FTC Request for Information - Cloud Computing

FTC Press Release

The Federal Trade Commission staff are seeking information on the business practices of cloud computing providers including issues related to the market power of these companies, impact on competition, and potential security risks.


In a Request for Information, FTC staff are seeking information about the competitive dynamics of cloud computing, the extent to which certain segments of the economy are reliant on cloud service providers, and the security risks associated with the industry’s business practices. In addition to the potential impact on competition and data security, FTC staff are also interested in the impact of cloud computing on specific industries including healthcare, finance, transportation, e-commerce, and defense.


“Large parts of the economy now rely on cloud computing services for a range of services,” said Stephanie T. Nguyen, the FTC’s Chief Technology Officer. “The RFI is aimed at better understanding the impact of this reliance, the broader competitive dynamics in cloud computing, and potential security risks in the use of cloud.”


Cloud computing, which is used by a wide range of industries for on-demand access to data storage, servers, networks, and more, is increasingly central to many areas of the economy. The agency has brought several cases against companies that failed to implement basic security safeguards to protect data they stored on third-party cloud computing services including recent cases involving the alcohol delivery platform Drizly and education technology provider Chegg. The FTC has also issued guidance to businesses on steps they can take to secure and protect data stored in the cloud. The RFI will allow the agency to gather more information and insights on cloud computing as a whole.


Among the topics the FTC is seeking comment on include:

  • the extent to which particular segments of the economy are reliant on a small handful of cloud service providers;
  • the ability of cloud customers to negotiate their contracts with cloud providers or are experiencing take-it-or-leave it standard contracts;
  • incentives providers offer customers to obtain more of their cloud services from a single provider;
  • the extent to which cloud providers compete on their ability to provide secure storage for customer data;
  • the types of products or services cloud providers offer based on, dependent on, or related to artificial intelligence; and the extent to which those products or services are proprietary or provider agnostic; and
  • the extent to which cloud providers identify and notify their customers of security risks related to security design, implementation, or configuration.

The public will have until June 21, 2023 to submit a comment. Comments will be posted to Regulations.gov after they are submitted.


Staff from across the FTC’s Office of Technology, Bureau of Competition, and Bureau of Consumer Protection are collaborating on this effort.

Request for Information

On March 22, 2023, the Federal Trade Commission issued a request for information seeking public comment on the business practices of cloud computing providers.

As part of the Request for Information, the FTC is asking users of cloud services, academics, civil society groups, industry participants, and others to comment on a number of issues related to the business practices of cloud computing providers.

View Request for Information and Submit a Comment

Comments may be submitted at Regulations.gov  and must be received no later than June 21, 2023.  To ensure the Commission considers your online comment, please follow the instructions on the web-based form. Your comment – including your name and your state – will be placed on the public record, including, to the extent practicable, on the Regulations.gov website.  You may view submitted comments at Regulations.gov at any time.

Do NOT submit sensitive or confidential information. Comments, including anonymous comments, are published on the regulations.gov website and made available to the public.

If you submit information for the public record as an “anonymous” entity through regulations.gov, please be aware your submission may be published on regulations.gov.

  1. Do not provide your email address in the regulations.gov form submission.
  2. Do not provide any personally identifying information in your comment or any attached material. 
  3. Everything you submit can be made public, and you may be held liable or accountable for anything you share.

Need help? See Regulations.gov’s FAQs for more information.

Media Contact


Juliana Gruenwald Henderson 

Federal Trade Commission

Office of Public Affairs



CAIDP Recommendations to Commentators


The Center for AI and Digital Policy (CAIDP) supports the Request for Information concerning Cloud Computing announced by the Federal Trade Commission (FTC) on March 22, 2023. We encourage commentators to support our request that the FTC open an investigation into ChatGPT.


General Advice

  • Read carefully the Request for Information. Understand the context for the RFI and the type of information that the FTC is seeking from the public
  • Learn about FTC's prior work on AI policy.  The FTC has already set out important recommendations for AI business practices.
  • Answer the questions that are most relevant to your work and expertise. It is not necessary to answer all of the questions
  • Write clearly and directly. Short, simple statements are often the most effective.
  • Provide evidence. If you make a factual claim, include a citation to a report, article, or study to support your point.
  • Make concrete recommendations. If you have a specific recommendations for the FTC, state them.
  • Keep a copy of your comments. Managing the federal portal for agency comments is not easy. The best strategy is often to prepare your comments in advance and then cut and past the sections into the form,
  • Evaluate the outcome. You were asked by a public agency for your views. You took time to prepare a response. You should expect the agency to consider your comments. The agency may not agree with you, but you are entitled to a "reasoned response" to your recommendations.

Good luck!


CAIDP References

AI and Democratic Values Index (2023)

[This is an excerpt from the US country report, prepared by CAIDP]


The U.S. lacks a unified national policy on AI but President Biden, and his top advisors, has expressed support for AI aligned with democratic values. The United States has endorsed the OECD/G20 AI Principles. The White House has issued two Executive Orders on AI that reflect democratic values, a federal directive encourages agencies to adopt safeguards for AI. The most recent Executive Order also establishes a process for public participation in the development of federal regulations on AI though the rulemaking has yet to occur. The overall U.S. policy-making process remains opaque and the Federal Trade Commission has failed to act on several pending complaints concerning the deployment of AI techniques in the commercial sector. But the administration has launched new initiatives and encouraged the OSTP, NIST, and other agencies to gather public input. The recent release of the Blueprint for an AI Bill of Rights by the OSTP represents a significant step forward in the adoption of a National AI Policy and in the U.S.’s commitment to implement the OECD AI Principles. There is growing opposition to the use of facial recognition, and both Facebook and the IRS have cancelled facial recognition systems, following widespread protests. But concerns remain about the use of facial surveillance technology across the federal agencies by such U.S. companies as Clearview AI. The absence of a legal framework to implement AI safeguards and a federal agency to safeguard privacy also raises concerns about the ability of the U.S. to monitor AI practices.


[More information about the AI and Democratic Values Index]