Washington – The Computer & Communications Industry Association and other industry groups sent a letter to the U.S. Administration detailing concerns with the recent developments on the forthcoming European Cybersecurity Certification Scheme for Cloud Services (EUCS). EU and U.S. diplomats are expected to meet May 30-31 for the EU-U.S. Trade & Technology Council in Sweden to discuss continued work on transatlantic cooperation on digital governance and security.
The European Union Agency for Cybersecurity (ENISA) is pursuing a scheme for “trusted” European cloud through protectionist cybersecurity certifications standards. The letter encourages parties to use these meetings to secure a durable solution that will enable American and European companies to compete on a level playing field, underpinned by transatlantic trust and safety, by removing nationality-based ownership restrictions–restrictions incompatible with the European Union’s international trade obligations. Changes made to the draft proposal made public in a recent leak make clear that the EUCS framework is getting worse, not better, and calls for U.S. intervention.
CCIA has previously joined a broad coalition of global industry to raise concerns (here and here) on the direction of the proposal.
The following can be attributed to CCIA Vice President of Digital Trade Jonathan McHale:
“As democratic allies seek collaboration in the face of common threats, the EU’s insular direction on cloud services is an unfortunate step backwards. Seeking to exclude U.S. services suppliers in this important sector, which contributes to the resiliency and security of the EU common market, harms not only commercial relations but our strategic partnership as well. We would encourage EU policymakers to reconsider the exclusionary provisions of the EUCS and ensure that any future certification, specifications or standards remain technically feasible and non-discriminatory, in line with its international trade obligations.”