According to an EU draft document obtained by Reuters, Amazon (AMZN.O), Alphabet’s (GOOGL.O) Google, Microsoft (MSFT.O), and other non-EU cloud service providers seeking an EU cybersecurity certification to handle sensitive data must form a joint venture with EU business.
The letter stated that U.S. tech companies and anyone interested in the joint venture could only have a minority ownership. In addition, personnel with access to EU data must be screened and located in the 27-country union.
The cloud service must be managed and maintained in the EU, and all client data must be kept and processed in the EU. EU laws override non-EU legislation respecting the cloud service provider.
ENISA’s newest draft proposal for an EU certification scheme (EUCS) would certify cloud services’ cybersecurity and dictate how EU governments and enterprises choose vendors.
U.S. tech firms anxious about being kept out of the European market may criticize the new measures, highlighting EU worries over non-EU meddling.
Big Tech hopes to thrive in the government cloud market and AI after OpenAI’s ChatGPT became viral.
“Certified cloud services are operated only by companies based in the EU, with no entity from outside the EU having effective control over the CSP (cloud service provider), to mitigate the risk of non-EU interfering powers undermining EU regulations, norms and values,” the paper added.
“Undertakings whose registered head office or headquarters are not established in an ember State of the EU shall not, directly or indirectly, solely or jointly, hold positive or negative effective control of the CSP applying for certification of a cloud service,” it stated.
The paper stated that stricter standards would apply to sensitive personal and non-personal data that might harm public order, public safety, human life or health, or intellectual property.
An industry insider warned the current draft might divide the EU single market since any nation can impose regulations whenever it wants.
The U.S. Chamber of Commerce has warned the proposal disadvantages U.S. firms. The EU argues the measures are needed to defend data rights and privacy.
The European Commission will approve the proposal when EU nations evaluate the draft later this month.
Comment Template