European Group: EU Cybersecurity Label Shouldn’t Discriminate Against Big Tech

On Monday, 26 European business groups warned that a new cloud cybersecurity certification scheme (EUCS) should not discriminate against Amazon, Alphabet’s Google, and Microsoft

The scheme, which has undergone numerous modifications since ENISA unveiled a prototype in 2020, will be the subject of a meeting on Tuesday between the European Commission, EU cybersecurity agency ENISA, and EU member countries.

The EUCS endeavors to assist governments and companies in selecting a secure and reputable vendor for their cloud computing operations.

Double-digit development is anticipated for the global cloud computing industry, which generates billions of euros in annual revenue.

The sovereignty requirements from a previous proposal were eliminated in a March version.

These requirements mandated that U.S. technology giants establish a joint venture or collaborate with an EU-based company to store and process customer data in the bloc to qualify for the highest level of the EU cybersecurity label.

“We believe that an inclusive and non-discriminatory EUCS that supports the free movement of cloud services in Europe will help our members prosper at home and abroad, contribute to Europe’s digital ambitions, and strengthen its resilience and security,” the organizations stated in a joint letter addressed to EU governmental entities.

“The removal of both ownership controls and Protection against Unlawful Access (PUA) / Immunity to Non-EU Law (INL) requirements ensures that cloud security improvements align with industry best practices and non-discriminatory principles,” the organizations stated.

The organizations emphasized the importance of providing their members with access to a diverse array of resilient cloud technologies customized to their unique requirements to succeed in a global market that is becoming more competitive.

The European Payment Institutions Federation and the American Chamber of Commerce to the EU in the Czech Republic, Estonia, Finland, Italy, Norway, Romania, and Spain are among the signatories to the letter.

The Czech Confederation of Industry, Denmark’s Dansk Industry, Germany’s Bundesverband deutscher Banken, the Digital Poland Association, the Irish business advocacy group IBEC, the Netherlands’ NL Digital, and the Spanish Start-up Association are among the organizations that signed the letter.

Several EU cloud vendors, including Deutsche Telekom Orange and Airbus, have advocated for sovereignty requirements in the EUCS due to concerns that non-EU governments may unlawfully access Europeans’ data by their laws.