use of cloud computing.
Germany has a strong commitment to international standards and interoperability.
Germany is making good progress on extending broadband access to the population. Its current target is to ensure that all households have access to broadband with speeds of at least 50 Mbps by 2018.
Germany rose one spot in the rankings, from 4th in 2013 to 3rd in 2015.
2016 Rank 4. Canada - Score: 80.91 | Change from 2013 Score: +5.12 - Rank: +5
Canada is one of the big improvers in the 2015 rankings, moving up from 9th position in 2013 to 4th position this year.
This jump in the rankings was based on significant improvements in privacy law, cybercrime law and intellectual property protection, plus reasonable gains in information technology (IT) infrastructure.
Between 2013 and 2016, Canada strengthened its privacy legislation and introduced a national data breach notification requirement. In 2015, Canada also ratified the Council of Europe Cybercrime Convention and implemented world-class cybercrime legislation.
Canada finally ratified the WIPO Copyright Treaty in 2014, sealing a recent period of improved copyright regulation and enforcement.
Finally, in 2014, the Canadian Radio-television and Telecommunications Commission (CRTC) revised its target for broadband Internet access services across Canada. As a result of the Canadian government’s Digital Canada 150 program, the CRTC expects all Canadians to have access to broadband speeds of at least 5 megabits per second (Mbps) for downloads and 1 Mbps for uploads by 2017.
2016 Rank 5. France - Score: 80.74 | Change from 2013 Score: +2.41 - Rank: +1
France provides strong protection for cloud services, through a combination of comprehensive cybercrime legislation and up-to-date copyright protection. France also has up-to-date electronic signature and electronic commerce laws in place.
Comprehensive privacy laws exist, though French privacy legislation includes onerous and cumbersome registration requirements that appear unnecessary.
France is one of the biggest improvers in the Scorecard in relation to information technology (IT) infrastructure.
France’s national broadband plan, France Très Haut Débit, is a 10-year-funded initiative launched in 2013. It covers a range of infrastructure and constructions programs, which use a range of technologies. The overall broadband target for the France Très Haut Débit plan is 100% coverage of France with speeds in excess of 30 megabits per second (Mbps) by 2022.
France’s IT infrastructure progress helped it to improve one spot from 6th in 2013 to 5th in the 2015 rankings.
2016 Rank 6. Australia - Score: 80 | Change from 2013 Score: +0.08 - Rank: -4
Australia promotes cloud computing through a mix of modern laws, regulations, and standards. For example, Australia has a strong commitment to international cooperation, free trade, and interoperability. Key laws are based on international models, and Australia is an active participant in the development of international standards.
Australia has up-to-date cybercrime laws and ratified the Convention on Cybercrime in 2012. However, Australia’s score in the section on security and cybercrime was impacted by new, cumbersome data retention requirements.
Australia also has comprehensive electronic signature and electronic commerce laws. Australia’s privacy laws are up to date, although a proposed data breach notification requirement has not yet been implemented.
Intellectual property laws in Australia provide a comprehensive and balanced layer of protection for cloud computing services and the digital economy. However, some uncertainty remains regarding Internet service provider (ISP) liability for copyright breaches that occur when subscribers participate in peer-to-peer sharing of copyrighted material, especially in relation to enforcement.
Australian information technology (IT) infrastructure is reasonably well developed. However, Australia revised its model for the National Broadband Network in 2014. It is forecasted to provide 8 million connections at speeds of 25-50 Mbps through fiber to the node (FttN) and hybrid fiber-coaxial (HFC) connections. This level of coverage is very limited compared to previous proposals. No rollout timetable has been released, however trials of the FttN and HFC were underway as of 2015.
Overall, Australia’s scorecard results fell slightly in the 2015 report, as the country was overtaken by other fast- moving countries. A small reduction in the IT infrastructure score (due to a lower broadband score) and the problems identified above with the new data retention scheme, resulted in Australia falling from 2nd place to 6th place in the Scorecard rankings.
