cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

EU cyber security label vote pushed back to next month

A vote to decide whether a draft cyber security label allowing major US tech giants to enter EU cloud computing contracts has been delayed a month as deliberation on specifics continues, according to new reports.

user icon Daniel Croft
Wed, 17 Apr 2024
EU cyber security label vote pushed back to next month
expand image

The new label would be launched as part of the European Union’s long-awaited Cybersecurity Certification Scheme (EUCS), which has been drafted as a way to regulate the cyber security standards of cloud services and assist EU governments and organisations in choosing reliable and secure cloud vendors.

Now, sources close to the matter speaking to Reuters have said that specific concerns regarding whether or not big tech organisations like Google’s Alphabet, Amazon, and Microsoft would have to meet the strict requirements necessary for the top EU cyber security label are still being debated on, slowing down the process.

While experts met in Brussels earlier this week, the latest draft of the EUCS was not voted on. The vote will be pushed back to May, allowing for ongoing disagreements to be resolved.


Following the vote, the EU will seek an opinion from EU countries before the European Commission determines a final verdict.

This is not the first time the EUCS has faced difficulties and disagreement, with the EU only last month altering the draft to remove sovereignty requirements from the scheme that would limit big US tech companies from entering into major cloud computing contracts with EU clients.

Concerns with foreign illegal espionage and the dominance of US tech organisations and cloud providers led the EU to mandate that US cloud giants like Google, Microsoft, and Amazon partner with EU-based companies for the storage and processing of customer data to ensure the data remained within the EU.

However, organisations both within the EU and outside of it, such as banks and start-ups, criticised the “sovereignty requirements”, saying that the scheme should focus less on political considerations and more on technical cyber security measures.

This has led to an updated draft being published on 22 March, in which the requirement for sovereignty requirements was retracted.

The lifted requirements were welcomed by big tech; however, the move was still criticised by EU cloud vendors who once again raised security concerns regarding the access of EU data by non-EU governments based on local legislation. The other concern is with the control these major tech companies have over the cloud-storage and security industry.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.