EU mulls wider scope for cybersecurity certification scheme - paper

By Foo Yun Chee

FILE PHOTO: European Union flags fly outside the European Commission in Brussels, Belgium November 8, 2023. REUTERS/Yves Herman/File Photo

BRUSSELS (Reuters) - The European Union is considering broadening the scope of proposed cybersecurity labelling rules that would affect not just Amazon, Alphabet's Google and Microsoft but also banks and airlines, according to the latest draft of the rules.

The EU move to set up such a system comes as Big Tech looks to the government cloud market to drive growth in the coming years while a potential boom in artificial intelligence after the viral success of OpenAI's ChatGPT could also boost demand for cloud services.

The latest proposal from EU cybersecurity agency ENISA concerns an EU certification scheme (EUCS) which vouches for the cybersecurity of cloud services and determines how governments and companies in the bloc select a vendor for their business.

The document retains key provisions contained in earlier drafts such as a requirement that U.S. tech giants set up a joint venture with an EU-based company to qualify for the EU cybersecurity label.

Another provision states that cloud service must be operated and maintained from the EU, while all cloud service customer data must be stored and processed in the EU, with EU laws taking precedence over non-EU laws regarding the cloud service provider.

These obligations apply to the highest security level, of which there are four. The latest draft sets out the possibility for these tough requirements to be extended to the third highest security level.

EU countries are now reviewing the latest draft after which the European Commission will adopt a final scheme.

Tech lobbying group CCIA said broadening the scope would affect a bigger swath of industries.

"Perhaps the most striking part of this new draft is that ENISA now suggests the requirements that discriminate against foreign cloud providers could also be extended to lower levels of assurance," said Alexandre Roure, CCIA Europe's public policy director.

"That would include banks, but also airlines, utility companies, and heavily regulated sectors," he said.

The European Banking Federation (EBF), together with the European Savings Banks Group (ESBG), the Association for Financial Markets in Europe (AFME), the European Payment Institutions Federation (EPIF), and Insurance Europe on Tuesday criticsed the sovereignty requirements.

(Reporting by Foo Yun Chee; editing by Jonathan Oatis)

×
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Report it to us.

Next In Tech News
Fisker seeks judge's approval to sell Ocean EVs at $14,000 per SUV
ASML expansion in Veldhoven can proceed, Dutch court rules
Exclusive-Indian officials visit Foxconn iPhone plant, question executives about hiring
Man uses AI to undress teen girl and is now facing child porn charges, Texas cops say
AI is learning from what you said on Reddit, Stack Overflow or Facebook. Are you OK with that?
Teo: 5G coverage in populated areas nationwide now 81.7%
Seattle plastic surgery provider accused of posting fake positive reviews must pay US$5mil
Google greenhouse gas emissions grow as it powers AI
FTC says US gig company misled consumers about how much money they could make on its platform
AI deals lift US venture capital funding to highest level in two years, data shows

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.