2016 Rank 7. Singapore - Score: 79.5 | Change from 2013 Score: +1 - Rank: -2
Singapore has modern digital economy laws in most areas. For example, the Electronic Transactions Act 2010 implements the United Nations Convention on Electronic Contracting, which Singapore has ratified. Singapore also has up-to-date cybercrime laws and intellectual property laws.
Singapore privacy law has now come into force, and provides a balanced approach between protecting personal information and facilitating innovation in cloud computing and the digital economy.
Singapore has some minor Internet censorship in place but generally promotes innovative business practices that are free from tariffs and government intervention. However, in mid-2015, Singapore terminated its membership as a Certificate Consuming Member of the Common Criteria Recognition Agreement (CCRA). This represents a setback in efforts to harmonize international certification arrangements.
Singapore has excellent information (IT) infrastructure and is developing a national network to bring high-speed fiber to the home.
Singapore’s score improved slightly, but its ranking fell two places — to 7th — in 2015 as it was overtaken by fast-improving countries. Only one point separates the countries between 4th place and 7th place in the 2015 rankings, so even small changes have an impact.
2016 Rank 8. Italy - Score: 79.32 | Change from 2013 Score: +3.81 - Rank: +2
Italy has strong cybercrime laws and strict privacy laws. Like many European Union countries, Italy’s privacy law includes onerous registration requirements that appear unnecessary.
Italy’s copyright law also provides adequate protection for cloud computing services. In 2014, new regulations established broader grounds for Internet service providers (ISPs) to be held liable for content on their sites, through the establishment of a notice and takedown regime, backed by large fines.
Italy has modern electronic signature laws and electronic commerce laws, and Italy is committed to international standards and interoperability.
The Italian government approved the Italian Strategy for Ultra-Broadband Networks in March 2015. This strategy aims to achieve the objects of the European Commission’s Digital Agenda for Europe by deploying services with speeds of 100 mbps to densely populated areas (approximately 50% of the population) and services with speeds of 30 mbps to other areas.
Italy’s overall rank rose to 8th in 2015 (from 10th in the 2013 report). This was the result of higher scores in information technology (IT) infrastructure and intellectual property.
2016 Rank 9. United Kingdom - Score: 78.88 | Change from 2013 Score: +1.94 - Rank: -2
The United Kingdom has a comprehensive set of cyberlaws. Data protection laws are particularly strong, with regular enforcement including large fines. However, businesses are required to register their data sets with the regulator, which seems to be an unnecessary burden on business and may act as a barrier to some cloud services.
The UK is free from Internet censorship and filtering, and up-to-date laws are in place for e-commerce and electronic signatures.
The UK is a signatory to the Convention on Cybercrime but has been criticized for not yet implementing one of its key provisions.
Advanced intellectual property laws are in place and are regularly enforced, although there is still a gap in relation to the exact role of Internet service providers (ISPs) in copyright enforcement. The Digital Economy Act 2010 established a limited copyright liability regime for ISPs. However, key sections of the act, including the notice and takedown provisions, are not in force.
The UK already has high rates of Internet use and broadband penetration, and the UK recorded impressive results in the information technology (IT) infrastructure section of this year’s report (they were the third-biggest improver in IT infrastructure).
Overall, the United Kingdom’s results remained steady, but the country’s ranking slipped slightly from 7th place in 2013 to 9th place, as it was overtaken by faster-moving nations.
2016 Rank 10. Poland - Score: 76.7 | Change from 2013 Score: +4.7 - Rank: +2
Poland has up-to-date laws for privacy, electronic signatures, electronic commerce, and cybercrime. These laws provide a good platform for promoting confidence in cloud computing and the digital economy.
Poland also has one of the most comprehensive regimes for the protection of intellectual property, including specific rules for Internet service provider (ISP) liability.
However, some gaps still exist in enforcement, and Poland has recognized that intellectual property enforcement requires greater skills and resources.
