New EU cloud security rules might discriminate against big firms, tech giants warn

Digital clouds against a blue background.
(Image credit: Shutterstock / Blackboard)

A number of industry groups across Europe have warned that the EUCS cybersecurity certification scheme should not discriminate against cloud giants such as Google, Microsoft and Amazon.

The warning from a total of 26 industry groups looks to ensure a wide range of cloud service providers remain available to EU based organizations, with previous EUCS requirements being scrapped or weakened.

In March 2024, the sovereignty requirements, which would have pushed US organizations to establish a joint venture within the EU or team up with an EU based company for customer data storage and processing, was taken out of the EUCS requirements.

 Regulation vs competition

The EUCS requirements were originally drafted in 2020 by ENISA as a way to protect the data of EU citizens to the same EU standard if their data were to leave the bloc, to be processed in the US for example. The cloud market is a multi-billion euro industry, and rapid growth has been forecasted within the EU.

A joint letter written by the 26 industry groups stated, “We believe that an inclusive and non-discriminatory EUCS that supports the free movement of cloud services in Europe will help our members prosper at home and abroad, contribute to Europe's digital ambitions, and strengthen its resilience and security.”

“The removal of both ownership controls and Protection against Unlawful Access (PUA) / Immunity to Non-EU Law (INL) requirements ensures that cloud security improvements align with industry best practices and non-discriminatory principles.”

A number of EU cloud providers including Deutsche Telekom, Airbus, and Orange, have pushed back against the scrapping of the sovereignty requirements, believing that non-EU countries could use their own laws to violate EU data protection and gain access to the data.

Via Reuters

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focussing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.