The Strategist

EU sets to tighten legislation against U.S. cloud services

05/10/2023 - 11:18

According to new proposals in this area, U.S. businesses and cloud service providers like Amazon, Google, and Microsoft would only be able to obtain an EU cybersecurity certificate in conjunction with an EU-based company, according to Reuters, which cited sources. The EU authorities intend to tighten cybersecurity rules for these businesses.
An earlier proposal for the establishment of a certification system in the EU that defines rules for cloud service providers came from the EU agency for cybersecurity (ENISA). According to the document, a company’s headquarters must be specifically located in an EU member state.

"Amazon, Google, Microsoft and other non-EU cloud service providers that wish to obtain EU cybersecurity certification for handling sensitive data can only do so through a joint partnership with an EU-based company," the organization said in a statement.

The agency cited a passage from the draft policy that stated, "Enterprises whose registered head office or headquarters are not located in an EU member state shall not, directly or indirectly, alone or jointly, exercise positive or negative effective control over the CSP."