EU Drops Sovereignty Requirements in Cybersecurity Certification Scheme, Reuters Reveals

According to the latest reports coming from Reuters, the EU is dropping the sovereignty requirements in the cybersecurity certification scheme. Here are the new details.

EU makes new move regarding cybersecurity

Amazon, Google, and Microsoft may find it easier to bid for EU cloud computing contracts after draft cybersecurity labeling rules scrapped a requirement that vendors should be independent of non-EU laws, according to the document seen by Reuters.

The EU has yet to agree on a cybersecurity certification scheme (EUCS) for cloud services, which would aid in selecting a secure vendor.

Big Tech companies are focusing on the government cloud market to boost their growth.

However, the European Union is concerned about illegal state surveillance, and some governments worry that the dominance of American cloud providers may hinder the growth of European competitors.

In one draft proposal shared with EU governments last year, U.S. tech giants were required to form a joint venture with a company based in the EU and store and process customer data within the bloc to be eligible for the EU cybersecurity label.

The proposed rules regarding data sovereignty obligations have received negative feedback from European banks, clearing houses, insurance groups, and startups.

They argued that technical provisions should take precedence over political and sovereignty obligations.

However, in the latest draft dated March 22, such requirements have been removed.

Cloud vendors are now only required to provide information related to the location of the storage and processing of their customers’ data and applicable laws.

EU countries are currently reviewing the revised draft. The European Commission will adopt a final scheme afterwards. The EU executive did not provide a comment in response to a request.

Euractiv notes that “Rather than introducing stringent sovereignty requirements that could serve to make European commerce less competitive and less safe, what is critically needed is for policymakers to look again at the cloud solutions used every day by European businesses and ensure that they will continue to be able to be used in the future.”

Rada Mateescu
I'm hungry for truth, thirsty to learn, and eager to share. At Optic Flux, my goal is to deliver breaking juicy health, financial, and tech/science-related content. I focus on all that's meaningful and impactful for my readers.