The Jordan Cloud Platforms and Services Policy (2020)

August 2020

View the original document

Strategies and Action Plans

Author: Ministry of Digital Economy and Entrepreneurship

The Jordan Cloud Platforms and Services Policy (2020) establishes a comprehensive national framework to support cloud computing adoption across the public sector and enable broader digital transformation in Jordan. It reflects the government’s strategic intent to leverage cloud technologies for improved service delivery, economic growth, and innovation, in alignment with national digital infrastructure goals.

The policy is introduced as a response to rising IT costs, inefficiencies in data center operations, and the need for scalable, secure, and modern solutions. It advocates for cloud adoption to reduce capital expenditure, increase agility, and support government digital services.

The policy sets out clear objectives, including:

  • Guiding government entities toward optimal use of cloud services.
  • Developing the national private government cloud while staying up to date with global tech advancements.
  • Protecting users of cloud services by establishing clear roles, responsibilities, and obligations.
  • Fostering fair competition among cloud service providers.
  • Enabling local SMEs to grow and integrate into regional and global digital markets.

It applies to all government institutions using public or private clouds, whether local or international, and covers both public and private sector cloud providers.

Jordan adopts a hybrid cloud architecture—a mix of a government-managed private cloud and public cloud services delivered by qualified local providers. This setup is designed to balance security, cost-efficiency, and scalability, with strong collaboration between public and private stakeholders.

The policy outlines four main pillars:

  1. Use of cloud services by government entities: Emphasising lifecycle management, cost-effectiveness, and readiness assessment for migration.
  2. Regulation of cloud service providers: Assigning the Telecommunications Regulatory Commission (TRC) oversight duties, including issuing regulations, monitoring compliance, and ensuring service quality and user protection.
  3. Organisational controls for providers: Requiring clear service-level agreements, data security guarantees, and transparent exit strategies for clients.
  4. Development actions and studies: Calling for ongoing capacity-building, partnerships with academia, support for open-source software, research on emerging technologies like quantum computing and big data, and the creation of a national cloud applications store.

The policy also underscores strong data classification and protection measures, including restrictions on data residency, encryption requirements, third-party access controls, and compliance with anticipated national data protection legislation