Exclusive: US Chamber of Commerce warns against proposed EU plan to exclude non-EU cloud providers

BRUSSELS, Dec 1 (Reuters) – The American Chamber of Commerce and 12 other groups on Thursday warned the European Union against adopting rules that could exclude Amazon (AMZN.O), Alphabet (GOOGL.O), Google , Microsoft (MSFT.O). ) and other non-EU cloud service providers in the European market.

The Chamber, National Foreign Trade Council, Japan New Economy Association, techUK, Latin American Internet Association, Computer and Communications Industry Association and others have expressed concerns in a joint industry statement seen by Reuters.

At stake is a draft proposal by European cybersecurity agency ENISA for an EU certification scheme guaranteeing the cybersecurity of cloud services that would determine how governments and companies across the bloc select a provider for their business.

ENISA’s draft dated May and viewed by Reuters sets out requirements for a Certified Cloud Service Provider (CSP) to prevent and limit interference by non-EU states with the operation of certified cloud services .

“CSP’s registered office and global headquarters will be established in an EU member state,” the document states.

Cloud services should be operated and maintained from the EU, and all cloud services customer data stored and processed in the EU, with bloc laws taking precedence over non-EU laws, including countries with extraterritorial measures.

The EU should refrain from adopting requirements that are political rather than technical in nature, which would exclude legitimate cloud providers and fail to improve the effectiveness of cybersecurity controls, the Chamber and the other groups said.

“These EUCS (EU draft) requirements are apparently designed to ensure that non-EU suppliers cannot access the EU market on an equal footing, thus preventing European industries and governments from fully benefiting from the offerings from these global suppliers,” they said.

“If other countries were to pursue similar policies, European cloud providers could see their own opportunities in non-European markets shrink,” they said.

ENISA said the draft scheme establishes three levels.

“The highest level is intended to be applicable only to a small set of use cases requiring the highest level of security (e.g. highly critical government and infrastructure applications), for which a some level of independence from non-EU laws will not need all cloud services,” a spokesperson said.

ENISA sent an updated proposal to the European Commission for consultation in September, which could lead to changes before a final text is adopted.

The size of the global government cloud market is expected to reach $71.2 billion by 2027, from $27.6 billion in 2021, according to market research firm Imarc Group. Cloud computing has become a major growth engine for Big Tech in recent years.

Reporting by Foo Yun Chee; Edition by Lincoln Feast.

Our standards: The Thomson Reuters Trust Principles.

Leave a Reply

Your email address will not be published. Required fields are marked *