TMT LawsRegulatory Challenges Faced By Cloud Computing Services

September 23, 20220


Cloud computing is the transmission of computer services—such as servers, storage, databases, networking, software, analytics, and intelligence—via the Internet (hereinafter referred to as “the cloud“) in order to provide flexible resources, faster innovation, and economies of scale. more effectively, and allowing us to grow as our company needs to evolve.

The users have enabled access and can work with the data stored on distant networks using cloud computing. The Client-side front-end infrastructure like laptops and desktops connect the backend cloud storage, applications, and services located in cloud farms or server farms around the world. Due to high-speed Internet access and developments in data storage and retrieval technologies, cloud computing has emerged as the preferred service model for both critical and non-critical applications.


The Telecom Media and Technology (hereinafter referred to as “TMT”) industry is one of the world’s fastest evolving, with increasing demand for technology-driven facilities, services, and comforts, as well as improved connections.

Despite Covid-19 and its consequences, India’s TMT industry has always seen positive advances. The significant dynamic changes were brought in the framework of rules and regulations in several sectors of the TMT industry, including the adoption of new cloud computing policies, legislation, and regulations.

The concept of Work from Home has progressed and commercial and formal activities have shifted online, thus, a rise in demand for cloud services, has emerged and is very crucial. As demand for communication equipment and telecom services rises, so will investment in security software to safeguard endpoints, cloud-based tools, Virtual Private Networks (hereinafter referred to as “VPN”), which will provide a significant boost to the TMT industry.

In India, there is currently no specific legislation governing the cloud services. Hence, for the for delivery of cloud services, no local licence is required. Cross-border cloud services are supplied in India. In order to sell cloud services in India, a foreign cloud service provider is not required to create a local firm, or obtain any operating licences, or hire any local personnel. There are no restrictions or foreign investment requirements for establishing cloud operations in India.

A locally established cloud service provider would be subject to corporate concerns, taxation, labour, and other legal compliances under Indian law. These licenses/compliances are related to the day-to-day operations of Indian enterprises rather than the supply of cloud services explicitly.


While the cloud services market is unregulated, the Telecom Regulatory Authority of India (hereinafter referred to as “TRAI”) has proposed the establishment of a non-profit industry group to govern Cloud Service Providers (CSPs) under a light-touch regulatory system. Recognizing the necessity for a regulatory framework controlling overseas companies’ access to Indian data, TRAI has advocated the establishment of local data centres, content delivery networks, and independent interconnect exchanges in India to maximise control over such data exchange.

However, The Information Technology Act, 2000 (hereinafter referred to as the “IT Act”) to regulates Cloud Computing Services. The penalty for breach of secrecy and privacy is outlined in Section 72 of the IT Act.

Furthermore, Section 80 of the IT Act empowers the police officer or other officer to search the computer data on linked systems and can also arrest the offender involved. The goal of cyber law is to guarantee that privacy is preserved and protected in the cloud. Companies should take measures to preserve and secure all data stored in the cloud and if the service provider fails to deliver the service while maintaining privacy, legal action should be taken against them.

The Information Technology (Procedures and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 empowers the Government to intercept and monitor or even decrypt Information generated, transmitted, received or stored in any computer source for the security purposes or enforcement of laws.

Progress in Regulated Sectors

Certain industries in India, such as banking, capital markets, and insurance, are regulated by Governmental Institutions. The banking industry is governed by the Reserve Bank of India (hereinafter referred to as “RBI”), the capital markets sector by the Securities and Exchange Board of India (hereinafter referred to as “SEBI”), and the insurance sector by the Insurance Regulatory and Development Authority of India (hereinafter referred to as “IRDA”). Each of these regulatory agencies has investigated the impact and utility of cloud computing in their respective industries.

The Ministry of Electronics and Information Technology of the Indian government (MEITY) has notified SEBI that financial sector institutions are adopting or considering employing cloud-based solutions to manage their governance, risk, and compliance in order to strengthen their cybersecurity. The ministry stated that while cloud-based solutions make doing business easier, they pose a significant risk to the financial sector’s health because data from institutions moves beyond India’s legal and jurisdictional boundaries due to the nature of shared cloud systems, posing a risk to data safety and security.

