EU cybersecurity label for cloud computing vote pushed back once again

European Union technical background
(Image credit: Getty Images)

For some time the EU has been trying to figure out a label to award cloud service providers with strong cybersecurity to be used by governments and organizations within its borders.

However, establishing the exact requirements for cloud companies to qualify for this label has been a battle between robust regulations and ease of access.

To that effect, the vote on the draft EU cybersecurity certification scheme (EUCS) has now been shelved until at least May 2024 to allow further wrinkles to be ironed out, people familiar with the matter have said.

Penetrating the bureaucracy

The label was first proposed back in 2020 by cybersecurity agency ENISA as a way to safeguard sensitive data once it is transferred beyond the borders of the EU. However, recent amendments may revoke legal protections for EU data leaving the bloc.

Originally the proposed label would require cloud service providers such as Google, Amazon and Microsoft to embark on a joint venture with an EU based company or build their own data center within the bloc’s borders, so that EU data could be handled within the borders of the EU. But the latest version of the draft has since scrapped this requirement.

Critics of the move have said that by not requiring cloud service providers to store and process the data within the EU, non-EU companies could use their own laws to access the data, therefore violating EU data protection.

The vote that has been pushed back to May involves deliberation by cybersecurity, cloud and data experts, before the draft label moves on to deliberation by EU members and a final stamp of approval from the European Commission.

Last year, the EU and US agreed on a data privacy pipeline that would allow businesses to transfer data between Europe and the US rather than the costly bureaucratic alternative of establishing data centers in the EU. The UK later piggy-backed off this pipeline for its own data privacy transfers following its departure from the European Union.

Via Reuters

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focusing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.