Galexia
             home
       about us
        services
        projects
       research
          contact
» home » research » assets » bsa global cloud computing scorecard 2018  

Subscribe to Galexia news and announcements.
More information »

Privacy Management Lifecycle: Our Privacy Products and Services: The management of privacy issues is a recognised (and maturing) compliance task. Galexia has developed a range of tools to assist in privacy management. Find out more »

[2015 EU Cybersecurity Dashboard]

2015 EU Cybersecurity Dashboard
Find out more »

BSA & Galexia Global Coud Computing Scorecard (2018) - Galexia Analytics Release

[title page] [full contents]





BSA & Galexia Global Cloud Computing Scorecard (2018) - Galexia Analytics Release

Galexia Authors:
Chris Connolly
Peter van Dijk

2018

The 2018 BSA Global Cloud Computing Scorecard ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas.

The 2018 BSA Global Cloud Computing Scorecard — the newest version of the only global report to rank countries’ preparedness for the adoption and growth of cloud computing services — features an updated methodology to better reflect cloud computing’s exponential growth over the past five years, putting additional emphasis on policy areas, including privacy laws, cybersecurity laws, and broadband infrastructure. Most countries continue to make improvements, the study finds, but some markets are falling further behind.

By examining the legal and regulatory framework of 24 countries, the Scorecard aims to provide a platform for discussion between policymakers and cloud service providers. This dialogue can help develop an internationally harmonized regime of laws and regulations that facilitate cloud computing.



[ Galexia Dots ]

1. Overview

BSA and Galexia Background

Related Galexia services and solutions

Related Galexia news

Galexia has been working with The Software Alliance (BSA) since 2009 and has assisted in the development of an extensive body of cloud research, thought leadership and first to market analysis on key cloud issues.

Galexia has worked extensively with the Singapore, Washington and Brussels BSA offices and has engaged with BSA stakeholders in more than 20 countries.

Read more about our work with BSA »

About BSA

BSA | The Software Alliance (http://www.bsa.org) is the leading advocate for the global software industry before governments and in the international marketplace. Its members are among the world’s most innovative companies, creating software solutions that spark the economy and improve modern life.
With headquarters in Washington, DC, and operations in more than 60 countries, BSA pioneers compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.

About Galexia

Galexia (http://www.galexia.com) is at the forefront of international research and advice in the areas of privacy, identity, cybersecurity and cloud — with a particular focus on global and cross-border legal and regulatory issues. The firm advises national governments, regional and global organizations (ASEAN and the United Nations), and the private sector (particularly ICT, health and financial services). The firm has expertise in the policy complexities that arise for countries and business addressing cross-border issues. Galexia publishes world-leading research publications, including the regular Cloud Scorecards, Cybersecurity Dashboards and reports on identity management, authentication, privacy and cyberlaws. The firm has specialist expertise in data governance, particularly the development and implementation of identity and authentication management systems, Privacy Impact Assessments and Cybersecurity strategies.
Galexia works closely with a range of international business and government clients to produce clear and effective outcomes from evidence-based research. The firm uses collaborative cloud-based reporting tools to provide real-time access to our research and analysis.

[ Galexia Dots ]

About this version of the report on the Galexia website

This version of the 2018 Cloud Scorecard reflects the final and official version as published on the BSA | Software Alliance Scorecard micro-site with additional embedded analytics and visualisations from Galexia.

The March 2018 release of the 4th in this series of ground breaking reports is a great time to take stock and look at what we think are the fascinating and significant trends and patterns of global improvements over the past 6 years. We have included graphs, analysis and data not previously published.

There are number of components that go into building up the Cloud Readiness Scorecard & Report

  • Consistent themes, criteria and scoring methodology across all reports from 2012
  • 24 country reports
  • Country checklist on a page - it is worth obtaining the BSA hard copy version of the report which has a double A4 foldout
  • Country summaries
  • Theme summaries
  • Consistent scoring across 72 criteria
  • Overall Score and Rankings
  • Detailed change tracking, identifying trends and rates of improvement


[ Galexia Dots ]

What has changed since previous scorecards?

Changes in the 2018 scorecard - from 2016

Changes in the 2016 scorecard - from 2013

Changes in the 2013 report - from 2012

The 2018 scorecard features an updated methodology to better reflect cloud computing’s exponential growth over the past five years, putting additional emphasis on policy areas, including privacy laws, cybersecurity laws, and broadband infrastructure.

The underlying methodology has been improved and strengthened, with

A new Scoring Methodology (updated for the 2018 Scorecard). The scores in the 208 Scorecard is not directly comparable with the 3 earlier reports due to the changes in criteria and the scoring methodology.

Includes 2 new Issues Briefs.

Country reports translated into 4 languages ( Brazil, China, Japan and Vietnam) and additional translations are in the pipeline.

Updates across 24 countries and 66 criteria, including:

  • 32 significant (positive) changes
  • 73 moderate (positive) changes
  • 10 significant (negative) changes
  • 24 moderate (negative) changes
  • 292 minor (no effect) changes
  • 504 infrastructure changes

Tracks change in score and rank from 2013

Full scorecard report translated into 3 languages (Korean, Spanish & Thai)

Country reports translated into 7 languages ( Argentina, China, Germany, Korea, Japan, Mexico & Thailand)

Includes 2 new case studies.

Updates across 24 countries and 66 criteria, including:

  • 27 significant (positive) changes
  • 34 moderate (positive) changes
  • 0 significant (negative) changes
  • 6 moderate (negative) changes
  • 108 minor (no effect) changes
  • 432 infrastructure changes

Tracks change in score and rank from 2012

Includes 3 new case studies.

[2018 Scorecard on BSA microsite]

[2016 Scorecard on BSA microsite]

[2013 Scorecard on BSA microsite]



[ Galexia Dots ]

2. The 2018 Scorecard - Scores and Rankings

By focusing new attention on the policy areas that matter most to cloud computing, the 2018 Scorecard shows continuing improvements in the policy environment for cloud computing in key global economies.

2018 Scorecard - All themes

2018 Scorecard - Legal & policy themes only (IT readiness and broadband theme removed)


[ Galexia Dots ]

3. Executive Summary and Overall Findings (from the BSA Report)

Five years is an extremely long time in today’s technology-driven era, and the global cloud computing market has grown exponentially in the five innovation-filled years since BSA | The Software Alliance launched the initial Global Cloud Computing Scorecard.

Consider just a few changes: In 2013 when BSA released the first Scorecard, the demand for cloud computing came largely from start-ups and other small companies. In 2018, though, analysts predict that more than half of enterprises will have adopted cloud computing worldwide and that cloud applications, platforms, and services will continue to radically change the way enterprises compete for customers.[1] Governments, recognizing the cost-effective and far-reaching power of the technology, are increasingly adopting cloud-based tools as well. According to market experts, between 2012 and 2015 the demand for cloud computing accounted for 70 percent of related IT market growth — and it is expected to represent 60 percent of growth through 2020.[2]

In light of that growth — and changes in markets around the world — BSA opted to update the way
it ranks countries’ preparedness for the adoption and growth of digital services. The result of that re- examination is the 2018 BSA Global Cloud Computing Scorecard, the newest and most comprehensive version of the only report to regularly track change in the international policy landscape for cloud computing.

These new rankings put additional emphasis on the policy areas that matter most to cloud computing, such as privacy laws that protect data without unnecessarily restricting its movement across borders and cybersecurity regimes that promote the proper protection of consumer and business data without freezing into place out-dated and unneeded regimes. In addition, questions to assess intellectual property protections have been extensively revised to focus on cloud-relevant issues, including new questions on trade secrets and patents.

Using the Scorecard, BSA has tracked the evolution of the legal and regulatory environment for cloud computing in 24 countries around the world. This year’s results clearly demonstrate several important points. The new methodology reveals a similar overall pattern. The rankings fall into three general categories with a group of top-performing countries (e.g., the EU nations, Japan, the United States, Australia, Singapore, and Canada) being pursued by countries like Korea, Mexico, Malaysia, and South Africa. Bringing up the rear are a small group of nations that have failed to embrace the international approach: Russia, China, Indonesia, and Vietnam.

Countries continue to update and refine their data protection regimes — most often in a way that ensures important cross-border data transfers.

Among the other key findings of the 2018 Scorecard:

  • Advanced privacy and security policies set leading countries apart from lagging markets
    • Countries continue to update and refine their data protection regimes — most often in a way that ensures important cross-border data transfers. Canada again scored highest in the privacy category based on its comprehensive legal regime that avoids onerous registration requirements.
    • Japannow has a new central regulator in place to accompany its recently adopted comprehensive privacy legislation, and those elements are complemented by effective enforcement provisions.
    • Turkey adopted its new Law on Personal Data Protection in 2016 (in addition to signing the Convention on Cybercrime, which came into force in Turkey in 2015). These developments help to create a positive environment for building consumer trust in cloud services.
    • Several countries, however, still have not adopted adequate privacy laws. Brazil and Thailand do not have comprehensive laws, and the laws in China, India, Indonesia, and Vietnam remain very limited.
  • Emerging markets continue to lag in the adoption of cloud-friendly policies, hindering their growth
    • Indonesia continues to update and reform laws and regulations in the information technology (IT) sector, but the result has not been positive for cloud computing. Regulations impose significant barriers for cloud service providers, including requirements for providers to register their services with a central authority and rules that force some providers to establish local data centers and hire local staff.
    • Russia’s laws on both privacy and cybercrime do not follow recognized international standards. Russia requires data operators to store the personal data of Russian citizens on servers based in Russia. This data localization requirement has a significant negative impact on the digital economy.
    • Vietnam falls short in several key policy categories, scoring just one point for security (with no national cybersecurity strategy in place) and just half a point in efforts to promote free trade.
  • Deviations from widely adopted regimes and international agreements hold back key markets
    • Japanwhich has finished atop the rankings in every previous version of the Scorecard, scores strongly in most policy categories but its scores slip sharply in Support for Industry-Led Standards and International Harmonization of Rules. It is the only leading market to not have a general law on e-commerce.
    • The Budapest Convention on Cybercrime is the first international treaty that aimed to harmonize national laws, improve investigative techniques, and increase cooperation among nations in order to fight Internet and computer crime. The convention has been widely adopted or mirrored through national regimes. Only two countries have failed to follow their lead: China and Korea.
    • Internationally accepted standards, certification, and testing help improve the security environment for cloud computing, but not every country recognizes such best practices as meeting local standards. The holdouts include countries that might be expected to have protectionist policies (e.g., China, Indonesia, Russia, and Vietnam), but they also include countries like Argentina, India, Mexico, and South Africa.

