EU Cloud Rules Could Bar US Hyperscalers From Critical Government Tenders
A draft proposal by the European Cybersecurity Agency (ENISA) for EU cloud services suggests new rules that could require cloud providers handling sensitive government and critical infrastructure data to be headquartered and operated within the EU. These rules could effectively prevent US hyperscalers like AWS, Google Cloud, and Microsoft Azure from accessing high-security tenders in sectors such as banking and healthcare. The proposal, intended to protect sensitive data from foreign laws, has raised concerns about competition and potential protectionism within the tech industry.
Key Takeaways
- ENISA's draft EU Cloud services scheme (EUCS) proposes requiring cloud providers for top-security tenders to be incorporated, headquartered, and operated within the EU.
- Staff involved in running these services would need to be EU-based and hold valid security clearances.
- The rules aim to protect sensitive data from foreign laws, such as the US Cloud Act.
- While voluntary, the scheme would effectively become mandatory for government, healthcare, banking, and energy sectors requiring high security.
- The proposal has sparked debate, with critics citing concerns about competition and potential protectionism over cybersecurity.
Why It Matters
These proposed EU cloud rules represent a significant move toward digital sovereignty, potentially reshaping the competitive landscape for cloud services within the bloc. By mandating EU incorporation and operational control for critical tenders, the proposal could wall off substantial government and infrastructure contracts from major US providers. This could foster localized cloud solutions and bolster European providers, but also risks limiting competition and access to advanced services. What to watch next is the outcome of the ongoing debate among member states and the final language of the EUCS, specifically how 'critical tenders' are defined and enforced.
Read full article at techradar.com