EU cybersecurity label should not discriminate against Big Tech, European groups say
By Foo Yun Chee
BRUSSELS (Reuters) - A proposed cybersecurity certification scheme (EUCS) for cloud services should not discriminate against Amazon, Alphabet's Google and Microsoft, 26 industry groups across Europe warned on Monday.
The European Commission, EU cybersecurity agency ENISA and EU countries will meet on Tuesday to discuss the scheme which has undergone several changes since ENISA unveiled a draft in 2020.
The EUCS aims to help governments and companies pick a secure and trusted vendor for their cloud computing business. The global cloud computing industry generate billions of euros in yearly revenue, with double-digit growth expected.
A March version scrapped so-called sovereignty requirements from a previous proposal, which required U.S. tech giants to set up a joint venture or cooperate with an EU-based company to store and process customer data in the bloc in order to qualify for the highest level of the EU cybersecurity label.
"We believe that an inclusive and non-discriminatory EUCS that supports the free movement of cloud services in Europe will help our members prosper at home and abroad, contribute to Europe's digital ambitions, and strengthen its resilience and security," the groups said in a joint letter to EU countries.
"The removal of both ownership controls and Protection against Unlawful Access (PUA) / Immunity to Non-EU Law (INL) requirements ensures that cloud security improvements align with industry best practices and non-discriminatory principles," they said.
The groups said it was crucial that their members have access to a diverse range of resilient cloud technologies tailored to their specific needs to thrive in an increasingly competitive global market.
Signatories to the letter include the American Chamber of Commerce to the EU in the Czech Republic, Estonia, Finland, Italy, Norway, Romania and Spain, and the European Payment Institutions Federation.
Others which signed the letter include the Czech Confederation of Industry, Denmark's Dansk Industry, Germany's Bundesverband deutscher Banken, the Digital Poland Association, Irish business lobby group IBEC, the Netherlands' NL Digital and the Spanish Start-up Association.
EU cloud vendors such as such as Deutsche Telekom, Orange and Airbus have pushed for sovereignty requirements in the EUCS on fears that non-EU governments may get unlawful access to Europeans' data on the basis of their laws.
(Reporting by Foo Yun Chee; Editing by Richard Chang)