The ability of countries and companies
to leverage cloud computing for growth requires that they be able to access a powerful network; the new methodology puts increased emphasis on the IT Readiness, Broadband Deployment category.

  • Those few countries that have embraced localization policies pay a heavy price
    • After years of concerns about restrictive policies in Russia, the effect of those policies are becoming more clear. This year, for the first time in the history of the Scorecard a country finished with a zero in one of the scoring categories. Russia’s failure to embrace technology neutrality in government procurement and its cumbersome Internet filtering and censorship regulations act as a barrier to cloud computing.
    • These policies are not without financial effects. Consider that in 2012 the research firm IDC found that Russia’s cloud computing market had grown more than 417 percent to nearly $60 million and was projected to continue to grow by more than 50 percent in the years ahead.[3] By 2017, though, IDC was finding growth in the Russian cloud market of just 9.9 percent — far behind the global growth of 19 percent.[4]
    • Vietnam also continues to impose severe censorship and restrictions on Internet content. That fact is further complicated by the country’s failure to develop appropriate laws on government procurement and other trade barriers.
  • Increased emphasis on IT readiness and broadband Deployment leads to interesting results
    • The ability of countries and companies to leverage cloud computing for growth requires that they be able to access a powerful network; the new methodology puts increased emphasis on the IT readiness and broadband Deployment category. Although almost all countries continue to work to improve broadband penetration, the success of those efforts remains very inconsistent.
    • Singapore Japan, and Korea score highest in the category — boosted by the successful efforts to boost their national broadband plans.
    • Certain countries’ high IT Readiness scores may be masking weaknesses in other areas of cloud policy. For example, when infrastructure scores are removed, Japan ranking plummets from No. 2 to No. 10. Likewise, Korea scores nearly 20 points for IT Readiness and rounds out the top tier of countries in the rankings. But it finishes much closer to middle-tier countries like Mexico and South Africa in an examination of the countries’ pure policy rankings.

[ Galexia Dots ]

4. BSA Cloud Policy Blueprint

The economic growth predicted to flow from cloud computing — and the resulting transformation of both businesses and national economies — is predicated on the proper policies being in place in each of the seven areas used in the BSA Cloud Scorecard:

  • Ensuring data privacy: The success of cloud computing depends on users’ faith that their information will not be used or disclosed in unexpected ways. At the same time, to maximize the benefit of the cloud, providers must be free to move data through the cloud in the most efficient way.
  • Promoting security: Users must be assured that cloud computing providers understand and properly manage the risks inherent in storing and running applications in the cloud. Cloud providers must be able to implement cutting-edge cybersecurity solutions without being required to use specific technologies.
  • Battling cybercrime: In cyberspace, as in the real world, laws must provide meaningful deterrence and clear causes of action. Legal systems should provide an effective mechanism for law enforcement, and for cloud providers themselves, to combat unauthorized access to data stored in the cloud.
  • Protecting intellectual property: In order to promote continued innovation and technological advancement, intellectual property laws should provide for clear protection and vigorous enforcement against misappropriation and infringement of the developments that underlie the cloud.
  • Ensuring data portability and the harmonization of international rules: The smooth flow of data around the world — for example, between different cloud providers — requires efforts to promote openness and interoperability. Governments should work with industry to develop standards, while also working to minimize conflicting legal obligations on cloud providers.
  • Promoting free trade: By their very nature, cloud technologies operate across national boundaries. The cloud’s ability to promote economic growth depends on a global market that transcends barriers to free trade, including preferences for particular products or providers.
  • Establishing the necessary IT infrastructure: Cloud computing requires robust, ubiquitous, and affordable broadband access. This can be achieved through policies that provide incentives for private sector investment in broadband infrastructure and laws that promote universal access to broadband.

The move to the cloud and capitalization on its benefits across the board is hardly inevitable, and an urgent task lies ahead for governments. In order to obtain the benefits of the cloud, policymakers must provide a legal and regulatory framework that will promote innovation, provide incentives to build the infrastructure to support it, and promote confidence that using the cloud will bring the anticipated benefits without sacrificing expectations of privacy, security, and safety


[ Galexia Dots ]

5. Key Findings Across Themes (from the BSA Report)

Key Findings

Five short years ago, cloud computing was a new tool — a next-generation technology that promised to help companies and countries unlock greater productivity and expanded economic growth. It was with that perspective that BSA | The Software Alliance launched the Global Cloud Computing Scorecard — a resource to help policymakers shape the proper legal and regulatory environment to encourage the growth of the cloud in their markets.

Fast forward to today and cloud computing is a widely adopted technology that powers global businesses and helps governments better connect with their citizens on a daily basis. Based on that evolution BSA | The Software Alliance believed that 2018 presented an opportunity to step back and reassess the Scorecard — the only report to regularly track change in the relevant international policy landscape. With companies and governments increasingly moving their key IT processes to the cloud, the mix of important policy considerations has become increasingly clear:

  • Privacy laws must ensure the proper protection for users’ data without restricting the ability of companies and users to move data across borders to maximize its value.
  • Security laws must help shape an environment where cloud computing providers can implement cutting-edge cybersecurity solutions without being handcuffed by requirements to use specific technologies. Users also must be able to trust that cloud computing providers understand and properly manage the risks inherent in storing and running applications in the cloud.
  • When it comes to delivering the cloud, countries must invest in the appropriate infrastructure. Cloud users must have access to robust, ubiquitous, and affordable broadband, which requires policies that provide incentives for private sector investment in broadband infrastructure and laws that promote universal access to broadband.

Some basic fundamentals have not changed. IT remains integral to every nation’s economic growth. Cloud computing adds to the importance of IT by increasing access to technology that drives economic growth at the global, national, and local levels.

Cloud computing democratizes the use of advanced technologies. It allows anyone — a start-up, an individual consumer, a government, or a small business — to access technology previously available only to large organizations. These services in return have opened the door to unprecedented connectivity, productivity, and competitiveness.

Countries that offer a policy environment in which cloud-computing services can flourish gain in productivity and economic growth. The countries with the most favourable policies are those in which the free movement of data, privacy, intellectual property protections, robust deterrence, and enforcement of cybercrime are all important priorities. Many countries also recognize that coordination of national cloud computing policies with those of other nations will facilitate benefits for all countries participating in the global economy.

But countries inhibiting, or failing to support, the use of cloud computing will not keep pace with those embracing the tool.

The Scorecard has for five years ranked the IT infrastructure and policy environment — or cloud computing readiness — of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas. The 2018 BSA Global Cloud Computing Scorecard, though, focuses new attention on the policy areas that matter most to cloud computing.

The 2018 Scorecard shows continuing improvements in the policy environment for cloud computing in key global economies since the 2016 version of the Scorecard.

These new rankings put additional emphasis on the policy areas that matter most to cloud computing, things like privacy laws that protect data without unnecessarily restricting its movement across borders and cybersecurity regimes that promote the proper protection of consumer and business data without freezing into place out-dated and unneeded regimes. In addition, questions to assess intellectual property protections have been extensively revised to focus on cloud-relevant issues, including new questions on trade secrets and patents.

The 2018 Scorecard shows continuing improvements in the policy environment for cloud computing in key global economies.



[ Galexia Dots ]

Data Privacy

Cloud users need to trust that their data, which may be stored anywhere in the world, will not be used
or disclosed by a cloud provider in unauthorized ways. Countries can provide these assurances with appropriate privacy laws. But it is a delicate balance — unnecessarily burdensome restrictions will hinder the important advantages of cloud computing that users want and need.

This section of the Scorecard examines how countries are managing these competing interests. Overall, the concern for privacy has produced many positive results across jurisdictions, including significant law reform and a greater public awareness of data privacy issues.

Most countries in the Scorecard have data protection frameworks in place and have established independent privacy commissioners. Many of the data protection laws are now being updated to meet new international standards — such as the European Union General Data Protection Regulation (GDPR) and the APEC Cross Border Privacy scheme (CBPRs).

Unfortunately, privacy laws are still absent or insufficient in several countries. Brazil and Thailand have no comprehensive laws in place, while laws in China, India, Indonesia, and Vietnam remain very limited.

A small number of countries have adopted or proposed prescriptive data localization regimes that would require cloud providers to restrict the free flow of data or build costly — and unnecessary — servers in order to provide services in a specific market.

Canada and Mexico score highest in the privacy section, offering comprehensive privacy regimes without onerous registration requirements. Countries with no laws ( Brazil and Thailand) and countries with prescriptive data localization requirements (such as Russia and Indonesia) score poorly in this section.


[ Galexia Dots ]

Security

Users of cloud computing and other digital services need to be certain that cloud service providers can manage the security risks of storing their data and running their applications on cloud systems. Large- scale national and international cybersecurity attacks are now common.

This section examines how countries manage and regulate cybersecurity, security certification, and security testing.

This year’s Scorecard indicates that many countries have implemented national cybersecurity strategies. Many of these national strategies promote a joint public-private approach to the management of cybersecurity. Overall, this is a positive development, although Argentina, Mexico, and Vietnam are yet to develop and implement strategies.

Overall, the Scorecard finds that most countries are rising to the challenge of protecting data from cyber attack and physical security breaches.

