Light touch regulation for cloud players... what about data centre players?

Is this the response the communications and multimedia ministry has for industry’s disagreement towards potential regulation and licensing? From some of the measures that are mentioned in the press release, it seems that the authorities are listening to what industry players have said, during a MDCA-OM-PIKOM-MDEC panel dialogue early this month.

The press release below is in Malay, so pardon the gaps in my understanding, but current burning questions include:

I see only mention of cloud services. What about data centres? Are things going to spiral down again due to unclear definitions?
Why is there assumption once again that regulations (light or not) is the answer to current data privacy and cybersecurity issues? Does the press release mean instead that the regulator will work hand in hand with industry to produce mechanisms and SOPs to ensure adherence to existing (international) best practices, standards, and compliances?
Why do the powers-that-be still insist on some kind of licensing scheme for regulation (light or not), to be able to work?
Who will ASP(C) apply to? Foreign cloud players operating in Malaysia? Smaller and local data centre players?
If the regulators are working with the industry (service providers) to create mechanisms and SOPs, why are they still asking (demanding) adherence to these mechanisms and SOPs?
I asked this already, and will ask again. What will be the fate of local data centre players?

-START-

Selaras dengan pelancaran MyDIGITAL, Kerajaan Malaysia akan melaksanakan strategi cloud first policy yang mana kebergantungan terhadap perkhidmatan awan akan meningkat di dalam urusan seharian rakyat Malaysia. Bagi menjamin keselamatan data, privasi data, perlindungan data dan aliran data pengguna di dalam perkhidmatan awan, adalah penting untuk perkhidmatan awan tersebut dikawal selia.

Suruhanjaya Komunikasi dan Multimedia Malaysia (MCMC) akan melaksanakan kawal selia ringan (light touch regulation) ke atas perkhidmatan awan (cloud services) di Malaysia. Keputusan ini diambil setelah MCMC mempertimbangkan pandangan pihak industri tempatan dan asing yang khuatir akan kesan kawal selia terhadap
pelaburan dalam sektor ini termasuk kos operasi.

Kawal selia ringan ini akan dilaksanakan melalui pelesenan perkhidmatan awan di bawah lesen Kelas Pemberi Perkhidmatan Aplikasi [‘ASP (C)’] yang telah diliberalisasikan pada tahun 2012 yang membenarkan pegangan saham asing sehingga 100% dengan fi pendaftaran sebanyak RM2,500 setahun sahaja.

Melalui kawal selia ringan ini, MCMC berpeluang untuk bekerjasama dengan pemberi perkhidmatan untuk menghasilkan instrumen-instrumen kawal selia seperti kod teknikal serta prosedur operasi standard (Standard Operating Procedure) mengenai keselamatan dan perlindungan data berteraskan tanda aras antarabangsa.

Pematuhan terhadap instrumen yang dibangunkan bersama ini adalah penting bagi menjamin kestabilan dan keseragaman perkhidmatan awan untuk mewujudkan persekitaran yang dipercayai (trusted environment) dan terjamin. Kawal selia ini akan berkuat kuasa pada 1 Januari 2022.

-END-