An agreement on the pending EUCS system could be reached as early as the end of May.
advertisement
France's request for legal clarification regarding the pending Cybersecurity Certification for Cloud Services (EUCS) has been rejected by the Council of the European Union, a French spokesperson told Euronews.
The French request, sent in mid-April, follows the certification drafted by the EU's cyber agency ENISA, which allows companies to demonstrate that certified ICT solutions provide an appropriate level of cybersecurity protection for the EU market. It blocked an agreement between governments on the scheme.
France called for clarification on how the adoption of the EUCS will affect the future of national plans. The country has its own national security qualification, SecNumCloud, developed by the French National Cyber ​​Security Agency (ANSSI), designed to ensure the robustness of cloud solutions against the increasing number of cyber-attacks.
A Council spokesperson said the expert group in charge of working on the certification system is not the Council's preparatory body, but a technical expert group established by the European Commission that deals more generally with the implementation of cyber regulations. said. Therefore, the Council's legal department cannot intervene to give an opinion on the bill.
deadlock
Discussions regarding voluntary certification of cloud services have been ongoing for the past three years, since the European Commission requested ENISA to prepare a voluntary certification system for cloud services in 2019.
The EUCS could now be approved at an informal expert group meeting as early as May or June, when a formal meeting is scheduled for as early as May or June. Attempts to reach an agreement last month failed despite a new draft of ENISA aimed at breaking the deadlock in negotiations.
The latest document omitted the so-called sovereignty requirement. France previously attempted to introduce such a requirement in a document aimed at excluding non-EU cloud companies from qualifying for the best security option. The proposal was strongly resisted by several EU countries and the industry, which perceived it as a protectionist move.
Last month (April 10), EU companies including aircraft maker Airbus and telecoms companies Orange and Deutsche Telekom wrote an open letter to the EU's 27 member states calling on them to include sovereignty requirements in their proposals.
French cybersecurity authorities did not respond to requests for comment in time for publication.