Most cloud computing applications are designed to meet internationally recognized security standards, and this approach is supported by most countries in the Scorecard. This means that a product tested in one country can be recognized in other countries. However, the Scorecard reveals that some overly prescriptive security requirements that duplicate accepted international standards and impose onerous local requirements have been introduced. For example, China, India, and Korea have all introduced some local security testing requirements.

The United Kingdom, Germany, France, Australia, the United States, and Japan score highest in the security section. Mexico, Argentina, and Vietnam record the lowest scores — mainly due to delay in implementing national cybersecurity strategies.


[ Galexia Dots ]

Cybercrime

The huge quantities of data that companies and governments store in their computer networks have long attracted the attention of bad actors. In order to protect data holders and deter cyber criminals, governments must use legislative, investigative, and enforcement tools.

This section examines cybercrime laws, as well as rules relating to investigation and enforcement.

Overall, the Scorecard finds that most countries are rising to the challenge of creating legal regimes to protect data from cyberattack and physical security breaches. Most countries studied have legislation to combat the unauthorized access of data stored in the cloud. Most also have implemented cybercrime laws, many of which are compatible with the Convention on Cybercrime. Italy, Japan, Poland, and Spain all score very highly in this section of the Scorecard.

Unfortunately, a few key jurisdictions still have gaps and inconsistencies in their cybercrime laws. China and Vietnam score poorly in this section of the Scorecard.

The Scorecard also asks whether local laws and policies on access to data by law enforcement authorities avoid technology specific mandates (e.g., requirements for specific tools that allow access to encrypted data). These mandates may act as a barrier to the supply of security products and services. There was a wide divergence on this issue and on other issues related to the investigation and prosecution of cybercrime.


[ Galexia Dots ]

Intellectual Property Rights

As with the creators of other highly innovative and fast-evolving products, providers of cloud computing services rely on a combination of patents, copyrights, trade secrets, and other forms of intellectual property protection. To encourage investment in cloud research and development, intellectual property

laws must provide clear protections and effective enforcement of misappropriation and infringement. Online intermediaries should be offered incentives to operate responsibly and should enjoy safe harbor from copyright liability when they do so.

This section examines the intellectual property protections in place in the countries studied, as well as their approaches to implementation and enforcement. The Intellectual Property criteria for this year’s Scorecard was extensively revised to focus on issues that are most relevant to cloud computing, including new questions on trade secrets and patents.

The United Kingdom, Singapore, and the United States all score very highly in the Intellectual Property section, reflecting their combination of modern laws and effective enforcement. Unfortunately, many countries struggled to achieve good results in this section, with Vietnam, Malaysia, Turkey, and India recording the lowest scores. However, numerous proposed and draft laws and regulations exist across the countries in the study, and this may be a section where we see strong improvements in the coming years.


[ Galexia Dots ]

Standards and International Harmonization of Rules

Users need data portability and seamless interoperable applications if they are to make full use of cloud-computing services and the digital economy. IT industry organizations are developing international standards that will ensure optimal portability. Government support for these voluntary, industry- led efforts is highly important. Countries must also promote global harmonization of e-commerce rules, tariffs, and relevant trade rules.

This section examines the extent to which governments have encouraged industry-led processes and promoted harmonization of e-commerce rules.

The Scorecard reveals that some countries have moved away from accepting international standards and international certifications, most notably China, India, Indonesia, Korea, and Russia.

Although tariffs and trade barriers for online software and applications continue to be rare, they continue
to hinder new technology products used to access cloud services in a few countries. Argentina, Brazil, and Russia all score poorly in this section.


[ Galexia Dots ]

Promoting Free Trade

Cloud services operate across national boundaries, and their success depends on access to regional and global markets. Restrictive policies that create actual or potential trade barriers will inhibit or slow the evolution of cloud computing.

This section examines government procurement regimes and the existence or absence of barriers to free trade, including each country’s requirements and preferences for particular products. The section also examines whether countries support international efforts to standardize and liberalize trade and procurement policies, allow cloud providers to operate free from tariffs and other trade barriers, and avoid laws or policies that impose data localization requirements.

The Scorecard indicates that a number of countries still provide preferential treatment for domestic suppliers in government procurement or have introduced other barriers to international trade. Indeed, this section of the Scorecard reveals the widest divergence between countries. A small group of countries scored close to the maximum points — Canada, Germany, the United States, Poland, and Japan — while a number of countries score no points or almost no points, including China, India, Vietnam, and Russia.


[ Galexia Dots ]

IT readiness and broadband Infrastructure

Digital economies and cloud computing require extensive, affordable broadband access, which in turn requires incentives for private sector investment in infrastructure and laws and policies that support universal access.

This section of the Scorecard examines and compares the infrastructure available in each country to support the digital economy and cloud computing. It is based on detailed comparative statistics on a range of important IT indicators, including the presence of a national broadband plan, a country’s International Connectivity Score and International Internet Bandwidth. In addition, the Scorecard includes statistics on the number of subscribers for key services, such as mobile broadband subscriptions.

Despite major infrastructure improvements underway in a number of countries, broadband penetration remains very inconsistent. As a result, some countries continue to have low infrastructure scores. Countries that do not yet have sufficient infrastructure continue to be at risk of missing the economic benefits of the digital economy and cloud computing.

Singapore, Japan, and Korea achieve the highest results in this section of the report. As IT readiness and broadband Deployment is worth 25 percent of the overall score in this year’s Scorecard, this strong result helps to lift the overall rankings for these countries. For example, Japan jumps from 10th in the Scorecard rankings to 2nd once the infrastructure scores are included. Most of the other countries in the Scorecard receive a similar ranking whether or not infrastructure scores are included.

The poorest performers in this section of the Scorecard are Vietnam, Indonesia, and India.


[ Galexia Dots ]

6. Country Checklist on a page

BSA produce a fantastic hardcopy of the report - contained within this is a double page double sided foldout.

View the Country Checklist (PDF) »

The BSA Global Cloud Computing Scorecard examines the legal and regulatory framework of 24 countries around the world, identifying 72 criteria that are relevant to determining readiness for cloud computing. The questions are categorized under the 8 policy themes, and are generally framed so as to be answerable by “yes” or “no.” The answers are also color coded:

[YES] Indicates a positive assessment, which is generally considered to be an encouraging step toward the establishment of a favorable legal and regulatory environment for cloud computing.
[NO] Indicates a negative assessment and the presence of a potential barrier to the establishment of a favorable legal and regulatory environment for cloud computing.
[PARTIAL] Indicates that the assessment is positive in part, although some gaps or inconsistencies may exist that require further remedial work.
Indicates a fact-finding question on relevant issues.

The Scorecard aims to provide a platform for discussion between policymakers and providers of cloud offerings, with a view toward developing an internationally harmonized regime of laws and regulations relevant to cloud computing. It is a tool that can help policymakers conduct a constructive self-evaluation, and determine the next steps that need to be taken to help advance the growth of global cloud computing.

Responses for the infrastructure portion of the Scorecard are color coded based on the scale below. That is, the “highest” answer to a particular question (e.g., the largest population or highest number of Internet users) is indicated in bright green, and the color for other responses graduates down to the lowest response in red.


[ Galexia Dots ]

7. Country Summaries (including historic scores and ranks)

2018 Rank 1. Germany - Score: 83.95 | Change from 2016 - Rank: +2

Germany provides strong protection for cloud services, through a combination of comprehensive cybercrime legislation as well as an up-to-date cybersecurity strategy. Germany also has modern electronic commerce and electronic signature laws.

Germany has comprehensive privacy legislation, but it includes onerous registration requirements that may act as a cost barrier for the use of cloud computing.

Germany has a strong commitment to international standards and interoperability.

In the area of intellectual property, Germany offers good protection but there are some areas in which improvement could be made including further trade secrets protection.

Germany is making good progress on extending broadband access to the population. Its current target is to ensure that all households have access to broadband with speeds of at least 50 Mbps by the end of 2018.

Although Germany’s overall rank has improved since the last Scorecard — from third to first place — this stemmed largely from the rebalancing of the Scorecard methodology. The country’s improved scores in the security section of the report also contributed to the increase.

The rank for Germany in this year's Scorecard is:
- 1st overall,
- 1st for legal and policy, and
- 5th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Germany has the following rankings:
- 3rd for data privacy
- 2nd for security
- 5th for cybercrime
- 7th for intellectual property rights
- 5th for standards and international harmonization
- 2nd for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 2. Japan - Score: 82.09 | Change from 2016 - Rank: -1

Japan has a comprehensive suite of modern laws that support and facilitate the digital economy and cloud computing.

Japan has comprehensive privacy legislation, with a new central regulator in place and strong enforcement provision.

Japan ratified the Convention on Cybercrime in 2012, setting a positive example for other countries.

Japan’s intellectual property laws cover the full range of protections relevant to cloud computing, but improvements can be made in areas of protection against circumvention of technological protection measures.

Japan is very active in the development of international standards.

Japan is characterized by having one of the most extensive broadband fiber deployments in the world, with the largest number of fiber users in the world. Japan has an actively managed competitive access regime and has had at least six significant information technology (IT) strategies and plans over the past decade. Typically, the targets are met, and there is progression to the next strategy. This puts Japan in a unique position, with one of the most complete broadband infrastructures in the world. The high scores in this section of the scorecard positively impact Japan’s overall ranking position.

Japan’s ranking decreases slightly — from first to second — mostly because of improvements by Germany.

The rank for Japan in this year's Scorecard is:
- 2nd overall,
- 9th for legal and policy, and
- 2nd for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Japan has the following rankings:
- 8th for data privacy
- 5th for security
- 1st for cybercrime
- 11th for intellectual property rights
- 12th for standards and international harmonization
- 4th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 3. United States - Score: 82.04 | Change from 2016 - Rank: -1

The United States has comprehensive and up-to-date laws for e-commerce, electronic signatures, and cybercrime.

The United States has signed and implemented the Convention on Cybercrime and plays a leading role in the investigation of global cybercrimes.

