The internet seems borderless. How can cartographers and governments regulate the digital world? Yet as we enter a new era of protectionism, internet companies are surprisingly vulnerable. When Satya Nadella ascended to Microsoft’s top job in 2014, he outlined a “cloud-first” vision for the company. But Nadella’s dream of a cloud-driven future has stumbled at centuries-old national borders. In a major challenge for cloud computing, many countries are introducing data localization requirements that restrict the flow of digital information. Until new trade treaties are written to address these localization requirements, Microsoft’s cloud computing business will face supply chain challenges more familiar to traditional manufacturers than to internet behemoths.
Data Localization and Cloud Computing
What is cloud computing? Very broadly speaking, cloud computing is software provided over the internet rather than on a user’s local device. In Q3 2017, Microsoft’s cloud-based platforms generated $20 billion of run-rate annual revenue. Office 365 enables access to Microsoft Office from anywhere with a web connection. LinkedIn, a Microsoft subsidiary, is the world’s largest professional social network. And Microsoft Azure is a cloud-based service that functions as the backbone for thousands of other internet applications. While these are all cloud-based products, the data ultimately sits on physical servers in data centers around the world. Though the supply chains for these services transport data rather than physical goods, they are nevertheless threatened by protectionism.
Data localization regulations disrupt cloud computing by restricting the flow of data across national borders. These regulations come in many forms, including mandates that companies keep local copies of certain data and bans on taking data out of the country. Countries with data localization requirements include Australia, China, Germany, India, Russia, South Korea, and more. National motivations for these regulations vary and include protecting domestic industry, guarding citizen’s privacy, and enabling government surveillance. Data localization laws create a difficult choice for Microsoft and other cloud computing players: they must either build duplicative infrastructure to store data locally or withdraw from certain markets entirely.
Trade agreements can curb localization requirements and harmonize various national regulations. For example, the now-abandoned Trans-Pacific Partnership (TPP) would have banned local storage requirements and also included a commitment to allow data to cross national borders unimpeded. But in an era of rising isolationism, the prospects for such agreements seem dim.
Living in a Localized World
In the short term, Microsoft has two strategies for managing data localization requirements. When the cost of compliance is high, Microsoft sometimes withdraws from a market. LinkedIn withdrew from Russia in 2016 after the government passed a law requiring local data storage. In other cases, Microsoft has invested substantial capital to comply with these regulations. For example, there are Office 365 data centers located in Japan, Australia, India, Canada, the UK, and South Korea, and a seventh data center is planned for France.
Microsoft has also forcefully lobbied for legal reforms to help control the panoply of national regulations. In 2016, Microsoft published a 222-page book entitled A Cloud For Global Good, which outlined a suggested policy platform to manage the growth of the cloud. The book endorsed the TPP and also supported proposals for a US-EU treaty and a WTO agreement to further curb data localization requirements. Microsoft President and Chief Legal Officer Brad Smith explained, “We’re not fans of data localization—the last thing the world needs is 193 members of the United Nations demanding that data only be stored within their own borders.” Smith has also testified before Congress to draw attention to the issue.
What more should Microsoft do? First, despite the high costs of complying with localization regulations, Microsoft should compete aggressively in international markets. Many of Microsoft’s businesses exhibit network effects. For example, the more users on LinkedIn or companies deploying software on Azure, the more valuable these platforms become. When Microsoft is an early mover in a market, it can develop a sustainable competitive edge. But if local competitors become entrenched while Microsoft sits on the sidelines, those rivals benefit from network effects and become difficult to supplant. Second, wherever data localization requirements exist, Microsoft should lobby for even enforcement. While Microsoft’s size guarantees government scrutiny, smaller competitors may evade detection. As long as costly data localization regulations exist, Microsoft should seek to ensure that competitors cannot shirk these costs.
Many questions remain. What more should Microsoft do to compete in markets where data localization requirements create substantial barriers to cloud computing? And how should Microsoft address the public policy arguments in favor of data localization laws? Though the cloud-computing supply chain is digital, the challenges posed by a new era of isolationism are no less real.
Word Count: 773
 Satya Nadella, “Satya Nadella Email to Employees on First Day as CEO,” Microsoft News Center, February 4, 2014, https://news.microsoft.com/2014/02/04/satya-nadella-email-to-employees-on-first-day-as-ceo/.
 “Microsoft Cloud Continues to Grow, Powers First Quarter Results,” Microsoft Corporation Form 8-K (filed October 26, 2017), accessed November 14, 2017, https://www.sec.gov/Archives/edgar/data/789019/000119312517321202/d483053dex991.htm.
 Anupam Chander and Uyên P. Lê, “Breaking the Web: Data Localization vs. the Global Internet,” Emory Law Journal 64, no. 3 (2015): 677–739.
 “Data Localization Snapshot,” Information Technology Industry Council, July 29, 2016, https://www.itic.org/public-policy/SnapshotofDataLocalizationMeasures7-29-2016.pdf.
 Chander and Lê, “Breaking the Web.”; Nithin Coca, “The Missing Trade War against China’s Digital Protectionism,” Engadget, September 15, 2017, https://www.engadget.com/2017/09/15/china-digital-protectionism-firewall-trade/.
 “Trans-Pacific Partnership Agreement, Chapter 14,” Office of the United States Trade Representative, accessed November 14, 2017, https://ustr.gov/trade-agreements/free-trade-agreements/trans-pacific-partnership/tpp-full-text.
 Ingrid Lunden, “Russia Says ‘Nyet,’ Continues LinkedIn Block after It Refuses to Store Data in Russia,” TechCrunch, March 7, 2017, http://social.techcrunch.com/2017/03/07/russia-says-nyet-continues-linkedin-block-after-it-refuses-to-store-data-in-russia/.
 “Moving Core Data to New Office 365 Datacenter Geos,” Microsoft Developer Network, September 20, 2017, https://msdn.microsoft.com/en-us/library/dn878163.aspx.
 Microsoft, A Cloud for Global Good (Redmond: Microsoft, 2016), 43, https://news.microsoft.com/cloudforgood/_media/downloads/a-cloud-for-global-good-english.pdf.
 Andrea Peterson, “Microsoft’s President Explains the Company’s Quiet Legal War for User Privacy,” Washington Post, July 22, 2016, https://www.washingtonpost.com/news/the-switch/wp/2016/07/22/microsofts-president-explains-the-companys-quiet-legal-war-for-user-privacy/.
 “Written Testimony of Brad Smith: Hearing on Law Enforcement Access to Data Stored across Borders,” May 10, 2017, https://www.judiciary.senate.gov/imo/media/doc/05-24-17%20Smith%20Testimony.pdf.