EU considers expanding cyber security certification program to include more areas – Security

Blog
EU considers expanding cyber security certification program to include more areas – Security

The proposed cyber security labelling rules in the European Union may have a wider scope than originally anticipated. In addition to Amazon, Google, and Microsoft, these rules could also impact banks and airlines, according to the latest draft of the rules.

EU mulls wider scope for cyber security certification scheme


The EU is taking this step as Big Tech companies seek to enter the government cloud market for future growth. Additionally, the recent popularity of OpenAI’s ChatGPT and the potential for artificial intelligence could increase demand for cloud services.

The latest proposal from the EU cybersecurity agency, ENISA, focuses on an EU certification scheme (EUCS) that guarantees the cybersecurity of cloud services. It determines how governments and companies in the European Union choose their vendors.

The document maintains key provisions from previous drafts, including a requirement for US tech giants to form a joint venture with a company based in the EU in order to obtain the EU cybersecurity label.

Other provisions state that cloud services must be operated and maintained within the EU. Additionally, all customer data processed and stored must be within the EU, with EU laws taking precedence over non-EU laws concerning the cloud service provider.

These obligations apply to the highest security level, with four levels in total. The latest draft allows for the possibility of extending these strict requirements to the third highest security level as well.

The latest draft is currently under review by EU countries. After this, the European Commission will finalize the scheme.

The potential broadening of the scope has raised concerns from the tech lobbying group CCIA, as it would have a larger impact on various industries. Alexandre Roure, CCIA Europe’s public policy director, highlighted the possibility that requirements discriminating against foreign cloud providers could also be extended to lower levels of assurance, affecting sectors such as banks, airlines, utility companies, and heavily regulated industries.

Last week, the European Banking Federation (EBF) along with other financial groups criticized the sovereignty requirements.

Unlock your business potential with our expert guidance. Get in touch now!

Contact us
AI & Neural Networks Applications Big Data and Data Analysis Blockchain Cloud Computing and Services Digital Marketing in IT Digital Transformation E-commerce Technologies GLOBUS.studio IT Consulting and Strategies IT for Businesses IT Security and Cybersecurity Learning Mobile Development News Project Management SaaS Solutions SEO/SMO/SMM Software Development Technologies Uncategorised UX/UI Web Development
IT-sustainability-think-tank-hero.jpg

Navigating the Complexities of IT Equipment Capacity: Insights from the IT Sustainability Think Tank

  • News, Uncategorised
tr62123-trello-v-jira.png

Trello vs Jira: Determining the Winner by 2024

  • News
EU-flag-european-union-2-adobe.jpg

Platform worker directive approved by European Parliament

  • News, Uncategorised
tr_20240427-confluence-vs-notion.jpg

Which tool should be chosen?

  • News
chess-strategy-game-intelligence-2-adobe.jpeg

Datacentre investments crucial for Microsoft’s AI leadership, says company

  • News, Uncategorised
AdobeStock_598391382_Editorial_Use_Only.jpg

5% Reduction in Microsoft Security Vulnerabilities in 2023

  • News
Security-Think-Tank-hero.jpg

Security Think Tank: Exploring the Possibility of Negotiating with Terrorists

  • News, Uncategorised

Explore More

Your Gateway to Useful Resources