Although there are no general privacy laws in place, the United States does have useful sectoral privacy laws and an active regulator. There is an ongoing debate in the US regarding the balance between national security surveillance and privacy protection. There are numerous, but inconsistent, state data breach notification laws in place in the United States.

The United States scores well in the intellectual property section of the report. The country has signed all of the relevant international agreements, and a strong intellectual property enforcement culture is in place.

The United States is an active participant in international standards development processes and an advocate of free trade and harmonization.

The United States has high levels of Internet use, but access to fast broadband remains patchy. The National Broadband Plan has a goal that by 2020 at least 100 million households will have download speeds of 100 Mbps and upload speeds of 50 Mbps. Not all parts of the plan have been adopted or fully funded; however, significant parts of the plan have been implemented.

The United States’ position in the 2018 Scorecard rankings fell slightly — from second to third.

The rank for United States in this year's Scorecard is:
- 3rd overall,
- 3rd for legal and policy, and
- 6th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness United States has the following rankings:
- 13th for data privacy
- 5th for security
- 5th for cybercrime
- 3rd for intellectual property rights
- 1st for standards and international harmonization
- 3rd for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 4. United Kingdom - Score: 81.84 | Change from 2016 - Rank: +5

The United Kingdom has a comprehensive set of cyberlaws. Data protection laws are particularly strong, with regular enforcement. However, businesses are required to register their data sets with the regulator, which seems to be an unnecessary burden on business and may act as a barrier to some cloud services.

The United Kingdom is updating its laws to reflect the provisions of the EU General Data Protection Regulation (GDPR), which will come into force in May 2018. This update continues despite the BREXIT process.

The United Kingdom is free from Internet censorship and filtering, and up-to-date laws are in place for e-commerce and electronic signatures.

The United Kingdom is a signatory to the Convention on Cybercrime. There is significant debate in the United Kingdom on the regulation of law enforcement access to data, and some proposals could have a potential negative effect on cloud computing.

Advanced intellectual property laws are in place and are regularly enforced, although there is still a gap in relation to trade secrets protection and enforcement. The United Kingdom also scored very well in the information technology (IT) infrastructure section of this year’s report.

The United Kingdom’s ranking improved substantially, and the country went from ninth to fourth place in the 2018 Scorecard rankings. The UK released a national Cyber Security Strategy in late 2016 and outperformed other nations in the Security rankings.

The rank for United Kingdom in this year's Scorecard is:
- 4th overall,
- 8th for legal and policy, and
- 4th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness United Kingdom has the following rankings:
- 7th for data privacy
- 1st for security
- 18th for cybercrime
- 1st for intellectual property rights
- 5th for standards and international harmonization
- 10th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 5. Australia - Score: 80.61 | Change from 2016 - Rank: +1

Australia promotes cloud computing through a mix of modern laws, regulations, and standards. For example, Australia has a strong commitment to international cooperation, free trade, and interoperability. Key laws are based on international models, and Australia is an active participant in the development of international standards.

Australia has up-to-date cybercrime laws and ratified the Convention on Cybercrime in 2012. Australia also has comprehensive electronic signature and electronic commerce laws. Australia’s data protection legislation is current and is broadly compatible with global frameworks.

Intellectual property laws in Australia provide good protection for cloud computing services and the digital economy. However, Australia provides limited “safe harbor” protections in the Copyright Act 1968, and the level of protection for cloud service providers remains uncertain.

Australian information technology (IT) infrastructure is reasonably well developed. Australia revised its model for the National Broadband Network in 2014. It is forecast to provide 8 million connections at speeds of 25-50 Mbps through fiber to the node (FttN) and hybrid fiber-coaxial (HFC) connections by 2020.

Overall, Australia’s Scorecard results were similar to the results reported in 2016. The country’s slight improvement in the ranking — from sixth to fifth — is mostly a result of other countries’ weaker performance in the areas relevant to cloud computing that are reflected in the Scorecard.

The rank for Australia in this year's Scorecard is:
- 5th overall,
- 2nd for legal and policy, and
- 10th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Australia has the following rankings:
- 4th for data privacy
- 2nd for security
- 5th for cybercrime
- 8th for intellectual property rights
- 1st for standards and international harmonization
- 9th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 6. Singapore - Score: 80.21 | Change from 2016 - Rank: +1

Singapore has modern digital economy laws in most areas. For example, the Electronic Transactions Act 2010 implements the United Nations Convention on Electronic Contracting, which Singapore has ratified. Singapore also has up-to-date cybercrime laws and intellectual property laws.

Singapore privacy law provides a balanced approach between protecting personal information and facilitating innovation in cloud computing and the digital economy. However, there have been some recent trends suggesting Singapore may be looking to establish unique national standards for the IT sector. For example, Singapore adopted the Singapore-specific Multi-Tier Cloud Security (MTCS) Singapore Standard, which arbitrarily assigns levels to cloud computing services imposing distinct requirements on particular levels.

Singapore has some minor Internet censorship in place but generally promotes innovative business practices that are free from tariffs and government intervention. Singapore is generally committed to adopting international standards throughout the IT and security sectors.

Singapore has excellent information (IT) infrastructure and is developing a national network to bring high-speed fiber to the home.

There were very few changes in Singapore’s results from the previous Scorecard. The minor jump in the rankings — from seventh to sixth — is a result of the rebalancing of the Scorecard methodology.

The rank for Singapore in this year's Scorecard is:
- 6th overall,
- 11th for legal and policy, and
- 1st for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Singapore has the following rankings:
- 13th for data privacy
- 7th for security
- 5th for cybercrime
- 1st for intellectual property rights
- 16th for standards and international harmonization
- 6th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 7. Canada - Score: 79.98 | Change from 2016 - Rank: -3

Canada’s data protection regulations are compatible with globally recognized frameworks that facilitate international data transfers. In 2015, Canada also ratified the Council of Europe Cybercrime Convention and implemented computer crime legislation that apply to most cybercrimes, although there are some limitations. Canada’s Cyber Security Strategy, however, is not considered to be current and is undergoing review.

In 2014, Canada ratified the WIPO Copyright Treaty, sealing a recent period of improved copyright regulation and enforcement in areas relevant to cloud computing. However, Canada’s results in this section are somewhat affected by the limited protection offered to trade secrets.

Canada also achieves strong results in the sections covering international standards and the promotion of free trade.

Finally, Canada scores well in the information technology (IT) infrastructure section of the scorecard. In December 2016, the Canadian Radio-television and Telecommunications Commission issued a policy declaring high-speed broadband as an essential service. According to the policy, by 2021 90 percent of premises are to have access speeds of at least 50 Mbps download and 10 Mbps upload and unlimited data allowance. The remaining 10 percent of premises are to achieve this target by 2026-2031. This universal goal has been supplemented by a fund to pay for relevant projects.

There were very few changes in Canada’s results from the previous Scorecard. The minor difference in Canada’s position in the rankings — a slide from fourth to seventh — was caused not by policy changes in Canada but by the rebalancing of the Scorecard methodology.

The rank for Canada in this year's Scorecard is:
- 7th overall,
- 5th for legal and policy, and
- 8th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Canada has the following rankings:
- 1st for data privacy
- 13th for security
- 15th for cybercrime
- 10th for intellectual property rights
- 1st for standards and international harmonization
- 1st for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 8. France - Score: 79.57 | Change from 2016 - Rank: -3

A combination of comprehensive cybercrime legislation and up-to-date intellectual property protection benefits cloud services in France. France also has up-to-date electronic signature and electronic commerce laws in place.

Comprehensive privacy legislation exists in France, although it includes onerous and cumbersome registration requirements that appear unnecessary.

There is no clear or comprehensive government policy or strategy on cloud computing in France, although France has invested heavily (through the French sovereign wealth fund) in supporting several local cloud service providers.

France’s national broadband plan, France Très Haut Débit, is a 10-year-funded initiative launched in 2013 and updated in 2015. It covers a range of infrastructure and constructions programs, which use a range of technologies. The overall broadband target for the France Très Haut Débit plan is 100 percent coverage of France with speeds in excess of 30 Mbps by 2022.

There were very few changes in France’s results from the previous Scorecard. The minor difference in France’s position in the ranking — a slide from fifth place to eighth — is based on the rebalancing of the Scorecard methodology.

The rank for France in this year's Scorecard is:
- 8th overall,
- 7th for legal and policy, and
- 7th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness France has the following rankings:
- 8th for data privacy
- 2nd for security
- 5th for cybercrime
- 5th for intellectual property rights
- 8th for standards and international harmonization
- 12th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 9. Italy - Score: 79.02 | Change from 2016 - Rank: -1

Italy’s data protection laws are comprehensive but include certain registration requirements that are onerous and appear unnecessary, as well as some limitations to data flows like other European Union countries.

Italy provides adequate intellectual property protection for cloud computing services, including appropriate “safe harbor” protection from liability for third-party infringement.

Italy has strong cybercrime laws and a comprehensive cybersecurity strategy in place, which works in conjunction with the Italian Digital Agenda — a government-led initiative to invest in digital development.

In addition, Italy has modern electronic signature laws and electronic commerce laws, and it is committed to international standards and interoperability.

Italy’s overall ranking fell slightly — to ninth from eighth in the 2016 report. This was the result of better performance by other countries, particularly in IT readiness and broadband Deployment, as well as the rebalancing of the Scorecard methodology.

The rank for Italy in this year's Scorecard is:
- 9th overall,
- 3rd for legal and policy, and
- 12th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Italy has the following rankings:
- 5th for data privacy
- 7th for security
- 1st for cybercrime
- 3rd for intellectual property rights
- 8th for standards and international harmonization
- 6th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 10. Spain - Score: 78.37 | Change from 2016 - Rank: +1

Spain has comprehensive privacy legislation, although it relies heavily on registration requirements that could act as a barrier for cloud computing services.

Spain has up-to-date cybercrime legislation and has ratified the Convention on Cybercrime. Spain also has comprehensive electronic commerce and electronic signature legislation, and Internet service providers (ISPs) are free from any Internet filtering or censorship.

