IT industry unprepared for regulation

The IT industry is set to face tougher and more widespread regulation

August 12, 2009

The IT industry is set to face tougher and more widespread regulation

The frequency and intensity of leading indicators for widespread regulation of the IT industry are increasing, but many vendors and most enterprise IT organizations are unprepared to meet the requirements that regulated IT will likely impose on their processes and procedures, according to Gartner.

“Three years ago Gartner published research predicting that either catastrophe from IT failure, or a continuing history of lower-level failures would provoke either a governmental regulation or industry self-regulation of IT products and services in the U.S. by 2015 and in the European Union by 2015 to 2018,” said Richard Hunter, vice president and distinguished analyst at Gartner. “Although the exact date of arrival for regulation is difficult to predict, we believe that, in recent months, the tempo and intensity of the indications of such an event have increased.”

The rise of social networks such as Facebook, MySpace and Twitter have generated increased concern over the extent to which personal data and the safety of minors are threatened by criminals using these networks to gain access to potential victims.

While neither supporting nor opposing regulation of IT, Gartner considers it increasingly likely and thinks it is probable that the EU will take formal steps to establish a regime for regulation of consumer-oriented IT products and services as early as 2011.

Hunter said software vendors need to be aware that increased liability will drive generic software out of the market, and they should prepare for transparency and product/price differentiation based on quality and certified fitness for purpose.

Enterprise technology users are likely to benefit from regulation in terms of clearly understanding the functions and features they buy but should be aware that they cannot outsource regulatory compliance. They should consider whether the liabilities applied to vendors will apply to them as well, and consider whether the enterprise is prepared to manage its processes to regulatory requirements.