EU cybersecurity label must not discriminate against big tech companies, EU groups say

EU cybersecurity label must not discriminate against big tech companies, EU groups say
EU cybersecurity label must not discriminate against big tech companies, EU groups say

A proposed cybersecurity certification system (EUCS) for cloud services should not discriminate against Amazon, Google (Alphabet) and Microsoft, 26 European industry groups warned on Monday.

The European Commission, ENISA, the EU’s cybersecurity agency, and EU countries will meet on Tuesday to discuss the system which has undergone several changes since ENISA unveiled a plan in 2020.

EUCS aims to help governments and businesses choose a secure and reliable provider for their cloud computing activities. The global cloud computing industry generates billions of euros in annual revenue and is expected to experience double-digit growth.

A March version removed sovereignty requirements from a previous proposal, which required U.S. tech giants to create a joint venture or cooperate with an EU-based company to store and process customer data in the Union in order to obtain the highest level of the EU Cybersecurity Label.

“We believe that an inclusive and non-discriminatory EUCS that supports the free movement of cloud computing services in Europe will help our members thrive at home and abroad, contribute to Europe’s digital ambitions and strengthen its resilience and security,” the groups said in a joint letter to EU countries.

“Removing ownership controls and requirements for Protection Against Unlawful Access (PUA) and Immunity from Non-EU Laws (INL) ensures that cloud security improvements align with the best industry practices and principles of non-discrimination,” they said.

The groups said it was crucial for their members to have access to a diverse range of resilient cloud technologies tailored to their specific needs to thrive in an increasingly competitive global market.

Signatories to the letter include the American Chamber of Commerce to the EU in the Czech Republic, Estonia, Finland, Italy, Norway, Romania and Spain, as well as the European Federation of Payment Institutions.

Other signatories to the letter include the Czech Confederation of Industry, Dansk Industry (Denmark), Bundesverband deutscher Banken (Germany), Digital Poland Association, Irish lobby group IBEC, NL Digital (Netherlands) and the Spanish Start-up Association.

EU cloud service providers, such as Deutsche Telekom, Orange and Airbus, have pushed for sovereignty requirements to be included in the EUCS, fearing that third-country governments could gain illegal access to data from Europeans on the basis of their laws. (Reporting by Foo Yun Chee; Editing by Richard Chang)

-

-

NEXT Managing change in the face of employee resistance