Some minor gaps exist in intellectual property protection, and enforcement is poor particularly in relation to circumvention of technological protection measures.

Spain is a very active participant in international forums and supports international standards development and interoperability.

Spain recorded significant gains in information technology (IT) infrastructure in recent years. In the Digital Agenda for Spain, released in 2013, Spain reaffirmed its commitment to achieve the European Commission set targets for all households to have download speeds of at least 30 Mbps by 2020, and 50 percent of households at 100 Mbps by 2025.

Spain’s overall scores remained fairly steady. The country’s position in the Scorecard rankings improved slightly — to 10th in 2018 from 11th in 2016.

The rank for Spain in this year's Scorecard is:
- 10th overall,
- 10th for legal and policy, and
- 9th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Spain has the following rankings:
- 8th for data privacy
- 9th for security
- 1st for cybercrime
- 9th for intellectual property rights
- 8th for standards and international harmonization
- 6th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 11. Poland - Score: 76.99 | Change from 2016 - Rank: -1

Poland has up-to-date electronic signatures, electronic commerce, and cybercrime laws. These laws provide a good platform for promoting confidence in cloud computing and the digital economy.

Although Poland has a comprehensive data protection law in place, data controllers are bound by registration requirements. In addition, data breach notification requirements are limited.

Poland has a good regime for the protection of intellectual property, including specific rules for Internet service provider liability. However, some gaps still exist in copyright enforcement and protection against the circumvention of technological protection measures.

Poland promotes innovation and interoperability and has non-discriminatory policies for government procurement.

Poland’s National Broadband Plan 2014-2020 was adopted in January 2014 and remains valid until 2020. The plan sets the targets that, by 2020, 100 percent of households and companies should have access to Internet connectivity of at least 30 Mbps and 50 percent of households and companies have access to Internet connectivity of 100 Mbps.

Poland’s place in the Scorecard rankings fell one place in 2018, from 10th to 11th.

The rank for Poland in this year's Scorecard is:
- 11th overall,
- 6th for legal and policy, and
- 13th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Poland has the following rankings:
- 5th for data privacy
- 11th for security
- 1st for cybercrime
- 12th for intellectual property rights
- 1st for standards and international harmonization
- 4th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 12. Korea - Score: 72.2 | Change from 2016 - Rank: same

Korea has a strong commitment to the promotion of the digital economy, and its laws and standards are generally based on international models. Korea scored well in the IT readiness and broadband deployment section of the scorecard.

Although Korea has a personal data protection law in place, it imposes complex and inflexible notice and consent requirements, which effect data flows that are paramount for cloud computing.

Korea’s strong intellectual property laws facilitate the development and use of cloud computing services. However, the implementation and enforcement of these laws could be improved in some instances. Korea’s cybercrime law does not cover the full range of relevant issues.

Korea is an active proponent of free trade and interoperability and is a member of the World Trade Organization (WTO) Agreement on Government Procurement. However, one current area of concern is that Korea imposes a national encryption standard for the procurement of information technology (IT) security devices and related equipment, when a suitable international encryption standard is available.

In addition, some IT products that have already passed international Common Criteria for Information Technology Security Evaluation are required to undergo additional local testing in Korea.

Overall, Korea’s position in the Scorecard rankings remains unchanged from 2016.

The rank for Korea in this year's Scorecard is:
- 12th overall,
- 12th for legal and policy, and
- 3rd for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Korea has the following rankings:
- 11th for data privacy
- 15th for security
- 20th for cybercrime
- 5th for intellectual property rights
- 16th for standards and international harmonization
- 13th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 13. Mexico - Score: 60.61 | Change from 2016 - Rank: +2

Mexico has implemented many relevant cyberlaws, including privacy legislation, rules on data breach notification, and up-to-date cybercrime legislation.

Improvement is required in intellectual property protection and enforcement in Mexico. Significant gaps in legal coverage and enforcement remain. Intellectual property safe harbor has not been implemented for cloud service providers in Mexico and the bar for prosecution of intellectual property crimes is high.

Mexico also scores poorly in the section on promoting free trade.

There is no specific national broadband plan in Mexico and no speed or connectivity targets have been published. The country continues to face challenges in delivering a modern information technology (IT) infrastructure that can facilitate cloud computing.

Overall, Mexico’s Scorecard ranking improved slightly, from 15th place in 2016 to 13th in 2018.

The rank for Mexico in this year's Scorecard is:
- 13th overall,
- 13th for legal and policy, and
- 21st for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Mexico has the following rankings:
- 2nd for data privacy
- 23rd for security
- 11th for cybercrime
- 16th for intellectual property rights
- 7th for standards and international harmonization
- 11th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 14. Malaysia - Score: 59.26 | Change from 2016 - Rank: -1

Malaysia has modern electronic signature laws, and electronic commerce laws in place. These measures provide good level of protection for computing in Malaysia.

Malaysia has data protection regulation in place that is generally compatible with globally recognized frameworks. However, the law does not include data breach notification provisions and data controllers are required to register with the Personal Data Protection Department.

Malaysia has specific provisions in place for law enforcement access to encrypted data that, in some instances, may act as de facto mandate for the use of specific security technology.

Malaysia’s copyright laws are aligned with international standards, although enforcement remains patchy.

Malaysia has a moderate level of broadband penetration. In 2015, the government committed to new broadband targets: by 2020, 100 percent of households in capital cities and high-impact growth area to have access to speeds of 100 Mbps and 50 percent of households in suburban and rural areas to have access to speeds of 20 Mbps.

Malaysia fell slightly in the Scorecard rankings — from 13th place in 2016 to 14th place in 2018.

The rank for Malaysia in this year's Scorecard is:
- 14th overall,
- 15th for legal and policy, and
- 14th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Malaysia has the following rankings:
- 16th for data privacy
- 11th for security
- 20th for cybercrime
- 22nd for intellectual property rights
- 13th for standards and international harmonization
- 14th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 15. South Africa - Score: 57.33 | Change from 2016 - Rank: -1

South Africa’s comprehensive privacy law is gradually being implemented. The country also has some useful cybercrime and electronic commerce laws in place.

However, some limited Internet filtering and censorship still occurs, which may inhibit development of the digital economy, and South Africa has only very basic copyright laws, which are not aligned with current international best practice. In Mid-2015, the Government of South Africa started a process to amend the copyright law, but the process has faced considerable delays. South Africa has not yet signed the WIPO Copyright Treaty.

Another potential barrier in South Africa is the existence of a complex system of domestic preferences in government procurement opportunities.

South Africa has low levels of broadband penetration, but they have been improving in recent years. The government released ambitious targets in December 2013 for the South Africa Connect plan.

South Africa’s ranking in the 2018 Scorecard fell slightly — from 14th to 15th — based largely on the rebalancing of the Scorecard methodology.

The rank for South Africa in this year's Scorecard is:
- 15th overall,
- 14th for legal and policy, and
- 20th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness South Africa has the following rankings:
- 12th for data privacy
- 19th for security
- 11th for cybercrime
- 15th for intellectual property rights
- 8th for standards and international harmonization
- 16th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 16. Turkey - Score: 54.3 | Change from 2016 - Rank: +3

Turkey’s Law on the Protection of Personal Data came into force in April 2016. Turkey has also signed the Convention on Cybercrime, which came into force in the country in 2015. These developments help create a positive environment for building trust in cloud services.

However, Turkey continues to have some gaps in other areas that affect cloud computing. For example, rules on Internet content regulation may act as a barrier to cloud services.

Intellectual property protection in Turkey is reasonably up-to-date, but enforcement is patchy.

Turkey’s progress toward integration with the European and international communities has stalled, and some domestic preferences are still in place for government procurement opportunities.

The government has an ambitious target of providing fast broadband to 95 percent of households by 2020.

Turkey’s overall ranking rose from 19th in 2016 to 16th in 2018 mostly because of its new privacy law, which came into force in 2016, and the rebalancing of the Scorecard methodology.

The rank for Turkey in this year's Scorecard is:
- 16th overall,
- 16th for legal and policy, and
- 18th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Turkey has the following rankings:
- 17th for data privacy
- 9th for security
- 18th for cybercrime
- 23rd for intellectual property rights
- 19th for standards and international harmonization
- 15th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 17. Argentina - Score: 51.75 | Change from 2016 - Rank: -1

Argentina has data protection laws in place and is updating some aspects of the law. There are effective laws in place on cybercrime and electronic signatures in the country. Although Argentina’s scores for IT infrastructure (and broadband access in particular) improved since the Scorecard was first launched in 2012, progresses in this area is still necessary.

The country has a poor track record of protecting and enforcing intellectual property rights relevant to cloud computing. For example, Argentina does not provide specific “safe harbor” protection for intermediaries. Some gaps also exist in the important areas of standards development and technology neutral and non-discriminatory government procurement of information technology (IT).

Argentina also scored poorly on promotion of free trade because it imposes numerous tariffs and other trade barriers that negatively affect the digital economy.

There were very few changes in Argentina’s results from the previous Scorecard. Argentina fell slightly in the 2018 report rankings mostly because of progress made by other countries.

The rank for Argentina in this year's Scorecard is:
- 17th overall,
- 18th for legal and policy, and
- 19th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Argentina has the following rankings:
- 15th for data privacy
- 22nd for security
- 5th for cybercrime
- 19th for intellectual property rights
- 20th for standards and international harmonization
- 19th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 18. Brazil - Score: 50.27 | Change from 2016 - Rank: +4

Brazil recognizes the importance of information technology (IT) and the digital economy, but has struggled to implement a policy framework to foster the development of cloud computing. Some trade barriers to IT innovation remain in Brazil. Gaps also exist in the technology neutral and non-discriminatory government procurement of IT.

Brazil still does not have specific privacy legislation in place, and is falling behind its peers in this area. Brazil has some gaps in intellectual property protection and enforcement in areas relevant cloud computing. Although positive trends are present, there is room for improvement. Brazil has implemented an effective intellectual property “safe harbor” process for cloud service providers. On the other hand, the Brazilian Patent and Trademark Office has a large backlog of pending applications, which prevents patents from being issued in a timely manner. Similarly, Brazilian courts also have a large backlog of cases.

