ENISA leans into EU-based clouds with draft cybersecurity label

2023-05-11 12:44

Cloud services providers that aren't based in Europe - like the Big Three - may have to team up with a cloud that is operated and maintained from the EU if they want ENISA's stamp of approval for handling sensitive data.

ENISA, the European Union's cybersecurity agency, is currently developing a cybersecurity certification scheme that aims to better protect member-state governments' and businesses' data.

This reportedly includes a new proposal that would require any non-European cloud providers to form a joint-venture with an EU-based provider if they want to earn a coveted ENISA cybersecurity label.

According to a draft of the new rules seen by Reuters, US cloud giants like Amazon, Microsoft and Google - or any other non-EU provider - can only have a minority stake in the joint venture.

Certified cloud services are operated only by companies based in the EU, with no entity from outside the EU having effective control over the CSP, to mitigate the risk of non-EU interfering powers undermining EU regulations, norms and values.

In a joint statement on the European Cybersecurity Certification Scheme for Cloud Services, the US Chamber and a dozen other international organizations urged EU countries "To refrain from adopting requirements of a political - rather than technical - nature, which would exclude legitimate cloud suppliers and would not enhance effective cybersecurity controls." .

News URL

https://go.theregister.com/feed/www.theregister.com/2023/05/11/eu_cybersecurity_label_scheme_faces/

#cloud #cybersecurity #enisa #EU