Unlock the Power of Cybersecurity: EU Certification Scheme Expansion on the Horizon
According to the latest draft of the rules, the European Union is contemplating expanding the range of proposed cybersecurity labelling regulations, which would impact not only Amazon, Alphabet’s Google, and Microsoft but also banks and airlines.
The EU plans to set up such a system as Big Tech expects the government cloud market to spur growth in the coming years, while the potential rise of artificial intelligence following the viral success of OpenAI’s ChatGPT could also boost demand for cloud services.
The latest proposal from the EU cybersecurity agency ENISA concerns the EU Certification System (EUCS), which guarantees the cybersecurity of cloud services and determines how governments and companies choose a supplier for their companies.
The document retains key provisions contained in previous drafts, such as the requirement that US tech giants must establish a joint venture with an EU-based company in order to obtain the EU’s cybersecurity label.
The second provision states that the cloud service must be operated and maintained from within the EU, while all customer data of the cloud service must be stored and processed within the EU, in which case EU laws take precedence over non-EU laws concerning the cloud service provider.
These obligations apply to the highest security level, which is four. The latest draft presents the possibility of extending these strict requirements to the third highest security level.
EU countries are currently reviewing the latest draft, after which the European Commission will approve the final system.
The tech lobby group CCIA said that expanding the scope would affect the wider industry.
“Perhaps the most striking part of this new draft is that ENISA now proposes that requirements that discriminate against foreign cloud service providers could be extended to lower levels of assurance,” said Alexandre Roure, head of public policy at CCIA Europe.
“This would include banks, but also airlines, utilities and heavily regulated sectors,” he said.
The European Banking Federation (EBF), together with the European Savings Banks Group (ESBG), the Association of European Financial Markets (AFME), the European Payment Institutions Federation (EPIF) and Insurance Europe criticized the autonomy claims on Tuesday.