EU mulls wider scope for cybersecurity certification scheme

The European Union is considering broadening the scope of proposed cybersecurity labelling rules that would affect not just Amazon, Alphabet’s Google and Microsoft but also banks and airlines, according to the latest draft of the rules. The latest proposal from EU cybersecurity agency ENISA concerns an EU certification scheme (EUCS) which vouches for the cybersecurity of cloud services and determines how governments and companies in the bloc select a vendor for their business. The document retains key provisions contained in earlier drafts such as a requirement that U.S. tech giants set up a joint venture with an EU-based company to qualify for the EU cybersecurity label.

Another provision states that the cloud service must be operated and maintained from the EU, while all cloud service customer data must be stored and processed in the EU, with EU laws taking precedence over non-EU laws regarding the cloud service provider. These obligations apply to the highest security level, of which there are four. EU countries are now reviewing the latest draft after which the European Commission will adopt a final scheme. Tech lobbying group CCIA said broadening the scope would affect a bigger swath of industries, such as banks, airlines, and heavily regulated sectors. The European Banking Federation and other financial institutions have criticized the sovereignty requirements.

EU mulls wider scope for cybersecurity certification scheme – Detail Points

– The European Union is considering expanding proposed cybersecurity labelling rules to include banks and airlines, not just tech giants like Amazon, Google, and Microsoft
– The move comes as Big Tech looks to the government cloud market for growth and potential demand for cloud services from the boom in artificial intelligence
– The latest proposal concerns an EU certification scheme for cybersecurity of cloud services, determining how governments and companies in the EU select a vendor
– The draft includes provisions for U.S. tech giants to set up a joint venture with an EU-based company to qualify for the EU cybersecurity label
– Cloud service operations and maintenance must be from the EU, with customer data stored and processed in the EU and subject to EU laws
– The requirements apply to the highest security level, with the possibility for tough requirements to be extended to the third highest security level
– EU countries are reviewing the latest draft, after which the European Commission will adopt a final scheme
– The broadening of scope would affect industries beyond tech, including banks, airlines, utility companies, and heavily regulated sectors
– Some groups, such as the European Banking Federation, have criticized the sovereignty requirements in the proposal.

What is the latest draft of the EU cybersecurity labelling rules proposing?

The latest draft of the rules is proposing to broaden the scope to affect not just Amazon, Google, and Microsoft, but also banks and airlines.

What is the EU move to set up such a system in response to?

The EU move to set up such a system comes as Big Tech looks to the government cloud market to drive growth in the coming years and a potential boom in artificial intelligence after the viral success of OpenAI’s ChatGPT.

What does the latest proposal from EU cybersecurity agency ENISA concern?

The latest proposal concerns an EU certification scheme (EUCS) which vouches for the cybersecurity of cloud services and determines how governments and companies in the bloc select a vendor for their business.

What are some of the key provisions contained in the latest draft?

Some key provisions include a requirement for U.S. tech giants to set up a joint venture with an EU-based company to qualify for the EU cybersecurity label, and obligations for cloud service to be operated and maintained from the EU, with all customer data stored and processed in the EU.

jaypal2 Avatar

Leave a Reply

Your email address will not be published. Required fields are marked *

Liyana Parker

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.