A proposed EU cybersecurity certification scheme (EUCS) for cloud services should be non-discriminatory and inclusive, according to 26 European industry groups. They cautioned against any measures that could disadvantage major tech companies like Amazon, Google, and Microsoft.
The European Commission, EU cybersecurity agency ENISA, and EU member states are set to meet on Tuesday to discuss the evolving scheme, initially drafted by ENISA in 2020. The EUCS aims to assist governments and companies in selecting secure and trusted vendors for their cloud computing needs, a sector that generates billions of euros annually with anticipated double-digit growth.
In March, revisions to the proposal removed sovereignty requirements that would have compelled U.S. tech giants to establish joint ventures or cooperate with EU-based firms to store and process data within the bloc to qualify for the highest level of the EU cybersecurity label.
“We believe that an inclusive and non-discriminatory EUCS that supports the free movement of cloud services in Europe will help our members prosper at home and abroad, contribute to Europe’s digital ambitions, and strengthen its resilience and security,” the groups stated in a joint letter to EU member states.
“The removal of both ownership controls and Protection against Unlawful Access (PUA) / Immunity to Non-EU Law (INL) requirements ensures that cloud security improvements align with industry best practices and non-discriminatory principles,” they added.
The industry groups emphasized the importance of providing access to a diverse range of resilient cloud technologies tailored to specific needs, enabling them to thrive in a competitive global market.
The letter was signed by various organizations, including the American Chamber of Commerce to the EU in several countries (Czech Republic, Estonia, Finland, Italy, Norway, Romania, and Spain), the European Payment Institutions Federation, the Czech Confederation of Industry, Denmark’s Dansk Industry, Germany’s Bundesverband deutscher Banken, the Digital Poland Association, Irish business lobby group IBEC, the Netherlands’ NL Digital, and the Spanish Start-up Association.
Meanwhile, EU cloud vendors such as Deutsche Telekom, Orange, and Airbus have advocated for sovereignty requirements within the EUCS, citing concerns over the potential for non-EU governments to gain unlawful access to Europeans’ data under their respective laws.
Comments