US Chamber of Commerce warns against EU plan to exclude non-EU cloud vendors
Add BT as a preferred source
THE US Chamber of Commerce and 12 other groups on Thursday (Dec 1) warned the European Union (EU) against adopting rules that could exclude non-EU cloud services providers from the European market.
At issue is a draft proposal by the European Union Agency for Cybersecurity (Enisa), for a certification scheme to vouch for the cybersecurity of cloud services that would determine how EU governments and companies select a vendor for their business.
A version of the draft dated May set out requirements for a certified cloud service provider (CSP) to prevent and limit interference by non-EU states in the operation of certified cloud services.
“The CSP’s registered head office and global headquarters shall be established in a member state of the EU,” the document said.
The operation and maintenance of cloud services, as well as the storage and processing of customer data, would have to be done within the EU. The bloc’s laws would take precedence over non-EU laws, including laws by countries with extraterritorial measures.
Concerns from the Chamber, National Foreign Trade Council, Japan Association of New Economy, techUK, Latin American Internet Association, Computer & Communications Industry Association and others were set out in a joint industry statement seen by Reuters.
Navigate Asia in
a new global order
Get the insights delivered to your inbox.
The groups said the EU should refrain from adopting requirements of a political nature, which would exclude legitimate cloud suppliers and not enhance effective cybersecurity controls.
“These requirements are seemingly designed to ensure that non-EU suppliers cannot access the EU market on an equal footing, thereby preventing European industries and governments from fully benefiting from the offerings of these global suppliers,” they said.
“If other countries were to pursue similar policies, European cloud providers could see their own opportunities in non-EU markets dwindle,” they added.
Enisa said the draft scheme sets out three levels of requirements.
A spokesperson said that the highest level is intended to be only applicable to “a small set of use cases requiring the highest level of security”, citing areas such as highly-sensitive government applications. The spokesperson said that for such use cases, “some level of independence from non-EU laws will have to be ensured. Not all cloud services.”
Enisa sent an updated proposal to the European Commission for consultation in September. This could lead to changes before a final text is adopted.
Cloud computing has become a major driver of growth for Big Tech in recent years. The size of the global government cloud market is expected to reach US$71.2 billion by 2027, up from $27.6 billion in 2021, according to market research firm Imarc Group. REUTERS
Decoding Asia newsletter: your guide to navigating Asia in a new global order. Sign up here to get Decoding Asia newsletter. Delivered to your inbox. Free.
Share with us your feedback on BT's products and services
