European Cybersecurity Label Should Not Discriminate Against Big Tech, Say Industry Groups
BRUSSELS (Bloomberg) – The European Commission, EU cybersecurity agency ENISA, and EU member states are set to discuss a proposed cybersecurity certification scheme (EUCS) for cloud services on Tuesday. The scheme aims to ensure secure and trusted vendors for cloud computing, vital for both governments and businesses.
26 industry groups across Europe have voiced concerns, emphasizing that the EUCS should not discriminate against major U.S. tech companies like Amazon, Alphabet’s Google, and Microsoft. The global cloud computing industry generates billions of euros annually, with expectations of double-digit growth.
A March revision eliminated previous sovereignty requirements, which mandated that U.S. tech giants form joint ventures or collaborate with EU-based firms to handle data within the EU to achieve the highest cybersecurity label.
“We believe that an inclusive and non-discriminatory EUCS supporting the free movement of cloud services in Europe will boost our members at home and abroad, enhance Europe’s digital goals, and fortify its resilience and security,” stated the groups in a joint letter to EU member states. “The removal of both ownership controls and Protection against Unlawful Access (PUA) / Immunity to Non-EU Law (INL) requirements align with industry best practices and non-discriminatory principles.”
The groups stressed the importance of providing access to a diverse range of resilient cloud technologies tailored to their unique needs in an increasingly competitive global market.
Signatories to the Letter
Signatories of the letter include prominent industry associations such as:
- American Chamber of Commerce to the EU in the Czech Republic, Estonia, Finland, Italy, Norway, Romania, and Spain
- European Payment Institutions Federation
- Czech Confederation of Industry
- Denmark’s Dansk Industry
- Germany’s Bundesverband deutscher Banken
- Digital Poland Association
- Irish business lobby group IBEC
- Netherlands' NL Digital
- Spanish Start-up Association
Push for Sovereignty Requirements
On the other side, EU cloud vendors like Deutsche Telekom, Orange, and Airbus have advocated for maintaining sovereignty requirements in the EUCS. They express concerns that non-EU governments could gain unlawful access to European data due to their domestic laws.