Poland promotes innovation and interoperability and has nondiscriminatory policies for government procurement.
In 2013, the Polish government released the latest approved broadband plan, which adopts the European Commission set targets for all households to have download speeds of at least 30 Mbps by 2020 and 50% of households at 100 Mbps by 2025.
Poland moved up two spots in the rankings, to tenth, based on impressive gains in both its legal and regulatory framework and information technology (IT) infrastructure.
2016 Rank 11. Spain - Score: 76.25 | Change from 2013 Score: +2.55 - Rank: same
Spain has comprehensive privacy legislation, although it relies heavily on a data registration process that could act as a barrier for cloud computing services.
Spain has up-to-date cybercrime legislation and has ratified the Convention on Cybercrime. Spain also has comprehensive electronic commerce and electronic signature legislation, and Internet service providers (ISPs) are free from any Internet filtering or censorship.
Some minor gaps exist in intellectual property protection, especially regarding ISP liability.
Spain is a very active participant in international forums and supports international standards development and interoperability.
Spain recorded significant gains in information technology (IT) infrastructure in 2015 (the fifth-biggest mover out of the 24 countries in the study). In the Digital Agenda for Spain, released in 2013, Spain reaffirmed its commitment to achieve the European Commission set targets for all households to have download speeds of at least 30 megabits per second (Mbps) by 2020, and 50% of households at 100 Mbps by 2025.
Spain’s overall scores remained fairly steady. The country’s rank has not changed since 2013, and it is still placed 11th in the 2015 rankings.
2016 Rank 12. Korea - Score: 75.54 | Change from 2013 Score: -0.62 - Rank: -4
Korea has a strong commitment to the promotion of the digital economy, and its laws and standards are generally based on international models.
Korea’s modern, comprehensive privacy laws and strong intellectual property laws facilitate the development and use of cloud computing services. However, cybercrime law does not cover the full range of relevant issues.
Korea is an active proponent of free trade and interoperability and is a member of the World Trade Organization (WTO) Agreement on Government Procurement.
However, one current area of concern is that Korea imposes a national encryption standard for the procurement of information technology (IT) security devices and related equipment, when a suitable international encryption standard is available.
In addition, some IT products that have already passed international Common Criteria for Information Technology Security Evaluation are required to undergo additional local testing in Korea.
Korea has an extensive and established FttH/B infrastructure. In January 2014, Korea announced it would invest $1.7 billion into developing a 5G mobile broadband network, with a target of a fully commercial service operating by 2020.
Overall, Korea’s results have fallen and the country’s ranking went from 8th in 2013 to 12th in 2015.
2016 Rank 13. Malaysia - Score: 69.66 | Change from 2013 Score: +0.15 - Rank: same
Malaysia has modern electronic signature laws, electronic commerce laws, and privacy laws in place. These measures provide a strong level of protection for the digital economy and cloud computing in Malaysia.
Malaysia’s copyright laws are aligned with international standards, although enforcement remains patchy.
Malaysia has a moderate level of broadband penetration. In 2015, the government committed to new broadband targets: by 2020, 100% of households in capital cities and high-impact growth area to have access to speeds of 100 Mb/s and 50% of households in suburban and rural areas to have access to speeds of 20 Mb/s.
Malaysia remained steady in its position at 13th place.
2016 Rank 14. South Africa - Score: 61.3 | Change from 2013 Score: +10.04 - Rank: +6
South Africa recorded the biggest overall improvement in this year’s Scorecard, jumping an impressive six places from 20th place in 2013 to 14th in 2015.
This result was built on significant gains in information technology (IT) infrastructure (South Africa was the fastest improver in this section of the report) and the introduction of new privacy legislation. South Africa’s comprehensive privacy law, the Protection of Personal Information Act 2013, was enacted in August 2013.
South Africa also has some useful laws for cybercrime and electronic commerce.
