A group of leading European companies, including giants like Deutsche Telekom, Orange, Airbus, and several others, have expressed significant opposition to a Belgian draft proposal under the European Union presidency. This proposal could potentially enable major US tech firms, including Amazon, Google, and Microsoft, to obtain highly sensitive EU cloud computing contracts without stringent requirements. The plan aims to introduce a certification scheme (EUCS) for the cybersecurity of cloud services, facilitating EU governments and companies in selecting secure and trusted cloud service vendors. Notably, the proposal eliminates previous sovereignty stipulations that required US tech giants to establish joint ventures with EU-based companies for data storage and processing within the EU to earn the cybersecurity label.
This move has sparked concern among European companies about data sovereignty and the security implications of allowing US firms such extensive access to European markets. These companies argue that the current proposal could lead to European data being susceptible to access under foreign laws such as the U.S. Cloud Act or the Chinese National Intelligence Law. They emphasize the need for EU-HQ and European control requirements in the main scheme to mitigate risks associated with unlawful data access.
The consortium of EU companies is urging national authorities and senior officials within the European Commission to reject this Belgian proposal. They propose that the cybersecurity label should instead mirror the principles of the Gaia-X cloud computing platform, which includes sovereignty requirements to decrease EU dependency on Silicon Valley tech giants. By doing so, they believe it will support the growth and viability of sovereign cloud solutions that are currently being developed or are already available in the European market.
The matter is set to be discussed by cybersecurity experts from the 27 EU countries on March 15, with potential for the European Commission to adopt this cybersecurity scheme in the upcoming autumn. The outcome of this discussion could have significant implications for the future of cloud computing in Europe, influencing how data is handled and protected across the bloc. The debate underscores the ongoing tension between fostering innovation and ensuring security and sovereignty in the digital domain.
