Priya PatelTLDR:
- The EU has dropped sovereignty requirements in their cyber security certification scheme for cloud services.
- This change may make it easier for companies like Amazon, Google, and Microsoft to bid for EU cloud computing contracts.
In a recent development, the European Union has decided to remove sovereignty requirements in their cyber security certification scheme for cloud services. The move is expected to make it easier for major tech companies like Amazon, Google, and Microsoft to bid for EU cloud computing contracts. The draft of the new regulations, seen by Reuters, shows that vendors no longer need to be independent from non-EU laws to qualify for the cyber security label.
Previously, the EU had struggled to agree on a cyber security certification scheme (EUCS) to ensure the cyber security of cloud services. The removal of sovereignty requirements comes as Big Tech companies are looking to tap into the lucrative government cloud market for growth opportunities. The EU’s concern about illegal state surveillance and the dominance of US cloud providers are also factors driving this change.
The revised draft now only requires cloud vendors to provide information about the location of data storage and processing, as well as applicable laws. This change has been welcomed by European banks, clearing houses, insurance groups, and startups who argued that technical provisions should be prioritized over political and sovereignty obligations.
EU countries are currently reviewing the updated draft, after which the European Commission will adopt a final scheme. This change is expected to have a significant impact on the landscape of EU cloud computing contracts and the involvement of major tech companies in the market.