However, some limited Internet filtering and censorship still occurs, which may inhibit development of the digital economy, and South Africa has only very basic copyright laws, which are not aligned with current international best practice. They have not yet signed the WIPO Copyright Treaty.
Another potential barrier in South Africa is the existence of a complex system of domestic preferences in government procurement opportunities.
South Africa has low levels of broadband penetration, but they are improving quickly. The government released ambitious targets in December 2013 for the South Africa Connect plan.
2016 Rank 15. Mexico - Score: 60.79 | Change from 2013 Score: +3.91 - Rank: same
Mexico has implemented many relevant cyberlaws, including privacy legislation, rules on data breach notification, and up-to-date cybercrime legislation.
Intellectual property laws in Mexico generally meet international standards, but enforcement action is rare and the bar is set very high for prosecution. Considerable improvement is required to gain confidence in intellectual property protection in Mexico. Proposals to update Mexico’s copyright law to include a multiple notice and takedown regime were pursued in 2012 and 2013, but these efforts appear to have stalled.
In 2013, Mexico adopted a formal policy on technology neutrality as part of the National Digital Mexico Strategy. The strategy commits Mexico to the use of “technological solutions favoring neutrality and interoperability.”
Internet use and broadband penetration remain very low in Mexico, and the country continues to face challenges in delivering a modern information technology (IT) infrastructure that can facilitate cloud computing. In 2014, the Mexican president announced a plan to develop a broadband network with a focus on expanding Mexico’s wireless capability with a view to increase market competition.
Overall, Mexico’s ranking did not change in 2015, remaining in 15th place. However, the country recorded impressive gains in both its legal / regulatory settings and its IT infrastructure.
2016 Rank 16. Argentina - Score: 57.98 | Change from 2013 Score: +1.48 - Rank: same
Argentina has effective laws in place on cybercrime, electronic signatures, and data protection. However, Argentina’s laws on intellectual property have not kept pace with modern technology. There is no direct coverage of important issues such as the unauthorized “making available” of copyright material online, and there is no notice and takedown regime in place for infringing material. Argentina also has a poor track record of enforcing copyright laws, with lengthy court delays and few prosecutions. Some gaps also exist in the important areas of standards development and technology neutral and nondiscriminatory government procurement of information technology (IT).
There were very few changes in Argentina’s results between 2013 and 2015 although Argentina’s scores for IT infrastructure (and broadband in particular) improved.
One moderate setback was the imposition (since 2014) of a series of legal and tariff barriers on e-commerce activities. These include prohibitions on the import of specific products (for example, smartphones), tax surcharges on most electronic goods of up to 40%, an annual cap on the amount consumers can purchase via online shopping from international sites, and a requirement for ordinary consumers to register with the government as “importers” if they make international purchases. These measures act as a serious barrier to cross-border e-commerce and have also resulted in a booming black market for imported goods and services. These measures are linked to broader economic and currency issues in Argentina, but their impact on the IT sector is significant.
Argentina maintains its place in the rankings at 16.
2016 Rank 17. Russia - Score: 56.39 | Change from 2013 Score: -0.66 - Rank: -3
Russia has a patchwork of laws that apply to the digital economy and cloud computing, and these laws contain significant gaps and limitations.
For example, its laws on both privacy and cybercrime do not follow recognized international standards. From September 2015, it is a legal requirement that data operators store the personal data of Russian citizens on servers based in Russia. Large foreign-based data operators have been given extra time to comply with the law (until early 2016), but the law will have a significant negative impact on the digital economy.
In addition, any personal data information system (even a simple database) must be certified by the Federal Service for Technical and Export Control (FSTEC). The personal data operator can use only hardware and software for personal data processing that has been approved by the FSTEC and the Federal Security Service (FSB). The local requirements are not compliant with generally accepted international standards, and Russia does not participate in the Common Criteria Recognition Agreement (CCRA).
Russia also has cumbersome Internet filtering and censorship regulations that act as a barrier to cloud computing. Russia mandates the use of certain products and software in government procurement opportunities.