Furthermore, The IRDA vide IRDI/IT/GDC/MISC/082/04/2017 dated 07.04.2017 has issued Guidelines on Information and Cyber Security Insurers stating that the policy, procedures, and guidelines should be developed to provide direction for hosting the information and understanding its criticality, as well as the level of security controls to be implemented, whether on the cloud or any other external hosting infrastructure. In addition, the IRDA stated that electronic preservation of key corporate documents should be done in India. The IRDA also mandated encryption as an extra precaution for cloud data.


Cloud computing offers several benefits, like enhanced cooperation, superior accessibility, mobility, storage capacity, and so on. However, there are various challenges and risks associated with cloud computing. Some of them are enlisted here:

  • Data Privacy and Security: In a cloud setting, privacy can be a key barrier because cloud service providers are often data processors, it is critical that they have protections in place (contractual requirements, security measures, organisational SOPs, and so on) to guarantee that data has been legitimately shared with them and is secure. However,  the more valuable the data, the more likely it will be subjected to cyber-attacks and unauthorised access attempts.
  • Limited Visibility: When organisations transfer operations, workloads, and assets to the cloud, the duty for maintaining part of the systems and policies is transferred from within the company to the contractual Cloud Service Provider (CSP). As a result, some visibility into network operations, resource and service utilisation, and the cost are lost. Organizations must use extra technologies to monitor their cloud services consumption, such as cloud security configuration monitoring, network-based monitoring, and additional logging.
  • Insecure API’s: Application Programming Interfaces (API), allow consumers to personalise their cloud service experience. APIs, on the other hand, might pose a threat to cloud security owing to their very nature. They not only let businesses to tailor the features of their cloud service provider, but they also provide access, authentication, and encryption. As APIs improve to give greater service to consumers, their security risk on the data client’s storage increases. APIs give programmers the tools they need to interface their programmes with mission-critical applications. Despite the many advantages that technology provides, it also increases the user’s susceptibility. Because of these vulnerabilities, cybercriminals have additional options to exploit.

There have been several challenges regarding the regulation of cloud computing services, but in absence of specific legislation, there are loopholes in governance. The individual services are governed by the individual laws and it will be comprehensively governed after the development of a specific law for the purpose.

The TRAI issued a consultation paper on cloud computing in 2016. Following that, in 2017 and 2019, it provided recommendations on cloud services, suggesting ‘light touch’ rules. The TRAI’s suggestions include distinct industry bodies for cloud service providers, industry norms for Quality of Services parameters, model SLAs, a dispute resolution framework, invoicing criteria, and so on.

In September 2020, TRAI offered more proposals, including the establishment of a non-profit organisation to collaborate with TRAI or the Indian Government’s Department of Telecommunications to manage and implement a “light touch” regulatory framework for cloud service providers. Hence, the recommendations will lead to a comprehensive framework for the governance of cloud computing.


Open source cloud-based agile networks modify and balance loads based on the defined user experience. As these networks offer capacity and functions based on consumer requirements and goods, the cloud as a technology will be an intrinsic benefit to the ecosystem.

There are few legal requirements for establishing cloud computing. The service provider must protect the customer’s privacy, and privacy should be the primary concern of cloud computing. The cloud market is quickly expanding, and competition is developing on a daily basis.

The government should establish certain norms and regulations for cloud computing in India, which would assist businesses and multinational corporations in securing their data.

Team AMLEGALS, assisted by Ms. Devanshi Jain (Intern)

For any queries or feedback, please feel free to get in touch with or

Leave a Reply

Your email address will not be published. Required fields are marked *

Current day month ye@r *

© 2020-21 AMLEGALS Law Firm in Ahmedabad, Mumbai, Kolkata, New Delhi, Bengaluru for IBC, GST, Arbitration, Contract, Due Diligence, Corporate Laws, IPR, White Collar Crime, Litigation & Startup Advisory, Legal Advisory.


Disclaimer & Confirmation As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
    • there has been no advertisements, personal communication, solicitation, invitation or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
    • user wishes to gain more information about AMLEGALS and its attorneys for his/her own information and use;
  • the information about us is provided to the user on his/her specific request and any information obtained or materials downloaded from this website is completely at their own volition and any transmission, receipt or use of this site does not create any lawyer-client relationship; and that
  • We are not responsible for any reliance that a user places on such information and shall not be liable for any loss or damage caused due to any inaccuracy in or exclusion of any information, or its interpretation thereof.
However, the user is advised to confirm the veracity of the same from independent and expert sources.