Ahead of a pivotal meeting on Tuesday, 26 European industry groups have raised concerns over potential discrimination in the proposed EU cybersecurity certification scheme (EUCS) for cloud services.
The scheme, which is set to help governments and companies select secure cloud computing vendors, should not unfairly target U.S. tech giants such as Amazon, Google, and Microsoft, the groups warned.
The European Commission, along with the EU cybersecurity agency ENISA and member states, will deliberate on the EUCS that has seen several revisions since its initial draft in 2020.
The certification aims to bolster trust in cloud service providers and is seen as a key driver for the industry that generates billions annually and is poised for robust growth.
The March draft of the EUCS removed ‘sovereignty requirements’ that mandated American companies to partner with EU-based firms for data storage and processing within the bloc to achieve the highest cybersecurity label.
The industry groups, in a joint letter, expressed their support for an inclusive EUCS that adheres to non-discriminatory principles and aligns with industry best practices. They emphasized the importance of access to a variety of resilient cloud technologies to remain competitive globally.
Signatories include influential chambers of commerce across several EU countries and sector-specific associations representing payment institutions, industries, banks, digital businesses, and startups.
Data Sovereignty Debate
The debate around data sovereignty has been intense, with EU cloud vendors like Deutsche Telekom, Orange, and Airbus advocating for stringent requirements to prevent non-EU governments from accessing Europeans’ data unlawfully.
As discussions continue, the outcome will have significant implications for the cloud computing landscape in Europe and beyond.