Advocate for Enterprise.

Trust in cloud computing, and strong data privacy protections, are critical to the success of our companies’ business models.

We urge Congress to pass strong federal privacy legislation that: outlines specific rights and protections granted to users under a national standard, clearly delineates the responsibilities of companies (including distinguishing between data controllers and data processors), is risk-based in order to accommodate smaller businesses and transitions from the notice and consent-based model to one recognizing that many businesses (B2B) may process data while having no direct relationship with consumers, and thus have limited opportunities to engage with a consumer or gain explicit end user consent.

Strong U.S. privacy legislation is important for building and maintaining trust and must feature interoperability with other global data standards. U.S. leadership on privacy protections, specifically through strong federal legislation, is more important than ever as we fight against data localization rules that hurt the competitiveness of American companies across the globe.

Businesses cannot operate in the cloud if they do not have confidence in the confidentiality, integrity, and availability of their data. We support policies that enable and encourage strong, risk-based cybersecurity.

As cloud-based companies, our services are trusted by our enterprise customers, some of whom are the largest enterprises and government agencies in the world. Our customers choose cloud services like ours in part due to the unique cybersecurity advantages that are offered over on-premise or legacy hardware solutions.

As U.S. based companies that serve a global customer base, we have a unique perspective on the importance of the global interoperability of cybersecurity standards, both in ensuring market access and data security. This includes global standards on cybersecurity risk management, vulnerability disclosures, certification standards and the technical importance of encryption on infrastructure.

The free flow of data is fundamental to the growth and operations of cloud-computing businesses. We will work to influence national policies and trade agreements to enable data to flow freely across the globe.

Cloud computing is a unique technological innovation aimed at global availability of services, and our member companies support trade agreements that include strong digital trade chapters to ensure that consumers benefit from our services through the free flow of data.

Our companies also recognize that some data localization or data privacy requirements can be used to disadvantage new market entrants at the expense of incumbents or larger, more established enterprises. Therefore, we will consistently support policies that promote the free flow of data, allowing companies of all sizes to compete around the world.

As AI technologies are nascent, we will work to ensure that regulations both promote AI’s growth and consider how AI is applied in the enterprise context. Additionally, the ECC believes that industry has a responsibility to ensure that all intelligent systems be built in an ethical way to respect privacy and mitigate bias.

Our successful business models have depended on offering innovative technology balanced by important privacy and cybersecurity considerations. This makes us uniquely positioned to comment on the important ethical and consumer protection considerations that arise in the development of new technologies.

Like other emerging technologies, U.S. leadership in the nascent AI field requires a regulatory approach and concerted industry involvement to both identify and address ethical concerns while ensuring that customers can harness the economic benefits that are offered by innovations in the field.

Given that AI tools and technologies rely on data, we believe that strong privacy protections are essential to AI innovation. Consumers need to be sure their data will be used in a manner that matches their expectations, and ECC members look forward to engaging in public-private collaboration on setting appropriate AI standards.

The Federal Government spends more than $100 billion on IT and cyber-related investments every year. However, approximately 80 percent of this spending is focused on operations and maintenance of existing IT investments, including legacy IT systems. [see GAO-21-524T] These systems face significant security and operational failure risks – and they often fail to deliver a modern, efficient customer experience for Americans. The Federal Government has taken significant steps over the last five years to accelerate the transition to Cloud services, including releasing the Cloud Smart Strategy. Cloud spending in the federal market has doubled over the last few years (from $6.3 billion in FY2019 to $13 billion in FY2022), but there is still significant potential as this transition accelerates.

As U.S.-based cloud services companies, we have seen the application of our business model in the commercial market and the resulting benefits of adopting multi-cloud solutions. There are significant benefits to adopting these solutions, including cost savings, scalability, security, customer experience, and innovation. These benefits can be put at risk if the Federal Government builds their own solutions versus buying commercial solutions. Further, coding their own enterprise software can duplicate what is already available in the commercial marketplace. The Federal Government’s transition to cloud-based solutions must continue and accelerate to realize the cost savings and modernization benefits of these solutions and to ensure Americans receive effective and secure services from their government.

Digital identity tools are critical to the growth and success of our digital economy. Digital identity tools also improve cross-cutting technology policy benefits from privacy to zero trust cybersecurity. Effective workforce identity tools are also vital to ensure safe connections to work applications. Customer identity tools are also critical to delivering government services – whether it is verifying the identity of a taxpayer, or recipient of unemployment insurance or retirement benefits. The commercial market provides options for government buyers that make government-built tools unnecessary. As U.S.-based cloud services companies, our business models rely on deploying effective and secure digital identity tools. As the Federal Government considers, purchases, and deploys digital identity tools, it will be critical to ensure such tools are technology and vendor neutral, interoperable and requirements are developed in a standards-based manner.