February 1, 2021, marks the day the Louisiana MSP registration law goes into effect. MSPs have known about this law since early 2020, and it is now a reality for those MSPs practicing in that state.
The MSP professional community has had a lot of time to contemplate this law and what it means for us. Speaking personally, I have talked to the people intimately involved in the law. Today, I have a much better understanding of their “legislative intent,” which can inform our thinking about how other legislative and regulatory bodies may approach this similar issue.
Speaking for myself, I believe the Louisiana law should be the template for all future MSP regulations. I will explain why.
Why the need for MSP regulation?
According to my understanding of Louisiana’s motives, the state wanted to safely continue its use of outsourcing to MSPs and address the risk associated with operating any device connected to the Internet.
Assuming this analysis is correct, the state’s motives are genuinely favorable to the cause of MSPs everywhere. A “hostile legislative” act towards MSPs would have made it much more difficult for the state (and its respective agencies and departments) to maintain their IT assets with MSPs’ assistance. The MSP registration law attempts to make it easier for the state to outsource to MSPs…safely!
Not everyone agrees with our assessment of this law, perhaps out of ignorance or perhaps out of genuine dislike for the law’s text. Those of you on Reddit who have expressed dismay and doubt about the Louisiana law seem to be focused on the perceived burdens of such regulation and the increased difficulty in conducting business as an MSP. As a staunch advocate for the cause of outsourced managed IT services for over 20 years, I can assure you I am as pro-MSP as you can get. In my opinion, the Louisiana law does not aim to hinder the cause of managed services within the state. Quite the opposite is true.
Yet, as MSPs have increased in their prominence worldwide, customers like Louisiana (Louisiana is acting as a managed services client in this law) are increasingly aware of Cybersecurity risks and the need for professional-grade MSPs in mitigating those security risks. If you view the law in this context, it should make sense why the state acted as they did.
A Free Market Solution
The state balances several values to implement this law to further its use of MSPs throughout the state’s agencies. This objective should be emulated elsewhere. As cybercrime increases, the role and value of MSPs is also increasing. The use of MSPs as outsourced IT professionals ought to be encouraged, not discouraged. In this context, the Lousiana law should be viewed as the gold standard of “MSP regulation” instead of rules and laws that hinder the adoption of managed services in private or public sectors.
Furthermore, the Louisiana solution attempts to create a free market environment whereby state agencies can rely upon accurate information about the MSPs and make purchasing decisions based on that information. This is something other legislative and regulatory bodies could learn from and copy for their purposes.
Does the Louisiana Law Create Barriers to Entry?
The direct answer is no. The Louisiana MSP registration law does not make it harder for MSPs to do business with the state. The law merely requests those MSPs with state agencies as clients to register so the state can know which MSPs are conducting business with those agencies.
There are no requirements for proficiency, certification, or licensure (preventing licensure has long been the stated goal of the MSPAlliance), only the MSP registration. As times change, undoubtedly so will the needs of the clients. If this law changes, then we will re-evaluate it based on those changes.
However, as of today, Louisiana remains the first, best, and most restrained MSP law we could hope for as we continue our march towards managed services excellence.