This page features blog articles about topics researched and taught at our Professorship. This includes student reflections on projects pursued with us, including research projects, theses, and essays.

Rules for the Metaverse: Lessons from Cloud Computing Regulation

Blog |

Master student Mike Anfang explores the potential transfer of regulation and best practices from the cloud computing industry towards the Metaverse. A blog article based on work submitted for the seminar “Governing Innovative Technologies: Cloud” taught by Sofie Schönborn at the Chair of Public Policy, Governance and Innovative Technology.

The paper ‘Regulating the Metaverse: Lessons from Cloud Computing Regulation’ explores the potential transfer of regulation and best practice examples from the cloud computing industry towards the metaverse. The metaverse is often described as the next evolution of the internet and is expected with much media attention, combined with massive financial investments.

However, the metaverse is not yet the one platform where users can navigate between different providers seamlessly, similar to the internet. Rather, there are many different metaverse projects that exist separately. One major factor that needs to be taken into account in this issue, is the lack of interoperability. This concept refers to the ability of different devices, systems or software to work together smoothly and exchange information without causing connectivity issues.

The metaverse, or the metaverse projects, do not yet have common standards that would allow for interoperability. In the cloud computing industry, interoperability is a crucial aspect to consider, as it allows for customers to migrate their data from one provider to another and avoid being stuck with one company. Policy makers can gain valuable insight for future legislation, through a knowledge transfer of the two industries.

Fostering industry collaboration to develop common standards among the industry, could boost the public acceptance and use of the metaverse, as seen similarly in the cloud computing industry. Depending on the compliance to such standards, institutions such as the European Commission, can include those into legislation. Thereby, standards become mandatory to adhere and ensure interoperability among different providers of metaverse projects.

By allowing time and space for development of voluntary standards, industry experts can shape the development and prevent over regulation, if done right. Because only through the successful realization of interoperability, the metaverse can realize its full potential.

Understanding the metaverse

The metaverse has received a large media attention, especially since Facebook changed its company name toward ‘Meta’. Even though the name is prominent today in the public, a lot of people don’t have a clear overview of what the metaverse actually entails. Still, it is important to understand what the metaverse actually refers to. There is not yet a common definition, however, Mathew Ball describes a widely understood definition of the term: 

A massively scaled and interoperable network of real-time rendered 3D virtual worlds that can be experiences synchronously and persistently by an effectively unlimited number of users with an individual sense of presence, and with continuity of data, such as identity, history, entitlement, objects, communications and payments” [1]. 

In other words, through the metaverse an individual, represented through a virtual avatar, can for example, participate in work related meetings, watch concerts or visit the city hall for an appointment, all from home, all live, without delays and mostly accessed through XR technologies [2]

Fragmented metaverse ecosystems

A number of big tech companies, often gaining their power by dominating the Web 2.0, are investing enormous amounts of financial means to develop new technologies that will support the metaverse. However, the technologies of the respective companies are not meant to be intertwined and work with each other but rather remain isolated. A problem of “walled garden ecosystems” [3], as the user can enjoy the benefits of the technology but is limited to the one provider. Big tech companies, such as Meta or Bytedance are developing their own headsets, glasses, stores and digital spaces. Thereby building vertical integrated ecosystems [4].

In order to develop a metaverse, working as one big system comparable to the internet, where one can switch between work appointments and the city hall, standards that foster interoperability are in need [3]. Interoperability is an important but also complex concept to grasp. Prof. Urs Gasser describes interoperability as “... the ability to transfer and render useful data and other information across systems, applications, or components“ [5]. In other words, the concept of interoperability in the context of digital ecosystems refers to the capacity of different devices, systems or software to cooperate smoothly and exchange information without producing issues.

Regulation for the future metaverse

For both, the cloud computing industry and the metaverse, lacking interoperability would have devastating consequences. Private companies are investing large sums of money into the development of metaverse projects. As a consequence, the fear of exclusive ecosystems grows. When companies restrict the free movement across different systems, through the design of software or other means, it is commonly referred to as a ‘vendor-lock in’ [6].

To overcome these problems, common standards are an essential way to ensure interoperability among different systems. Standards classically can take two forms: voluntary standards and mandating standards. Voluntary standards develop through the engagement of private enterprises, sometimes also governmental input, but mainly through a collaborative effort of different private stakeholders. These are not legally binding. On the other side of the spectrum are mandating standards, which are set out by governmental authorities and are legally binding.

Knowledge transfer for future regulation

Due to the similarity of problems and needs of the two industries, taking the best practice examples from cloud computing regulation and applying them to the metaverse in an early stage, can give policy makers guidance. To develop a voluntary standard in the cloud computing industry, the Association for Switching and Porting (SWIPO) has been established. SWIPO is a multi stakeholder group that is working towards voluntary codes of conduct. Thereby, they aim to facilitate secure and efficient migration from one cloud service provider to another.

