As the European Union inches closer to finalizing its cybersecurity certification scheme (EUCS) for cloud services, concerns are mounting among industry groups about potential discrimination against major U.S. tech companies. The EUCS, designed to guide governments and businesses in selecting secure and reliable cloud vendors, has been in the works since 2020. The scheme aims to bolster trust and security within the burgeoning cloud computing sector, which generates billions in annual revenue and is poised for continued double-digit growth.
On Monday, a coalition of 26 industry groups from across Europe issued a warning against the possibility of the EUCS discriminating against American tech giants such as Amazon (AMZN.O), Google (GOOGL.O), and Microsoft (MSFT.O). These companies, dominant players in the global cloud market, face potential hurdles under the proposed certification guidelines.
The European Commission, along with the EU cybersecurity agency ENISA and representatives from EU member states, are scheduled to convene on Tuesday to discuss the certification scheme. The EUCS has undergone several revisions since ENISA introduced its initial draft in 2020, reflecting ongoing debates about how best to ensure cybersecurity without stifling competition or innovation.
In a significant development, the March version of the proposal eliminated the previously contentious “sovereignty requirements.” These requirements had mandated that U.S. tech companies form joint ventures or collaborate with EU-based firms to handle and process customer data within the European Union to qualify for the highest tier of the cybersecurity label. Critics argued that such measures could unfairly disadvantage non-European companies and disrupt established business operations.
The industry groups’ statement underscores the importance of a balanced approach that ensures robust cybersecurity standards without creating barriers based on the geographic origin of service providers. They argue that an inclusive, non-discriminatory framework is essential for fostering innovation and competition in the cloud computing industry, ultimately benefiting consumers and businesses alike.
“The goal of the EUCS should be to enhance security and trust across the board, not to impose protectionist measures that could hinder market access for non-EU companies,” the statement read. “A fair and transparent certification process is crucial for maintaining a healthy and competitive cloud ecosystem.”
As the European Commission and ENISA deliberate on the final details of the EUCS, the pressure to find a middle ground that satisfies security concerns while promoting an open market is intensifying. The outcome of these discussions will have far-reaching implications for the global cloud computing landscape and the future of digital infrastructure in Europe.
The EU’s decision-makers are tasked with the challenging balance of safeguarding digital sovereignty and cybersecurity without alienating key industry players. The finalization of the EUCS will be a pivotal moment in the ongoing effort to secure Europe’s digital future while ensuring it remains an attractive destination for global tech investment.