However, Brazil does achieve better scores in relation to security and infrastructure, with significant improvements recorded in relation to Internet freedom in the past years.

Although Brazil’s overall rank changed substantially since the last Scorecard — from 22nd to 18th — this improvement did not stem from major improvements in Brazil’s policy or IT infrastructure development. Rather, this change was caused mostly from the rebalancing of the Scorecard methodology to reflect the developments that have occurred since the Scorecard was first launched and by other countries’ poorer performance in the areas relevant to cloud computing that are reflected in the Scorecard.

The rank for Brazil in this year's Scorecard is:
- 18th overall,
- 19th for legal and policy, and
- 16th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Brazil has the following rankings:
- 23rd for data privacy
- 14th for security
- 11th for cybercrime
- 16th for intellectual property rights
- 22nd for standards and international harmonization
- 20th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 19. Thailand - Score: 48.4 | Change from 2016 - Rank: +2

Thailand’s laws and policies in relation to cloud computing and the digital economy are patchy, with strengths in some areas and significant gaps and weaknesses in others.

Thailand has implemented comprehensive cybercrime legislation, which helps to enhance confidence in information technology (IT). Thailand also has good laws for electronic commerce and electronic signatures. However, Thailand has no privacy laws, and this is a major weakness.

In January 2015, two Copyright Amendment laws were approved: the Copyright Act (No. 2) B.E. 2558 (A.D. 2015), and Copyright Act (No. 3) B.E. 2558 (A.D. 2015). These two new laws implement many of the key provisions of the WIPO Copyright Treaty. They also introduced an Internet service provider (ISP) liability scheme for copyright infringements that applies in broad circumstances.

Additional risks in Thailand include mandatory Internet censorship (some of which is clearly political in nature) and filtering, and procurement preference policies.

Overall, Thailand’s position in the Scorecard rankings has risen slightly since 2016 — from 21st to 19th — mostly because of incremental improvements in the Cybercrime and Intellectual Property Rights sections. Improvements in the IT readiness and broadband Developments based on the Thailand Digital Economy and Social Development Plan 2016 are also ongoing.

The rank for Thailand in this year's Scorecard is:
- 19th overall,
- 20th for legal and policy, and
- 17th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Thailand has the following rankings:
- 23rd for data privacy
- 19th for security
- 17th for cybercrime
- 14th for intellectual property rights
- 13th for standards and international harmonization
- 17th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 20. India - Score: 48.39 | Change from 2016 - Rank: -2

Laws and regulations in India have not entirely kept pace with developments in cloud computing, and some gaps exist in key areas of protection; notably, India has not yet implemented effective privacy legislation, although work is underway to address this issue.

India has a comprehensive national cybersecurity strategy in place and strong cybercrime legislation. Some laws and standards in India are not technology neutral (e.g., electronic signatures), and these may be a barrier to interoperability.

This year’s report notes that India imposes some local security testing requirements in addition to international testing requirements. These local testing arrangements have been the subject of criticism by India’s trading partners, including the European Union.

There is a gap in trade secrets protection in India. In addition, guidance for examiners on how to evaluate patent applications for software-enabled inventions is lacking, although the revocation of guidelines that would have prevented most computer related inventions from being subject to patent protection if novel hardware was not present is a step in the right direction. Furthermore, India still has not ratified the WIPO Copyright Treaty.

Overall, India’s ranking in 2018 is 20th. India fell two places because of its poor results in the Data Privacy and IT readiness and broadband Deployment.

The rank for India in this year's Scorecard is:
- 20th overall,
- 17th for legal and policy, and
- 24th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness India has the following rankings:
- 20th for data privacy
- 16th for security
- 14th for cybercrime
- 23rd for intellectual property rights
- 15th for standards and international harmonization
- 18th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 21. Russia - Score: 44.99 | Change from 2016 - Rank: -4

Russia has a patchwork of laws that apply to the digital economy and cloud computing, and these laws contain significant gaps and limitations.

For example, its laws on both privacy and cybercrime do not follow recognized international standards. Russia requires personal data of Russian citizens to be stored on servers based in Russia. This requirement has a significant negative effect on the digital economy.

In addition, any personal data information system (even a simple database) must be certified by the Federal Service for Technical and Export Control (FSTEC). Furthermore, only hardware and software that has been approved by the FSTEC and the Federal Security Service (FSB) can be used for personal data processing in Russia. Russia allows certain flexibility regarding whether local or international standards should be used but no preference is given to international standards.

Russia also has cumbersome Internet filtering and censorship regulations that act as a barrier to cloud computing. Russia mandates the use of certain products and software in government procurement opportunities.

Russian law addresses copyright infringement liability, as well as “safe harbors” from such liability for intermediaries, including cloud service providers, that comply with relevant requirements. However, Russia has a poor record of intellectual property enforcement in general, and laws protecting against circumvention of technological protection measures are limited and poorly enforced.

Overall, Russia’s place in the Scorecard rankings fell sharply in 2018. The negative effect of the data localization regulations and lack of promotion of free trade contributed to the country’s ranking falling by four spots — from 17th to 21st.

The rank for Russia in this year's Scorecard is:
- 21st overall,
- 23rd for legal and policy, and
- 11th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Russia has the following rankings:
- 19th for data privacy
- 21st for security
- 20th for cybercrime
- 19th for intellectual property rights
- 21st for standards and international harmonization
- 24th for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 22. China - Score: 43.71 | Change from 2016 - Rank: +1

The continued promotion of indigenous development policies that discriminate against foreign technology companies continue to hinder China’s cloud computing readiness progress.

China does not follow international models in key areas that are relevant to cloud computing. For example, the privacy and security provisions in the 2015 National Security Law and 2016 Cybersecurity Law are controversial and have been the subject of extensive international debate. Key concerns include data localization mandates, extensive and duplicative tests, audits, and certifications. These concerns are exacerbated by pending and/or unclear implementing guidelines.

China achieved the lowest results from all countries in the areas of international standards and it also scored very poorly in the section on free trade promotion. China imposes a range of onerous local certification and accreditation requirements that are in addition to (and often inconsistent with) international cybersecurity standards and general IT standards. China also imposes local testing requirements for cybersecurity products.

Extensive regulation of Internet content, including mandatory Internet filtering and censorship, remains a key issue in China.

China’s poor results in relation to laws and regulation were partly offset by strong progress in IT infrastructure, which explains the slight improving in its ranking — from 23rd place to 22nd place.

The rank for China in this year's Scorecard is:
- 22nd overall,
- 22nd for legal and policy, and
- 15th for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness China has the following rankings:
- 21st for data privacy
- 17th for security
- 23rd for cybercrime
- 13th for intellectual property rights
- 24th for standards and international harmonization
- 21st for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 23. Indonesia - Score: 40.67 | Change from 2016 - Rank: -3

Indonesia continues to update and reform laws and regulations in the information technology (IT) sector, and the result is not always positive for cloud computing.

Regulations impose significant barriers for cloud service providers, including requirements for providers to register their services with a central authority and rules that force some providers to establish local data centers and hire local staff.

Copyright law in Indonesia is now mostly aligned with international models. However, several key aspects of the new law await more-detailed regulations before they can be implemented. In addition, improvements could be made in the areas of enforcement and safe harbor protection for intermediaries.

A gap in Indonesian regulatory environment exists in the areas of interoperability, free trade, and government procurement, negatively affecting cloud computing.

The Indonesian Broadband Plan was finalized in December 2013 and implementation began in 2014 with the objective to increase “meaningful” broadband penetration. However, information on implementation of the plan is limited.

Overall, Indonesia fell three places in the Scorecard rankings (from 20th to 23rd), as the country’s rank was overtaken by others.

The rank for Indonesia in this year's Scorecard is:
- 23rd overall,
- 21st for legal and policy, and
- 23rd for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Indonesia has the following rankings:
- 22nd for data privacy
- 18th for security
- 15th for cybercrime
- 16th for intellectual property rights
- 23rd for standards and international harmonization
- 22nd for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

2018 Rank 24. Vietnam - Score: 36.36 | Change from 2016 - Rank: same

Vietnam continues to work on the development relevant cyberlaws that could enhance confidence in the digital economy and facilitate cloud computing. However, gaps still exist in key areas.

Vietnam has laws and regulations in place for electronic commerce and electronic signatures. However, only very limited laws are in place for cybercrime and Vietnam has not developed a national cybersecurity strategy yet.

Vietnam’s privacy laws are not comprehensive, but a patchwork of sectoral provisions provide some protection.

Vietnam continues to impose severe censorship and restrictions on Internet content. An additional risk is that Vietnam has not yet developed appropriate laws and policies on interoperability and government procurement. Also, some trade barriers may hamper the development of cloud computing and the digital economy.

There is also a gap in intellectual property protection and enforcement in Vietnam. Broadband penetration in Vietnam remains low, although there has been strong growth in a number of key infrastructure indicators in recent years.

Due to the many legal and policy gaps existing in Vietnam, as well as the poor performance in IT readiness and broadband development, the country has remained entrenched in last place — 24th — since the Scorecard was first launched.

The rank for Vietnam in this year's Scorecard is:
- 24th overall,
- 24th for legal and policy, and
- 22nd for IT readiness and broadband deployment.

Within legal and policy themes for cloud readiness Vietnam has the following rankings:
- 18th for data privacy
- 24th for security
- 23rd for cybercrime
- 21st for intellectual property rights
- 16th for standards and international harmonization
- 23rd for promoting free trade

View the Country Report (PDF) »


[ Galexia Dots ]

8. Themes and Criteria (updated for the 2018 Scorecard)

The BSA Global Cloud Computing Scorecard examines the legal and regulatory framework of 24 countries around the world, identifying 72 criteria that are relevant to determining readiness for cloud computing. The questions are categorized under the 8 policy themes, and are generally framed so as to be answerable by “yes” or “no.” The answers are also color coded:

[YES] Indicates a positive assessment, which is generally considered to be an encouraging step toward the establishment of a favorable legal and regulatory environment for cloud computing.
[NO] Indicates a negative assessment and the presence of a potential barrier to the establishment of a favorable legal and regulatory environment for cloud computing.
[PARTIAL] Indicates that the assessment is positive in part, although some gaps or inconsistencies may exist that require further remedial work.
Indicates a fact-finding question on relevant issues.

