Ofcom, the UK telecoms regulator, is part-way through a significant assessment of the UK's cloud computing market. Any direct regulatory action appears to be a way off, but Ofcom's Interim Report from April sets a direction of travel – and its early-stage suggestions bear interesting similarities with the approach the EU is taking.
Providers of cloud infrastructure services, intermediary PaaS and SaaS providers, and buyers of cloud services will be keeping a weather eye on developments in this area, as any regulatory or legislative intervention will have important consequences for the market for cloud services in the UK.
1. Intro: Ofcom's Cloud Market Study
Ofcom launched its cloud market study in September 2022 and is due to publish its final report in October 2023. The high-level objective of the market study is to assess whether the UK market for cloud services is working well and whether any regulatory action is required.
In April 2023 Ofcom published a substantial (222-page) Interim Report1, setting out its preliminary findings: while there is "some evidence of active competition in cloud infrastructure, especially where providers are competing to attract new customers", Ofcom's "provisional view" is that "competition is being limited by market features that make it more difficult for customers to switch and use multiple suppliers".2
The Interim Report highlights three specific concerns in the cloud services market:
- Data egress fees – charges customers pay to transfer their data out of one provider's cloud ecosystem. Ofcom notes that egress fees are significantly higher for the 'hyperscalers' (the three largest IaaS providers) and may discourage customers from switching provider or engaging more than one provider.
- Technical restrictions on interoperability – which can make it harder for the services of one provider to work properly with those of another.
- Committed spend discounts – which can incentivise customers to procure all their cloud services from a single provider and discourage them from using rival providers when new needs emerge.3
2. Market intervention: what's on the cards?
The Interim Report does not make any specific recommendations, but it does raise a number of potential interventions which it considers may be "provisionally credible and effective" and considers their "potential merits, risks and challenges".4 These interventions are summarised in the table below.
| Ofcom specific concern | Potential intervention |
| Data egress fees | Equalise egress fees with other charges (e.g. egress charges no higher than cost of internal data transfers within provider's cloud) |
| Price controls on egress fees (e.g. provider cannot charge higher than the "cost" price of data egress) | |
| Prevent providers from charging data egress fees altogether | |
| Technical restrictions on interoperability | Require providers to be more transparent about interoperability (e.g. require them to publish documentation on interoperability of their IaaS services) |
| Require providers to make their first-party services easier to interoperate with third-party services (e.g. require providers to unbundle particular services so they can be used on other platforms) | |
| Standardisation of cloud technologies (e.g. promoting adherence to standards on a voluntary basis / mandating standards) | |
| Committed spend discounts | Limiting or restricting committed spend discounts which induce customer loyalty and risk distorting competition |
The Initial Report also flags the challenges businesses have in predicting cloud spend and notes this as an area where intervention may be appropriate, if industry-led approaches to addressing this concern are insufficient.
3. International context: the EU Data Act
The market for cloud services is international, global even, and other jurisdictions have been pushing ahead with legislative agendas in this area for some time. Sensitive to this, Ofcom notes that "when considering potential interventions in the UK, we are cognisant of proposals elsewhere", "particularly in Europe".5
In this regard, there are clear points of comparison between Ofcom's mooted interventions (para 2 above) and the rules set out in the draft EU Data Act6 – a crucial piece of legislation which, if enacted in its current form, will have important consequences for cloud providers operating in Europe:
- Data egress fees – the draft EU Data Act envisages a 3-year phaseout of "data egress charges" and "switching charges" (i.e. charges imposed on a cloud services customer for switching from one provider to another).7
- Technical restrictions on interoperability – IaaS providers would be required to "take all measures in their power" to "facilitate" that a customer after switching to another IaaS provider "enjoys functional equivalence in the use of the destination service".8
- Committed spend discounts – no direct equivalents in the EU Data Act here, although the draft Act would require a cloud service provider's contract terms to include certain provisions relating to switching between providers and cloud to on-prem migrations.9
We have been following the passage of the draft EU Data Act through the EU's legislative process since it was proposed by the European Commission in February 2022. Please see our other articles and vlogs on the subject.10
4. What's next?
The next key step will be the conclusion of Ofcom's market study and the publication of its final report, which is due to happen by 5 October 2023. Alongside the Interim Report, Ofcom also gave notice of its proposal to make a market investigation reference ("MIR") to the Competition and Markets authority (the UK's competition regulator, the "CMA") for the cloud services market.11 Ofcom's final report will also contain a decision on whether Ofcom will make the MIR – if it does, a further period of scrutiny from the CMA will follow.
Footnotes
1. Ofcom, Cloud Services Market Study – Interim Report, 5 April 2023 https://tinyurl.com/ewv9w3e8
2. Interim Report, p. 1.
3. Interim Report, p. 2.
4. Interim Report, p. 200.
5. Interim Report, p. 200.
6. See March 2023 draft here: https://tinyurl.com/2s4429tx
7. See EU Data Act Art. 25.
8. See EU data Act Art. 26. There are also potentially groundbreaking proposals around cloud interoperability standards (see Chapter VIII).
9. See EU Data Act Art. 24.
10. (1) Chris Kemp, 'EU Data Act – implications for cloud providers', for LexisNexis, 15 June 2022 https://tinyurl.com/2vrn72yt; (2) Chris Kemp, 'EU Data Act: Cloud vendors weigh in', for IT Law Today (Vol 30, No. 7), 27 July 2022; (3) Chris Kemp, 'EU Data Act: questions for cloud vendors?', Kemp IT Law vlog, 10 January 2023 https://tinyurl.com/4burmr2h
11. See here: https://tinyurl.com/2juw2x4h
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
