Microsoft cloud assurance – legal & regulatory compliance for cloud computing

Technological progress and regulatory & legislative progress remain out of sync.  Many in-house lawyers therefore face the difficult task of protecting their organizations from legal & regulatory risk, while helping them to take advantage of the opportunities that new technologies, such as enterprise cloud computing, offer.

At Microsoft we know that we won’t succeed in empowering every person and organization on the planet to achieve more through technology, if we don’t earn the trust of the legal and compliance community.  We are therefore redoubling our efforts to provide the tools legal and compliance professionals need to achieve and maintain compliance.  Our one stop shop for cloud computing compliance is There we give answers to some of the key questions the legal and compliance community faces and offer solutions.

The difficulties faced by legal departments were evident this week at two events in London, which brought together the tech and the legal communities. I attended the Society for Computers & Law Technology Law Futures Conference: ‘Advising in a time of technological change’ and The Lawyer ‘In House Counsel as Business Partner 2016’ conference.  One of the main themes of these events was that technology has to a large extent outpaced the laws that govern so many aspects that are essential to global commerce and innovation.  For example, by shifting the permanent residence of data and applications to third party data centres, which may be located in other countries or even other continents, cloud computing introduces a level of legal complexity that requires a fundamentally new way of working and thinking by in-house counsel. As governments around the world face the difficult task of regulating new technologies and striking the right balance for example between public safety and the right to privacy, legal and compliance professionals have found themselves at the centre of this debate.

Of course technology change is not a new issue for lawyers. The early years of virtually every transformative technology– from railroads, to the telegraph, the telephone, radio and television, and the personal computer – have always been characterized by a time of uncertainty over regulatory issues and questions about technology’s impact on society. History shows us that regulatory equilibrium is eventually restored and progress continues. But in the transitional period, we all have a job to do to ensure that our organizations can take advantage of innovative technologies to enable growth and long term success, while effectively managing risks.

So, when I participated in roundtables at The Lawyer ‘In House Counsel as Business Partner 2016’ event, the overriding sentiment I heard from senior legal and compliance professionals was: help us address the heavy burden of compliance as we grapple with the demands of regulators and legal authorities in every country in which we operate.

At Microsoft we understand that it is our responsibility to provide tools and information that will enable our customers to deploy our cloud services with the highest confidence that they are safe and compliant. This is why we arecommitted to providing the tools legal and compliance professionals need to achieve and maintain compliance. Indeed, events like the ones this week are designed to discuss the urgent compliance issues around such areas as data security; personal information privacy; compliance with the EU-U.S. Privacy Shield and the EU General Data Protection Regulation; compliance with regulations governing the financial services, health care, government, and education sectors; and how we will stand with our customers on the issues of government access and encryption.

It’s also why we have created to help the legal and compliance community (1) understand the requirements and implications of standards conformance and regulatory compliance for cloud computing workloads, (2) articulate the value of compliance, how to use it as a competitive advantage and enabler for informed purchase decisions and (3) learn how Microsoft protects customers by requiring that all government requests for data access strictly respect proper legal procedures and due process. Today’s in-house counsel must master all of these, explain them to their boards, and verify that their organization is compliant.


Dervish Tayyip
Assistant General Counsel, Microsoft

Dervish Tayyip is Assistant General Counsel, Corporate, External & Legal Affairs at Microsoft. He has also held various positions in Microsoft's legal department supporting the company's operations in the UK, Europe, Middle East & Africa.