The Scorecard aims to provide a platform for discussion between policymakers and providers of cloud offerings, with a view toward developing an internationally harmonized regime of laws and regulations relevant to cloud computing. It is a tool that can help policymakers conduct a constructive self-evaluation, and determine the next steps that need to be taken to help advance the growth of global cloud computing.

Responses for the infrastructure portion of the Scorecard are color coded based on the scale below. That is, the “highest” answer to a particular question (e.g., the largest population or highest number of Internet users) is indicated in bright green, and the color for other responses graduates down to the lowest response in red.

Q

Theme / Criteria

Checklist response

1.

DATA PRIVACY

1.1.

Is a data protection law or regulation in place? 

YES | NO | PARTIAL | DRAFT

1.2.

What is the scope and coverage of the data protection law or regulation?

INFORMATION GATHERING
- Comprehensive
- Sectoral
- Not applicable

1.3.

Is a data protection authority in place? 

YES | NO | PARTIAL

1.4.

What is the nature of the data protection authority?

INFORMATION GATHERING
- Collegial body
- Sole commissioner
- Other government official
- Not applicable

1.5.

Is the data protection authority enforcing the data protection law or regulation in an effective and transparent manner? 

YES | NO | PARTIAL

1.6.

Is the data protection law or regulation compatible with globally recognized frameworks that facilitate international data transfers?

INFORMATION GATHERING
- APEC framework
- EU framework
- APEC framework & EU framework
- Not applicable

1.7.

Are data controllers free from registration requirements? 

YES | NO | PARTIAL

1.8.

Are there cross border data transfer requirements in place?

INFORMATION GATHERING
- No requirements
- Brief requirements
- Detailed requirements

1.9.

Are cross border data transfers free from arbitrary, unjustifiable or disproportionate restrictions, such as national or sector-specific data or server localization requirements? 

YES | NO | PARTIAL

1.10.

Is there a personal data breach notification law or regulation? 

YES | NO | PARTIAL | DRAFT

1.11.

Are personal data breach notification requirements transparent, risk-based and not overly prescriptive? 

YES | NO | PARTIAL

1.12.

Is an independent private right of action available for breaches of data privacy? 

YES | NO | PARTIAL | DRAFT

2.

SECURITY

2.1.

Is there a national cybersecurity strategy in place? 

YES | NO | PARTIAL | DRAFT

2.2.

Is the national cybersecurity strategy current, comprehensive and inclusive? 

YES | NO | PARTIAL

2.3.

Are there laws or appropriate guidance containing general security requirements for cloud service providers? 

YES | NO | PARTIAL | DRAFT

2.4.

Are laws or guidance on security requirements transparent, risk-based and not overly prescriptive? 

YES | NO | PARTIAL

2.5.

Are there laws or appropriate guidance containing specific security audit requirements for cloud service providers that take account of international practice? 

YES | NO | PARTIAL | DRAFT

2.6.

Are international security standards, certification and testing recognized as meeting local requirements? 

YES | NO | PARTIAL

3.

CYBERCRIME

3.1.

Are cybercrime laws or regulations in place? 

YES | NO | PARTIAL | DRAFT

3.2.

Are cybercrime laws or regulations consistent with the Budapest Convention on Cybercrime? 

YES | NO | PARTIAL

3.3.

Do local laws and policies on law enforcement access to data avoid technology specific mandates or other barriers to the supply of security products and services? 

YES | NO | PARTIAL

3.4.

Are arrangements in place for the cross border exchange of data for law enforcement purposes that are transparent and fair? 

YES | NO | PARTIAL

4.

INTELLECTUAL PROPERTY RIGHTS

4.1.

Are copyright laws or regulations in place that are consistent with international standards to protect cloud service providers?

YES | NO | PARTIAL | DRAFT

4.2.

Are copyright laws or regulations effectively enforced and implemented?

YES | NO | PARTIAL

4.3.

Is there clear legal protection against misappropriation of trade secrets? 

YES | NO | PARTIAL | DRAFT

4.4.

Is the law or regulation on trade secrets effectively enforced? 

YES | NO | PARTIAL

4.5.

Is there clear legal protection against the circumvention of Technological Protection Measures? 

YES | NO | PARTIAL | DRAFT

4.6.

Are laws or regulations on the circumvention of Technological Protection Measures effectively enforced? 

YES | NO | PARTIAL

4.7.

Are there clear legal protections in place for software implemented inventions? 

YES | NO | PARTIAL | DRAFT

4.8.

Are laws or regulations on the protection of software implemented inventions effectively implemented? 

YES | NO | PARTIAL

5.

STANDARDS AND INTERNATIONAL HARMONIZATION

5.1.

Is there a regulatory body responsible for standards development for the country? 

YES | NO | PARTIAL

5.2.

Are international standards favored over domestic standards? 

YES | NO | PARTIAL

5.3.

Does the government participate in international standards setting process? 

YES | NO | PARTIAL

5.4.

Are e-commerce laws or regulations in place? 

YES | NO | PARTIAL | DRAFT

5.5.

What international instruments are the e-commerce laws or regulations based on?

INFORMATION GATHERING
- UNCITRAL Model Law on E-Commerce
- UN Convention on E-Contracting
- Other
- Not applicable

5.6.

Is there a law or regulation that gives electronic signatures clear legal weight? 

YES | NO | PARTIAL | DRAFT

5.7.

Are cloud service providers free from mandatory filtering or censoring? 

YES | NO | PARTIAL

6.

PROMOTING FREE TRADE

6.1.

Is a national strategy or platform in place to promote the development of cloud services and products? 

YES | NO | PARTIAL

6.2.

Are there any laws or policies in place that implement technology neutrality in government? 

YES | NO | PARTIAL

6.3.

Are cloud computing services able to operate free from laws or policies that either mandate or give preference to the use of certain products services, standards or technologies? 

YES | NO | PARTIAL

6.4.

Are cloud computing services able to operate free from laws, procurement policies or licensing rules that discriminate based on the nationality of the vendor, developer or service provider? 

YES | NO | PARTIAL

6.5.

Has the country signed and implemented international agreements that ensure the procurement of cloud services is free from discrimination? 

YES | NO | PARTIAL

6.6.

Are services delivered by cloud providers free from tariffs and other trade barriers? 

YES | NO | PARTIAL

6.7.

Are cloud computing services able to operate free from laws or policies that impose data localization requirements? 

YES | NO | PARTIAL

7.

IT READINESS AND BROADBAND INFRASTRUCTURE

7.1.

Is there a National Broadband Plan?

Summary text

7.2.

Is the National Broadband Plan being effectively implemented? 

YES | NO | PARTIAL

7.3.

Are there laws or policies that regulate "net neutrality"?

INFORMATION GATHERING
- Extensive regulation
- Limited regulation
- Regulation under consideration
- No regulation

7.4.

Base Indicators

7.4.1.

Population (millions) (2015)
- Total for all countries in this scorecard: 4,700 million

Number

7.4.2.

Urban Population (%) (2015)
- Average for all countries in this scorecard: 73%

Percentage

7.4.3.

Number of Households (millions) (2015)
- Total for all countries in this scorecard: 1,249 million

Number

7.4.4.

Population Density (people per square km) (2015)
- Average for all countries in this scorecard: 471

Number

7.4.5.

Per Capita GDP (US$ 2015)
- Average for all countries in this scorecard: US$ 22,649

Number

7.4.6.

ICT Service Exports (billions of US$) (2015)
- Total for all countries in this scorecard: US$ 978 billion

Number

7.4.7.

Personal Computers (% of households) (2015)
- Average for all countries in this scorecard: 63%

Percentage

7.5.

IT and Network Readiness Indicators

7.5.1.

ITU ICT Development Index (IDI) (2016)
(Score is out of 10 and covers 175 countries)
- Average for all countries in this scorecard: 6.58

Score

7.5.2.

World Economic Forum Networked Readiness Index (NRI) (2016)
(score is out of 7 and covers 139 countries)
- Average for all countries in this scorecard: 4.77

Score

7.6.

Internet Users and International Bandwidth

7.6.1.

Internet Users (millions) (2015)
- Total for all countries in this scorecard: 2,330 million

Number

7.6.2.

Internet Users (& of population) (2015)
- Average for all countries in this scorecard: 67%

Percentage

7.6.3.

International Internet Bandwidth (2015) (total gigabits per second (Gbps) per country)
- Total for all countries in this scorecard: 117,736 Gbps

Number

7.6.4.

International Internet Bandwidth (bits per second (bps) per internet user) (2015)
- Average for all countries in this scorecard: 97,747 bps

Number

7.7.

Fixed Broadband

7.7.1.

Fixed Broadband Subscriptions (millions) (2015)
- Total for all countries in this scorecard: 697 million

Number

7.7.2.

Fixed Broadband Subscriptions (% of households) (2015) 
- Average for all countries in this scorecard: 63%

Percentage

7.7.3.

Fixed Broadband Subscriptions (% of population) (2015) 
- Average for all countries in this scorecard: 21%

Percentage

7.7.4.

Fixed Broadband Subscriptions (% of Internet users) (2015) 
- Average for all countries in this scorecard: 29%

Percentage

7.7.5.

Average Broadband Data Connection Speed (Q1 2017) (total megabits per second (Mbps) per country)
- Average for all countries in this scorecard: 12 Mbps
- Average peak for all countries in this scorecard: 70 Mbps

Number

7.8.

Fiber-to-the-home/building (FttX)

7.8.1.

