Hu Yun Qi
BRUSSELS (Reuters) – Twenty-six European industry associations warned on Monday that a proposed cybersecurity certification scheme for cloud services (EUCS) must not discriminate against Amazon, Alphabet Inc's Google and Microsoft.
The European Commission, the EU cybersecurity agency ENISA and EU countries are due to meet on Tuesday to discuss the regime, which has undergone several changes since ENISA published a draft in 2020.
EUCS aims to help governments and enterprises select the right secure and trusted vendors for their cloud computing business. The global cloud computing industry generates billions of euros in revenue per year and is expected to grow at double digit rates.
The March revision removed a so-called sovereignty requirement from an earlier proposal that would have required large U.S. tech companies to set up joint ventures or work with EU-based companies to store and process customer data in the EU in order to qualify for the highest level of the EU's cybersecurity label.
“We believe that a comprehensive and non-discriminatory EUCS supporting the free movement of cloud services across Europe will help Member States prosper at home and abroad, contribute to Europe's digital ambitions, and make Europe more resilient and secure,” the groups said in a joint letter to EU countries.
“Removing both the ownership control and Prevention of Unauthorized Access (PUA)/Independent Non-EU Law Exemptions (INL) requirements ensures that cloud security improvements are in line with industry best practice and non-discrimination principles,” they said.
The organisation said that to succeed in an increasingly competitive global marketplace, it is vital that its members have access to diverse, resilient cloud technologies tailored to their needs.
Signatories to the letter include the American Chamber of Commerce in the EU from the Czech Republic, Estonia, Finland, Italy, Norway, Romania and Spain, as well as the Federation of European Payment Institutions.
Other organisations that signed the letter include the Confederation of Czech Industry, Denmark's Dansk Industrie, Germany's Association of Deutsche Banks, the Polish Digital Association, Irish business lobby IBEC, the Netherlands' NL Digital and the Spanish Startup Association.
EU cloud vendors such as Deutsche Telekom, Orange and Airbus have been pushing for the introduction of sovereignty requirements in the EUCS due to concerns that non-EU governments could unlawfully access Europeans' data based on their own national laws.
(Reporting by Hu Yun Qi; Editing by Richard Chang)