News Hub

EU cybersecurity label should apply to big tech, says industry groups

Written by Wed 19 Jun 2024

Image of EU flags

The European Cybersecurity Certification Scheme on Cloud Services (EUCS) should not discriminate against Amazon, Google, and Microsoft, according to 26 industry groups across the EU.

The EUCS is led by the European Union Agency for Cybersecurity (ENISA) and is looking to enhance market conditions within the EU and assist European entities in choosing reliable providers.

The groups emphasised the need for their members to access a diverse range of robust cloud technologies customised to their specific needs, essential for thriving in a competitive global market.

Signatories to the letter include the American Chamber of Commerce to the EU in the Czech Republic, Estonia, Finland, Italy, Norway, Romania, and Spain, along with the European Payment Institutions Federation.

“We believe that an inclusive and non-discriminatory EUCS that supports the free movement of cloud services in Europe will help our members prosper at home and abroad, contribute to Europe’s digital ambitions, and strengthen its resilience and security,” said the groups in a joint letter to EU countries as reported in Reuters.

Other signatories to the letter include the Czech Confederation of Industry, Denmark’s Dansk Industry, Germany’s Bundesverband deutscher Banken, the Digital Poland Association, Irish business lobby group IBEC, the Netherlands’ NL Digital, and the Spanish Start-up Association.

The groups added the removal of both ownership controls and Protection against Unlawful Access (PUA) and Immunity to Non-Eu Law (INL) requirements ensures that cloud security improvements align with industry best practices and non-discriminatory principles.

EU cloud vendors like Deutsche Telekom, Orange, and Airbus have advocated for sovereignty requirements in the EUCS due to concerns that non-EU governments could gain unauthorised access to Europeans’ data under their respective laws.

EU countries, ENISA, and the European Commission are scheduled to discuss and reconsider the latest version of the scheme this week.

What is the EUCS?

The European Commission said the EUCS is a candidate cybersecurity certification scheme intended to ‘harmonise the security of cloud services with EU regulations, international standards and industry best practices’.

Each scheme will define one or more assurance levels (basic, substantial, or high) based on the perceived risk of the product, service, or process in question.

The draft EUCS candidate scheme establishes a security baseline for each assurance level. It aims to offer cybersecurity assurance across the cloud supply chain, serving as a foundational framework for sector-specific schemes.

The scheme has evolved significantly since ENISA’s initial 2020 draft. In its March update, the requirement for US tech giants to establish joint ventures or cooperate with EU-based companies to qualify for the top EU cybersecurity label was removed.

Tech giants like Google, Microsoft, and Amazon applauded the removal of sovereignty requirements, enabling them to compete for significant EU cloud computing contracts.

Join Tech Show Paris

27-28 November 2024, Porte de Versailles, Paris

Be a part of the latest tech conversations and discover pioneering innovations in Paris.

Don’t miss one of the most exciting technology events of the year for France.

Written by Wed 19 Jun 2024

Send us a correction Send us a news tip