Russian copyright law was amended in August 2013. The new law includes amendments to Part IV of the Civil Code, providing for third-party liability, as well as safe harbors from such liability for Internet service providers (ISPs) that comply with relevant requirements.
Amendments were also made to the Civil Procedure Code that provide injunctions after notice and takedown (and by court order only) to block infringing materials or limit access to infringing websites. However, the application of these provisions is severely restricted as they currently only apply to movies and television programs.
In June 2014, Russia announced plans to build a fiber-optic network that will reach settlements of over 250 people that are not already connected to a broadband network.
Overall, Russia’s score fell sharply in this year’s Scorecard. The negative impact of the data localization regulations contributed to the country’s ranking falling by three spots— from 14th in 2013 to 17th in 2015.
2016 Rank 18. India - Score: 56.08 | Change from 2013 Score: +2.99 - Rank: -1
The law in India has not entirely kept pace with developments in cloud computing, and some gaps exist in key areas of protection; notably, India has not yet implemented effective privacy legislation.
India’s cybercrime legislation also requires updating to conform to international models. Some laws and standards in India are not technology neutral (e.g., electronic signatures), and these may be a barrier to interoperability.
This year’s report notes that India imposes some local security testing requirements in addition to international testing requirements. These local testing arrangements have been the subject of criticism by India’s trading partners, including the European Union.
However, copyright laws have improved in recent years, although India still has not ratified the WIPO Copyright Treaty.
The development of India’s technology sectors remains challenging, with low levels of broadband and personal computer penetration.
Overall, India’s ranking in 2015 is 18th. India fell one place (from 17th in 2013) due to its poor results in relation to promoting free trade and international standards.
2016 Rank 19. Turkey - Score: 54.41 | Change from 2013 Score: +2.02 - Rank: -1
The biggest change in Turkey since the last report is in the field of cybercrime. Turkey signed the Convention on Cybercrime in 2010 and ratified it in 2014. It came into force in Turkey in 2015.
However, Turkey continues to have some gaps in its coverage of other cyberlaws. For example, there is currently no data protection law in Turkey.
Turkey also has rules on Internet content regulation that may act as a barrier to cloud services.
Intellectual property protection in Turkey is reasonably up-to-date, but enforcement is patchy.
Turkey is making progress toward integration with the European and international communities, but some domestic preferences are still in place for government procurement opportunities.
The government has an ambitious target of providing fast broadband to 95% of households by 2020. Turkey recorded modest gains in information technology (IT) infrastructure in this year’s report.
Turkey’s overall score remains steady, but its ranking fell one place from 18th in 2013 to 19th in 2016.
2016 Rank 20. Indonesia - Score: 49.45 | Change from 2013 Score: +1.01 - Rank: +1
Indonesia continues to update and reform laws and regulations in the information technology (IT) sector, and the result is not always positive for cloud computing.
Regulations impose significant barriers for cloud service providers, including requirements for providers to register their services with a central authority and rules that force some providers to establish local data centers and hire local staff.
Indonesia’s new copyright law (2014) strengthens copyright protection and enforcement processes. However, several key aspects of the new law await more-detailed regulations before they can be implemented. Copyright law in Indonesia is now closely aligned with international models.
Indonesia has not yet developed effective laws and policies regarding interoperability, free trade, and government procurement.
The government continues to work to increase “meaningful” broadband penetration. The Indonesian Broadband Plan was finalized in December 2013 and implementation began in 2014.
Overall, Indonesia’s rank rose one spot to 20th (from 21st in the 2013 report). Falls in security, free trade and international standards were offset by significant improvements in IT infrastructure.
2016 Rank 21. Thailand - Score: 48.85 | Change from 2013 Score: +4.82 - Rank: +2
Thailand’s laws and policies in relation to cloud computing and the digital economy are patchy, with strengths in some areas and significant gaps and weaknesses in others.