Fiber-to-the-home/building (FttX) Internet Subscriptions (millions) (2015)
- Total for all countries in this scorecard: 258 million

Number

7.8.2.

Proportion of Fiber-to-the-home/building (FttX) Internet Subscriptions (% of households) (2015) 
- Average for all countries in this scorecard: 18%

Percentage

7.8.3.

Proportion of Fiber-to-the-home/building (FttX) Internet Subscriptions (% of fixed broadband subscriptions) (2015) 
- Average for all countries in this scorecard: 23%

Percentage

7.9.

Mobile Broadband

7.9.1.

Mobile Cellular Subscriptions (millions) (2015)
- Total for all countries in this scorecard: 4,823 million

Number

7.9.2.

Number of Active Mobile Broadband Subscriptions (millions) (2015)
- Total for all countries in this scorecard: 2,506 million

Number

7.9.3.

Active Mobile Broadband Subscriptions (% of population) (2015) 
- Average for all countries in this scorecard: 77%

Number

7.9.4.

Average Mobile Data Connection Speed (Q1 2017) (total megabits per second (Mbps) per country)
- Average for all countries in this scorecard: 11 Mbps

Number


[ Galexia Dots ]

9. Scoring Methodology (updated for the 2018 Scorecard)

The Scorecard is derived from the 24 Country Summaries (including historic scores and ranks), which are available online at www.bsa.org/cloudscorecard. Using these results, a weighted score has been allocated to a selection of key questions. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing. Each individual question is also weighted to reflect its importance within each group. The weights are shown in the following table:

#

Theme / Question

Weight

Value out of 100

A

DATA PRIVACY

12.5%

12.5

1.1.

Is a data protection law or regulation in place? 

30%

3.75

1.5.

Is the data protection authority enforcing the data protection law or regulation in an effective and transparent manner? 

20%

2.5

1.6.

Is the data protection law or regulation compatible with globally recognized frameworks that facilitate international data transfers?

10%

1.25

1.7.

Are data controllers free from registration requirements? 

10%

1.25

1.9.

Are cross border data transfers free from arbitrary, unjustifiable or disproportionate restrictions, such as national or sector-specific data or server localization requirements? 

10%

1.25

1.10.

Is there a personal data breach notification law or regulation? 

10%

1.25

1.11.

Are personal data breach notification requirements transparent, risk-based and not overly prescriptive? 

10%

1.25

B

SECURITY

12.5%

12.5

2.1.

Is there a national cybersecurity strategy in place? 

20%

2.5

2.2.

Is the national cybersecurity strategy current, comprehensive and inclusive? 

20%

2.5

2.3.

Are there laws or appropriate guidance containing general security requirements for cloud service providers? 

10%

1.25

2.4.

Are laws or guidance on security requirements transparent, risk-based and not overly prescriptive? 

20%

2.5

2.5.

Are there laws or appropriate guidance containing specific security audit requirements for cloud service providers that take account of international practice? 

10%

1.25

2.6.

Are international security standards, certification and testing recognized as meeting local requirements? 

20%

2.5

C

CYBERCRIME

12.5%

12.5

3.1.

Are cybercrime laws or regulations in place? 

40%

5

3.2.

Are cybercrime laws or regulations consistent with the Budapest Convention on Cybercrime? 

20%

2.5

3.3.

Do local laws and policies on law enforcement access to data avoid technology specific mandates or other barriers to the supply of security products and services? 

20%

2.5

3.4.

Are arrangements in place for the cross border exchange of data for law enforcement purposes that are transparent and fair? 

20%

2.5

D

INTELLECTUAL PROPERTY RIGHTS

12.5%

12.5

4.1.

Are copyright laws or regulations in place that are consistent with international standards to protect cloud service providers?

20%

2.5

4.2.

Are copyright laws or regulations effectively enforced and implemented?

20%

2.5

4.3.

Is there clear legal protection against misappropriation of trade secrets? 

10%

1.25

4.4.

Is the law or regulation on trade secrets effectively enforced? 

10%

1.25

4.5.

Is there clear legal protection against the circumvention of Technological Protection Measures? 

10%

1.25

4.6.

Are laws or regulations on the circumvention of Technological Protection Measures effectively enforced? 

10%

1.25

4.7.

Are there clear legal protections in place for software implemented inventions? 

10%

1.25

4.8.

Are laws or regulations on the protection of software implemented inventions effectively implemented? 

10%

1.25

E

STANDARDS AND INTERNATIONAL HARMONIZATION

12.5%

12.5

5.1.

Is there a regulatory body responsible for standards development for the country? 

10%

1.25

5.2.

Are international standards favored over domestic standards? 

20%

2.5

5.3.

Does the government participate in international standards setting process? 

10%

1.25

5.4.

Are e-commerce laws or regulations in place? 

30%

3.75

5.6.

Is there a law or regulation that gives electronic signatures clear legal weight? 

10%

1.25

5.7.

Are cloud service providers free from mandatory filtering or censoring? 

20%

2.5

F

PROMOTING FREE TRADE

12.5%

5

6.1.

Is a national strategy or platform in place to promote the development of cloud services and products? 

20%

2.5

6.2.

Are there any laws or policies in place that implement technology neutrality in government? 

10%

1.25

6.3.

Are cloud computing services able to operate free from laws or policies that either mandate or give preference to the use of certain products services, standards or technologies? 

20%

2.5

6.4.

Are cloud computing services able to operate free from laws, procurement policies or licensing rules that discriminate based on the nationality of the vendor, developer or service provider? 

20%

2.5

6.5.

Has the country signed and implemented international agreements that ensure the procurement of cloud services is free from discrimination? 

10%

1.25

6.6.

Are services delivered by cloud providers free from tariffs and other trade barriers? 

10%

1.25

6.7.

Are cloud computing services able to operate free from laws or policies that impose data localization requirements? 

10%

1.25

G

IT READINESS AND BROADBAND INFRASTRUCTURE

25%

25

7.1.

Is there a National Broadband Plan?

10%

2.5

7.2.

Is the National Broadband Plan being effectively implemented? 

10%

2.5

7.4.7.

Personal Computers (% of households) (2015)
- Average for all countries in this scorecard: 63%

5%

1.25

7.5.1.

ITU ICT Development Index (IDI) (2016)
(Score is out of 10 and covers 175 countries)
- Average for all countries in this scorecard: 6.58

20%

5

7.5.2.

World Economic Forum Networked Readiness Index (NRI) (2016)
(score is out of 7 and covers 139 countries)
- Average for all countries in this scorecard: 4.77

20%

5

7.6.2.

Internet Users (& of population) (2015)
- Average for all countries in this scorecard: 67%

5%

1.25

7.6.3.

International Internet Bandwidth (2015) (total gigabits per second (Gbps) per country)
- Total for all countries in this scorecard: 117,736 Gbps

5%

1.25

7.6.4.

International Internet Bandwidth (bits per second (bps) per internet user) (2015)
- Average for all countries in this scorecard: 97,747 bps

5%

1.25

7.7.5.

Average Broadband Data Connection Speed (Q1 2017) (total megabits per second (Mbps) per country)
- Average for all countries in this scorecard: 12 Mbps
- Average peak for all countries in this scorecard: 70 Mbps

5%

1.25

7.8.3.

Proportion of Fiber-to-the-home/building (FttX) Internet Subscriptions (% of fixed broadband subscriptions) (2015) 
- Average for all countries in this scorecard: 23%

5%

1.25

7.9.3.

Active Mobile Broadband Subscriptions (% of population) (2015) 
- Average for all countries in this scorecard: 77%

5%

1.25

7.9.4.

Average Mobile Data Connection Speed (Q1 2017) (total megabits per second (Mbps) per country)
- Average for all countries in this scorecard: 11 Mbps

5%

1.25


[ Galexia Dots ]

10. External links (view all BSA scorecards and dashboards developed by Galexia)



[ Galexia Dots ]


Related Galexia services and solutions

Related BSA reports developed by Galexia (external links)

Related Galexia news about BSA


[ Galexia Dots ]

[1] Predictions 2018: Cloud Computing Accelerates Enterprise Transformation Everywhere, Forrester (Nov. 7, 2017), available at: https://www.forrester.com/report/Predictions+2018+Cloud+Computing+Accelerates+Enterprise+Transformation+Everywhere/-/E-RES139611

[2] The Changing Faces of the Cloud: Technology Companies Are Adapting to Sell Cloud to the Growing Number of More-Mainstream Buyers, Bain & Company, Mark Brinda and Michael Heric (2017), available at: http://www.bain.com/Images/BAIN_BRIEF_The_Changing_Faces_of_ the_Cloud.pdf

[3] Oleg Kouzbit, Report: Russian Cloud Market to Top $460 Million by 2015 (September 25, 2012), available at: http://www.ewdn.com/2012/09/25/report-russian-cloud-market-to-top-460-million-by-2016

[4] IDC, Russia Cloud Services Market 2016-2020 Forecast and 2015 Vendor Shares, (September 2016), available at: https://www.idc.com/getdoc.jsp?containerId=CEMA40565616; Forbes, Roundup of Cloud Computing Forecasts, 2017, (April 29, 2017), available at: https://www.forbes.com/sites/louiscolumbus/2017/04/29/roundup-of-cloud-computing-forecasts-2017/#144a9d7f31e8

[title page] [full contents]

[full document] [download PDF version]

[up to research]

 

Search for:

HERE

PrintVersionprint this page

Sitemapsitemap

Subcribe to RSS newsrss news feed

Manage email subscriptionsmanage email subscriptions

Latest News

September 2019
Register of Public Galexia PIAs. Read more »

September 2019
Updates to Galexia Website. Read more »

September 2019
PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia’s PIA on the proposed Data Sharing and Release legislative framework. Read more »

August 2019
Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS. Read more »

June 2019
Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register. Read more »

view all news items »

[Home] [Sitemap] [Print this page] [Privacy statement]

© Galexia Pty Ltd
Telephone: +61 (02) 9660 1111
Email: [email protected]