[ad_1]
There may be more trouble for Big Tech companies offering cloud services in Europe. According to a draft document seen by Reuters, non-European Union cloud services providers such as Amazon, Google, and Microsoft must form a joint venture with an EU-based company to obtain an EU cybersecurity label that allows them to handle sensitive data.
According to the document, US companies and other participants in the joint venture can only hold a minority stake. Furthermore, employees who can access EU data must undergo specific screening and be based in one of the 27 countries in the bloc.
The document specifies that the cloud service provider must operate and maintain their service within the EU, and all customer data stored and processed by the service must also be within the EU. EU laws take precedence over non-EU laws in relation to the cloud service provider.
ENISA has proposed a certification scheme to verify cloud service cybersecurity in the EU. This could impact vendor choices and address concerns about interference from non-EU countries. U.S. tech giants may criticise the scheme for potential market access loss.
“Certified cloud services are operated only by companies based in the EU, with no entity from outside the EU having effective control over the CSP (cloud service provider), to mitigate the risk of non-EU interfering powers undermining EU regulations, norms and values,” the document reads.
“Undertakings whose registered head office or headquarters are not established in a ember State of the EU shall not, directly or indirectly, solely or jointly, hold positive or negative effective control of the CSP applying for the certification of a cloud service,” reads further.
According to the document, stricter regulations will be enforced for both personal and non-personal data that is considered sensitive. This is to avoid any negative consequences such as harm to public order, safety, human life or health, and the protection of intellectual property.
The EU’s proposed plan could give individual countries power to enforce their own rules, creating an uneven playing field for American companies. The draft will be reviewed by EU countries this month, with a final plan from the European Commission to follow.
According to the document, US companies and other participants in the joint venture can only hold a minority stake. Furthermore, employees who can access EU data must undergo specific screening and be based in one of the 27 countries in the bloc.
The document specifies that the cloud service provider must operate and maintain their service within the EU, and all customer data stored and processed by the service must also be within the EU. EU laws take precedence over non-EU laws in relation to the cloud service provider.
ENISA has proposed a certification scheme to verify cloud service cybersecurity in the EU. This could impact vendor choices and address concerns about interference from non-EU countries. U.S. tech giants may criticise the scheme for potential market access loss.
“Certified cloud services are operated only by companies based in the EU, with no entity from outside the EU having effective control over the CSP (cloud service provider), to mitigate the risk of non-EU interfering powers undermining EU regulations, norms and values,” the document reads.
“Undertakings whose registered head office or headquarters are not established in a ember State of the EU shall not, directly or indirectly, solely or jointly, hold positive or negative effective control of the CSP applying for the certification of a cloud service,” reads further.
According to the document, stricter regulations will be enforced for both personal and non-personal data that is considered sensitive. This is to avoid any negative consequences such as harm to public order, safety, human life or health, and the protection of intellectual property.
The EU’s proposed plan could give individual countries power to enforce their own rules, creating an uneven playing field for American companies. The draft will be reviewed by EU countries this month, with a final plan from the European Commission to follow.
[ad_2]
Source link