While the new provisions underscore EU concerns of interference from non-EU states, they are likely to spark criticism from US tech giants worried about being shut out from the European market
London, NFAPost: Amazon, Alphabet’s Google, Microsoft and other non-European Union cloud service providers looking to secure an EU cybersecurity label to handle sensitive data can only do so via a joint venture with an EU-based company, according to an EU draft document seen by Reuters.
US tech giants and others involved in the joint venture can only have a minority stake, and employees that have access to EU data would have to undergo specific screening and have to be located in the 27-country bloc, the document said.
The document adds the cloud service must be operated and maintained from the EU, and all cloud service customer data stored and processed in the EU and that EU laws take precedence over non-EU laws regarding the cloud service provider.
The latest draft proposal from EU cybersecurity agency ENISA concerns an EU certification scheme that would vouch for the cybersecurity of cloud services and determine how governments and companies in the bloc select a vendor for their business.
While the new provisions underscore EU concerns of interference from non-EU states, they are likely to spark criticism from US tech giants worried about being shut out from the European market.
Big Tech is looking to the government cloud market to drive growth in the coming years while a potential boom in AI after the viral success of OpenAI’s ChatGPT could also boost demand for cloud services. EU countries will review the draft later this month after which the European Commission will adopt a final scheme.
