Share this article on:
A vote to decide whether a draft cyber security label allowing major US tech giants to enter EU cloud computing contracts has been delayed a month as deliberation on specifics continues, according to new reports.
The new label would be launched as part of the European Union’s long-awaited Cybersecurity Certification Scheme (EUCS), which has been drafted as a way to regulate the cyber security standards of cloud services and assist EU governments and organisations in choosing reliable and secure cloud vendors.
Now, sources close to the matter speaking to Reuters have said that specific concerns regarding whether or not big tech organisations like Google’s Alphabet, Amazon, and Microsoft would have to meet the strict requirements necessary for the top EU cyber security label are still being debated on, slowing down the process.
While experts met in Brussels earlier this week, the latest draft of the EUCS was not voted on. The vote will be pushed back to May, allowing for ongoing disagreements to be resolved.
Following the vote, the EU will seek an opinion from EU countries before the European Commission determines a final verdict.
This is not the first time the EUCS has faced difficulties and disagreement, with the EU only last month altering the draft to remove sovereignty requirements from the scheme that would limit big US tech companies from entering into major cloud computing contracts with EU clients.
Concerns with foreign illegal espionage and the dominance of US tech organisations and cloud providers led the EU to mandate that US cloud giants like Google, Microsoft, and Amazon partner with EU-based companies for the storage and processing of customer data to ensure the data remained within the EU.
However, organisations both within the EU and outside of it, such as banks and start-ups, criticised the “sovereignty requirements”, saying that the scheme should focus less on political considerations and more on technical cyber security measures.
This has led to an updated draft being published on 22 March, in which the requirement for sovereignty requirements was retracted.
The lifted requirements were welcomed by big tech; however, the move was still criticised by EU cloud vendors who once again raised security concerns regarding the access of EU data by non-EU governments based on local legislation. The other concern is with the control these major tech companies have over the cloud-storage and security industry.