US warns EU on exclusion of cloud service providers
2022.12.01 03:49
US warns EU on exclusion of cloud service providers
Budrigannews.com – The European Union was urged on Thursday by the U.S. Chamber of Commerce and 12 other organizations not to adopt rules that could exclude Amazon (NASDAQ:),NASDAQ: AlphabetMicrosoft and Google (NASDAQ:) and additional European market providers of non-EU cloud services.
In a joint industry statement that was seen by Reuters, the Chamber, the National Foreign Trade Council, the Japan Association of New Economy, techUK, the Latin American Internet Association, and the Computer & Communications Industry Association, among others, expressed their concerns.
Early on Thursday, the statement was sent to relevant European Commission Commissioners, national governments, the EU cybersecurity agency ENISA, and EU lawmakers.
A draft proposal from ENISA for an EU certification scheme certifying cloud service cybersecurity is at issue. This proposal would determine which cloud service vendor governments and businesses in the bloc choose.
The requirements for a certified cloud service provider (CSP) in ENISA’s May draft, which was seen by Reuters, are intended to limit and prevent interference from non-EU states with the operation of certified cloud services.
The document stated that the “registered head office and global headquarters of the CSP shall be established in a member state of the EU.”
All customer data for cloud services would have to be stored and processed in the EU, and EU laws would take precedence over those of non-EU nations, including those with extraterritorial measures.
According to the Chamber and the other groups, the EU should avoid adopting political rather than technical requirements because doing so would exclude legitimate cloud suppliers and would not improve effective cybersecurity controls.
They stated, “These EUCS (EU draft) requirements appear to be designed to ensure that non-EU suppliers cannot access the EU market on an equal footing, preventing European industries and governments from fully benefiting from the offerings of these global suppliers.”
They stated, “European cloud providers could see their own opportunities in non-EU markets dwindle if other countries were to pursue similar policies.”
Additionally, the groups questioned whether the plan adhered to the obligations stipulated in the EU’s
Government Procurement Agreement and the General Agreement on Trade in Services of the World Trade Organization.
The voluntary scheme consists of three levels, according to ENISA, which declined to comment on the draft document.
“The highest level is intended to only be used in a small number of use cases that require the highest level of security (such as highly sensitive government applications and highly critical infrastructure applications), for which non-EU laws will need to be protected in some way.”Not all cloud services,” according to a spokesperson.
She stated, “EnISA is proposing two certification levels for assurance level ‘high,’ in order to cater for the different needs identified in the European industry and member states, after consulting with the European Commission.”
In September, ENISA sent a revised proposal to the Commission for discussion, which may result in modifications before a final text is adopted.
“No decision has yet been made in the ongoing discussions for a balanced approach.A representative of the EU executive stated, “The scheme should be completely in line with EU law and the EU’s international commitments, including trade.”
The size of the worldwide government cloud market is supposed to reach $71.2 billion by 2027 from $27.6 billion out of 2021, as indicated by statistical surveying firm Imarc Gathering.In recent years, cloud computing has emerged as a significant growth engine for Big Tech.
