Belgium, (Brussels Morning Newspaper) The US Chamber of Commerce (USCC) warned the EU against adopting plans to exclude foreign cloud service providers from its market.
In a joint industry statement co-signed by 12 other lobbying groups, the USCC pointed out that the EU’s planned rules would exclude US tech giants from the EU market, according to Reuters reported on Thursday.
The largest lobbying group in the US sent the joint statement to the European Commission, the EU Agency for Cybersecurity (ENISA), national governments, and the EU Parliament on Thursday.
It pointed out that ENISA’s draft rules for certification of cloud service providers to vouch for cybersecurity would limit the choice of vendors for EU companies and governments.
The draft from May introduces requirements for cloud service providers with the aim of limiting and preventing foreign interference with cloud services in the EU.
According to the draft, the provider’s “registered head office and global headquarters shall be established in a member state of the EU.”
Local storage and processing
Besides being operated from the EU, certified cloud services would have to process and store customer data in the EU. According to the draft proposal, new rules would take precedence over any foreign laws.
The USCC stressed that the EU should not adopt political requirements for cybersecurity of data processing because the move would not improve cybersecurity.
EU’s planned rules “are seemingly designed to ensure that non-EU suppliers cannot access the EU market on an equal footing, thereby preventing European industries and governments from fully benefiting from the offerings of these global suppliers,” the lobby groups noted.
“If other countries were to pursue similar policies, European cloud providers could see their own opportunities in non-EU markets dwindle,” they added and warned that EU’s draft rules may be in conflict with World Trade Organization’s rules.
ENISA pointed out that draft rules are strict only for “a small set of use cases requiring the highest level of security” such as government and critical infrastructure.
“After consulting with the European Commission, ENISA is proposing two certification levels for assurance level ‘high’, in order to cater for the different needs identified in the European industry and member states,” an agency spokesperson stressed.
The agency sent updated draft rules to the EC in September, noting that the final version will likely be different from the May proposal.