EU Cybersecurity Label Risks Unfair Bias Against Big Tech

Lilu Anderson
Photo: Finoracle.net

European Cybersecurity Label Should Not Discriminate Against Big Tech, Say Industry Groups

BRUSSELS (Bloomberg) – The European Commission, EU cybersecurity agency ENISA, and EU member states are set to discuss a proposed cybersecurity certification scheme (EUCS) for cloud services on Tuesday. The scheme aims to ensure secure and trusted vendors for cloud computing, vital for both governments and businesses.

26 industry groups across Europe have voiced concerns, emphasizing that the EUCS should not discriminate against major U.S. tech companies like Amazon, Alphabet’s Google, and Microsoft. The global cloud computing industry generates billions of euros annually, with expectations of double-digit growth.

A March revision eliminated previous sovereignty requirements, which mandated that U.S. tech giants form joint ventures or collaborate with EU-based firms to handle data within the EU to achieve the highest cybersecurity label.

“We believe that an inclusive and non-discriminatory EUCS supporting the free movement of cloud services in Europe will boost our members at home and abroad, enhance Europe’s digital goals, and fortify its resilience and security,” stated the groups in a joint letter to EU member states. “The removal of both ownership controls and Protection against Unlawful Access (PUA) / Immunity to Non-EU Law (INL) requirements align with industry best practices and non-discriminatory principles.”

The groups stressed the importance of providing access to a diverse range of resilient cloud technologies tailored to their unique needs in an increasingly competitive global market.

Signatories to the Letter

Signatories of the letter include prominent industry associations such as:

  • American Chamber of Commerce to the EU in the Czech Republic, Estonia, Finland, Italy, Norway, Romania, and Spain
  • European Payment Institutions Federation
  • Czech Confederation of Industry
  • Denmark’s Dansk Industry
  • Germany’s Bundesverband deutscher Banken
  • Digital Poland Association
  • Irish business lobby group IBEC
  • Netherlands' NL Digital
  • Spanish Start-up Association

Push for Sovereignty Requirements

On the other side, EU cloud vendors like Deutsche Telekom, Orange, and Airbus have advocated for maintaining sovereignty requirements in the EUCS. They express concerns that non-EU governments could gain unlawful access to European data due to their domestic laws.

Link here for further details on the EUCS discussion.

Share This Article
Lilu Anderson is a technology writer and analyst with over 12 years of experience in the tech industry. A graduate of Stanford University with a degree in Computer Science, Lilu specializes in emerging technologies, software development, and cybersecurity. Her work has been published in renowned tech publications such as Wired, TechCrunch, and Ars Technica. Lilu’s articles are known for their detailed research, clear articulation, and insightful analysis, making them valuable to readers seeking reliable and up-to-date information on technology trends. She actively stays abreast of the latest advancements and regularly participates in industry conferences and tech meetups. With a strong reputation for expertise, authoritativeness, and trustworthiness, Lilu Anderson continues to deliver high-quality content that helps readers understand and navigate the fast-paced world of technology.