The European Center for International Political Economy (ECIPE) has published a report that outlines concerns regarding a proposed European Union (EU) cloud security label that deliberately excludes several non-EU cloud vendors.
According to the report, these practices are discriminatory and could lead to retaliatory measures.
- The ECIPE is an independent and non-profit research agency dedicated to trade and other economic policies pertaining to Europe.
- The European Union Agency for Cybersecurity (ENISA) has added a provision to its Cloud Services Scheme (EUCS) that requires cloud service providers to have their registered head office and global headquarters in the EU. The provision also states that all customer data is to be processed and stored in the bloc.
- ECIPE director Matthias Bauer argues that this policy could impact businesses in the EU that rely on cloud computing services and argues that, "Member states should now call on the cybersecurity agency and also the European Commission to abandon politically motivated EUCS immunity requirements."
- The ECIPE report also states that "EUCS immunity requirements would increase cloud adopters' exposure to cybersecurity risks," citing that "data localization often creates obstacles to an integrated management approach toward cybersecurity risks" and such requirements "set a dangerous precedent for any data-intensive sector."
- ENISA is awaiting input from EU member states and claims it will consider these opinions before finalizing anything.
