cracked-lit-lightbulb

Regulating data centres and cloud service providers in Malaysia

Estimated reading time: 5 minutes

I’d written some time back about MCMC wanting to regulate the data centre (DC) players and cloud service providers (CSPs). The reasons put forward to regulate this fast-growing industry are good. However, the piece of regulation that they want to regulate the data centre and CSP industry with, does not make sense.

According to industry observers, CMA 1998 is known to already oversee and regulate network service providers. To adjust decades old regulation so it can cover previously excluded players in the communications value chain, is simply not enough.

MDCA – biding its time

Sorely lacking from all the news announcements about regulating data centres and CSPs, was any official announcement from MDCA. I’d mentioned before that MDCA is the Malaysian Data Centre Alliance, a collaboration of data centre and web hosting industry players that wanted to solve specific challenges in the industry. It was also seen to be more than just a special-interest group under PIKOM, the national ICT association of Malaysia and a chapter under Outsourcing Malaysia.

MDCA aimed to be a sustainable and professional entity as well as the voice of the industry especially when it came to regulation and policy issues that may impact the growth of the industry.

It was launched sometime in October 2013 and grew from 15 founding members to about 21 members. From then till a year before the pandemic happened, it was involved in sharing best practices, educational industry leadership, and facilitating business opportunities via trade missions, conferences and forums for member data centre players.

At that time, MDCA is a chapter of Outsourcing Malaysia (OM). OM itself is an initiative by PIKOM, the national ICT association, and the global business services (GBS) industry at large.

Membership to MDCA was open to all DC players and infrastructure management services providers, with the condition that they are OM members.

Cloud service providers (CSPs) were not included in MDCA’s scope of definition of member, at that time.

Revival

Steps to revive the Malaysian Data Centre Alliance had already begun at the start of 2021.

After about 5 years of conferences, trade missions, forums and knowledge-sharing events, MDCA activities had dwindled down to almost zero by 2018, despite there being an installed chairman and committee members.

A pro-tem MDCA chairman in the form of PIKOM’s secretary, Ong Chin Seong, shared that to keep up with the times, a new classification of membership – Digital Infrastructure Companies – has also been introduced to PIKOM.

Examples of companies under this classification include:

  1. Network Operations Centres (NOCs)
  2. Security Operations Centres (SOCs)
  3. Command Centres (as found in smart cities scenarios)

To date, many of the big name cloud service providers like Google, Microsoft, Huawei, and so on, have gone onboard and become PIKOM ordinary members as well. It is unclear under what classification that they have been accepted as PIKOM ordinary members.

Membership to the MDCA will also likely require membership to Outsourcing Malaysia, as a prerequisite.

MDCA 2.0 will look very different in terms of members it will accept. This revived MDCA’s scope of definition for members has yet to be finalised, and Cheah Kok Hoong, PIKOM advisor and OM chairman, assured that there are ongoing talks as well as surveys, to determine membership scope of definition and other matters.

Ultimately, MDCA’s membership requirement is being refined to be more inclusive and also reflective of the changes in the marketplace.

“There is no perfect timing and no perfect formula where we include everything. But we must have our main positioning, as well as what is proper. That is why we take this route after very careful consideration,” Kok Hoong said.

Ultimately, MDCA’s membership requirement is being refined to be more inclusive and also reflective of the changes in the marketplace.

The Industry perspective

Kok Hoong shared, “There needs to be proper industry consultation before any regulations be imposed. To consult the industry later is a bit too late. And I think that is what is happening now.”

In late June, PIKOM had been invited to a meeting with MCMC to clarify any queries they had. An FAQ document was also shared with meeting attendees. Currently, Chin Seong shared, “It does not give enough clarity int terms of the regulations that they want to impose.”

For example, there was no mention of data centre wholesalers or co-location players and the exact licensing fees that they need to pay – are they under the purview of MCMC regulation as well?

In late June, PIKOM had been invited to a meeting with MCMC to clarify any queries they had. An FAQ document was also shared with meeting attendees.

Chin Seong opined that this will impact Malaysia’s national digitalisation plan, affect competition, and have direct impact upon current FDI as well as future FDI.

The industry says

According to surveys PIKOM has done among its members, a majority say the industry does not need to be regulated, Seventy-five percent of respondents disagree to having any licensing imposed.

Rather, the survey indicated there should be emphasis on ensuring best practices and international standards for the industry, overall.

We want to reboot, rejuvenate and reposition MDCA by adding value, Kok Hoong had shared.

This requires all stakeholders involved to work together. Piecemeal consultations with individual players may mean personalised attention to each company, but this approach overlooks issues the industry faces as a whole.

At the moment engagement and consultation with the DC and CSP industry on the whole, is sorely missing.

IT BYTES BACK! says:

There was a reason DCs and CSPs were exempted from regulation the first time around. And this time, we have a national digitalisation plan, yes.

But that is no reason to hastily apply a poor-fitting regulation (that is acknowledged to be unsuitable to DC and cloud players because so little was understood about the industry at that time, btw) to an industry which has changed so much since then. It was not suitable then, and it would not miraculously be suitable now.

The legislation has to evolve too. And there has to be more engagement than ever before for this legislation to be comprehensive and effective.