New Rules On Clouds In The European Union Can Make US Big Tech Inflamed
JAKARTA - Amazon, Google, Microsoft, and other European non-EU cloud service providers can only acquire EU cybersecurity labels to handle sensitive data through a joint venture with companies based in the European Union. This was revealed according to a draft EU document seen by Reuters.
US tech giants and those involved in joint ventures can only own minority shares, and employees who have access to EU data must pass a special assessment and must be in the EU region.
The document adds that cloud services must be operated and maintained from the EU, and all cloud service customer data must be stored and processed in the EU and that EU law has priority over non-EU law regarding cloud service providers.
The latest proposal from the EU cybersecurity agency ENISA concerns the EU certification scheme (EUCS) which will ensure cybersecurity of cloud services and determine how governments and companies in the block choose vendors for their businesses.
While the new provisions show EU concerns about interference from non-EU countries, it is likely to spark criticism from US tech giants concerned that they will be hindered from entering the European market.
Big technology is looking for a government cloud market to drive growth in the coming years while the potential AI blast after OpenAI's ChatGPT success, which goes viral, could also increase cloud service demand.
VOIR éGALEMENT:
Certified cloud services are only operated by EU-based companies, without entities from outside the EU having effective control over CSP ( cloud service providers), to reduce the risk of non-EU interference strength that interferes with EU regulations, norms, and values, the document said.
"In a situation where the presence of users may pose a risk to the public, security, health, or intellectual property protection, this regulation applies to specifically sensitive personal and non-private data," the document said.
This latest draft could divide the EU's singles market as each country has the full freedom to implement these requirements at any time seen by industry sources. The US Chamber of Commerce previously said that the plan puts US companies in an unequal position. The EU says that this action is necessary to protect the block's data and privacy rights.
EU countries will review the draft at the end of this month after which the European Commission will adopt the final scheme.