The EU Council has rejected France's request for legal clarification on the pending cybersecurity certification for cloud services (EUCS), causing a deadlock in the discussions. France sought clarification on the impact of EUCS on its national security qualification, SecNumCloud. The fate of the certification scheme now hangs in the balance as discussions continue. This highlights the complexities of harmonizing cybersecurity standards across EU member states.
EU Council Rejects France's Request for Clarification on Cybersecurity Certification for Cloud Services
( Credit to: Euronews )
The European Union (EU) Council has rejected France's request for legal clarification on the pending cybersecurity certification for cloud services (EUCS), causing a deadlock in the discussions. France sought clarification on the impact of EUCS on its national security qualification, SecNumCloud. The fate of the certification scheme now hangs in the balance as discussions continue. This highlights the complexities of harmonizing cybersecurity standards across EU member states.
The Need for Legal Clarification
France had requested legal clarification on how the adoption of the cybersecurity certification for cloud services (EUCS) would impact its own national security qualification, known as SecNumCloud. However, the EU Council has rejected this request, leading to a deadlock in the discussions surrounding the certification scheme.
This rejection highlights the challenges involved in harmonizing cybersecurity standards across EU member states. The fate of the EUCS scheme now remains uncertain as discussions continue.
Complexities in Certification Scheme Development
Discussions on the cybersecurity certification for cloud services have been ongoing for the past three years, with the aim of enabling companies to demonstrate the necessary level of cybersecurity protection for the EU market. The European Commission tasked the EU cyber agency ENISA with developing the certification scheme in 2019.
Despite ENISA's efforts to overcome the impasse with a revised draft text, the latest attempt to reach a deal on EUCS failed. This was due to disagreements over sovereignty requirements proposed by France, which aimed to exclude non-EU cloud companies from qualifying for the highest security options. Several EU countries and industry players opposed these requirements, considering them to be protectionist measures.
The ongoing discussions highlight the complexities and challenges involved in developing a certification scheme that satisfies the diverse needs and interests of EU member states and industry stakeholders.
Implications for EU and Non-EU Cloud Service Providers
The rejection of France's request for legal clarification on the cybersecurity certification for cloud services has raised questions about the implications for both EU and non-EU cloud service providers operating in the European market.
As negotiations continue, it remains to be seen how the certification scheme will ultimately be shaped and what impact it will have on the market. The fate of the EUCS scheme may be decided during upcoming expert group meetings, but the discussions so far have highlighted the need to balance security requirements with the goal of fostering a competitive and open European market for cloud services.
