Soft law and the benefits of standards

Remember when we used to talk about internet time? The world seemed to be changing so fast we could barely keep up. Looking back, it all seems rather leisurely, doesn’t it? Now, with the cloud and AI, we seem to have made the leap from internet time to quantum speed almost overnight.

The question we face now is how to build trust in the cloud-driven technologies such as AI and data analytics that are rapidly transforming our world. As the speed of technological change quickens, we must also find ways to ensure that trust in technology keeps pace. This is complicated by the global nature of technology, which stands in contrast to the region-by-region approach that governments take to creating the rules that regulate the development and use of technology.

Although industry, businesses, civil society and individuals all have a role to play in developing trust in technologies, regulations are also needed. But there are many regulatory approaches, ranging from “hard” legislation to more nimble, “softer” approaches, such as the use of standards. Much of what makes technology succeed in the modern world is the creation of international standards, industry codes and government certifications. Standards help develop trust through clear definitions, best practices, transparency and proof (such as certification).

Each industrial revolution has seen the rise of new technologies that needed to earn people’s trust. Because they did, we travel on airplanes without giving it a second thought; flip on a light switch without worrying about burns; and walk through town assuming bricks won’t fall from buildings and injure us. Our packages arrive safely from wherever they were mailed, passing over the air, across seas, and on roads and rails to reach us.

Standards are at the core of this network of trust. In the IT industry, from the early days of hardware specifications, through the open standards that made the web possible, to today’s work on the future of technology, standards play a critical role in developing confidence and understanding. Where IT standards once focused mainly on plug compatibility, protocol specifications and document formats, they now include critical risk management, behavioral and definitional agreements that are the foundation of the rules of cloud computing, AI, and cross-border data flows. In the International Standards Organization and International Electrotechnical Commission today, more than 100 countries participate to establish definitions, practices and transparency for new technologies. National representatives bring input from stakeholders within their country, ensuring that local interests have a voice in building trust through standards.

These modern cloud standards play a key role in important conversations, practices and transparency related to cloud services. For example:

  • Creating standardized language: Trust starts when we develop a common language so that words are interpreted in an established and uniform way. Standards create clear definitions that all stakeholders can rely on. Policy development and customer understanding benefit from specific definitions of different attributes of data and even cloud services themselves, and the same will be true for the fundamentals of AI and machine learning.
  • Developing best practices and structured transparency: Cloud services create powerful processing capabilities that may be housed a long way from users — even across national borders. Standards help create clear guidance for practices in areas like cybersecurity, privacy and accessibility. And they provide a common baseline and understanding to communicate those practices to users and governments so that everyone understands the protections afforded and can make well-informed decisions about cloud services.
  • Empowering users: Data has become a key value driver for the way organizations operate and interact with customers. Standards that guide data governance and service level agreements can help organizations as they embrace the digital transformation.
  • Providing assurance and certification: Trust is reinforced through proof points, everything from certifications to audits to attestations and more. These provide additional ways that customers and governments gain assurance for the practices, processes and technologies that process and store a customer’s personal information.

International standards play a crucial role in guiding the behavior of cloud providers and helping regulators, customers and civil society understand what cloud providers are doing and how. With broad representation in the international standards system, the concepts established in standards can serve as foundational elements for key areas of policy and trust in cloud computing, even in areas as important and challenging as security and privacy. At Microsoft we are committed to investing the time and resources needed to work with industry partners, NGOs and governments to find the right balance between laws, regulation and standards.

Back to top