Tech | Visa | Scholarship/School | Info Place

EU cybersecurity certification draft paves way for U.S. tech giants

The European Union’s latest draft cybersecurity certification could pave the way for Amazon, Google and Microsoft to more easily win cloud computing contracts within the bloc. According to a recent report by Router, this development stems from the removal of a controversial requirement from the draft rules that previously required suppliers to be independent from non-EU legal jurisdictions. The change could have far-reaching implications for how cloud services are procured and secured across the EU, balancing the drive for cybersecurity with the reality of global technology dominance.

The European Union has long been committed to establishing a comprehensive cybersecurity certification scheme (EUCS) aimed at ensuring the cybersecurity integrity of cloud services. Such a program is critical for both government and private entities in the EU, helping them select secure and trustworthy vendors for their cloud computing needs. The stakes are high as the dominance of U.S. tech giants in the cloud sector raises concerns about potential illegal state surveillance and the clampdown on emerging EU cloud providers.

Shifts in EU cybersecurity certification requirements

Initially, the draft demands circulated by EU governments proposed strict “sovereignty claims.” These include forcing U.S. tech companies to form joint ventures with EU counterparts and localize the storage and processing of customer data within the EU in order to obtain the coveted EU cybersecurity label. However, the approach has faced strong opposition from various sectors across Europe, including banks, insurance groups and startups. Critics argue that the focus should be on technical cybersecurity measures rather than political or sovereignty considerations.

The latest draft on March 22 reflects a shift away from these earlier claims. Rather than requiring independence from non-EU laws or forcing data localization within the EU, the revised rules simply require cloud service providers to disclose where customer data is stored and processed and any applicable laws. This adjustment could significantly lower barriers for Amazon, Google and Microsoft, allowing them to participate more freely in the EU cloud computing market without the need for complex legal restructuring or data localization measures.

EU countries are currently reviewing the updated draft, which will eventually be formalized by the European Commission. The move signals a pragmatic approach to cybersecurity that recognizes the global nature of cloud computing services while still striving to protect the data and interests of EU citizens and businesses.

#cybersecurity #certification #draft #paves #U.S #tech #giants

Leave a Reply

Your email address will not be published. Required fields are marked *