Thailand has implemented comprehensive cybercrime legislation, which helps to enhance confidence in information technology (IT). Thailand also has good laws for electronic commerce and electronic signatures.
However, Thailand has no privacy laws, and this is a major weakness.
In January 2015, two Copyright Amendment laws were approved: the Copyright Act (No. 2) B.E. 2558 (A.D. 2015), and Copyright Act (No. 3) B.E. 2558 (A.D. 2015). These two new laws implement many of the key provisions of the WIPO Copyright Treaty. They also introduced a rudimentary Internet service provider (ISP) liability scheme for copyright infringements.
Additional risks in Thailand include mandatory Internet censorship (some of which is clearly political in nature) and filtering, and some technology mandates.
Overall, Thailand’s results improved since 2013, and the country’s ranking has risen two places to 21st. This result was built on significant improvements in both intellectual property protection and IT infrastructure.
2016 Rank 22. Brazil - Score: 48.55 | Change from 2013 Score: +4.46 - Rank: same
Brazil recognizes the importance of information technology (IT) and the digital economy, but has struggled to implement relevant laws and regulations. Some trade barriers to IT innovation remain in Brazil.
Brazil still has no privacy legislation in place, and is falling behind its peers in this area. Brazil has some gaps in intellectual property protection and received the lowest overall score for intellectual property in the current scorecard. Brazil has not signed the WIPO Copyright Treaty and has not updated its copyright laws to cover new technology. Online piracy in Brazil is widespread, and prosecutions are rare. Significant court delays add to the problems facing copyright holders in Brazil.
However, Brazil does achieve better scores in relation to security and infrastructure, with significant improvements recorded in relation to Internet freedom since the last report in 2013.
Brazil’s overall rank has not changed since the 2013 Scorecard, and the country is still placed 22nd in the 2015 rankings.
2016 Rank 23. China - Score: 47.89 | Change from 2013 Score: -3.58 - Rank: -4
Information technology (IT) innovation and development in China have been hindered by poor enforcement of intellectual property rights and the continued promotion of indigenous development policies that discriminate against foreign technology companies.
Indeed, in 2015, China’s ranking is 23rd, down from 19th in the 2013 Scorecard.
China still has major gaps in areas like privacy law and cybercrime law, but its poorest results are in relation to promoting free trade.
This year’s report notes that China imposes a range of onerous local certification and accreditation requirements that are in addition to (and often inconsistent with) international cybersecurity standards and general IT standards. The Chinese government regularly publishes lists of approved products for cybersecurity, including encryption products, anti-virus software and even basic operating systems. These lists exclude some organizations and products that have met international standards. China also imposes local testing requirements for telecommunications and IT products that include cybersecurity products.
Extensive regulation of Internet content, including mandatory Internet filtering and censorship, remains a key issue in China.
China’s poor results in relation to laws and regulation were partly offset by strong progress in IT infrastructure.
2016 Rank 24. Vietnam - Score: 43.66 | Change from 2013 Score: +3.59 - Rank: same
Vietnam continues to develop relevant cyberlaws that could enhance confidence in the digital economy and facilitate cloud computing. However, gaps still exist in key areas.
Modern laws are in place for electronic commerce, electronic signatures, and intellectual property. However, only very limited laws are in place for cybercrime.
Vietnam’s privacy laws are not comprehensive, but they were improved by several minor regulations, including new data breach notification requirements that were introduced in 2014.
Vietnam continues to impose severe censorship and restrictions on Internet content. An additional risk is that Vietnam has not yet developed appropriate laws and policies on interoperability and government procurement. Also, some trade barriers may hamper the development of cloud computing and the digital economy.
Broadband penetration in Vietnam remains low, although there has been very strong growth in a number of key infrastructure indicators.
Overall, Vietnam’s results have improved slightly since the 2013 Scorecard, but the country’s ranking has remained entrenched in last place — 24th.
- BSA Global Cloud Computing Readiness Scorecard (2016) micro-site - Download the Scorecard, 24 country reports and translations.