European Industry Groups Warn Against Discriminatory EU Cloud Cybersecurity Rules
A coalition of 26 industry groups from across Europe has issued a stark warning against potential discrimination in the EU cybersecurity certification scheme, cautioning that it could unjustly impact major cloud service providers like Google, Microsoft and Amazon.
The warning aims to preserve a diverse array of cloud service options for EU-based organizations, following the recent rollback of stringent requirements in the EUCS framework. Initially drafted by ENISA in 2020, the EUCS requirements sought to ensure the protection of EU citizens’ data according to EU standards, even if the data were processed outside the bloc, such as in the United States.
A significant change occurred in March 2024 when the sovereignty requirements, which would have compelled US organizations to either form a joint venture within the EU or collaborate with an EU-based company for data storage and processing, were removed from the EUCS requirements. This adjustment was made in response to growing concerns about maintaining a competitive and open market for cloud services in Europe.
Related: New US Cybersecurity Strategy Advocates Tech Regulation
In a joint letter, the industry groups stated, “We believe that an inclusive and non-discriminatory EUCS that supports the free movement of cloud services in Europe will help our members prosper at home and abroad, contribute to Europe’s digital ambitions and strengthen its resilience and security.”
They further emphasized that “The removal of both ownership controls and Protection against Unlawful Access (PUA) / Immunity to Non-EU Law (INL) requirements ensures that cloud security improvements align with industry best practices and non-discriminatory principles.”
The cloud market is a multi-billion-euro industry with rapid growth anticipated within the EU. Therefore, the industry groups argue that maintaining a broad selection of cloud service providers is crucial for fostering innovation, economic growth and digital resilience.
However, not all stakeholders agree with these changes. Several prominent EU cloud providers, including Deutsche Telekom, Airbus and Orange, have expressed concerns about the potential risks posed by eliminating the sovereignty requirements. They argue that allowing non-EU entities unfettered access to EU data could lead to violations of EU data protection laws and unauthorized access to sensitive information under foreign jurisdictions.
Source: Tech Radar
Featured News
Electrolux Fined €44.5 Million in French Antitrust Case
Dec 19, 2024 by
CPI
Indian Antitrust Body Raids Alcohol Giants Amid Price Collusion Probe
Dec 19, 2024 by
CPI
Attorneys Seek $525 Million in Fees in NCAA Settlement Case
Dec 19, 2024 by
CPI
Italy’s Competition Watchdog Ends Investigation into Booking.com
Dec 19, 2024 by
CPI
Minnesota Judge Approves $2.4 Million Hormel Settlement in Antitrust Case
Dec 19, 2024 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – CRESSE Insights
Dec 19, 2024 by
CPI
Effective Interoperability in Mobile Ecosystems: EU Competition Law Versus Regulation
Dec 19, 2024 by
Giuseppe Colangelo
The Use of Empirical Evidence in Antitrust: Trends, Challenges, and a Path Forward
Dec 19, 2024 by
Eliana Garces
Some Empirical Evidence on the Role of Presumptions and Evidentiary Standards on Antitrust (Under)Enforcement: Is the EC’s New Communication on Art.102 in the Right Direction?
Dec 19, 2024 by
Yannis Katsoulacos
The EC’s Draft Guidelines on the Application of Article 102 TFEU: An Economic Perspective
Dec 19, 2024 by
Benoit Durand