New EU cloud security rules might discriminate against big firms, tech giants warn

The battle for EU data protection continues

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A number of industry groups across Europe have warned that the EUCS cybersecurity certification scheme should not discriminate against cloud giants such asGoogle,MicrosoftandAmazon.

The warning from a total of 26 industry groups looks to ensure a wide range of cloud service providers remain available to EU based organizations, with previous EUCS requirements being scrapped or weakened.

In March 2024, thesovereignty requirements, which would have pushed US organizations to establish a joint venture within the EU or team up with an EU based company for customer data storage and processing, was taken out of the EUCS requirements.

Regulation vs competition

The EUCS requirements were originally drafted in 2020 by ENISA as a way to protect the data of EU citizens to the same EU standard if their data were to leave the bloc, to be processed in the US for example. The cloud market is a multi-billion euro industry, and rapid growth has been forecasted within the EU.

A joint letter written by the 26 industry groups stated, “We believe that an inclusive and non-discriminatory EUCS that supports the free movement of cloud services in Europe will help our members prosper at home and abroad, contribute to Europe’s digital ambitions, and strengthen its resilience and security.”

“The removal of both ownership controls and Protection against Unlawful Access (PUA) / Immunity to Non-EU Law (INL) requirements ensures that cloud security improvements align with industry best practices and non-discriminatory principles.”

A number of EU cloud providers including Deutsche Telekom, Airbus, and Orange, have pushed back against the scrapping of the sovereignty requirements, believing that non-EU countries could use their own laws to violate EU data protection and gain access to the data.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaReuters

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

LG Electronics sets ambitious B2B revenue goal to offset declining consumer demand

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics