Cybersecurity label should not exclude AWS and Azure warns European industry

26 European industry groups warn that the European cybersecurity label for cloud services should not exclude the three major U.S. players.

The industry groups sound the alarm a day before the certification program is discussed again. Indeed, on Tuesday, the European Commission, ENISA and EU countries will meet to discuss the EUCS, as its official name reads. ENISA is the agency behind the certificate and is generally charged with boosting cybersecurity in Europe.

The general discussion revolves around possible spying from the U.S. government. That fear reigns every time a European agency chooses to use the cloud services of an American player. Often, that choice is related to the cloud player’s market position, in which AWS and Azure are number one and two.

Information in the cloud is not protected from inspection by the U.S. government when it is housed in America. The concerns can be addressed by opening data centers in Europe and storing information directly in those data centers without the data ever leaving European soil. The biggest cloud players are investing heavily in this option.

Also read: More and more cloud players are moving into the Spanish region of Aragon

Recognizable standard

With the certificate, ENISA wants to release a recognizable standard that gives companies assurance about the reliability of the cloud player. Industry groups warn that this alone should not limit choice. “We believe that an inclusive and non-discriminatory EUCS that supports the free movement of cloud services in Europe will help our members prosper at home and abroad, contribute to Europe’s digital ambitions, and strengthen Europe’s resilience and security.”

One of the signatories is Dutch NLdigital, a collective that represents more than 600 companies involved in the Netherlands’ digital transformation. Others are the Bundesverband deutscher Banken and the Digital Poland Association.