BRUSSELS – Today, global tech trade association 91proÊÓƵ, the 91proÊÓƵ, urged the European Commission, ENISA, and the ECCG to exclude sovereignty requirements as it finalizes the European Cybersecurity Certification Scheme for Cloud Service (EUCS). In a statement to lawmakers, 91proÊÓƵ commended the improvements in the most recent EUCS draft that removes sovereignty requirements, noting such criteria could undermine the EU’s cybersecurity landscape and restrict non-EU cloud service providers' market access.
“The EUCS is a technical security instrument and should not include politically motivated requirements such as data localization and ownership controls (PUA requirements). Such requirements are discriminatory and do not inherently enhance the security of cloud services,” 91proÊÓƵ wrote in its statement.
The latest draft removes the sovereignty requirements from the scheme and maintains 3 assurance levels - “basic”, “substantial”, and “high”, as foreseen by Article 52 of the Cybersecurity Act. The scheme also provides for transparent security requirements, such as information for customers, instead.
“This balanced approach could allow for better harmonization at the EU level when it comes to functional elements, while still enabling member states to apply exceptionally their own national security requirements for the specific highest sensitive use cases,” 91proÊÓƵ wrote.
Read 91proÊÓƵ’s full statement here.