EU cybersecurity label should not discriminate against Big Tech, European groups say
- Industry groups say it was crucial that their members have access to a diverse range of cloud technologies
A proposed cybersecurity certification scheme (EUCS) for cloud services should not discriminate against Amazon.com, Alphabet’s Google and Microsoft, 26 industry groups across Europe warned on Monday.
The European Commission, EU cybersecurity agency ENISA and EU countries will meet on Tuesday to discuss the scheme which has undergone several changes since ENISA unveiled a draft in 2020.
The EUCS aims to help governments and companies pick a secure and trusted vendor for their cloud computing business. The global cloud computing industry generate billions of euros in yearly revenue, with double-digit growth expected.
A March version scrapped so-called sovereignty requirements from a previous proposal, which required US tech giants to set up a joint venture or cooperate with an EU-based company to store and process customer data in the bloc to qualify for the highest level of the EU cybersecurity label.
“We believe that an inclusive and non-discriminatory EUCS that supports the free movement of cloud services in Europe will help our members prosper at home and abroad, contribute to Europe’s digital ambitions, and strengthen its resilience and security,” the groups said in a joint letter to EU countries.
“The removal of both ownership controls and Protection against Unlawful Access (PUA) / Immunity to Non-EU Law (INL) requirements ensures that cloud security improvements align with industry best practices and non-discriminatory principles,” they said.