The EU is contemplating the need to widen scope of cybersecurity regulation to impact Big Tech, banks, and airlines as more companies move to the cloud to drive innovation.
The EU Union Agency for Cybersecurity (ENISA), has proposed a new EU certification scheme (EUCS) that highlights the cybersecurity of the cloud and outlines how businesses and governments can choose cloud vendors. The proposal requires US tech giants such as Amazon, Alphabet’s Google, and Microsoft to set up ventures with EU-based companies in order to gain a EU cybersecurity label.
The draft includes obligations for cloud operations at four security levels, the fourth being the highest. In the third and fourth security levels there will likely be strict requirements for cloud services to be operated within the EU, with data being stored and processed in the EU, and the cloud service provider requiring to follow EU regulation.
The Computer and Communications Industry Association (CCIA), a tech lobbying group, stated that extending the scope of the scheme will bring in more industries into the EU and bolster growth.
"Perhaps the most striking part of this new draft is that ENISA now suggests the requirements that discriminate against foreign cloud providers could also be extended to lower levels of assurance," commented Alexandre Roure, CCIA Europe's public policy director. "That would include banks, but also airlines, utility companies, and heavily regulated sectors.”
The European Commission is now reviewing the draft to adopt the scheme.