European Industry Groups Warn Against Discriminatory EU Cloud Cybersecurity Rules
A coalition of 26 industry groups from across Europe has issued a stark warning against potential discrimination in the EU cybersecurity certification scheme, cautioning that it could unjustly impact major cloud service providers like Google, Microsoft and Amazon.
The warning aims to preserve a diverse array of cloud service options for EU-based organizations, following the recent rollback of stringent requirements in the EUCS framework. Initially drafted by ENISA in 2020, the EUCS requirements sought to ensure the protection of EU citizens’ data according to EU standards, even if the data were processed outside the bloc, such as in the United States.
A significant change occurred in March 2024 when the sovereignty requirements, which would have compelled US organizations to either form a joint venture within the EU or collaborate with an EU-based company for data storage and processing, were removed from the EUCS requirements. This adjustment was made in response to growing concerns about maintaining a competitive and open market for cloud services in Europe.
Related: New US Cybersecurity Strategy Advocates Tech Regulation
In a joint letter, the industry groups stated, “We believe that an inclusive and non-discriminatory EUCS that supports the free movement of cloud services in Europe will help our members prosper at home and abroad, contribute to Europe’s digital ambitions and strengthen its resilience and security.”
They further emphasized that “The removal of both ownership controls and Protection against Unlawful Access (PUA) / Immunity to Non-EU Law (INL) requirements ensures that cloud security improvements align with industry best practices and non-discriminatory principles.”
The cloud market is a multi-billion-euro industry with rapid growth anticipated within the EU. Therefore, the industry groups argue that maintaining a broad selection of cloud service providers is crucial for fostering innovation, economic growth and digital resilience.
However, not all stakeholders agree with these changes. Several prominent EU cloud providers, including Deutsche Telekom, Airbus and Orange, have expressed concerns about the potential risks posed by eliminating the sovereignty requirements. They argue that allowing non-EU entities unfettered access to EU data could lead to violations of EU data protection laws and unauthorized access to sensitive information under foreign jurisdictions.
Source: Tech Radar
Featured News
Big Tech Braces for Potential Changes Under a Second Trump Presidency
Nov 6, 2024 by
CPI
Trump’s Potential Shift in US Antitrust Policy Raises Questions for Big Tech and Mergers
Nov 6, 2024 by
CPI
EU Set to Fine Apple in First Major Enforcement of Digital Markets Act
Nov 5, 2024 by
CPI
Six Indicted in Federal Bid-Rigging Schemes Involving Government IT Contracts
Nov 5, 2024 by
CPI
Ireland Secures First €3 Billion Apple Tax Payment, Boosting Exchequer Funds
Nov 5, 2024 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Remedies Revisited
Oct 30, 2024 by
CPI
Fixing the Fix: Updating Policy on Merger Remedies
Oct 30, 2024 by
CPI
Methodology Matters: The 2017 FTC Remedies Study
Oct 30, 2024 by
CPI
U.S. v. AT&T: Five Lessons for Vertical Merger Enforcement
Oct 30, 2024 by
CPI
The Search for Antitrust Remedies in Tech Leads Beyond Antitrust
Oct 30, 2024 by
CPI