cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Cloud providers after EU cyber certification may need to follow new conditions

Major technology companies outside the European Union looking for an EU cyber security label that allows them to handle sensitive data may have to adhere to new conditions.

user icon Daniel Croft
Wed, 10 May 2023
Cloud providers after EU cyber certification may need to follow new conditions
expand image

According to Reuters, which has reportedly seen an EU draft document, major non-European cloud service providers like Google, Microsoft, and Amazon will now have to do so alongside an EU-based organisation.

The draft from the European Union Agency for Cybersecurity (ENISA) said that non-European tech giants could only have a minority stake, and any employees with permission to access EU data would need to be based within it and take part in a specific screening proves.

In addition, any EU laws regarding cloud management will take precedence over laws from other non-EU countries.

“Certified cloud services are operated only by companies based in the EU, with no entity from outside the EU having effective control over the CSP (cloud service provider), to mitigate the risk of non-EU interfering powers undermining EU regulations, norms and values,” the document said.

“Undertakings whose registered head office or headquarters are not established in a member state of the EU shall not, directly or indirectly, solely or jointly, hold positive or negative effective control of the CSP applying for the certification of a cloud service.”

The new rules will apply in scenarios where a breach of personal or non-personal data could have a negative impact on public safety, order, health or human life, or the “protection of intellectual property”.

However, the US Chamber of Commerce has expressed concern over the draft, saying that it could create a disparity between US companies. Additionally, as every EU country has the power to enforce the legislation, it could create a disparity as businesses look to base themselves in specific parts of the continent.

The EU, however, maintains that the legislation is a must for protecting its data safety and security. The draft will be reviewed by EU nations before any final legislation is adopted.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.