Brussels, June 17, 2024, The Europe Today: A coalition of 26 industry groups across Europe has raised concerns about the proposed European Cybersecurity Certification Scheme (EUCS) for cloud services, cautioning against potential discrimination towards major U.S. tech companies, including Amazon, Alphabet’s Google, and Microsoft.
In a joint letter addressed to EU countries on Monday, the groups emphasized that the scheme should support the free movement of cloud services within Europe and not impose restrictive measures that could hinder international competition.
The European Commission, the EU cybersecurity agency ENISA, and EU member states are set to discuss the EUCS on Tuesday. The scheme, which has undergone several revisions since ENISA first introduced a draft in 2020, is designed to assist governments and businesses in selecting secure and trusted cloud service providers. The global cloud computing market is a lucrative industry, generating billions of euros in annual revenue with expectations of continued double-digit growth.
A significant change in the March version of the EUCS was the removal of sovereignty requirements from a previous proposal. These requirements would have mandated U.S. tech giants to establish joint ventures or collaborate with EU-based companies to store and process customer data within the EU to qualify for the highest level of the EU cybersecurity label.
“We believe that an inclusive and non-discriminatory EUCS that supports the free movement of cloud services in Europe will help our members prosper at home and abroad, contribute to Europe’s digital ambitions, and strengthen its resilience and security,” the industry groups stated in their letter.
They further noted, “The removal of both ownership controls and Protection against Unlawful Access (PUA) / Immunity to Non-EU Law (INL) requirements ensures that cloud security improvements align with industry best practices and non-discriminatory principles.”
The groups stressed the importance of access to a diverse range of resilient cloud technologies tailored to specific needs, which is essential for thriving in an increasingly competitive global market.
Signatories of the letter include the American Chamber of Commerce to the EU from several countries, the European Payment Institutions Federation, the Czech Confederation of Industry, Denmark’s Dansk Industry, Germany’s Bundesverband deutscher Banken, the Digital Poland Association, Irish business lobby group IBEC, the Netherlands’ NL Digital, and the Spanish Start-up Association, among others.
Meanwhile, some EU cloud vendors, such as Deutsche Telekom, Orange, and Airbus, have advocated for sovereignty requirements in the EUCS, expressing concerns that non-EU governments might gain unlawful access to Europeans’ data under their laws.
As the discussions progress, the balance between ensuring robust cybersecurity standards and maintaining an open, competitive market will be pivotal for the future of cloud services in Europe.