EU Draft Rules Propose Stricter Cybersecurity Labeling of Big Tech Amazon, Google, Microsoft

Last Update: May 10, 2023, 05:54 AM IST

Big tech is looking to the government cloud market to drive growth in the coming years, while a potential boom in AI following the viral success of OpenAI’s ChatGPT could also boost demand for cloud services.

The latest draft proposal from the EU Cyber ​​Security Agency deals with an EU certification scheme that would vouch for the cyber security of cloud services

Amazon, Alphabet’s Google, Microsoft and other non-EU cloud service providers looking to secure the EU cyber security label for handling sensitive data can only do so through a joint venture with an EU-based company , according to an EU draft document seen by Reuters .

The US tech giants and others involved in the joint venture can only have a minority stake, the document said, and that employees who have access to EU data must undergo specific screening and be included in the 27-nation bloc. have to be located.

The document states that the cloud service must be operated and maintained from the EU, and that all cloud service customer data is stored and processed in the EU and that EU law applies to non-EU countries with respect to cloud service providers. take precedence over laws.

The latest draft proposal from the European Union’s cyber security agency ENISA deals with a European Union Certification Scheme (EUCS) that would vouch for the cyber security of cloud services and determine how governments and companies in the bloc can choose a vendor for their business. How do you do it?

While the new provisions address EU concerns of interference from non-EU states, they are likely to draw criticism from US tech giants worried about being shut out of the European market.

Big tech is looking to the government cloud market to drive growth in the coming years, while a potential boom in AI following the viral success of OpenAI’s ChatGPT could also boost demand for cloud services.

“Certified cloud services are operated only by companies based in the EU, no entities outside the EU exercise effective control over CSPs (cloud service providers), non-governmental organizations that undermine EU rules, norms and values” – to reduce the risk of EU interventionist powers,” the document said.

“Entities whose registered head office or headquarters are not established in an Amber State of the European Union shall not, directly or indirectly, singly or jointly, exercise positive or negative effective control of the CSP applying for the certification of the cloud service, said it.

The document states that stricter rules will apply to personal and non-personal data of particular sensitivity where the breach may have a negative impact on public order, public safety, human life or health or protection of intellectual property.

An industry source said the latest draft could fragment the EU single market as each country has complete discretion to impose requirements whenever it sees fit.

The US Chamber of Commerce has previously said the plan puts US companies on an unequal footing. The EU says the steps are necessary to protect the bloc’s data rights and privacy.

EU countries will review the draft later this month after which the European Commission will adopt the final plan.

read all Latest Tech News Here

(This story has not been edited by News18 staff and is published from a syndicated news agency feed)