The EU wants to extend the scope of rules for cyber security certificates to a wider range of sectors. With the expansion, airlines and financial institutions will only be allowed to store data with certified cloud providers. Although the rules do not exactly match the term sovereign cloud, non-European cloud providers with a European sovereign cloud benefit from the proposal.
The European Union is proposing an expansion of the European Certification Scheme for Cloud Services (EUCS), part of the EU Cybersecurity Certification. Proposed by the EU cybersecurity agency, ENISA, these rules are going to impose certain rules on cloud services to offer their services to governments.
With the proposed expansion, European airlines and financial institutions could only purchase cloud services from these certified providers. Reuters knows this based on the latest proposed version of the EUCS.
Criteria for certification
The certificate assures that the cloud service complies with the imposed European rules, and it should be a sign of the security level of the service. Several criteria must be met to obtain a certificate. It could become obligatory for American tech giants to cooperate with a European company. But in another proposal, the cloud service should run and be managed locally, while EU laws related to the cloud service provider take precedence over non-EU laws.
A final version of the EUCS will follow after member states and the European Commission review the rules. The CCIA, a U.S. nonprofit advocacy organization for tech companies, has already responded to the preliminary proposal. The organization warns the legislation could be discriminatory toward non-European cloud providers.
European clouds
However, U.S. cloud providers already look prepared for the upcoming legislation by offering local data centres. A recent development in this is AWS’ European sovereign cloud. This operates independently of the AWS cloud and is managed, maintained and supported by European employees.
By the way, the sovereign cloud is a popular concept among cloud providers because it can keep data shielded from third parties without having the limitations of on-prem infrastructure. VMware, for example, also devoted much attention to the concept during VMware Explore.
Read also: VMware tells its competitors what a true sovereign cloud is
17 hours ago