A comparable approach is being pursued with regards to the metaverse: the metaverse standards forum. This forum is comprised of companies, standard organizations, industry associations and universities, and through that provides a venue, where different stakeholders come together to develop interoperability standards “for an open and inclusive metaverse” [7]. Guided by the mission to foster cooperation, the forum itself does not work on the standards but wants to support and connect other standard organizations to do so.

Voluntary standards are a useful way to align key stakeholders within an industry to agree on common principles, e.g. to ensure the movement of data across service providers. The time in which those standards are developed and the adherence to it by key stakeholders is what will define the success of the standard.

Often enough, voluntary standards are not sufficient to address a problem, due to the non-binding nature. Regulatory measures follow, which create binding rules for the topic under discussion. The self-regulatory approach through SWIPO has been assessed by three independent law firms in 2020. The assessment concluded, among other things, that the code of conduct did not sufficiently address the envisaged issues [8].

Binding legislation for interoperability

In 2022, the European Commission introduced the European Data Act, a regulatory framework towards common standards including the cloud computing industry. The policy introduces a number of measures targeting the release and use of non-personal data for a broader scope of companies and public bodies [9]. While the Data Act does not mandate a specific standard, it introduces legal requirements on service providers. These have to be compatible with existing European Standards where applicable.

At the same time, the Data Act announces the development of new ones if demanded [9]. Thereby, the Commission effectively creates a legal obligation on cloud providers to adhere to a common standard.  The standard has to facilitate the switching of services and enable interoperability in that context. There is no direct link between the legal assessment of the voluntary standard approach and the regulatory approach. However, the timeline can lead to the conclusion that a voluntary, self-regulatory approach does only work for a certain time and a legally binding, mandatory approach might be more suitable for the long term.

Following that example, the metaverse will likely experience more legally binding regulation, once the development progresses. To ensure that the metaverse is guided by standards that foster interoperability and does not pose the danger of a vendor lock-in for consumers, a regulatory approach might be needed. Such could include the standards that have been previously agreed upon by a number of stakeholders. Thereby, the adherence to standards can be ensured and becomes legally binding. For the metaverse, there is no such policy public or known to be developed in the EU as of today.

The Parliament of the European Union has acknowledged the issues of a metaverse potentially dominated by a handful of large corporations. Challenges include that private companies could use their power to establish their own proprietary standard or dominate the development of a common standard to their private benefit [9].

Although a voluntary standard might be replaced by binding regulation eventually, the effect that these can have should not be underestimated. By developing common standards in advance, private stakeholders can prevent early day regulation and thereby allow for more flexibility when developing new technologies. Additionally, these voluntary standards often get included into official regulation in some form and thereby are made legally binding. Through that industry experts can shape the development of the regulation, before lawmakers get into the topic.


Mike Anfang is a master’s student in the program of Politics & Technology at the Technical University Munich. His study focus is on the future impact of developing technologies such as the metaverse or quantum technologies. Additionally, Mike is a fellow within the UnternehmerTUM, Europe's leading entrepreneurship center.


  1. Ball, M. (2022) The metaverse: And how it will revolutionize everything (p. 29). New York, NY: Liveright Publishing Corporation, a division of W.W. Norton & Company.

  2. Thompson, C. (2023) South Korea launches Metaverse Replica of Seoul, CoinDesk Latest Headlines RSS. CoinDesk. Available at: korea-launches-metaverse-replica-of-seoul/ (Accessed: March 12, 2023). 

  3. Illenberger, R. (2022) The metaverse paradox: Why the industry needs better standardization, World Economic Forum. Available at: < standardization/> (Accessed: March 10, 2023).

  4. Radoff, J. (2022) Metaverse interoperability, part 1: Challenges, Medium. Building the Metaverse. Available at: < interoperability-part-1-challenges-716455ca439e> (Accessed: March 10, 2023).

  5. Gasser, Urs. 2015. "Interoperability in the Digital Ecosystem (p. V)." Berkman Klein Center for Internet and Society Research Publication No. 2015-13.

  6. Cloudflare (2023) What is vendor lock-in? | vendor lock-in and Cloud computing - cloudflare (2023) Cloudflare. Available at: <> (Accessed: March 15, 2023).

  7. Trevett, N. et al. (2023) The Metaverse Standards Forum, Metaverse Standards Forum. Available at: (Accessed: March 12, 2023). 

  8. DORDA Rechtsanwälte GmbH; Arthur Cox LLP; Ramón y Cajal Abogados SLP,

  9. European Commission Regulation Proposal 2022/0047, Proposal for a Regulation of the European Parliament and of the Council, February 2022, [Online] Available at: <https://eur-> (Accessed: March 12, 2023).