EU cybersecurity label for cloud computing vote pushed back once again
Bureaucracy is plugging the cloud service plumbing
For some time the EU has been trying to figure out a label to award cloud service providers with strong cybersecurity to be used by governments and organizations within its borders.
However, establishing the exact requirements for cloud companies to qualify for this label has been a battle between robust regulations and ease of access.
To that effect, the vote on the draft EU cybersecurity certification scheme (EUCS) has now been shelved until at least May 2024 to allow further wrinkles to be ironed out, people familiar with the matter have said.
Penetrating the bureaucracy
The label was first proposed back in 2020 by cybersecurity agency ENISA as a way to safeguard sensitive data once it is transferred beyond the borders of the EU. However, recent amendments may revoke legal protections for EU data leaving the bloc.
Originally the proposed label would require cloud service providers such as Google, Amazon and Microsoft to embark on a joint venture with an EU based company or build their own data center within the bloc’s borders, so that EU data could be handled within the borders of the EU. But the latest version of the draft has since scrapped this requirement.
Critics of the move have said that by not requiring cloud service providers to store and process the data within the EU, non-EU companies could use their own laws to access the data, therefore violating EU data protection.
The vote that has been pushed back to May involves deliberation by cybersecurity, cloud and data experts, before the draft label moves on to deliberation by EU members and a final stamp of approval from the European Commission.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Last year, the EU and US agreed on a data privacy pipeline that would allow businesses to transfer data between Europe and the US rather than the costly bureaucratic alternative of establishing data centers in the EU. The UK later piggy-backed off this pipeline for its own data privacy transfers following its departure from the European Union.
Via Reuters
More from TechRadar Pro
- These are the best cloud storage services and best cloud backups
- Security breaches are causing more damage than ever before
- Take a look at our guide to the best cloud hosting providers
Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focusing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.