Computer & Communication Industry Association
PublishedDecember 1, 2022

Cybersecurity: EU Cloud Requirements Risk Excluding International Suppliers, Global Businesses Warn

Brussels, BELGIUM – A broad coalition of business associations from around the world is calling on the EU to refrain from adopting new requirements that discriminate against legitimate suppliers of cloud services, which would not only limit Europe’s cloud choice but also undermine effective cybersecurity.

The 13 signatories, representing both cloud users and vendors operating in the EU Digital Single Market, today published a joint industry statement to raise their strong concerns about the draft European Cybersecurity Certification Scheme for Cloud Services (EUCS).

This scheme, as currently proposed by the EU Agency for Cybersecurity (ENISA), would considerably reduce the offering of cloud computing services in Europe. Not only that, the EUCS would mandate the use of cloud services that cannot be used by companies with global operations, as well as delaying adoption of the latest technologies and paradoxically weakening cybersecurity.

The draft EUCS includes several requirements that are seemingly designed to ensure that non-EU cloud suppliers simply cannot access the market on equal footing, thereby preventing European businesses and governments from using the services of global suppliers.

In particular, the proposed “immunity requirements” would strictly limit eligibility for cybersecurity certification to cloud providers headquartered in the EU, and exclude other vendors simply because of the location of their headquarters or investors’ nationality.

The business associations from Japan, Latin America, North America, and the United Kingdom call upon the EU’s 27 national governments, the European Commission, and the European Parliament to reject the introduction of these discriminatory immunity requirements in the EUCS.

Exclusionary policies that target Europe’s most important trading partners and allies are particularly inopportune given today’s volatile geopolitical climate, the coalition stresses.

Businesses that rely on cloud solutions, underlined the following in the statement:

“The EU should seek to expand – not decrease – the availability of cloud technologies in Europe. Our members need access to the widest range of innovative cloud technologies that best suit their needs to be successful in a fast-growing global market.”

The following can be attributed to CCIA Europe’s Public Policy Director, Alexandre Roure:

“The cloud requirements proposed by ENISA would severely restrict competition and customer choice, but also undermine cybersecurity in Europe.”

“We believe that every market participant should have a fair chance to compete on merit; regardless of the location of their headquarters, the nationality of their shareholders or board members, or the business opportunities they may have pursued elsewhere.”


The global coalition consists of the following 13 associations:

    • ACT | The App Association (ACT)
    • American Chamber of Commerce to the European Union (AmCham EU)
    • Coalition of Services Industries (CSI)
    • Computer & Communications Industry Association (CCIA Europe)
    • Internet and Competitive Networks Association (INCOMPAS)
    • Information Technology Industry Council (ITI)
    • Japan Association of New Economy (JANE)
    • Latin American Internet Association (ALAI)
    • National Foreign Trade Council (NFTC)
    • Software & Information Industry Association (SIIA)
    • techUK
    • U.S. Chamber of Commerce
    • United States Council for International Business (USCIB)

Click here for the Joint Industry Statement on the Draft European Cybersecurity Certification Scheme for Cloud Services (EUCS).

  • Press Releases
  • Tax

California House Passes Link Tax On News Stories

Sacramento, Calif. – The California Assembly passed a bill today that would tax links based on internet search inquiries and social media connected to news stories. California’s AB 886, the “Cal...
  • Press Releases
  • Privacy

CCIA Sends Letter Asking Texas Governor To Veto HB 18

Washington – The Computer & Communications Industry Association has sent a letter urging Texas Governor Greg Abbott (R) to veto legislation that would impair current efforts to protect children ...
  • Statements
  • Trade

CCIA Statement on 4th Meeting of EU-U.S. Trade & Technology Council

Luleå, SWEDEN – EU and U.S. officials met May 30-31 in Luleå, Sweden for the fourth meeting of the EU-U.S. Trade & Technology Council to discuss continued work on transatlantic cooperation on ...
  • Press Releases
  • Trade

CCIA Notes Progress Following IPEF Detroit Ministerial, but Joins Industry Concerns on IPEF Trade Direction

Washington – At a ministerial held over the weekend in Detroit, Michigan, the U.S. and its IndoPacific Economic Framework Partners announced the “substantial conclusion of negotiations” on an IP...