EU experts postpone vote on draft cybersecurity label to May

EU cybersec label: National cybersecurity experts, on Tuesday, have postponed a vote on a draft EU cybersecurity label until May according to sources familiar with the matter. The label would allow tech giants like Amazon, Google, and Microsoft to bid for highly sensitive EU cloud computing contracts.

The European Union aims to implement a cybersecurity certification scheme (EUCS) to certify the cybersecurity of cloud services, aiding governments and businesses in selecting secure and trustworthy vendors for their cloud computing needs. However, disagreements over whether stringent requirements should be imposed on Big Tech to qualify for the highest level of the EU cybersecurity label have hindered progress.

During meetings held in Brussels on Monday and Tuesday, experts refrained from voting on the latest draft of the scheme, originally proposed by the EU cybersecurity agency ENISA in 2020 and subsequently modified by Belgium, the current holder of the rotating EU presidency.

Following the experts' vote, the next stage involves obtaining opinions from EU member states, culminating in a final decision by the European Commission.

The most recent version of the draft eliminated sovereignty requirements from a previous proposal, which mandated US tech giants to establish a joint venture or collaborate with an EU-based company for storing and processing customer data within the EU to qualify for the highest level of the EU cybersecurity label.

While Big Tech expressed approval at the removal of these requirements, EU-based cloud vendors and businesses such as Deutsche Telekom, Orange, and Airbus criticised the move. They cautioned against the potential risk of unauthorised data access by non-EU governments based on their respective laws.

(With Reuters inputs)