By Foo Yun Chee
BRUSSELS (Reuters) – A proposed cybersecurity certification program (EUCS) for cloud services must not discriminate against Amazon (NASDAQ:), Alphabet’s Google (NASDAQ:) and Microsoft (NASDAQ:), 26 industry groups across Europe warned on Monday.
The European Commission, EU cybersecurity agency ENISA and EU countries will meet on Tuesday to discuss the plan, which has undergone several changes since ENISA unveiled a draft in 2020.
The EUCS aims to help governments and businesses choose a secure and trusted supplier for their cloud computing activities. The global cloud computing industry generates billions of euros in annual revenue, with double-digit growth expected.
A March version dropped so-called sovereignty requirements from an earlier proposal, which required US tech giants to set up a joint venture or partner with an EU-based company to store and process customer data in the bloc in order to qualify to achieve the highest level of the EU cybersecurity label.
“We believe that an inclusive and non-discriminatory EUCS that supports the free flow of cloud services in Europe will help our members thrive at home and abroad, contribute to Europe’s digital ambitions and strengthen Europe’s resilience and security” , the groups said in a joint letter to EU countries.
“Removing both ownership controls and Unlawful Access Protection (PUA) / Non-EU Law Immunity (INL) requirements ensures that cloud security improvements align with industry best practices and non-discriminatory principles,” they said.
The groups said it is critical that their members have access to a wide range of resilient cloud technologies tailored to their specific needs to thrive in an increasingly competitive global marketplace.
Signatories to the letter include the American Chamber of Commerce to the EU in the Czech Republic, Estonia, Finland, Italy, Norway, Romania and Spain, and the European Payment Institutions Federation.
Others who signed the letter include the Czech Confederation of Industry, Denmark’s Dansk Industry, Germany’s Bundesverband deutscher Banken, the Digital Poland Association, Irish business lobby group IBEC, the Netherlands’ NL Digital and the Spanish Start-up Association.
EU cloud providers such as Deutsche Telekom (OTC:), Orange and Airbus have pushed for sovereignty requirements in the EUCS over fears that non-EU governments could gain unlawful access to Europeans’ data under their laws.
