The European Union has made it known through the latest draft of what will be an official document, that companies that do not belong to the European Union, such as Amazon, Alphabet’s Google, Microsoft and other cloud service providers, must adhere to strict cybersecurity labeling standards.
In this sense, and as reported by Reuters, these companies must obtain the European Union cybersecurity label to handle sensitive data, through a joint venture with a company that must be based within its borders.
The new controls of the European Union
The report that has been made public clarifies that US companies, leaders in the technology sector, can only have a minority stake, and employees who have access to data from the European Union will have to submit to specific control and must be located in the block of 27 countries.
Although the European Union is aware that the new provisions set out in the draft proposed by the cybersecurity agency ENISA may arouse criticism from US companies, fearing that they will be left out of the European market, it has been forceful.
The draft rule states that the laws proposed from the community will prioritize those outside its borders. In the same waycloud services will have to be operated and maintained from the European community itselfand all customer data must be stored and processed at that location.
The draft alludes to the fact that “certified cloud services are operated only by companies based in the European Union, without any entity outside the European Union having effective control over the CSP (cloud service provider), to mitigate the risk that interfering powers from outside the European Union undermine the regulations, standards and values of the European Union”.
In addition, the draft standard adds that “Companies whose registered office or registered office is not established in an EU Member State may not, directly or indirectly, solely or jointly, exercise positive or negative effective control over the CSP that apply for certification of a cloud service.”
The strictest standards will be applied to personal data and non-personal data that have a special sensitivity when a violation may have a negative impact on public order, public safety, protection of intellectual property or human health.
Big tech is hoping for a boost
The truth is that the leading companies in the technology sector in the United States expect the government cloud market to drive their growth in the coming years, while the rise of artificial intelligence (AI) after the resounding success of OpenAI ChatGPT , it could also relaunch the demand for cloud services.
The truth is that this draft proposed by the European Union could fragment the single market of the community, since each country has full freedom to impose the requirements when it considers it necessary. Faced with the need of the European Union to protect the data rights and privacy of the bloc, the Chamber of Commerce of the United States has declared that this plan puts corporate America in a difficult and utterly unequal situation.
As a conclusion to the preventive report, the countries that make up the European Union must review this draft by the end of this month, and from there the European Commission must adopt a definitive plan that US companies must abide by.