European Union Considers Wider Cybersecurity Label Rules

The European Union wants to expand the scope of cybersecurity label rules (photo: dock. pexels)

The European Union is considering expanding the scope of proposed cybersecurity label rules that will not only affect Alphabet's Amazon, Google, and Microsoft. But also banks and airlines.

The European Union's move to form a system like this comes as Big Tech seeks the government's cloud market to drive growth in the coming years. While potential explosions in artificial intelligence following OpenAI's ChatGPT success can also increase demand for cloud services.

The latest proposal from the European Union cybersecurity agency, ENISA, relates to the EU certification scheme (EUCS) which guarantees cybersecurity of cloud services and determines how governments and companies in the block choose vendors for their businesses.

The document retains key provisions contained in the previous manuscript, such as the requirement that the US tech giant must form a joint venture with companies based in the European Union to qualify for the European Union cybersecurity label.

Another provision states that cloud services must be operated and managed from the European Union, while all cloud service customer data must be stored and processed in the European Union, where EU law has priority over European non-EU law regarding cloud service providers.

These obligations apply to the highest level of security, totaling four. The latest manuscript outlines the possibility of extending these strict requirements to the third highest level of security.

EU member states are now reviewing this latest manuscript after which the European Commission will adopt a final scheme.

The CCIA technology plaintiff group said that expanding coverage would affect a number of larger industries.

"Maybe the most striking part of this new draft is that ENISA now suggests discriminatory requirements against foreign cloud providers can also be extended to lower confidence levels," said Alexandre Roure, CCIA Europe's Director of Public Policy.

"It will include banks, but also airlines, utility companies, and sectors that are highly regulated," he said.

The European Banking Federation (EBF), together with the European Savings Bank Group (ESBG), the European Financial Market Association (AFME), the Federation of European Payment Institutions (EPIF), and Insurance Europe on Tuesday, November 21, criticized the requirement for sovereignty.