The IT industry is set to be regulated by 2015, analyst firm Gartner has predicted.
Regulation could protect businesses and governments from poor IT implementations that have cost billions of pounds. But at present, software is generally shipped with a disclaimer which states that the manufacturer does not guarantee it will work, unlike regulated industries such as pharmaceuticals where the supplier is held accountable for a failure in manufacturing.
"Three years ago, Gartner published research predicting that either catastrophe from IT failure, or a continuing history of lower-level failures would provoke either a governmental regulation or industry self-regulation of IT products and services in the US by 2015 and in the European Union by 2015 to 2018," said Richard Hunter, vice-president and analyst at Gartner. "Although the exact date of arrival for regulation is difficult to predict, we believe that, in recent months, the tempo and intensity of the indications of such an event have increased."
In the US, President Barack Obama emphasised the importance of cyber technology and security in his appointments and public comments, and representatives from the US healthcare industry have asked the Obama administration to hold software suppliers liable for failures resulting from implementation of administrative software mandated by the US federal government by 2014.
The rise of social networks such as Facebook, MySpace and Twitter is another factor driving regulations, according to Hunter. He said there was increasing concern over the extent to which personal data and the safety of minors are threatened by criminals using these networks to gain access to potential victims.
Business users of IT systems are likely to benefit from regulation in terms of clearly understanding the functions and features they purchase, according to Hunter. But he said users should be aware that they cannot outsource regulatory compliance. They should consider whether the liabilities applied to software providers will apply to them as well, and consider whether the enterprise is prepared to manage its processes to regulatory requirements.