The European Union (EU) is actively considering an expansion of its proposed cybersecurity certification standards, a move that could have far-reaching implications not only for tech giants like Amazon, Google, and Microsoft but also for a broad spectrum of industries including banking, aviation, and others.
This initiative from the EU arises against the backdrop of a burgeoning interest from major technology companies in the government cloud market. The government cloud sector is anticipated to witness substantial growth in the forthcoming years, fueled not only by the EU’s emphasis on cybersecurity but also by the surge in interest in artificial intelligence (AI), exemplified by the success of OpenAI’s ChatGPT. The expanding applications of AI are poised to amplify the demand for robust cloud services.
The recent proposal from the European Union Agency for Cybersecurity (ENISA) outlines an extended cybersecurity certification scheme aimed at safeguarding the cybersecurity of cloud services. It delineates the criteria for governments and companies when selecting a provider for their business operations.
Key provisions from earlier drafts are retained in the document, notably requiring a collaboration between U.S. tech giants and an EU-based company to secure the European cybersecurity mark. Additionally, a crucial provision mandates that cloud services must be operated and maintained within the EU, with all data belonging to cloud service customers being stored and processed exclusively within the EU. Simultaneously, EU laws take precedence over the laws of non-EU countries concerning cloud service providers.
An interesting facet of this new proposal is the extension of requirements discriminating against foreign cloud service providers to lower levels of guarantees. Alexander Rure, Director of Public Policy at CCIA Europe, underscores the significance of this expansion, noting its potential impact on international companies operating within the EU.
The implementation of these new cybersecurity certification standards within the EU reflects a concerted effort to fortify control and security within the cloud space. This is particularly relevant given the escalating demand for and interest in artificial intelligence and government services in the cloud.
The changes underscore the importance of adhering to local laws and regulations and introduce more stringent requirements for international companies operating within the EU. As the digital landscape evolves, compliance with these standards becomes not just a regulatory necessity but a critical aspect of maintaining the integrity and security of cloud services.
CyberSec84 | Cybersecurity news. 
Leave a comment