Cloud computing is the transmission of computer services such as servers, storage, databases, networking, software, analytics, and intelligence over the Internet (hence referred to as “the cloud”) to provide flexible resources, speedier innovation, and economies of scale. More effectively, this will allow us to expand as our company evolves. [1] Users can use cloud computing to work with data located on remote networks after granting access. The backend cloud storage, applications, and services housed in server farms or cloud farms throughout the globe are connected to the client-side front-end infrastructure, which consists of laptops and desktop computers. The cloud has become the go-to service paradigm for essential and non-critical applications because of high-speed Internet connectivity and data storage and retrieval technology advancements.


The telecommunications, information and technology (TMT) industry is growing rapidly due to the increasing demand for technology-driven products and services. Despite the impact of COVID-19, the TMT industry in India continues to grow. Changes in the legal and regulatory framework, including new regulations on cloud computing, have been observed in various TMT sectors. The rise of remote work and online activities has led to a sharp rise in the demand for cloud services. Investments in security software, cloud-based solutions, and virtual private networks (VPNs) are essential to the growth of the TMT business. Currently, laws do not specifically regulate cloud services in India; foreign cloud service providers can operate in the country without the need to obtain local licenses or set up local companies. Restrictions or prerequisites for foreign funding mean no investment in cloud business in India.


Although the cloud services market lacks regulation, the Telecom Regulatory Authority of India (TRAI) has proposed forming a non-profit industry association to oversee Cloud Service Providers (CSPs) with a light-touch regulatory approach. To address concerns about foreign corporations accessing Indian data, TRAI recommends establishing local data centres, content delivery networks, and independent interconnect exchanges in India for better control over data exchange. [2] The Information Technology Act of 2000 (IT Act) and subsequent updates govern cloud security in India, requiring organisations to follow security policies to protect sensitive data under Section 43A[3] and prohibiting the sharing of personal information without consent under Section 72A.[4]

The Personal Data Protection Bill, 2019[5] (PDP Bill) aims to regulate personal data processing, emphasising data minimisation, purpose limitation, and accountability to protect data stored in the cloud. Reserve Bank of India (RBI) guidelines on outsourcing financial services also apply to cloud service providers, ensuring data sovereignty, audit trails, and compliance with data localisation regulations. Sector-specific requirements like HIPAA and PCI DSS may also apply to organisations using cloud services in healthcare or banking. India’s Cyber Security Strategy for 2020 aims to enhance cybersecurity measures, protect vital infrastructure, and raise awareness to mitigate risks associated with cloud computing.


Government agencies like RBI, SEBI, and IRDA regulate various sectors in India, such as banking, insurance, and capital markets. They practised the impact of cloud computing in their fields. SEBI, according to a report from MEITY, notes the interest of financial institutions in cloud solutions for governance, risk and compliance. However, according to the ministry, shared cloud infrastructure poses a risk to data security as it can cross legal boundaries.


Cloud computing offers many benefits, such as improved collaboration, accessibility, mobility, and increased storage capacity. However, there are obstacles, such as 

(I) Data Privacy Protection and security:

Privacy in the cloud can be a huge hurdle. Cloud service providers must have security measures in place (contractual requirements, security policies, organisational SOPs, etc.) to ensure that data is appropriately shared and secured, as they are often data users. However, the more valuable the data, the more vulnerable it is to unauthorised access attempts and cyberattacks.


APIs in cloud services allow users to customise their experience but also pose security risks. They enable customisation and provide encryption, access, and authentication, further simplifying data storage. Despite the benefits, they give hackers more opportunities. Cloud computing regulations lack precise regulation, creating governance gaps. TRAI has proposed “light touch” rules for 2017 and 2019, as well as proposed industry standards, model SLAs, and dispute resolution mechanisms. TRAI recommended that a not-for-profit group review the regulatory framework for cloud service providers targeting comprehensive governance by 2020. By granting them permission, the users can use cloud computing to process data over remote networks globally, as well as server farms or backends deployed in the cloud in various farms. Cloud storage, applications and services are connected to client-side front-end infrastructure, including laptops and desktop computers. The cloud has become the go-to service paradigm for essential and non-critical applications because of high-speed Internet connectivity and data storage and retrieval technology advancements.

[1] Ezadeen, S., & Alwattar, A. H. (2022). Survey of Blowfish Algorithm for Cloud. Technium.

[2] Shri. Asit Kadayan, October 23, 2019, Telecom Regulatory Authority of India

[3] Section 43A of the Act

[4] Section 72A of the Act 

[5] M Jashim Ali Chowdhury, Judicial Review of “Internal Parliamentary Proceedings”: The Dialogic and Non-dialogic Approaches – Comparative Constitutional Law and Administrative Law Journal, Vol 6, No 1 (2021) pp 28-57


M Shanthish Kumar, 5th year B.A, LL. B(Hons.), Veltech School of Law, Chennai


Leave A Reply