Gartner Says IT Products and Services Will Likely Be Subject to Regulation by 2015

Software and Service Providers Need to Prepare Now for Increased Liability

STAMFORD, Conn., The frequency and intensity of leading indicators for widespread regulation of the IT industry are increasing, but many vendors and most enterprise IT organizations are unprepared to meet the requirements that regulated IT will likely impose on their processes and procedures, according to Gartner, Inc.

“Three years ago Gartner published research predicting that either catastrophe from IT failure, or a continuing history of lower-level failures would provoke either a governmental regulation or industry self-regulation of IT products and services in the U.S. by 2015 and in the European Union by 2015 to 2018,” said Richard Hunter, vice president and distinguished analyst at Gartner. “Although the exact date of arrival for regulation is difficult to predict, we believe that, in recent months, the tempo and intensity of the indications of such an event have increased.”

Mr. Hunter said several recent articles describing the growth and scale of criminal hacking networks aimed at governmental and industry targets, as well as recent statements by representatives of the U.S. and U.K governments, indicate that the state of IT security is now viewed as unacceptably dangerous. Mr. Hunter also referred to the emphasis that U.S. President Barack Obama has placed on the importance of cyber technology and security in his appointments and public comments.

In addition, healthcare industry representatives have asked the Obama administration to hold software vendors liable for failures resulting from implementation of administrative software mandated by the U.S. federal government by 2014. Elsewhere, corporate customers are filing litigation against their IT providers with greater frequency.

The rise of social networks such as Facebook, MySpace and Twitter have generated increased concern over the extent to which personal data and the safety of minors are threatened by criminals using these networks to gain access to potential victims.

“All these events are taking place within a global climate that is shifting towards regulation on many fronts,” said Mr. Hunter. “As a result of the economic crisis, the social environment is considerably less trusting and secure. The public is wary of cascading risks and would seem to be supportive of legislation and litigation aimed at reducing those risks, including those posed by IT.”

While neither supporting nor opposing regulation of IT, Gartner considers it increasingly likely and thinks it is probable that the EU will take formal steps to establish a regime for regulation of consumer-oriented IT products and services as early as 2011. Given the increasing likelihood of this scenario, Gartner advises IT vendors, service providers and user organizations to consider the implications of the regulation of IT on their businesses.

Mr. Hunter said software vendors need to be aware that increased liability will drive generic software out of the market, and they should prepare for transparency and product/price differentiation based on quality and certified fitness for purpose. IT service providers should do the same and mitigate risks by incorporating strong documentation, audit right provisions and legal compliance terminology into outsourcing deals.

Enterprise technology users are likely to benefit from regulation in terms of clearly understanding the functions and features they buy but should be aware that they cannot outsource regulatory compliance. They should consider whether the liabilities applied to vendors will apply to them as well, and consider whether the enterprise is prepared to manage its processes to regulatory requirements.

Additional information is available in the Gartner report “Childhood Ends: The Signs Are Clearer.” The report is available on Gartner’s Web site at http://www.gartner.com/DisplayDocument?ref=g_search&id=1057712&subref=simplesearch.

Mr. Hunter will also examine key issues facing IT leaders during the Gartner Symposium/ITxpo, October 18-22, in Orlando, Florida. In the session “Balancing IT Risk and IT Return,” Mr. Hunter and George Westerman of MIT’s Center for Information Systems Research will discuss how CIOs must strike a balance between the changes required to create business return and the risk inherent in IT. The session is based on the programs described in their Harvard Business School Press books “IT Risk: Turning Business Threats to Competitive Advantage” and “The Real Business of IT: How CIOs Create and Communicate Value.” He will also co-present the session “Three Economic Futures and What They Mean for IT” with Gartner analyst Jorge Lopez. In this session, Mr. Lopez and Mr. Hunter will provide a scenario approach to better understand the future impact of current decisions, as well as the future of business in IT.

Gartner Symposium/ITxpo is the world’s most important gathering of CIOs and senior IT executives. It is the industry’s largest and most important annual gathering of CIOs and their senior IT leaders. This event delivers independent and objective content with the authority and weight of the world’s leading IT research and advisory organization, and provides access to the latest solutions from key technology providers. Gartner’s annual Symposium/ITxpo events are key components of attendees’ annual planning efforts. They rely on Gartner Symposium/ITxpo to gain insight into how their organizations can use IT to address business challenges and improve operational efficiency. Additional information is available at www.gartner.com/symposium/us.

Members of the media can register for the event by contacting Christy Pettey at christy.pettey@gartner.com.

About Gartner:
Gartner, Inc. (NYSE: IT) is the world’s leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the indispensable partner to 60,000 clients in 10,000 distinct organizations. Through the resources of Gartner Research, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has 4,000 associates, including 1,200 research analysts and consultants in 80 countries. For more information, visit www.gartner.com.