EU Cybersecurity Certification Program Controversy: Sovereignty vs. Openness
April 12, 20244 min read 分钟阅读
Share
Source: [Finance Intelligence]
The debate within the EU over the cybersecurity certification program has escalated once again, with 15 EU companies including Deutsche Telekom, France Telecom, and Airbus jointly boycotting a proposal that would allow unrestricted access to EU cloud data by US tech giants like Microsoft, Amazon, and Google. This event has once again brought to the forefront the internal divisions within the EU on cybersecurity issues and added new variables to the market access of global tech giants.
EU Cloud Service Certification Program (EUCS): Fortifying Security or Erecting Trade Barriers?
The EU Cloud Service Certification Program (EUCS) aims to enhance the overall cybersecurity level of the EU by establishing unified certification standards to help EU governments and businesses select secure and trustworthy cloud service providers. However, the program has been embroiled in a fierce struggle between sovereignty demands and market openness from the outset.
Sovereignty Demands: Safeguarding Data Security or Erecting Trade Barriers?
Some EU member states advocate for stringent sovereignty demands in the EUCS, requiring US tech giants to store EU customer data within the EU borders and comply with EU data protection regulations to obtain the highest level of security certification. They believe this can effectively reduce the risk of EU data being illegally accessed by the US government or other third parties.
However, this demand has faced strong opposition from the US government and tech giants. They argue that sovereignty demands are overly burdensome, increase operating costs for businesses, and hinder innovation and development in the EU cloud services market. Additionally, the US contends that the EU’s approach violates relevant rules of the World Trade Organization.
Belgium’s Compromise Solution: Can it Resolve Differences?
In an attempt to break the deadlock, Belgium proposed to separate sovereignty demands from functional requirements, namely:
Functional security requirements to be unifiedly certified by the EU
Sovereignty declarations to be self-declared by companies in the International Company Profile Declaration (ICPA) and applicable only to the highest level of certification
This proposal seeks to strike a balance between EU data security and market openness, but it has yet to gain the approval of all EU member states.
Joint Boycott by EU Companies Including Deutsche Telekom: Upholding Sovereignty or Protecting Competition?
Deutsche Telekom, France Telecom, Airbus, and 15 other EU companies have jointly called on EU countries to reject the latest proposal lacking sovereignty demands. They believe sovereignty demands are necessary because they can:
Mitigate the risk of illegal data access based on foreign laws
Emulate Europe’s Gaia-X cloud computing platform, reducing dependence on Silicon Valley giants
Assist EU startup cloud providers in competing with American counterparts
The European Commission will make a final decision in the autumn of the Northern Hemisphere. The outcome will have a significant impact on the EU’s digital economy.
Key Takeaways:
The controversy surrounding the EU cybersecurity certification program highlights the internal divisions within the EU on cybersecurity issues:
Some countries aim to protect their own data security and advocate for strict sovereignty demands
Others prioritize market openness and competition
The ultimate balance between sovereignty and openness remains to be seen. This game not only affects the EU’s own cybersecurity landscape but may also have far-reaching implications for the global market positioning of tech giants.
OpenAI is rolling out limited access to its text-to-voice generation platform called Voice Engine, as reported by The Verge. This innovative platform can synthesize a voice based on a 15-second audio clip, enabling the creation of realistic-sounding artificial voices. These AI-generated voices are capable of reading text prompts in multiple languages and have potential applications across …
Google One VPN, introduced in October 2020, quietly ceases operations amidst the surging demand for VPN services. Do you recall Google One VPN, launched in October 2020? It entered the market with slogans like “providing additional online protection for your Android phone” and “ensuring your data is secure”, available across all plans and platforms. However, …
In the latter half of 2023, Vietnam’s cybersecurity landscape presents a mixed bag of fortunes. On one hand, Distributed Denial of Service (DDoS) attacks have resurfaced as a major threat requiring vigilance. Besides, proactive measures by the Vietnamese government and businesses have led to continuous improvements in cybersecurity defenses. DDoS Attacks: A Significant Threat to …
EU Cybersecurity Certification Program Controversy: Sovereignty vs. Openness
Source: [Finance Intelligence]
The debate within the EU over the cybersecurity certification program has escalated once again, with 15 EU companies including Deutsche Telekom, France Telecom, and Airbus jointly boycotting a proposal that would allow unrestricted access to EU cloud data by US tech giants like Microsoft, Amazon, and Google. This event has once again brought to the forefront the internal divisions within the EU on cybersecurity issues and added new variables to the market access of global tech giants.
EU Cloud Service Certification Program (EUCS): Fortifying Security or Erecting Trade Barriers?
The EU Cloud Service Certification Program (EUCS) aims to enhance the overall cybersecurity level of the EU by establishing unified certification standards to help EU governments and businesses select secure and trustworthy cloud service providers. However, the program has been embroiled in a fierce struggle between sovereignty demands and market openness from the outset.
Sovereignty Demands: Safeguarding Data Security or Erecting Trade Barriers?
Some EU member states advocate for stringent sovereignty demands in the EUCS, requiring US tech giants to store EU customer data within the EU borders and comply with EU data protection regulations to obtain the highest level of security certification. They believe this can effectively reduce the risk of EU data being illegally accessed by the US government or other third parties.
However, this demand has faced strong opposition from the US government and tech giants. They argue that sovereignty demands are overly burdensome, increase operating costs for businesses, and hinder innovation and development in the EU cloud services market. Additionally, the US contends that the EU’s approach violates relevant rules of the World Trade Organization.
Belgium’s Compromise Solution: Can it Resolve Differences?
In an attempt to break the deadlock, Belgium proposed to separate sovereignty demands from functional requirements, namely:
This proposal seeks to strike a balance between EU data security and market openness, but it has yet to gain the approval of all EU member states.
Joint Boycott by EU Companies Including Deutsche Telekom: Upholding Sovereignty or Protecting Competition?
Deutsche Telekom, France Telecom, Airbus, and 15 other EU companies have jointly called on EU countries to reject the latest proposal lacking sovereignty demands. They believe sovereignty demands are necessary because they can:
The European Commission will make a final decision in the autumn of the Northern Hemisphere. The outcome will have a significant impact on the EU’s digital economy.
Key Takeaways:
The controversy surrounding the EU cybersecurity certification program highlights the internal divisions within the EU on cybersecurity issues:
The ultimate balance between sovereignty and openness remains to be seen. This game not only affects the EU’s own cybersecurity landscape but may also have far-reaching implications for the global market positioning of tech giants.
Related Posts
OpenAI’s Voice Cloning AI Model Requires Just a 15-Second Sample to Operate
OpenAI is rolling out limited access to its text-to-voice generation platform called Voice Engine, as reported by The Verge. This innovative platform can synthesize a voice based on a 15-second audio clip, enabling the creation of realistic-sounding artificial voices. These AI-generated voices are capable of reading text prompts in multiple languages and have potential applications across …
Google Announces Permanent Closure of VPN Service
Google One VPN, introduced in October 2020, quietly ceases operations amidst the surging demand for VPN services. Do you recall Google One VPN, launched in October 2020? It entered the market with slogans like “providing additional online protection for your Android phone” and “ensuring your data is secure”, available across all plans and platforms. However, …
Cybersecurity in Vietnam: Opportunities and Challenges
In the latter half of 2023, Vietnam’s cybersecurity landscape presents a mixed bag of fortunes. On one hand, Distributed Denial of Service (DDoS) attacks have resurfaced as a major threat requiring vigilance. Besides, proactive measures by the Vietnamese government and businesses have led to continuous improvements in cybersecurity defenses. DDoS Attacks: A Significant Threat to …