BRUSSELS, Dec 1 (Reuters) – The U.S. Chamber of Commerce and 12 other groups warned the European Union on Thursday against adopting rules that could block Amazon ( AMZN.O ), Alphabet’s ( GOOGL.O ) Google, Microsoft unit (MSFT.O). ) and other non-EU cloud service providers from the European market.
The Chamber, the National Foreign Trade Council, the Japan New Economy Association, techUK, the Latin American Internet Association, the Computer & Communications Industry Association and others expressed their concerns in a joint industry statement seen by Reuters.
At issue is a draft proposal by EU cybersecurity agency ENISA for an EU certification scheme guaranteeing the cybersecurity of cloud services that would determine how the bloc’s governments and companies choose a supplier for their business.
ENISA’s May draft, seen by Reuters, sets out requirements for a certified cloud service provider (CSP) aimed at preventing and limiting interference from non-EU states in the operation of certified cloud services.
“The CSP headquarters and global headquarters will be located in an EU member state,” the document said.
Cloud services should be operated and maintained by the EU, and all cloud service customer data stored and processed in the EU, with the bloc’s laws taking precedence over non-EU laws, including countries with extraterritorial measures .
The EU should refrain from adopting policy rather than technical requirements that would exclude legitimate cloud vendors and fail to strengthen effective cyber controls, the chamber and other groups said.
“These EUCS (EU Scheme) requirements are ostensibly designed to ensure that non-EU suppliers cannot access the EU market on equal terms, thereby preventing European industries and governments from taking full advantage of what these global suppliers have to offer. suppliers,” they said.
“If other countries followed similar policies, European cloud providers could see their own opportunities in non-EU markets diminish,” they said.
ENISA said the draft regime defines three levels.
“The higher level is intended to apply only to a small set of use cases that require the highest level of security (e.g. highly sensitive government and highly critical infrastructure applications), for which some level of independence from non-EU laws should Not all cloud services,” a spokesperson said.
ENISA sent an updated proposal to the European Commission for consultation in September, which could lead to changes before a final text is adopted.
The size of the global government cloud market is expected to reach $71.2 billion by 2027 from $27.6 billion in 2021, according to market research firm Imarc Group. Cloud computing has become a major growth driver for Big Tech in recent years.
Reported by Foo Yun Chee? Edited by Lincoln Feast.
Our Standards: The Thomson Reuters Trust Principles.